From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pbs-devel-bounces@lists.proxmox.com>
Received: from ronja.mits.lan
	by ronja.mits.lan with LMTP
	id EEybNfqqcmbWLwAAxxbTJA
	(envelope-from <pbs-devel-bounces@lists.proxmox.com>); Wed, 19 Jun 2024 11:55:06 +0200
Received: from proxmox-new.maurer-it.com (unknown [192.168.2.33])
	by ronja.mits.lan (Postfix) with ESMTPS id C87AFF63D90;
	Wed, 19 Jun 2024 11:55:06 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
	by proxmox-new.maurer-it.com (Proxmox) with ESMTP id AF12647C6B;
	Wed, 19 Jun 2024 11:55:06 +0200 (CEST)
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by proxmox-new.maurer-it.com (Proxmox) with ESMTPS;
	Wed, 19 Jun 2024 11:55:05 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 98DC417DE;
	Wed, 19 Jun 2024 11:55:05 +0200 (CEST)
From: Shannon Sterz <s.sterz@proxmox.com>
To: pbs-devel@lists.proxmox.com
Date: Wed, 19 Jun 2024 11:54:11 +0200
Message-Id: <20240619095418.126368-1-s.sterz@proxmox.com>
X-Mailer: git-send-email 2.39.2
MIME-Version: 1.0
Subject: [pbs-devel] [PATCH proxmox v3 0/7] add proxmox-access-control crate
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox Backup Server development discussion
 <pbs-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pbs-devel-bounces@lists.proxmox.com
Sender: "pbs-devel" <pbs-devel-bounces@lists.proxmox.com>
X-SPAM-LEVEL: Spam detection results:  0
	DMARC_MISSING             0.1 Missing DMARC policy
	KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
	KAM_LAZY_DOMAIN_SECURITY      1 Sending domain does not have any anti-forgery methods
	MAILING_LIST_MULTI         -2 Multiple indicators imply a widely-seen list manager
	RCVD_IN_DNSWL_MED        -2.3 Sender listed at https://www.dnswl.org/, medium trust
	SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
	SPF_NONE                0.001 SPF: sender does not publish an SPF Record
	T_SCC_BODY_TEXT_LINE    -0.01 -

this series intends to add a crate that factors out most parts of
proxmox backup server's access control handling. it does so by
introducing a trait called `AccessControlConfig` that defines the
privileges, roles, superuser, groups, caching method, admin- and
no-access-roles for a product.

this trait is to be implemented by the users of this crate and passed to
an `init` function alongside the path to a directory that will contain
all relevant config files.

changes since v1:

- rename from `proxmox-access` to `proxmox-access-control` thanks @
  Thomas
- rename `AcmConfig` to `AccessControlConfig`
- flatten `User` into `UserWithToken` thanks @ Wolfgang
- adjust some visibility modifiers thanks @ Wolfgang
- removed shared memory caching and added functions so that users of
  this crate can implement a preferred caching method thanks @ Wolfgang
- split the crate into a `impl` and `default` feature so the `default`
  feature only includes the types and not the whole implementation

changes since v2:

- some minor formatting changes and move to `join` instead of
  `with_file_name` as  that does seem to work as previously expected.

proxmox:

Shannon Sterz (7):
  access-control: add the proxmox-access crate to reuse acl trees
  access-control: define `User`, `UserWithTokens` and `ApiTokens` types
  access-control: make token shadow implementation re-usable
  access-control: factor out user config handling
  access: increment user cache generation when saving acl config
  access: move to flatten `User` into `UserWithToken`
  access-control: split crate in `default` and `impl` features

 Cargo.toml                                    |    3 +
 proxmox-access-control/Cargo.toml             |   42 +
 proxmox-access-control/src/acl.rs             | 1006 +++++++++++++++++
 .../src/cached_user_info.rs                   |  246 ++++
 proxmox-access-control/src/init.rs            |  123 ++
 proxmox-access-control/src/lib.rs             |   18 +
 proxmox-access-control/src/token_shadow.rs    |   84 ++
 proxmox-access-control/src/types.rs           |  194 ++++
 proxmox-access-control/src/user.rs            |  180 +++
 9 files changed, 1896 insertions(+)
 create mode 100644 proxmox-access-control/Cargo.toml
 create mode 100644 proxmox-access-control/src/acl.rs
 create mode 100644 proxmox-access-control/src/cached_user_info.rs
 create mode 100644 proxmox-access-control/src/init.rs
 create mode 100644 proxmox-access-control/src/lib.rs
 create mode 100644 proxmox-access-control/src/token_shadow.rs
 create mode 100644 proxmox-access-control/src/types.rs
 create mode 100644 proxmox-access-control/src/user.rs


Summary over all repositories:
  9 files changed, 1896 insertions(+), 0 deletions(-)

--
Generated by git-murpp 0.5.0


_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel