From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ronja.mits.lan by ronja.mits.lan with LMTP id EEybNfqqcmbWLwAAxxbTJA (envelope-from ); Wed, 19 Jun 2024 11:55:06 +0200 Received: from proxmox-new.maurer-it.com (unknown [192.168.2.33]) by ronja.mits.lan (Postfix) with ESMTPS id C87AFF63D90; Wed, 19 Jun 2024 11:55:06 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id AF12647C6B; Wed, 19 Jun 2024 11:55:06 +0200 (CEST) Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by proxmox-new.maurer-it.com (Proxmox) with ESMTPS; Wed, 19 Jun 2024 11:55:05 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 98DC417DE; Wed, 19 Jun 2024 11:55:05 +0200 (CEST) From: Shannon Sterz To: pbs-devel@lists.proxmox.com Date: Wed, 19 Jun 2024 11:54:11 +0200 Message-Id: <20240619095418.126368-1-s.sterz@proxmox.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Subject: [pbs-devel] [PATCH proxmox v3 0/7] add proxmox-access-control crate X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" X-SPAM-LEVEL: Spam detection results: 0 DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods MAILING_LIST_MULTI -2 Multiple indicators imply a widely-seen list manager RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record T_SCC_BODY_TEXT_LINE -0.01 - this series intends to add a crate that factors out most parts of proxmox backup server's access control handling. it does so by introducing a trait called `AccessControlConfig` that defines the privileges, roles, superuser, groups, caching method, admin- and no-access-roles for a product. this trait is to be implemented by the users of this crate and passed to an `init` function alongside the path to a directory that will contain all relevant config files. changes since v1: - rename from `proxmox-access` to `proxmox-access-control` thanks @ Thomas - rename `AcmConfig` to `AccessControlConfig` - flatten `User` into `UserWithToken` thanks @ Wolfgang - adjust some visibility modifiers thanks @ Wolfgang - removed shared memory caching and added functions so that users of this crate can implement a preferred caching method thanks @ Wolfgang - split the crate into a `impl` and `default` feature so the `default` feature only includes the types and not the whole implementation changes since v2: - some minor formatting changes and move to `join` instead of `with_file_name` as that does seem to work as previously expected. proxmox: Shannon Sterz (7): access-control: add the proxmox-access crate to reuse acl trees access-control: define `User`, `UserWithTokens` and `ApiTokens` types access-control: make token shadow implementation re-usable access-control: factor out user config handling access: increment user cache generation when saving acl config access: move to flatten `User` into `UserWithToken` access-control: split crate in `default` and `impl` features Cargo.toml | 3 + proxmox-access-control/Cargo.toml | 42 + proxmox-access-control/src/acl.rs | 1006 +++++++++++++++++ .../src/cached_user_info.rs | 246 ++++ proxmox-access-control/src/init.rs | 123 ++ proxmox-access-control/src/lib.rs | 18 + proxmox-access-control/src/token_shadow.rs | 84 ++ proxmox-access-control/src/types.rs | 194 ++++ proxmox-access-control/src/user.rs | 180 +++ 9 files changed, 1896 insertions(+) create mode 100644 proxmox-access-control/Cargo.toml create mode 100644 proxmox-access-control/src/acl.rs create mode 100644 proxmox-access-control/src/cached_user_info.rs create mode 100644 proxmox-access-control/src/init.rs create mode 100644 proxmox-access-control/src/lib.rs create mode 100644 proxmox-access-control/src/token_shadow.rs create mode 100644 proxmox-access-control/src/types.rs create mode 100644 proxmox-access-control/src/user.rs Summary over all repositories: 9 files changed, 1896 insertions(+), 0 deletions(-) -- Generated by git-murpp 0.5.0 _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel