From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 5C7AE1FF38E for ; Tue, 11 Jun 2024 14:53:21 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id AF63F36E76; Tue, 11 Jun 2024 14:53:56 +0200 (CEST) Date: Tue, 11 Jun 2024 14:53:53 +0200 From: Wolfgang Bumiller To: Shannon Sterz Message-ID: References: <20240610154214.356689-1-s.sterz@proxmox.com> <20240610154214.356689-2-s.sterz@proxmox.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20240610154214.356689-2-s.sterz@proxmox.com> X-SPAM-LEVEL: Spam detection results: 0 AWL 0.094 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [lib.rs, init.rs] Subject: Re: [pbs-devel] [PATCH proxmox 1/5] access: add the proxmox-access crate to reuse acl trees X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Cc: pbs-devel@lists.proxmox.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" On Mon, Jun 10, 2024 at 05:42:10PM GMT, Shannon Sterz wrote: > diff --git a/proxmox-access/src/init.rs b/proxmox-access/src/init.rs > new file mode 100644 > index 00000000..71f2f8fc > --- /dev/null > +++ b/proxmox-access/src/init.rs > @@ -0,0 +1,73 @@ > +use anyhow::{format_err, Error}; > +use std::{ > + collections::HashMap, > + path::{Path, PathBuf}, > + sync::OnceLock, > +}; > + > +static ACM_CONF: OnceLock<&'static dyn AcmConfig> = OnceLock::new(); > +static ACM_CONF_DIR: OnceLock = OnceLock::new(); > + > +/// This trait specifies the functions a product needs to implement to get ACL tree based access > +/// control management from this plugin. > +pub trait AcmConfig: Send + Sync { This is a terrible name ;-) Given the methods defined here, we could just call it `RoleSetup`? > + /// Returns a mapping of all recognized roles and their corresponding `u64` value. > + fn roles(&self) -> &HashMap<&str, u64>; > + > + /// Optionally returns a role that has no access to any resource. > + /// > + /// Default: Returns `None`. > + fn role_no_access(&self) -> Option<&str> { > + None > + } > + > + /// Optionally returns a role that is allowed to access all resources. > + /// > + /// Default: Returns `None`. > + fn role_admin(&self) -> Option<&str> { > + None > + } > +} > + > +pub fn init>( > + acm_config: &'static dyn AcmConfig, > + config_dir: P, > +) -> Result<(), Error> { > + init_acm_config(acm_config)?; > + init_acm_config_dir(config_dir) > +} > + > +pub fn init_acm_config_dir>(config_dir: P) -> Result<(), Error> { ^ pub(crate) ? > + ACM_CONF_DIR > + .set(config_dir.as_ref().to_owned()) > + .map_err(|_e| format_err!("cannot initialize acl tree config twice!")) > +} > + > +pub(crate) fn init_acm_config(config: &'static dyn AcmConfig) -> Result<(), Error> { > + ACM_CONF > + .set(config) > + .map_err(|_e| format_err!("cannot initialize acl tree config twice!")) > +} > + > + > +pub(crate) fn acm_conf() -> &'static dyn AcmConfig { > + *ACM_CONF > + .get() > + .expect("please initialize the acm config before using it!") > +} > + > + > +fn conf_dir() -> &'static PathBuf { > + ACM_CONF_DIR > + .get() > + .expect("please initialize acm config dir before using it!") > +} > + > +pub(crate) fn acl_config() -> PathBuf { > + conf_dir().with_file_name("acl.cfg") > +} > + > +pub(crate) fn acl_config_lock() -> PathBuf { > + conf_dir().with_file_name(".acl.lck") > +} > + > diff --git a/proxmox-access/src/lib.rs b/proxmox-access/src/lib.rs > new file mode 100644 > index 00000000..8ad2c83d > --- /dev/null > +++ b/proxmox-access/src/lib.rs > @@ -0,0 +1,2 @@ > +pub mod acl; > +pub mod init; > -- > 2.39.2 _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel