mirror of
https://gitlab.com/fabinfra/fabaccess/bffh.git
synced 2024-11-25 08:07:57 +01:00
Schema update
This commit is contained in:
parent
2547d02841
commit
a4ce1bd28f
@ -39,6 +39,8 @@ interface Diflouroborane {
|
|||||||
machines @2 () -> ( mach :Machines );
|
machines @2 () -> ( mach :Machines );
|
||||||
# Diflouroborane stores machine¹ information in an opaque internal database. This interface is
|
# Diflouroborane stores machine¹ information in an opaque internal database. This interface is
|
||||||
# the only stable process of modifying that information
|
# the only stable process of modifying that information
|
||||||
|
|
||||||
|
# TODO Capability transfer system, required for machine takeover, session resumption.
|
||||||
}
|
}
|
||||||
|
|
||||||
struct Maybe(Value) {
|
struct Maybe(Value) {
|
||||||
@ -61,18 +63,6 @@ struct Either(Left, Right) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
struct Machine {
|
|
||||||
name @0 :Text;
|
|
||||||
location @1 :Text;
|
|
||||||
status @2 :Status;
|
|
||||||
}
|
|
||||||
|
|
||||||
enum Status {
|
|
||||||
free @0;
|
|
||||||
occupied @1;
|
|
||||||
blocked @2;
|
|
||||||
}
|
|
||||||
|
|
||||||
struct UUID {
|
struct UUID {
|
||||||
lsg @0 :UInt64; # least significant
|
lsg @0 :UInt64; # least significant
|
||||||
msg @1 :UInt64; # most significant
|
msg @1 :UInt64; # most significant
|
||||||
|
@ -5,6 +5,15 @@ use casbin::prelude::*;
|
|||||||
|
|
||||||
use super::config::Config;
|
use super::config::Config;
|
||||||
|
|
||||||
|
use crate::api::api;
|
||||||
|
|
||||||
|
#[derive(Clone)]
|
||||||
|
pub struct Permissions;
|
||||||
|
|
||||||
|
impl api::permissions::Server for Permissions {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
/// This line documents init
|
/// This line documents init
|
||||||
pub async fn init(config: &Config) -> Result<Enforcer, Box<dyn std::error::Error>> {
|
pub async fn init(config: &Config) -> Result<Enforcer, Box<dyn std::error::Error>> {
|
||||||
let model = Model::from_file(config.access.model.clone()).await?;
|
let model = Model::from_file(config.access.model.clone()).await?;
|
||||||
|
110
src/api.rs
110
src/api.rs
@ -1,6 +1,6 @@
|
|||||||
// module needs to be top level for generated functions to be in scope:
|
// module needs to be top level for generated functions to be in scope:
|
||||||
// https://github.com/capnproto/capnproto-rust/issues/16
|
// https://github.com/capnproto/capnproto-rust/issues/16
|
||||||
pub(crate) mod api {
|
pub mod api {
|
||||||
include!(concat!(env!("OUT_DIR"), "/schema/api_capnp.rs"));
|
include!(concat!(env!("OUT_DIR"), "/schema/api_capnp.rs"));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -11,10 +11,12 @@ use futures_signals::signal::Mutable;
|
|||||||
use casbin::Enforcer;
|
use casbin::Enforcer;
|
||||||
use casbin::MgmtApi;
|
use casbin::MgmtApi;
|
||||||
|
|
||||||
use crate::machine::{MachineDB, Machine, Status, save};
|
use crate::machine::Machines;
|
||||||
use crate::auth::Authentication;
|
use crate::auth::Authentication;
|
||||||
|
use crate::access::Permissions;
|
||||||
|
|
||||||
use capnp::{Error};
|
use capnp::{Error};
|
||||||
|
use capnp::capability::Promise;
|
||||||
use capnp_rpc::RpcSystem;
|
use capnp_rpc::RpcSystem;
|
||||||
use capnp_rpc::twoparty::VatNetwork;
|
use capnp_rpc::twoparty::VatNetwork;
|
||||||
use capnp_rpc::rpc_twoparty_capnp::Side;
|
use capnp_rpc::rpc_twoparty_capnp::Side;
|
||||||
@ -24,11 +26,10 @@ use api::diflouroborane;
|
|||||||
pub fn init() {
|
pub fn init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn process_socket(e: Mutable<Enforcer>, m: Mutable<MachineDB>, a: Authentication, socket: TcpStream)
|
pub async fn process_socket(auth: Authentication, perm: Permissions, mach: Machines, socket: TcpStream)
|
||||||
-> Result<(), Error>
|
-> Result<(), Error>
|
||||||
{
|
{
|
||||||
let auth = api::authentication::ToClient::new(a).into_client::<capnp_rpc::Server>();
|
let api = Api { auth, perm, mach };
|
||||||
let api = Api { e, m, auth };
|
|
||||||
let a = api::diflouroborane::ToClient::new(api).into_client::<capnp_rpc::Server>();
|
let a = api::diflouroborane::ToClient::new(api).into_client::<capnp_rpc::Server>();
|
||||||
let netw = VatNetwork::new(socket.clone(), socket, Side::Server, Default::default());
|
let netw = VatNetwork::new(socket.clone(), socket, Side::Server, Default::default());
|
||||||
let rpc = RpcSystem::new(Box::new(netw), Some(a.clone().client));
|
let rpc = RpcSystem::new(Box::new(netw), Some(a.clone().client));
|
||||||
@ -36,79 +37,42 @@ pub async fn process_socket(e: Mutable<Enforcer>, m: Mutable<MachineDB>, a: Auth
|
|||||||
}
|
}
|
||||||
|
|
||||||
struct Api {
|
struct Api {
|
||||||
e: Mutable<Enforcer>,
|
auth: Authentication,
|
||||||
m: Mutable<MachineDB>,
|
perm: Permissions,
|
||||||
auth: api::authentication::Client,
|
mach: Machines,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl diflouroborane::Server for Api {
|
impl diflouroborane::Server for Api {
|
||||||
fn get_all_subjects(&mut self,
|
|
||||||
_params: api_capnp::bffh_admin::GetAllSubjectsParams,
|
|
||||||
mut results: api_capnp::bffh_admin::GetAllSubjectsResults)
|
|
||||||
-> ::capnp::capability::Promise<(), ::capnp::Error>
|
|
||||||
{
|
|
||||||
let subjs = self.e.lock_ref().get_all_subjects();
|
|
||||||
let mut b = results.get()
|
|
||||||
.init_subjects(subjs.len() as u32);
|
|
||||||
for (i, s) in subjs.into_iter().enumerate() {
|
|
||||||
let bldr = b.reborrow();
|
|
||||||
let mut sub = bldr.get(i as u32);
|
|
||||||
sub.set_id(&s);
|
|
||||||
sub.set_domain("");
|
|
||||||
}
|
|
||||||
|
|
||||||
::capnp::capability::Promise::ok(())
|
|
||||||
}
|
|
||||||
|
|
||||||
fn get_all_machines(&mut self,
|
|
||||||
_params: api_capnp::bffh_admin::GetAllMachinesParams,
|
|
||||||
mut results: api_capnp::bffh_admin::GetAllMachinesResults)
|
|
||||||
-> ::capnp::capability::Promise<(), ::capnp::Error>
|
|
||||||
{
|
|
||||||
let machs = self.m.lock_ref();
|
|
||||||
|
|
||||||
let mut b = results.get()
|
|
||||||
.init_machines(machs.len() as u32);
|
|
||||||
|
|
||||||
for (i, (name, m)) in machs.iter().enumerate() {
|
|
||||||
let bldr = b.reborrow();
|
|
||||||
let mut mach = bldr.get(i as u32);
|
|
||||||
mach.set_name(&name);
|
|
||||||
mach.set_location(&m.location);
|
|
||||||
mach.set_status(match m.status {
|
|
||||||
Status::Blocked => api_capnp::Status::Blocked,
|
|
||||||
Status::Free => api_capnp::Status::Free,
|
|
||||||
Status::Occupied => api_capnp::Status::Occupied,
|
|
||||||
});
|
|
||||||
}
|
|
||||||
::capnp::capability::Promise::ok(())
|
|
||||||
}
|
|
||||||
|
|
||||||
fn add_machine(&mut self,
|
|
||||||
params: api_capnp::bffh_admin::AddMachineParams,
|
|
||||||
mut results: api_capnp::bffh_admin::AddMachineResults)
|
|
||||||
-> ::capnp::capability::Promise<(), ::capnp::Error>
|
|
||||||
{
|
|
||||||
let params = pry!(params.get());
|
|
||||||
|
|
||||||
let name = pry!(params.get_name());
|
|
||||||
let location = pry!(params.get_location());
|
|
||||||
|
|
||||||
let m = Machine::new(location.to_string());
|
|
||||||
|
|
||||||
let mut mdb = self.m.lock_mut();
|
|
||||||
mdb.insert(name.to_string(), m);
|
|
||||||
|
|
||||||
::capnp::capability::Promise::ok(())
|
|
||||||
}
|
|
||||||
|
|
||||||
fn authentication(&mut self,
|
fn authentication(&mut self,
|
||||||
_params: api_capnp::bffh_admin::AuthenticationParams,
|
_params: diflouroborane::AuthenticationParams,
|
||||||
mut results: api_capnp::bffh_admin::AuthenticationResults)
|
mut results: diflouroborane::AuthenticationResults)
|
||||||
-> ::capnp::capability::Promise<(), ::capnp::Error>
|
-> Promise<(), Error>
|
||||||
{
|
{
|
||||||
let mut b = results.get();
|
let mut b = results.get();
|
||||||
b.set_auth(self.auth.clone());
|
let auth = api::authentication::ToClient::new(self.auth.clone()).into_client::<capnp_rpc::Server>();
|
||||||
::capnp::capability::Promise::ok(())
|
b.set_auth(auth);
|
||||||
|
Promise::ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
fn permissions(&mut self,
|
||||||
|
_params: diflouroborane::PermissionsParams,
|
||||||
|
mut results: diflouroborane::PermissionsResults)
|
||||||
|
-> Promise<(), Error>
|
||||||
|
{
|
||||||
|
let mut b = results.get();
|
||||||
|
let perm = api::permissions::ToClient::new(self.perm.clone()).into_client::<capnp_rpc::Server>();
|
||||||
|
b.set_perm(perm);
|
||||||
|
Promise::ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
fn machines(&mut self,
|
||||||
|
_params: diflouroborane::MachinesParams,
|
||||||
|
mut results: diflouroborane::MachinesResults)
|
||||||
|
-> Promise<(), Error>
|
||||||
|
{
|
||||||
|
let mut b = results.get();
|
||||||
|
let mach = api::machines::ToClient::new(self.mach.clone()).into_client::<capnp_rpc::Server>();
|
||||||
|
b.set_mach(mach);
|
||||||
|
Promise::ok(())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
26
src/auth.rs
26
src/auth.rs
@ -121,12 +121,12 @@ impl Authentication {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
use crate::api_capnp;
|
use crate::api::api;
|
||||||
|
|
||||||
impl api_capnp::authentication::Server for Authentication {
|
impl api::authentication::Server for Authentication {
|
||||||
fn available_mechanisms(&mut self,
|
fn available_mechanisms(&mut self,
|
||||||
_params: api_capnp::authentication::AvailableMechanismsParams,
|
_params: api::authentication::AvailableMechanismsParams,
|
||||||
mut results: api_capnp::authentication::AvailableMechanismsResults)
|
mut results: api::authentication::AvailableMechanismsResults)
|
||||||
-> ::capnp::capability::Promise<(), ::capnp::Error>
|
-> ::capnp::capability::Promise<(), ::capnp::Error>
|
||||||
{
|
{
|
||||||
let m = self.mechs();
|
let m = self.mechs();
|
||||||
@ -141,15 +141,15 @@ impl api_capnp::authentication::Server for Authentication {
|
|||||||
}
|
}
|
||||||
|
|
||||||
fn initialize_authentication(&mut self,
|
fn initialize_authentication(&mut self,
|
||||||
params: api_capnp::authentication::InitializeAuthenticationParams,
|
params: api::authentication::InitializeAuthenticationParams,
|
||||||
mut results: api_capnp::authentication::InitializeAuthenticationResults)
|
mut results: api::authentication::InitializeAuthenticationResults)
|
||||||
-> ::capnp::capability::Promise<(), ::capnp::Error>
|
-> ::capnp::capability::Promise<(), ::capnp::Error>
|
||||||
{
|
{
|
||||||
let params = pry!(params.get());
|
let params = pry!(params.get());
|
||||||
let mechanism = pry!(params.get_mechanism());
|
let mechanism = pry!(params.get_mechanism());
|
||||||
match mechanism {
|
match mechanism {
|
||||||
"PLAIN" => {
|
"PLAIN" => {
|
||||||
use api_capnp::maybe::Which;
|
use api::maybe::Which;
|
||||||
|
|
||||||
let data = pry!(params.get_initial_data());
|
let data = pry!(params.get_initial_data());
|
||||||
if let Ok(Which::Some(data)) = data.which() {
|
if let Ok(Which::Some(data)) = data.which() {
|
||||||
@ -165,7 +165,7 @@ impl api_capnp::authentication::Server for Authentication {
|
|||||||
results
|
results
|
||||||
.get()
|
.get()
|
||||||
.init_response()
|
.init_response()
|
||||||
.set_right(api_capnp::authentication::outcome::ToClient::new(outcome)
|
.set_right(api::authentication::outcome::ToClient::new(outcome)
|
||||||
.into_client::<::capnp_rpc::Server>()).unwrap();
|
.into_client::<::capnp_rpc::Server>()).unwrap();
|
||||||
}
|
}
|
||||||
::capnp::capability::Promise::ok(())
|
::capnp::capability::Promise::ok(())
|
||||||
@ -184,8 +184,8 @@ impl api_capnp::authentication::Server for Authentication {
|
|||||||
}
|
}
|
||||||
|
|
||||||
fn get_authzid(&mut self,
|
fn get_authzid(&mut self,
|
||||||
_params: api_capnp::authentication::GetAuthzidParams,
|
_params: api::authentication::GetAuthzidParams,
