From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 1ABC91FF3A0 for ; Thu, 13 Jun 2024 14:52:17 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 6E2A530D7D; Thu, 13 Jun 2024 14:52:53 +0200 (CEST) From: Shannon Sterz To: pbs-devel@lists.proxmox.com Date: Thu, 13 Jun 2024 14:52:29 +0200 Message-Id: <20240613125236.236802-1-s.sterz@proxmox.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.053 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pbs-devel] [PATCH proxmox v2 0/7] add proxmox-access-control crate X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" this series intends to add a crate that factors out most parts of proxmox backup server's access control handling. it does so by introducing a trait called `AccessControlConfig` that defines the privileges, roles, superuser, groups, caching method, admin- and no-access-roles for a product. this trait is to be implemented by the users of this crate and passed to an `init` function alongside the path to a directory that will contain all relevant config files. changes since v1: - rename from `proxmox-access` to `proxmox-access-control` thanks @ Thomas - rename `AcmConfig` to `AccessControlConfig` - flatten `User` into `UserWithToken` thanks @ Wolfgang - adjust some visibility modifiers thanks @ Wolfgang - removed shared memory caching and added functions so that users of this crate can implement a preferred caching method thanks @ Wolfgang - split the crate into a `impl` and `default` feature so the `default` feature only includes the types and not the whole implementation proxmox: Shannon Sterz (7): access-control: add the proxmox-access crate to reuse acl trees access-control: define `User`, `UserWithTokens` and `ApiTokens` types access-control: make token shadow implementation re-usable access-control: factor out user config handling access: increment user cache generation when saving acl config access: move to flatten `User` into `UserWithToken` access-control: split crate in `default` and `impl` features Cargo.toml | 3 + proxmox-access-control/Cargo.toml | 42 + proxmox-access-control/src/acl.rs | 1006 +++++++++++++++++ .../src/cached_user_info.rs | 246 ++++ proxmox-access-control/src/init.rs | 123 ++ proxmox-access-control/src/lib.rs | 18 + proxmox-access-control/src/token_shadow.rs | 84 ++ proxmox-access-control/src/types.rs | 194 ++++ proxmox-access-control/src/user.rs | 180 +++ 9 files changed, 1896 insertions(+) create mode 100644 proxmox-access-control/Cargo.toml create mode 100644 proxmox-access-control/src/acl.rs create mode 100644 proxmox-access-control/src/cached_user_info.rs create mode 100644 proxmox-access-control/src/init.rs create mode 100644 proxmox-access-control/src/lib.rs create mode 100644 proxmox-access-control/src/token_shadow.rs create mode 100644 proxmox-access-control/src/types.rs create mode 100644 proxmox-access-control/src/user.rs Summary over all repositories: 9 files changed, 1896 insertions(+), 0 deletions(-) -- Generated by git-murpp 0.5.0 _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel