storj/cmd/uplink/access_permissions.go

// Copyright (C) 2021 Storj Labs, Inc.
// See LICENSE for copying information.

package main

import (
	"strconv"
	"time"

	"github.com/zeebo/clingy"
	"github.com/zeebo/errs"

	"storj.io/storj/cmd/uplink/ulloc"
	"storj.io/uplink"
)

// accessPermissions holds flags and provides a Setup method for commands that
// have to modify permissions on access grants.
type accessPermissions struct {
	prefixes []uplink.SharePrefix // prefixes is the set of path prefixes that the grant will be limited to

	readonly  bool
	writeonly bool

	disallowDeletes *bool
	disallowLists   *bool
	disallowReads   *bool
	disallowWrites  *bool

	notBefore *time.Time
	notAfter  *time.Time
}

func (ap *accessPermissions) Setup(params clingy.Parameters, prefixFlags bool) {
	if prefixFlags {
		ap.prefixes = params.Flag("prefix", "Key prefix access will be restricted to", []uplink.SharePrefix{},
			clingy.Transform(ulloc.Parse),
			clingy.Transform(transformSharePrefix),
			clingy.Repeated,
		).([]uplink.SharePrefix)
	}

	ap.readonly = params.Flag("readonly", "Implies --disallow-writes and --disallow-deletes", true,
		clingy.Transform(strconv.ParseBool), clingy.Boolean).(bool)
	ap.writeonly = params.Flag("writeonly", "Implies --disallow-reads and --disallow-lists", false,
		clingy.Transform(strconv.ParseBool), clingy.Boolean).(bool)

	params.Break()

	ap.disallowDeletes = params.Flag("disallow-deletes", "Disallow deletes with the access", nil,
		clingy.Transform(strconv.ParseBool), clingy.Boolean, clingy.Optional).(*bool)
	ap.disallowLists = params.Flag("disallow-lists", "Disallow lists with the access", nil,
		clingy.Transform(strconv.ParseBool), clingy.Boolean, clingy.Optional).(*bool)
	ap.disallowReads = params.Flag("disallow-reads", "Disallow reads with the access", nil,
		clingy.Transform(strconv.ParseBool), clingy.Boolean, clingy.Optional).(*bool)
	ap.disallowWrites = params.Flag("disallow-writes", "Disallow writes with the access", nil,
		clingy.Transform(strconv.ParseBool), clingy.Boolean, clingy.Optional).(*bool)

	params.Break()

	ap.notBefore = params.Flag("not-before",
		"Disallow access before this time (e.g. '+2h', 'now', '2020-01-02T15:04:05Z0700', 'none')",
		nil, clingy.Transform(parseHumanDate), clingy.Type("relative_date"), clingy.Optional).(*time.Time)
	ap.notAfter = params.Flag("not-after",
		"Disallow access after this time (e.g. '+2h', 'now', '2020-01-02T15:04:05Z0700', 'none')",
		nil, clingy.Transform(parseHumanDate), clingy.Type("relative_date"), clingy.Optional).(*time.Time)

	if !prefixFlags {
		ap.prefixes = params.Arg("prefix", "Key prefix access will be restricted to",
			clingy.Transform(ulloc.Parse),
			clingy.Transform(transformSharePrefix),
			clingy.Repeated,
		).([]uplink.SharePrefix)
	}
}

func transformSharePrefix(loc ulloc.Location) (uplink.SharePrefix, error) {
	bucket, key, ok := loc.RemoteParts()
	if !ok {
		return uplink.SharePrefix{}, errs.New("invalid prefix: must be remote: %q", loc)
	}
	return uplink.SharePrefix{
		Bucket: bucket,
		Prefix: key,
	}, nil
}

func (ap *accessPermissions) Apply(access *uplink.Access) (*uplink.Access, error) {
	permission := uplink.Permission{
		AllowDelete:   ap.AllowDelete(),
		AllowList:     ap.AllowList(),
		AllowDownload: ap.AllowDownload(),
		AllowUpload:   ap.AllowUpload(),
		NotBefore:     ap.NotBefore(),
		NotAfter:      ap.NotAfter(),
	}

