FabInfra-Mirror/bffh
1
0
Fork 0
mirror of https://gitlab.com/fabinfra/fabaccess/bffh.git synced 2025-03-12 16:11:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

--print-default adjustments

Browse Source
This commit is contained in:
Mario Voigt 2025-03-10 22:59:08 +01:00
parent de0deaa638
commit 40f3747eb6
5 changed files with 182 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
bffhd/actors/mod.rs
View File

@ -258,12 +258,16 @@ pub fn load(
.compat(), .compat(),
); );
let mut actor_map: HashMap<String, _> = config let mut actor_connections_data_vec: Vec<(String, String)> = vec![];
.actor_connections for actor_connection in config.actor_connections.clone().into_iter() {
actor_connections_data_vec.push((actor_connection.machine, actor_connection.actor));
}
let mut actor_map: HashMap<String, _> = actor_connections_data_vec
.iter() .iter()
.filter_map(|(k, v)| { .filter_map(|(k, v)| {
if let Some(resource) = resources.get_by_id(v) { if let Some(resource) = resources.get_by_id(k) {
Some((k.clone(), resource.get_signal())) Some((v.clone(), resource.get_signal()))
} else { } else {
tracing::error!(actor=%k, machine=%v, "Machine configured for actor not found!"); tracing::error!(actor=%k, machine=%v, "Machine configured for actor not found!");
None None

2
bffhd/authorization/permissions.rs
View File

@ -32,7 +32,7 @@ pub struct PrivilegesBuf {
// i.e. "bffh.perm" is not the same as "bffհ.реrm" (Armenian 'հ':Հ and Cyrillic 'е':Е) // i.e. "bffh.perm" is not the same as "bffհ.реrm" (Armenian 'հ':Հ and Cyrillic 'е':Е)
// See also https://util.unicode.org/UnicodeJsps/confusables.jsp // See also https://util.unicode.org/UnicodeJsps/confusables.jsp
pub struct PermissionBuf { pub struct PermissionBuf {
inner: String, pub inner: String,
} }
impl PermissionBuf { impl PermissionBuf {
#[inline(always)] #[inline(always)]

4
bffhd/authorization/roles.rs
View File

@ -131,11 +131,11 @@ pub struct Role {
/// This makes situations where different levels of access are required easier: Each higher /// This makes situations where different levels of access are required easier: Each higher
/// level of access sets the lower levels of access as parent, inheriting their permission; if /// level of access sets the lower levels of access as parent, inheriting their permission; if
/// you are allowed to manage a machine you are then also allowed to use it and so on /// you are allowed to manage a machine you are then also allowed to use it and so on
parents: Vec<String>, pub parents: Vec<String>,
// If a role doesn't define permissions, default to an empty Vec. // If a role doesn't define permissions, default to an empty Vec.
#[serde(default, skip_serializing_if = "Vec::is_empty")] #[serde(default, skip_serializing_if = "Vec::is_empty")]
permissions: Vec<PermRule>, pub permissions: Vec<PermRule>,
} }
impl Role { impl Role {

