mirror of
https://gitlab.com/fabinfra/fabaccess/bffh.git
synced 2024-11-24 23:57:57 +01:00
Schema update
This commit is contained in:
parent
2547d02841
commit
a4ce1bd28f
@ -39,6 +39,8 @@ interface Diflouroborane {
|
||||
machines @2 () -> ( mach :Machines );
|
||||
# Diflouroborane stores machine¹ information in an opaque internal database. This interface is
|
||||
# the only stable process of modifying that information
|
||||
|
||||
# TODO Capability transfer system, required for machine takeover, session resumption.
|
||||
}
|
||||
|
||||
struct Maybe(Value) {
|
||||
@ -61,18 +63,6 @@ struct Either(Left, Right) {
|
||||
}
|
||||
}
|
||||
|
||||
struct Machine {
|
||||
name @0 :Text;
|
||||
location @1 :Text;
|
||||
status @2 :Status;
|
||||
}
|
||||
|
||||
enum Status {
|
||||
free @0;
|
||||
occupied @1;
|
||||
blocked @2;
|
||||
}
|
||||
|
||||
struct UUID {
|
||||
lsg @0 :UInt64; # least significant
|
||||
msg @1 :UInt64; # most significant
|
||||
|
@ -5,6 +5,15 @@ use casbin::prelude::*;
|
||||
|
||||
use super::config::Config;
|
||||
|
||||
use crate::api::api;
|
||||
|
||||
#[derive(Clone)]
|
||||
pub struct Permissions;
|
||||
|
||||
impl api::permissions::Server for Permissions {
|
||||
|
||||
}
|
||||
|
||||
/// This line documents init
|
||||
pub async fn init(config: &Config) -> Result<Enforcer, Box<dyn std::error::Error>> {
|
||||
let model = Model::from_file(config.access.model.clone()).await?;
|
||||
|
110
src/api.rs
110
src/api.rs
@ -1,6 +1,6 @@
|
||||
// module needs to be top level for generated functions to be in scope:
|
||||
// https://github.com/capnproto/capnproto-rust/issues/16
|
||||
pub(crate) mod api {
|
||||
pub mod api {
|
||||
include!(concat!(env!("OUT_DIR"), "/schema/api_capnp.rs"));
|
||||
}
|
||||
|
||||
@ -11,10 +11,12 @@ use futures_signals::signal::Mutable;
|
||||
use casbin::Enforcer;
|
||||
use casbin::MgmtApi;
|
||||
|
||||
use crate::machine::{MachineDB, Machine, Status, save};
|
||||
use crate::machine::Machines;
|
||||
use crate::auth::Authentication;
|
||||
use crate::access::Permissions;
|
||||
|
||||
use capnp::{Error};
|
||||
use capnp::capability::Promise;
|
||||
use capnp_rpc::RpcSystem;
|
||||
use capnp_rpc::twoparty::VatNetwork;
|
||||
use capnp_rpc::rpc_twoparty_capnp::Side;
|
||||
@ -24,11 +26,10 @@ use api::diflouroborane;
|
||||
pub fn init() {
|
||||
}
|
||||
|
||||
pub async fn process_socket(e: Mutable<Enforcer>, m: Mutable<MachineDB>, a: Authentication, socket: TcpStream)
|
||||
pub async fn process_socket(auth: Authentication, perm: Permissions, mach: Machines, socket: TcpStream)
|
||||
-> Result<(), Error>
|
||||
{
|
||||
let auth = api::authentication::ToClient::new(a).into_client::<capnp_rpc::Server>();
|
||||
let api = Api { e, m, auth };
|
||||
let api = Api { auth, perm, mach };
|
||||
let a = api::diflouroborane::ToClient::new(api).into_client::<capnp_rpc::Server>();
|
||||
let netw = VatNetwork::new(socket.clone(), socket, Side::Server, Default::default());
|
||||
let rpc = RpcSystem::new(Box::new(netw), Some(a.clone().client));
|
||||
@ -36,79 +37,42 @@ pub async fn process_socket(e: Mutable<Enforcer>, m: Mutable<MachineDB>, a: Auth
|
||||
}
|
||||
|
||||
struct Api {
|
||||
e: Mutable<Enforcer>,
|
||||
m: Mutable<MachineDB>,
|
||||
auth: api::authentication::Client,
|
||||
auth: Authentication,
|
||||
perm: Permissions,
|
||||
mach: Machines,
|
||||
}
|
||||
|
||||
impl diflouroborane::Server for Api {
|
||||
fn get_all_subjects(&mut self,
|
||||
_params: api_capnp::bffh_admin::GetAllSubjectsParams,
|
||||
mut results: api_capnp::bffh_admin::GetAllSubjectsResults)
|
||||
-> ::capnp::capability::Promise<(), ::capnp::Error>
|
||||
{
|
||||
let subjs = self.e.lock_ref().get_all_subjects();
|
||||
let mut b = results.get()
|
||||
.init_subjects(subjs.len() as u32);
|
||||
for (i, s) in subjs.into_iter().enumerate() {
|
||||
let bldr = b.reborrow();
|
||||
let mut sub = bldr.get(i as u32);