	// if we aren't actually restricting anything, then we don't need to Share.
	if permission == (uplink.Permission{
		AllowDelete:   true,
		AllowList:     true,
		AllowDownload: true,
		AllowUpload:   true,
	}) && len(ap.prefixes) == 0 {
		return access, nil
	}

	access, err := access.Share(permission, ap.prefixes...)
	if err != nil {
		return nil, errs.Wrap(err)
	}

	return access, nil
}

func defaulted[T any](val *T, def T) T {
	if val != nil {
		return *val
	}
	return def
}

func (ap *accessPermissions) NotBefore() time.Time { return defaulted(ap.notBefore, time.Time{}) }
func (ap *accessPermissions) NotAfter() time.Time  { return defaulted(ap.notAfter, time.Time{}) }
func (ap *accessPermissions) AllowDelete() bool    { return !defaulted(ap.disallowDeletes, ap.readonly) }
func (ap *accessPermissions) AllowList() bool      { return !defaulted(ap.disallowLists, ap.writeonly) }
func (ap *accessPermissions) AllowDownload() bool  { return !defaulted(ap.disallowReads, ap.writeonly) }
func (ap *accessPermissions) AllowUpload() bool    { return !defaulted(ap.disallowWrites, ap.readonly) }
cmd/uplinkng: initial commit with skeleton Change-Id: I764618cc60c46882955e9b08b72b3c162aa4929f 2021-03-31 16:56:34 +01:00			`// Copyright (C) 2021 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

			`package main`

			`import (`
			`"strconv"`
			`"time"`

			`"github.com/zeebo/clingy"`
cmd/uplinkng: access creation/restriction and review fixes Change-Id: I649ae3615363685c28c39d1efb6a65fcad507f46 2021-06-22 23:41:22 +01:00			`"github.com/zeebo/errs"`

cmd/uplinkng: become cmd/uplink Change-Id: If426c32219d32044d715ab6dfa9718807f32cb9f 2022-01-06 19:55:46 +00:00			`"storj.io/storj/cmd/uplink/ulloc"`
cmd/uplinkng: access creation/restriction and review fixes Change-Id: I649ae3615363685c28c39d1efb6a65fcad507f46 2021-06-22 23:41:22 +01:00			`"storj.io/uplink"`
cmd/uplinkng: initial commit with skeleton Change-Id: I764618cc60c46882955e9b08b72b3c162aa4929f 2021-03-31 16:56:34 +01:00			`)`

			`// accessPermissions holds flags and provides a Setup method for commands that`
			`// have to modify permissions on access grants.`
			`type accessPermissions struct {`
cmd/uplinkng: access creation/restriction and review fixes Change-Id: I649ae3615363685c28c39d1efb6a65fcad507f46 2021-06-22 23:41:22 +01:00			`prefixes []uplink.SharePrefix // prefixes is the set of path prefixes that the grant will be limited to`
cmd/uplinkng: initial commit with skeleton Change-Id: I764618cc60c46882955e9b08b72b3c162aa4929f 2021-03-31 16:56:34 +01:00
cmd/uplink: fix some issues with share Because --readonly is default true, passing something like --disallow-deletes=false would not actually update that value because the readonly flag would override. this makes it so that the --disallow-* flags override the --readonly and --writeonly flags. Also fixes some minor formatting issues with share like an extra space after the "Public Access:" entry. Simplifies the handling of the explicit "none" by making the flags for the dates optional and using nil to signify that the value was left unset. Bump the go.mod to go1.18 to enable the use of generics and add a small generic function. This can easily be backed out if it causes problems. Change-Id: I1c5f1321ad17b8ace778ce55561cbbfc24321a68 2022-12-05 16:08:28 +00:00			`readonly bool`
			`writeonly bool`
cmd/uplinkng: initial commit with skeleton Change-Id: I764618cc60c46882955e9b08b72b3c162aa4929f 2021-03-31 16:56:34 +01:00
cmd/uplink: fix some issues with share Because --readonly is default true, passing something like --disallow-deletes=false would not actually update that value because the readonly flag would override. this makes it so that the --disallow-* flags override the --readonly and --writeonly flags. Also fixes some minor formatting issues with share like an extra space after the "Public Access:" entry. Simplifies the handling of the explicit "none" by making the flags for the dates optional and using nil to signify that the value was left unset. Bump the go.mod to go1.18 to enable the use of generics and add a small generic function. This can easily be backed out if it causes problems. Change-Id: I1c5f1321ad17b8ace778ce55561cbbfc24321a68 2022-12-05 16:08:28 +00:00			`disallowDeletes *bool`
			`disallowLists *bool`
			`disallowReads *bool`
			`disallowWrites *bool`
cmd/uplinkng: initial commit with skeleton Change-Id: I764618cc60c46882955e9b08b72b3c162aa4929f 2021-03-31 16:56:34 +01:00
cmd/uplink: fix some issues with share Because --readonly is default true, passing something like --disallow-deletes=false would not actually update that value because the readonly flag would override. this makes it so that the --disallow-* flags override the --readonly and --writeonly flags. Also fixes some minor formatting issues with share like an extra space after the "Public Access:" entry. Simplifies the handling of the explicit "none" by making the flags for the dates optional and using nil to signify that the value was left unset. Bump the go.mod to go1.18 to enable the use of generics and add a small generic function. This can easily be backed out if it causes problems. Change-Id: I1c5f1321ad17b8ace778ce55561cbbfc24321a68 2022-12-05 16:08:28 +00:00			`notBefore *time.Time`
			`notAfter *time.Time`
cmd/uplinkng: initial commit with skeleton Change-Id: I764618cc60c46882955e9b08b72b3c162aa4929f 2021-03-31 16:56:34 +01:00			`}`

