FabInfra-Mirror/bffh
1
0
Fork 0
mirror of https://gitlab.com/fabinfra/fabaccess/bffh.git synced 2025-04-19 18:56:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

advance --print-default of bffhd

Browse Source
This commit is contained in:
Mario Voigt 2025-02-25 12:33:53 +01:00
parent ffb3b7bd5a
commit e1d6be9520
3 changed files with 99 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bffhd/authorization/permissions.rs
View File

@ -32,7 +32,7 @@ pub struct PrivilegesBuf {
// i.e. "bffh.perm" is not the same as "bffհ.реrm" (Armenian 'հ':Հ and Cyrillic 'е':Е) // i.e. "bffh.perm" is not the same as "bffհ.реrm" (Armenian 'հ':Հ and Cyrillic 'е':Е)
// See also https://util.unicode.org/UnicodeJsps/confusables.jsp // See also https://util.unicode.org/UnicodeJsps/confusables.jsp
pub struct PermissionBuf { pub struct PermissionBuf {
inner: String, pub inner: String,
} }
impl PermissionBuf { impl PermissionBuf {
#[inline(always)] #[inline(always)]

4
bffhd/authorization/roles.rs
View File

@ -131,11 +131,11 @@ pub struct Role {
/// This makes situations where different levels of access are required easier: Each higher /// This makes situations where different levels of access are required easier: Each higher
/// level of access sets the lower levels of access as parent, inheriting their permission; if /// level of access sets the lower levels of access as parent, inheriting their permission; if
/// you are allowed to manage a machine you are then also allowed to use it and so on /// you are allowed to manage a machine you are then also allowed to use it and so on
parents: Vec<String>, pub parents: Vec<String>,
// If a role doesn't define permissions, default to an empty Vec. // If a role doesn't define permissions, default to an empty Vec.
#[serde(default, skip_serializing_if = "Vec::is_empty")] #[serde(default, skip_serializing_if = "Vec::is_empty")]
permissions: Vec<PermRule>, pub permissions: Vec<PermRule>,
} }
impl Role { impl Role {

