From e1d6be952005a3b9f2eba659f831254754304369 Mon Sep 17 00:00:00 2001 From: Mario Voigt Date: Tue, 25 Feb 2025 12:33:53 +0100 Subject: [PATCH] advance --print-default of bffhd --- bffhd/authorization/permissions.rs | 2 +- bffhd/authorization/roles.rs | 4 +- bffhd/config/dhall.rs | 136 ++++++++++++++++++++--------- 3 files changed, 99 insertions(+), 43 deletions(-) diff --git a/bffhd/authorization/permissions.rs b/bffhd/authorization/permissions.rs index 8360365..bfa0f23 100644 --- a/bffhd/authorization/permissions.rs +++ b/bffhd/authorization/permissions.rs @@ -32,7 +32,7 @@ pub struct PrivilegesBuf { // i.e. "bffh.perm" is not the same as "bffհ.реrm" (Armenian 'հ':Հ and Cyrillic 'е':Е) // See also https://util.unicode.org/UnicodeJsps/confusables.jsp pub struct PermissionBuf { - inner: String, + pub inner: String, } impl PermissionBuf { #[inline(always)] diff --git a/bffhd/authorization/roles.rs b/bffhd/authorization/roles.rs index ef9cb38..781813c 100644 --- a/bffhd/authorization/roles.rs +++ b/bffhd/authorization/roles.rs @@ -131,11 +131,11 @@ pub struct Role { /// This makes situations where different levels of access are required easier: Each higher /// level of access sets the lower levels of access as parent, inheriting their permission; if /// you are allowed to manage a machine you are then also allowed to use it and so on - parents: Vec, + pub parents: Vec, // If a role doesn't define permissions, default to an empty Vec. #[serde(default, skip_serializing_if = "Vec::is_empty")] - permissions: Vec, + pub permissions: Vec, } impl Role { diff --git a/bffhd/config/dhall.rs b/bffhd/config/dhall.rs index a871a61..262db61 100644 --- a/bffhd/config/dhall.rs +++ b/bffhd/config/dhall.rs @@ -5,7 +5,7 @@ use std::path::PathBuf; use serde::{Deserialize, Serialize}; -use crate::authorization::permissions::PrivilegesBuf; +use crate::authorization::permissions::{PermissionBuf, PrivilegesBuf, PermRule}; use crate::authorization::roles::Role; use crate::capnp::{Listen, TlsListen}; use crate::logging::LogConfig; @@ -60,28 +60,13 @@ pub struct MachineDescription { #[derive(Debug, Clone, Serialize, Deserialize)] pub struct Config { + pub spacename: String, + + pub instanceurl: String, + /// A list of address/port pairs to listen on. pub listens: Vec, - /// Machine descriptions to load - pub machines: HashMap, - - /// Actors to load and their configuration options - pub actors: HashMap, - - /// Initiators to load and their configuration options - pub initiators: HashMap, - - pub mqtt_url: String, - - pub actor_connections: Vec<(String, String)>, - pub init_connections: Vec<(String, String)>, - - pub db_path: PathBuf, - pub auditlog_path: PathBuf, - - pub roles: HashMap, - #[serde(flatten)] pub tlsconfig: TlsListen, @@ -94,9 +79,22 @@ pub struct Config { #[serde(default, skip)] pub logging: LogConfig, - pub spacename: String, + pub mqtt_url: String, + pub db_path: PathBuf, + pub auditlog_path: PathBuf, - pub instanceurl: String, + pub roles: HashMap, + + /// Machine descriptions to load + pub machines: HashMap, + + /// Actors to load and their configuration options + pub actors: HashMap, + pub actor_connections: Vec<(String, String)>, + + /// Initiators to load and their configuration options + pub initiators: HashMap, + pub init_connections: Vec<(String, String)>, } impl Config { @@ -123,50 +121,108 @@ impl Default for Config { fn default() -> Self { let mut actors: HashMap = HashMap::new(); let mut initiators: HashMap = HashMap::new(); - let machines = HashMap::new(); + let mut roles: HashMap = HashMap::new(); + let mut machines: HashMap = HashMap::new(); + + roles.insert( + "admin".to_string(), + Role { + parents: Vec::new(), + permissions: vec![ + PermRule::Base(PermissionBuf {inner: "bffh.users.info".to_string()}), + PermRule::Base(PermissionBuf {inner: "bffh.users.manage".to_string()}), + PermRule::Base(PermissionBuf {inner: "bffh.users.admin".to_string()}), + ] + } + ); + + roles.insert( + "member".to_string(), + Role { + parents: Vec::new(), + permissions: vec![ + PermRule::Base(PermissionBuf {inner: "lab.some.disclose".to_string()}), + PermRule::Base(PermissionBuf {inner: "lab.some.read".to_string()}), + PermRule::Base(PermissionBuf {inner: "lab.some.write".to_string()}), + PermRule::Base(PermissionBuf {inner: "lab.some.manage".to_string()}) + ] + } + ); + + machines.insert( + "resource_a".to_string(), + MachineDescription { + name: "Resource A".to_string(), + description: Option::from("Some description".to_string()), + wiki: Option::from("Some wiki url".to_string()), + category: Option::from("Some category".to_string()), + privs: PrivilegesBuf { + disclose: PermissionBuf {inner: "lab.some.disclose".to_string()}, + read: PermissionBuf {inner: "lab.some.read".to_string()}, + write: PermissionBuf {inner: "lab.some.write".to_string()}, + manage: PermissionBuf {inner: "lab.some.manage".to_string()}, + } + } + ); + + machines.insert( + "resource_b".to_string(), + MachineDescription { + name: "Resource B".to_string(), + description: Option::from("Some description".to_string()), + wiki: Option::from("Some wiki url".to_string()), + category: Option::from("Some category".to_string()), + privs: PrivilegesBuf { + disclose: PermissionBuf {inner: "lab.some.disclose".to_string()}, + read: PermissionBuf {inner: "lab.some.read".to_string()}, + write: PermissionBuf {inner: "lab.some.write".to_string()}, + manage: PermissionBuf {inner: "lab.some.manage".to_string()}, + } + } + ); actors.insert( - "Actor".to_string(), + "actor_123".to_string(), ModuleConfig { module: "Shelly".to_string(), params: HashMap::new(), }, ); + initiators.insert( - "Initiator".to_string(), + "initiator_123".to_string(), ModuleConfig { - module: "TCP-Listen".to_string(), + module: "Process".to_string(), params: HashMap::new(), }, ); Config { + spacename: "fabaccess.sample.space".into(), + instanceurl: "https://fabaccess.sample.space".into(), listens: vec![Listen { address: "127.0.0.1".to_string(), port: None, }], - actors, - initiators, - machines, - mqtt_url: "tcp://localhost:1883".to_string(), - actor_connections: vec![("Testmachine".to_string(), "Actor".to_string())], - init_connections: vec![("Initiator".to_string(), "Testmachine".to_string())], - - db_path: PathBuf::from("/var/lib/bffh/bffh.db"), - auditlog_path: PathBuf::from("/var/log/bffh/audit.json"), - roles: HashMap::new(), - tlsconfig: TlsListen { certfile: PathBuf::from("/etc/bffh/certs/bffh.crt"), keyfile: PathBuf::from("/etc/bffh/certs/bffh.key"), ..Default::default() }, - tlskeylog: None, verbosity: 0, logging: LogConfig::default(), - instanceurl: "".into(), - spacename: "".into(), + mqtt_url: "mqtt://127.0.0.1:1883".to_string(), + db_path: PathBuf::from("/var/lib/bffh/bffh.db"), + auditlog_path: PathBuf::from("/var/log/bffh/audit.json"), + roles, + machines, + actors, + actor_connections: vec![("actor_123".to_string(), "resource_a".to_string())], + initiators, + init_connections: vec![("initiator_123".to_string(), "resource_b".to_string())], + + } } }