cmd/uplinkng: improvements to prepare for doc update * improve setup wizard * added access grant file support * improved consistency across commands * a couple bug fixes * added access import and export Change-Id: I30ad9d4771f15430904a503a4d465bc40be471b5 2022-01-25 23:39:26 +00:00			`func (ap *accessPermissions) Setup(params clingy.Parameters, prefixFlags bool) {`
			`if prefixFlags {`
			`ap.prefixes = params.Flag("prefix", "Key prefix access will be restricted to", []uplink.SharePrefix{},`
			`clingy.Transform(ulloc.Parse),`
			`clingy.Transform(transformSharePrefix),`
			`clingy.Repeated,`
			`).([]uplink.SharePrefix)`
			`}`
cmd/uplinkng: access creation/restriction and review fixes Change-Id: I649ae3615363685c28c39d1efb6a65fcad507f46 2021-06-22 23:41:22 +01:00
cmd/uplinkng: share command added In uplink we have command uplink share and we need to port it to uplinkng to have command with same functionality. Command could be executed with parameter or without. without any flags we share as readonly. Change-Id: I973b11d00da237358834acf5a863ebab37e684cc 2021-11-03 13:51:47 +00:00			`ap.readonly = params.Flag("readonly", "Implies --disallow-writes and --disallow-deletes", true,`
cmd/uplinkng: update clingy for better boolean support this allows commands like uplinkng cp -r sj://foo sj://bar to work correctly, rather than complain that sj://foo is not a boolean. Change-Id: I003e47aabb85566bc2b454851cf55043b17ee7ea 2021-12-09 19:21:52 +00:00			`clingy.Transform(strconv.ParseBool), clingy.Boolean).(bool)`
cmd/uplinkng: update for breaking clingy changes clingy changed some and this is just fixes for that Change-Id: I729aed6329fe0988fcb9b4407f16966a753b3204 2021-05-25 00:11:50 +01:00			`ap.writeonly = params.Flag("writeonly", "Implies --disallow-reads and --disallow-lists", false,`
cmd/uplinkng: update clingy for better boolean support this allows commands like uplinkng cp -r sj://foo sj://bar to work correctly, rather than complain that sj://foo is not a boolean. Change-Id: I003e47aabb85566bc2b454851cf55043b17ee7ea 2021-12-09 19:21:52 +00:00			`clingy.Transform(strconv.ParseBool), clingy.Boolean).(bool)`
cmd/uplinkng: initial commit with skeleton Change-Id: I764618cc60c46882955e9b08b72b3c162aa4929f 2021-03-31 16:56:34 +01:00
cmd/uplink: fix some issues with share Because --readonly is default true, passing something like --disallow-deletes=false would not actually update that value because the readonly flag would override. this makes it so that the --disallow-* flags override the --readonly and --writeonly flags. Also fixes some minor formatting issues with share like an extra space after the "Public Access:" entry. Simplifies the handling of the explicit "none" by making the flags for the dates optional and using nil to signify that the value was left unset. Bump the go.mod to go1.18 to enable the use of generics and add a small generic function. This can easily be backed out if it causes problems. Change-Id: I1c5f1321ad17b8ace778ce55561cbbfc24321a68 2022-12-05 16:08:28 +00:00			`params.Break()`