|
||||||
mut results: api_capnp::authentication::GetAuthzidResults)
|
mut results: api::authentication::GetAuthzidResults)
|
||||||
-> ::capnp::capability::Promise<(), ::capnp::Error>
|
-> ::capnp::capability::Promise<(), ::capnp::Error>
|
||||||
{
|
{
|
||||||
if let Some(zid) = &self.state {
|
if let Some(zid) = &self.state {
|
||||||
@ -207,10 +207,10 @@ impl Outcome {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl api_capnp::authentication::outcome::Server for Outcome {
|
impl api::authentication::outcome::Server for Outcome {
|
||||||
fn value(&mut self,
|
fn value(&mut self,
|
||||||
_params: api_capnp::authentication::outcome::ValueParams,
|
_params: api::authentication::outcome::ValueParams,
|
||||||
mut results: api_capnp::authentication::outcome::ValueResults)
|
mut results: api::authentication::outcome::ValueResults)
|
||||||
-> ::capnp::capability::Promise<(), ::capnp::Error>
|
-> ::capnp::capability::Promise<(), ::capnp::Error>
|
||||||
{
|
{
|
||||||
results.get().set_granted(self.value);
|
results.get().set_granted(self.value);
|
||||||
|
@ -11,6 +11,7 @@ use casbin::Enforcer;
|
|||||||
|
|
||||||
use crate::error::Result;
|
use crate::error::Result;
|
||||||
use crate::config::Config;
|
use crate::config::Config;
|
||||||
|
use crate::api::api;
|
||||||
|
|
||||||
/// Status of a Machine
|
/// Status of a Machine
|
||||||
#[derive(PartialEq, Eq, Debug, Serialize, Deserialize)]
|
#[derive(PartialEq, Eq, Debug, Serialize, Deserialize)]
|
||||||
@ -23,6 +24,13 @@ pub enum Status {
|
|||||||
Blocked,
|
Blocked,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[derive(Clone)]
|
||||||
|
pub struct Machines;
|
||||||
|
|
||||||
|
impl api::machines::Server for Machines {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
#[derive(PartialEq, Eq, Debug, Serialize, Deserialize)]
|
#[derive(PartialEq, Eq, Debug, Serialize, Deserialize)]
|
||||||
pub struct Machine {
|
pub struct Machine {
|
||||||
pub location: String,
|
pub location: String,
|
||||||
|
@ -15,7 +15,7 @@ mod machine;
|
|||||||
|
|
||||||
use std::ops::Deref;
|
use std::ops::Deref;
|
||||||
|
|
||||||
use api::api_capnp;
|
use api::api as api_capnp;
|
||||||
|
|
||||||
use futures::prelude::*;
|
use futures::prelude::*;
|
||||||
use futures_signals::signal::Mutable;
|
use futures_signals::signal::Mutable;
|
||||||
@ -45,9 +45,10 @@ fn main() {
|
|||||||
|
|
||||||
let p = auth::open_passdb(&config.passdb).unwrap();
|
let p = auth::open_passdb(&config.passdb).unwrap();
|
||||||
let p = Mutable::new(p);
|
let p = Mutable::new(p);
|
||||||
let a = auth::Authentication::new(p, enf.clone());
|
let auth = auth::Authentication::new(p, enf.clone());
|
||||||
|
|
||||||
|
|
||||||
|
let perm = access::Permissions;
|
||||||
|
let mach = machine::Machines;
|
||||||
|
|
||||||
use std::net::ToSocketAddrs;
|
use std::net::ToSocketAddrs;
|
||||||
let args: Vec<String> = ::std::env::args().collect();
|
let args: Vec<String> = ::std::env::args().collect();
|
||||||
@ -65,7 +66,7 @@ fn main() {
|
|||||||
let mut incoming = listener.incoming();
|
let mut incoming = listener.incoming();
|
||||||
while let Some(socket) = incoming.next().await {
|
while let Some(socket) = incoming.next().await {
|
||||||
let socket = socket?;
|
let socket = socket?;
|
||||||
let rpc_system = api::process_socket(enf.clone(), m.clone(), a.clone(), socket);
|
let rpc_system = api::process_socket(auth.clone(), perm.clone(), mach.clone(), socket);
|
||||||
machine::save(&config, &m.lock_ref()).expect("MachineDB save");
|
machine::save(&config, &m.lock_ref()).expect("MachineDB save");
|
||||||
spawner.spawn_local_obj(
|
spawner.spawn_local_obj(
|
||||||
Box::pin(rpc_system.map_err(|e| println!("error: {:?}", e)).map(|_|())).into()).expect("spawn")
|
Box::pin(rpc_system.map_err(|e| println!("error: {:?}", e)).map(|_|())).into()).expect("spawn")
|
||||||
|
Loading…
Reference in New Issue
Block a user