211
bffhd/config/dhall.rs
View File

@ -5,7 +5,7 @@ use std::path::PathBuf;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use crate::authorization::permissions::PrivilegesBuf; use crate::authorization::permissions::{PermRule, PermissionBuf, PrivilegesBuf};
use crate::authorization::roles::Role; use crate::authorization::roles::Role;
use crate::capnp::{Listen, TlsListen}; use crate::capnp::{Listen, TlsListen};
use crate::logging::LogConfig; use crate::logging::LogConfig;
@ -57,11 +57,7 @@ pub struct MachineDescription {
#[serde(flatten)] #[serde(flatten)]
pub privs: PrivilegesBuf, pub privs: PrivilegesBuf,
#[serde( #[serde(default = "default_prodable", skip_serializing_if = "bool_is_false", deserialize_with = "deser_bool")]
default = "default_prodable",
skip_serializing_if = "bool_is_false",
deserialize_with = "deser_bool"
)]
pub prodable: bool, pub prodable: bool,
} }
@ -74,28 +70,13 @@ fn bool_is_false(b: &bool) -> bool {
#[derive(Debug, Clone, Serialize, Deserialize)] #[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Config { pub struct Config {
pub spacename: String,
pub instanceurl: String,
/// A list of address/port pairs to listen on. /// A list of address/port pairs to listen on.
pub listens: Vec<Listen>, pub listens: Vec<Listen>,
/// Machine descriptions to load
pub machines: HashMap<String, MachineDescription>,
/// Actors to load and their configuration options
pub actors: HashMap<String, ModuleConfig>,
/// Initiators to load and their configuration options
pub initiators: HashMap<String, ModuleConfig>,
pub mqtt_url: String,
pub actor_connections: Vec<(String, String)>,
pub init_connections: Vec<(String, String)>,
pub db_path: PathBuf,
pub auditlog_path: PathBuf,
pub roles: HashMap<String, Role>,
#[serde(flatten)] #[serde(flatten)]
pub tlsconfig: TlsListen, pub tlsconfig: TlsListen,
@ -108,9 +89,22 @@ pub struct Config {
#[serde(default, skip)] #[serde(default, skip)]
pub logging: LogConfig, pub logging: LogConfig,
pub spacename: String, pub mqtt_url: String,
pub db_path: PathBuf,
pub auditlog_path: PathBuf,
pub instanceurl: String, pub roles: HashMap<String, Role>,
/// Machine descriptions to load
pub machines: HashMap<String, MachineDescription>,
/// Actors to load and their configuration options
pub actors: HashMap<String, ModuleConfig>,
pub actor_connections: Vec<ActorConnectionConfig>,
/// Initiators to load and their configuration options
pub initiators: HashMap<String, ModuleConfig>,
pub init_connections: Vec<InitiatorConnectionConfig>,
} }
impl Config { impl Config {
@ -125,6 +119,24 @@ pub struct ModuleConfig {
pub params: HashMap<String, String>, pub params: HashMap<String, String>,
} }
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ParamsConfig {
pub module: String,
pub params: Vec<String>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ActorConnectionConfig {
pub machine: String,
pub actor: String,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct InitiatorConnectionConfig {
pub machine: String,
pub initiator: String,
}
fn deser_bool<'de, D>(d: D) -> Result<bool, D::Error> fn deser_bool<'de, D>(d: D) -> Result<bool, D::Error>
where where
D: serde::Deserializer<'de>, D: serde::Deserializer<'de>,
@ -144,50 +156,153 @@ impl Default for Config {
fn default() -> Self { fn default() -> Self {
let mut actors: HashMap<String, ModuleConfig> = HashMap::new(); let mut actors: HashMap<String, ModuleConfig> = HashMap::new();
let mut initiators: HashMap<String, ModuleConfig> = HashMap::new(); let mut initiators: HashMap<String, ModuleConfig> = HashMap::new();
let machines = HashMap::new(); let mut roles: HashMap<String, Role> = HashMap::new();
let mut machines: HashMap<String, MachineDescription> = HashMap::new();
let mut initiator_123_params: HashMap<String, String> = HashMap::new();
initiator_123_params.insert("args".to_string(), "".to_string());
initiator_123_params.insert("cmd".to_string(), "echo".to_string());
let actor_connections_vec: Vec<ActorConnectionConfig> = vec![ActorConnectionConfig {
machine: "resource_a".to_string(),
actor: "actor_123".to_string(),
}];
let initiator_connections_vec: Vec<InitiatorConnectionConfig> =
vec![InitiatorConnectionConfig {
machine: "resource_a".to_string(),
initiator: "initiator_123".to_string(),
}];
roles.insert(
"admin".to_string(),
Role {
parents: Vec::new(),
permissions: vec![
PermRule::Base(PermissionBuf {
inner: "bffh.users.info".to_string(),
}),
PermRule::Base(PermissionBuf {
inner: "bffh.users.manage".to_string(),