136
bffhd/config/dhall.rs
View File

@ -5,7 +5,7 @@ use std::path::PathBuf;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use crate::authorization::permissions::PrivilegesBuf; use crate::authorization::permissions::{PermissionBuf, PrivilegesBuf, PermRule};
use crate::authorization::roles::Role; use crate::authorization::roles::Role;
use crate::capnp::{Listen, TlsListen}; use crate::capnp::{Listen, TlsListen};
use crate::logging::LogConfig; use crate::logging::LogConfig;
@ -60,28 +60,13 @@ pub struct MachineDescription {
#[derive(Debug, Clone, Serialize, Deserialize)] #[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Config { pub struct Config {
pub spacename: String,
pub instanceurl: String,
/// A list of address/port pairs to listen on. /// A list of address/port pairs to listen on.
pub listens: Vec<Listen>, pub listens: Vec<Listen>,
/// Machine descriptions to load
pub machines: HashMap<String, MachineDescription>,
/// Actors to load and their configuration options
pub actors: HashMap<String, ModuleConfig>,
/// Initiators to load and their configuration options
pub initiators: HashMap<String, ModuleConfig>,
pub mqtt_url: String,
pub actor_connections: Vec<(String, String)>,
pub init_connections: Vec<(String, String)>,
pub db_path: PathBuf,
pub auditlog_path: PathBuf,
pub roles: HashMap<String, Role>,
#[serde(flatten)] #[serde(flatten)]
pub tlsconfig: TlsListen, pub tlsconfig: TlsListen,
@ -94,9 +79,22 @@ pub struct Config {
#[serde(default, skip)] #[serde(default, skip)]
pub logging: LogConfig, pub logging: LogConfig,
pub spacename: String, pub mqtt_url: String,
pub db_path: PathBuf,
pub auditlog_path: PathBuf,
pub instanceurl: String, pub roles: HashMap<String, Role>,
/// Machine descriptions to load
pub machines: HashMap<String, MachineDescription>,
/// Actors to load and their configuration options
pub actors: HashMap<String, ModuleConfig>,
pub actor_connections: Vec<(String, String)>,
/// Initiators to load and their configuration options
pub initiators: HashMap<String, ModuleConfig>,
pub init_connections: Vec<(String, String)>,
} }
impl Config { impl Config {
@ -123,50 +121,108 @@ impl Default for Config {
fn default() -> Self { fn default() -> Self {
let mut actors: HashMap<String, ModuleConfig> = HashMap::new(); let mut actors: HashMap<String, ModuleConfig> = HashMap::new();
let mut initiators: HashMap<String, ModuleConfig> = HashMap::new(); let mut initiators: HashMap<String, ModuleConfig> = HashMap::new();
let machines = HashMap::new(); let mut roles: HashMap<String, Role> = HashMap::new();
let mut machines: HashMap<String, MachineDescription> = HashMap::new();
roles.insert(
"admin".to_string(),
Role {
parents: Vec::new(),
permissions: vec![
PermRule::Base(PermissionBuf {inner: "bffh.users.info".to_string()}),
PermRule::Base(PermissionBuf {inner: "bffh.users.manage".to_string()}),
PermRule::Base(PermissionBuf {inner: "bffh.users.admin".to_string()}),
]
}
);
roles.insert(
"member".to_string(),
Role {
parents: Vec::new(),
permissions: vec![
PermRule::Base(PermissionBuf {inner: "lab.some.disclose".to_string()}),
PermRule::Base(PermissionBuf {inner: "lab.some.read".to_string()}),
PermRule::Base(PermissionBuf {inner: "lab.some.write".to_string()}),
PermRule::Base(PermissionBuf {inner: "lab.some.manage".to_string()})
]
}
);
machines.insert(
"resource_a".to_string(),
MachineDescription {
name: "Resource A".to_string(),
description: Option::from("Some description".to_string()),
wiki: Option::from("Some wiki url".to_string()),
category: Option::from("Some category".to_string()),
privs: PrivilegesBuf {
disclose: PermissionBuf {inner: "lab.some.disclose".to_string()},
read: PermissionBuf {inner: "lab.some.read".to_string()},
write: PermissionBuf {inner: "lab.some.write".to_string()},
manage: PermissionBuf {inner: "lab.some.manage".to_string()},
}
}
);
machines.insert(
"resource_b".to_string(),
MachineDescription {
name: "Resource B".to_string(),
description: Option::from("Some description".to_string()),
wiki: Option::from("Some wiki url".to_string()),
category: Option::from("Some category".to_string()),
privs: PrivilegesBuf {
disclose: PermissionBuf {inner: "lab.some.disclose".to_string()},
read: PermissionBuf {inner: "lab.some.read".to_string()},
write: PermissionBuf {inner: "lab.some.write".to_string()},
manage: PermissionBuf {inner: "lab.some.manage".to_string()},
}
}
);
actors.insert( actors.insert(
"Actor".to_string(), "actor_123".to_string(),
ModuleConfig { ModuleConfig {
module: "Shelly".to_string(), module: "Shelly".to_string(),
params: HashMap::new(), params: HashMap::new(),
}, },
); );
initiators.insert( initiators.insert(
"Initiator".to_string(), "initiator_123".to_string(),
ModuleConfig { ModuleConfig {
module: "TCP-Listen".to_string(), module: "Process".to_string(),
params: HashMap::new(), params: HashMap::new(),
}, },
); );
Config { Config {
spacename: "fabaccess.sample.space".into(),
instanceurl: "https://fabaccess.sample.space".into(),
listens: vec![Listen { listens: vec![Listen {
address: "127.0.0.1".to_string(), address: "127.0.0.1".to_string(),
port: None, port: None,
}], }],
actors,
initiators,
machines,
mqtt_url: "tcp://localhost:1883".to_string(),
actor_connections: vec![("Testmachine".to_string(), "Actor".to_string())],
init_connections: vec![("Initiator".to_string(), "Testmachine".to_string())],
db_path: PathBuf::from("/var/lib/bffh/bffh.db"),
auditlog_path: PathBuf::from("/var/log/bffh/audit.json"),
roles: HashMap::new(),
tlsconfig: TlsListen { tlsconfig: TlsListen {
certfile: PathBuf::from("/etc/bffh/certs/bffh.crt"), certfile: PathBuf::from("/etc/bffh/certs/bffh.crt"),
keyfile: PathBuf::from("/etc/bffh/certs/bffh.key"), keyfile: PathBuf::from("/etc/bffh/certs/bffh.key"),
..Default::default() ..Default::default()
}, },
tlskeylog: None, tlskeylog: None,
verbosity: 0, verbosity: 0,
logging: LogConfig::default(), logging: LogConfig::default(),
instanceurl: "".into(), mqtt_url: "mqtt://127.0.0.1:1883".to_string(),
spacename: "".into(), db_path: PathBuf::from("/var/lib/bffh/bffh.db"),
auditlog_path: PathBuf::from("/var/log/bffh/audit.json"),
roles,
machines,
actors,
actor_connections: vec![("actor_123".to_string(), "resource_a".to_string())],
initiators,
init_connections: vec![("initiator_123".to_string(), "resource_b".to_string())],
} }
} }
} }