|
||||
sub.set_id(&s);
|
||||
sub.set_domain("");
|
||||
}
|
||||
|
||||
::capnp::capability::Promise::ok(())
|
||||
}
|
||||
|
||||
fn get_all_machines(&mut self,
|
||||
_params: api_capnp::bffh_admin::GetAllMachinesParams,
|
||||
mut results: api_capnp::bffh_admin::GetAllMachinesResults)
|
||||
-> ::capnp::capability::Promise<(), ::capnp::Error>
|
||||
{
|
||||
let machs = self.m.lock_ref();
|
||||
|
||||
let mut b = results.get()
|
||||
.init_machines(machs.len() as u32);
|
||||
|
||||
for (i, (name, m)) in machs.iter().enumerate() {
|
||||
let bldr = b.reborrow();
|
||||
let mut mach = bldr.get(i as u32);
|
||||
mach.set_name(&name);
|
||||
mach.set_location(&m.location);
|
||||
mach.set_status(match m.status {
|
||||
Status::Blocked => api_capnp::Status::Blocked,
|
||||
Status::Free => api_capnp::Status::Free,
|
||||
Status::Occupied => api_capnp::Status::Occupied,
|
||||
});
|
||||
}
|
||||
::capnp::capability::Promise::ok(())
|
||||
}
|
||||
|
||||
fn add_machine(&mut self,
|
||||
params: api_capnp::bffh_admin::AddMachineParams,
|
||||
mut results: api_capnp::bffh_admin::AddMachineResults)
|
||||
-> ::capnp::capability::Promise<(), ::capnp::Error>
|
||||
{
|
||||
let params = pry!(params.get());
|
||||
|
||||
let name = pry!(params.get_name());
|
||||
let location = pry!(params.get_location());
|
||||
|
||||
let m = Machine::new(location.to_string());
|
||||
|
||||
let mut mdb = self.m.lock_mut();
|
||||
mdb.insert(name.to_string(), m);
|
||||
|
||||
::capnp::capability::Promise::ok(())
|
||||
}
|
||||
|
||||
fn authentication(&mut self,
|
||||
_params: api_capnp::bffh_admin::AuthenticationParams,
|
||||
mut results: api_capnp::bffh_admin::AuthenticationResults)
|
||||
-> ::capnp::capability::Promise<(), ::capnp::Error>
|
||||
_params: diflouroborane::AuthenticationParams,
|
||||
mut results: diflouroborane::AuthenticationResults)
|
||||
-> Promise<(), Error>
|
||||
{
|
||||
let mut b = results.get();
|
||||
b.set_auth(self.auth.clone());
|
||||
::capnp::capability::Promise::ok(())
|
||||
let auth = api::authentication::ToClient::new(self.auth.clone()).into_client::<capnp_rpc::Server>();
|
||||
b.set_auth(auth);
|
||||
Promise::ok(())
|
||||
}
|
||||
|
||||
fn permissions(&mut self,
|
||||
_params: diflouroborane::PermissionsParams,
|
||||
mut results: diflouroborane::PermissionsResults)
|
||||
-> Promise<(), Error>
|
||||
{
|
||||
let mut b = results.get();
|
||||
let perm = api::permissions::ToClient::new(self.perm.clone()).into_client::<capnp_rpc::Server>();
|
||||
b.set_perm(perm);
|
||||
Promise::ok(())
|
||||
}
|
||||
|
||||
fn machines(&mut self,
|
||||
_params: diflouroborane::MachinesParams,
|
||||
mut results: diflouroborane::MachinesResults)
|
||||
-> Promise<(), Error>
|
||||
{
|
||||
let mut b = results.get();
|
||||
let mach = api::machines::ToClient::new(self.mach.clone()).into_client::<capnp_rpc::Server>();
|
||||
b.set_mach(mach);
|
||||
Promise::ok(())
|
||||
}
|
||||
}
|
||||
|
26
src/auth.rs
26
src/auth.rs
@ -121,12 +121,12 @@ impl Authentication {
|
||||
}
|
||||
}
|
||||
|
||||
use crate::api_capnp;
|
||||
use crate::api::api;
|
||||
|
||||
impl api_capnp::authentication::Server for Authentication {
|
||||
impl api::authentication::Server for Authentication {
|
||||
fn available_mechanisms(&mut self,
|
||||
_params: api_capnp::authentication::AvailableMechanismsParams,
|
||||
mut results: api_capnp::authentication::AvailableMechanismsResults)
|
||||
_params: api::authentication::AvailableMechanismsParams,
|
||||
mut results: api::authentication::AvailableMechanismsResults)
|
||||
-> ::capnp::capability::Promise<(), ::capnp::Error>
|
||||
{
|
||||
let m = self.mechs();
|
||||
@ -141,15 +141,15 @@ impl api_capnp::authentication::Server for Authentication {
|
||||
}
|
||||
|
||||
fn initialize_authentication(&mut self,
|
||||
params: api_capnp::authentication::InitializeAuthenticationParams,
|
||||
mut results: api_capnp::authentication::InitializeAuthenticationResults)
|
||||
params: api::authentication::InitializeAuthenticationParams,
|
||||
mut results: api::authentication::InitializeAuthenticationResults)
|
||||
-> ::capnp::capability::Promise<(), ::capnp::Error>
|
||||
{
|
||||
let params = pry!(params.get());
|
||||
let mechanism = pry!(params.get_mechanism());
|
||||
match mechanism {
|
||||
"PLAIN" => {
|
||||
use api_capnp::maybe::Which;
|
||||
use api::maybe::Which;
|
||||
|
||||
let data = pry!(params.get_initial_data());
|
||||
if let Ok(Which::Some(data)) = data.which() {
|
||||
@ -165,7 +165,7 @@ impl api_capnp::authentication::Server for Authentication {
|
||||
results
|
||||
.get()
|
||||
.init_response()
|
||||
.set_right(api_capnp::authentication::outcome::ToClient::new(outcome)
|
||||
.set_right(api::authentication::outcome::ToClient::new(outcome)
|
||||
.into_client::<::capnp_rpc::Server>()).unwrap();
|
||||
}
|
||||
::capnp::capability::Promise::ok(())
|
||||
@ -184,8 +184,8 @@ impl api_capnp::authentication::Server for Authentication {
|
||||
}
|
||||
|
||||
fn get_authzid(&mut self,
|
||||
_params: api_capnp::authentication::GetAuthzidParams,
|
||||
mut results: api_capnp::authentication::GetAuthzidResults)
|
||||
_params: api::authentication::GetAuthzidParams,
|
||||
mut results: api::authentication::GetAuthzidResults)
|
||||
-> ::capnp::capability::Promise<(), ::capnp::Error>
|
||||
{
|
||||
if let Some(zid) = &self.state {
|
||||
@ -207,10 +207,10 @@ impl Outcome {
|
||||
}
|
||||
}
|
||||
|
||||
impl api_capnp::authentication::outcome::Server for Outcome {
|
||||
impl api::authentication::outcome::Server for Outcome {
|
||||
fn value(&mut self,
|
||||
_params: api_capnp::authentication::outcome::ValueParams,
|
||||
mut results: api_capnp::authentication::outcome::ValueResults)
|
||||
_params: api::authentication::outcome::ValueParams,
|
||||
mut results: api::authentication::outcome::ValueResults)
|
||||
-> ::capnp::capability::Promise<(), ::capnp::Error>
|
||||
{
|
||||
results.get().set_granted(self.value);
|
||||
|
@ -11,6 +11,7 @@ use casbin::Enforcer;
|
||||
|
||||
use crate::error::Result;
|
||||
use crate::config::Config;
|
||||
use crate::api::api;
|
||||
|
||||
/// Status of a Machine
|
||||
#[derive(PartialEq, Eq, Debug, Serialize, Deserialize)]
|
||||
@ -23,6 +24,13 @@ pub enum Status {
|
||||
Blocked,
|
||||
}
|
||||
|
||||
#[derive(Clone)]
|
||||
pub struct Machines;
|
||||
|
||||
impl api::machines::Server for Machines {
|
||||
|
||||
}
|
||||
|
||||
#[derive(PartialEq, Eq, Debug, Serialize, Deserialize)]
|
||||
pub struct Machine {
|
||||
pub location: String,
|
||||
|
@ -15,7 +15,7 @@ mod machine;
|
||||
|
||||
use std::ops::Deref;
|
||||
|
||||
use api::api_capnp;
|
||||
use api::api as api_capnp;
|
||||
|
||||
use futures::prelude::*;
|
||||
use futures_signals::signal::Mutable;
|
||||
@ -45,9 +45,10 @@ fn main() {
|
||||
|
||||
let p = auth::open_passdb(&config.passdb).unwrap();
|
||||
let p = Mutable::new(p);
|
||||
let a = auth::Authentication::new(p, enf.clone());
|
||||
|
||||
let auth = auth::Authentication::new(p, enf.clone());
|
||||
|
||||
let perm = access::Permissions;
|
||||
let mach = machine::Machines;
|
||||
|
||||
use std::net::ToSocketAddrs;
|
||||
let args: Vec<String> = ::std::env::args().collect();
|
||||
@ -65,7 +66,7 @@ fn main() {
|
||||
let mut incoming = listener.incoming();
|
||||
while let Some(socket) = incoming.next().await {
|
||||
let socket = socket?;
|
||||
let rpc_system = api::process_socket(enf.clone(), m.clone(), a.clone(), socket);
|
||||
let rpc_system = api::process_socket(auth.clone(), perm.clone(), mach.clone(), socket);
|
||||
machine::save(&config, &m.lock_ref()).expect("MachineDB save");
|
||||
spawner.spawn_local_obj(
|
||||
Box::pin(rpc_system.map_err(|e| println!("error: {:?}", e)).map(|_|())).into()).expect("spawn")
|
||||
|
Loading…
Reference in New Issue
Block a user