}),
PermRule::Base(PermissionBuf {
inner: "bffh.users.admin".to_string(),
}),
],
},
);
roles.insert(
"member".to_string(),
Role {
parents: Vec::new(),
permissions: vec![
PermRule::Base(PermissionBuf {
inner: "lab.some.disclose".to_string(),
}),
PermRule::Base(PermissionBuf {
inner: "lab.some.read".to_string(),
}),
PermRule::Base(PermissionBuf {
inner: "lab.some.write".to_string(),
}),
PermRule::Base(PermissionBuf {
inner: "lab.some.manage".to_string(),
}),
],
},
);
machines.insert(
"resource_a".to_string(),
MachineDescription {
name: "Resource A".to_string(),
description: Option::from("A description".to_string()),
wiki: Option::from("https://some.wiki.url".to_string()),
category: Option::from("A category".to_string()),
prodable: true,
privs: PrivilegesBuf {
disclose: PermissionBuf {
inner: "lab.some.disclose".to_string(),
},
read: PermissionBuf {
inner: "lab.some.read".to_string(),
},
write: PermissionBuf {
inner: "lab.some.write".to_string(),
},
manage: PermissionBuf {
inner: "lab.some.manage".to_string(),
},
},
},
);
machines.insert(
"resource_b".to_string(),
MachineDescription {
name: "Resource B".to_string(),
description: Option::from("A description".to_string()),
wiki: Option::from("https://some.wiki.url".to_string()),
category: Option::from("A category".to_string()),
prodable: false,
privs: PrivilegesBuf {
disclose: PermissionBuf {
inner: "lab.some.disclose".to_string(),
},
read: PermissionBuf {
inner: "lab.some.read".to_string(),
},
write: PermissionBuf {
inner: "lab.some.write".to_string(),
},
manage: PermissionBuf {
inner: "lab.some.manage".to_string(),
},
},
},
);
actors.insert( actors.insert(
"Actor".to_string(), "actor_123".to_string(),
ModuleConfig { ModuleConfig {
module: "Shelly".to_string(), module: "Shelly".to_string(),
params: HashMap::new(), params: HashMap::new(),
}, },
); );
initiators.insert( initiators.insert(
"Initiator".to_string(), "initiator_123".to_string(),
ModuleConfig { ModuleConfig {
module: "TCP-Listen".to_string(), module: "Process".to_string(),
params: HashMap::new(), params: initiator_123_params,
}, },
); );
Config { Config {
spacename: "fabaccess.sample.space".into(),
instanceurl: "https://fabaccess.sample.space".into(),
listens: vec![Listen { listens: vec![Listen {
address: "127.0.0.1".to_string(), address: "127.0.0.1".to_string(),
port: None, port: None,
}], }],
actors,
initiators,
machines,
mqtt_url: "tcp://localhost:1883".to_string(),
actor_connections: vec![("Testmachine".to_string(), "Actor".to_string())],
init_connections: vec![("Initiator".to_string(), "Testmachine".to_string())],
db_path: PathBuf::from("/run/bffh/database"),
auditlog_path: PathBuf::from("/var/log/bffh/audit.log"),
roles: HashMap::new(),
tlsconfig: TlsListen { tlsconfig: TlsListen {
certfile: PathBuf::from("./bffh.crt"), certfile: PathBuf::from("/etc/bffh/certs/bffh.crt"),
keyfile: PathBuf::from("./bffh.key"), keyfile: PathBuf::from("/etc/bffh/certs/bffh.key"),
..Default::default() ..Default::default()
}, },
tlskeylog: None, tlskeylog: None,
verbosity: 0, verbosity: 0,
logging: LogConfig::default(), logging: LogConfig::default(),
instanceurl: "".into(), mqtt_url: "mqtt://127.0.0.1:1883".to_string(),
spacename: "".into(), db_path: PathBuf::from("/var/lib/bffh/bffh.db"),
auditlog_path: PathBuf::from("/var/log/bffh/audit.json"),
roles,
machines,
actors,
actor_connections: actor_connections_vec,
initiators,
init_connections: initiator_connections_vec,
} }
} }
} }

12
bffhd/initiators/mod.rs
View File

@ -103,12 +103,16 @@ pub fn load(
let span = tracing::info_span!("loading initiators"); let span = tracing::info_span!("loading initiators");
let _guard = span.enter(); let _guard = span.enter();
let mut initiator_map: HashMap<String, Resource> = config let mut init_connections_data_vec: Vec<(String, String)> = vec![];
.init_connections for init_connection in config.init_connections.clone().into_iter() {
init_connections_data_vec.push((init_connection.machine, init_connection.initiator));
}
let mut initiator_map: HashMap<String, Resource> = init_connections_data_vec
.iter() .iter()
.filter_map(|(k, v)| { .filter_map(|(k, v)| {
if let Some(resource) = resources.get_by_id(v) { if let Some(resource) = resources.get_by_id(k) {
Some((k.clone(), resource.clone())) Some((v.clone(), resource.clone()))
} else { } else {
tracing::error!(initiator=%k, machine=%v, tracing::error!(initiator=%k, machine=%v,
"Machine configured for initiator not found!"); "Machine configured for initiator not found!");