From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id DBFD66098B for ; Mon, 19 Oct 2020 09:40:11 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id DA1AE29A9B for ; Mon, 19 Oct 2020 09:40:11 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 4BC6029A91 for ; Mon, 19 Oct 2020 09:40:11 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 15F95454ED for ; Mon, 19 Oct 2020 09:40:11 +0200 (CEST) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pbs-devel@lists.proxmox.com Date: Mon, 19 Oct 2020 09:39:18 +0200 Message-Id: <20201019073919.588521-15-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20201019073919.588521-1-f.gruenbichler@proxmox.com> References: <20201019073919.588521-1-f.gruenbichler@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.031 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [RFC proxmox-backup 14/15] manager: add token commands X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Oct 2020 07:40:11 -0000 to generate, list and delete tokens. adding them to ACLs already works out of the box. Signed-off-by: Fabian Grünbichler --- Notes: it might make sense to allow updating ACLs of tokens irrespective of general ACL editing capabilities of the user, since the effective permissions of a token are always a subset of that of the user anyway. otherwise we'd need to implement fine-grained ACL update checks for no gain to make API tokens usable for regular users. src/bin/proxmox_backup_manager/user.rs | 62 ++++++++++++++++++++++++++ src/config/user.rs | 29 ++++++++++++ 2 files changed, 91 insertions(+) diff --git a/src/bin/proxmox_backup_manager/user.rs b/src/bin/proxmox_backup_manager/user.rs index 80dbcb1b..31f74396 100644 --- a/src/bin/proxmox_backup_manager/user.rs +++ b/src/bin/proxmox_backup_manager/user.rs @@ -6,6 +6,7 @@ use proxmox::api::{api, cli::*, RpcEnvironment, ApiHandler}; use proxmox_backup::config; use proxmox_backup::tools; use proxmox_backup::api2; +use proxmox_backup::api2::types::PROXMOX_USER_ID_SCHEMA; #[api( input: { @@ -48,6 +49,48 @@ fn list_users(param: Value, rpcenv: &mut dyn RpcEnvironment) -> Result Result { + + let output_format = get_output_format(¶m); + + let info = &api2::access::user::API_METHOD_LIST_TOKENS; + let mut data = match info.handler { + ApiHandler::Sync(handler) => (handler)(param, info, rpcenv)?, + _ => unreachable!(), + }; + + let options = default_table_format_options() + .column(ColumnConfig::new("tokenid")) + .column( + ColumnConfig::new("enable") + .renderer(tools::format::render_bool_with_default_true) + ) + .column( + ColumnConfig::new("expire") + .renderer(tools::format::render_epoch) + ) + .column(ColumnConfig::new("comment")); + + format_and_print_result_full(&mut data, info.returns, &output_format, &options); + + Ok(Value::Null) +} + + pub fn user_commands() -> CommandLineInterface { let cmd_def = CliCommandMap::new() @@ -69,6 +112,25 @@ pub fn user_commands() -> CommandLineInterface { CliCommand::new(&api2::access::user::API_METHOD_DELETE_USER) .arg_param(&["userid"]) .completion_cb("userid", config::user::complete_user_name) + ) + .insert( + "list-tokens", + CliCommand::new(&&API_METHOD_LIST_TOKENS) + .arg_param(&["userid"]) + .completion_cb("userid", config::user::complete_user_name) + ) + .insert( + "generate-token", + CliCommand::new(&api2::access::user::API_METHOD_GENERATE_TOKEN) + .arg_param(&["userid", "tokenname"]) + .completion_cb("userid", config::user::complete_user_name) + ) + .insert( + "delete-token", + CliCommand::new(&api2::access::user::API_METHOD_DELETE_TOKEN) + .arg_param(&["userid", "tokenname"]) + .completion_cb("userid", config::user::complete_user_name) + .completion_cb("tokenname", config::user::complete_token_name) ); cmd_def.into() diff --git a/src/config/user.rs b/src/config/user.rs index 5ebb9f99..2684a529 100644 --- a/src/config/user.rs +++ b/src/config/user.rs @@ -265,3 +265,32 @@ pub fn complete_userid(_arg: &str, _param: &HashMap) -> Vec vec![], } } + +// shell completion helper +pub fn complete_token_name(_arg: &str, param: &HashMap) -> Vec { + match config() { + Ok((data, _digest)) => { + match param.get("userid") { + Some(userid) => { + match (data.lookup::("user", userid), data.convert_to_typed_array("token")) { + (Ok(_), Ok(tokens)) => { + tokens + .into_iter() + .filter_map(|token:ApiToken| { + let tokenid = token.tokenid; + if tokenid.is_tokenid() && &tokenid.owner().unwrap() == userid { + Some(tokenid.tokenname().unwrap().as_str().to_string()) + } else { + None + } + }).collect() + }, + _ => vec![], + } + }, + None => vec![], + } + }, + Err(_) => vec![], + } +} -- 2.20.1