			`ap.disallowDeletes = params.Flag("disallow-deletes", "Disallow deletes with the access", nil,`
			`clingy.Transform(strconv.ParseBool), clingy.Boolean, clingy.Optional).(*bool)`
			`ap.disallowLists = params.Flag("disallow-lists", "Disallow lists with the access", nil,`
			`clingy.Transform(strconv.ParseBool), clingy.Boolean, clingy.Optional).(*bool)`
			`ap.disallowReads = params.Flag("disallow-reads", "Disallow reads with the access", nil,`
			`clingy.Transform(strconv.ParseBool), clingy.Boolean, clingy.Optional).(*bool)`
			`ap.disallowWrites = params.Flag("disallow-writes", "Disallow writes with the access", nil,`
			`clingy.Transform(strconv.ParseBool), clingy.Boolean, clingy.Optional).(*bool)`

			`params.Break()`
cmd/uplinkng: initial commit with skeleton Change-Id: I764618cc60c46882955e9b08b72b3c162aa4929f 2021-03-31 16:56:34 +01:00
cmd/uplinkng: update for breaking clingy changes clingy changed some and this is just fixes for that Change-Id: I729aed6329fe0988fcb9b4407f16966a753b3204 2021-05-25 00:11:50 +01:00			`ap.notBefore = params.Flag("not-before",`
cmd/uplink: fix some issues with share Because --readonly is default true, passing something like --disallow-deletes=false would not actually update that value because the readonly flag would override. this makes it so that the --disallow-* flags override the --readonly and --writeonly flags. Also fixes some minor formatting issues with share like an extra space after the "Public Access:" entry. Simplifies the handling of the explicit "none" by making the flags for the dates optional and using nil to signify that the value was left unset. Bump the go.mod to go1.18 to enable the use of generics and add a small generic function. This can easily be backed out if it causes problems. Change-Id: I1c5f1321ad17b8ace778ce55561cbbfc24321a68 2022-12-05 16:08:28 +00:00			`"Disallow access before this time (e.g. '+2h', 'now', '2020-01-02T15:04:05Z0700', 'none')",`
			`nil, clingy.Transform(parseHumanDate), clingy.Type("relative_date"), clingy.Optional).(*time.Time)`
cmd/uplinkng: update for breaking clingy changes clingy changed some and this is just fixes for that Change-Id: I729aed6329fe0988fcb9b4407f16966a753b3204 2021-05-25 00:11:50 +01:00			`ap.notAfter = params.Flag("not-after",`
cmd/uplink: fix some issues with share Because --readonly is default true, passing something like --disallow-deletes=false would not actually update that value because the readonly flag would override. this makes it so that the --disallow-* flags override the --readonly and --writeonly flags. Also fixes some minor formatting issues with share like an extra space after the "Public Access:" entry. Simplifies the handling of the explicit "none" by making the flags for the dates optional and using nil to signify that the value was left unset. Bump the go.mod to go1.18 to enable the use of generics and add a small generic function. This can easily be backed out if it causes problems. Change-Id: I1c5f1321ad17b8ace778ce55561cbbfc24321a68 2022-12-05 16:08:28 +00:00			`"Disallow access after this time (e.g. '+2h', 'now', '2020-01-02T15:04:05Z0700', 'none')",`
			`nil, clingy.Transform(parseHumanDate), clingy.Type("relative_date"), clingy.Optional).(*time.Time)`
cmd/uplinkng: share command added In uplink we have command uplink share and we need to port it to uplinkng to have command with same functionality. Command could be executed with parameter or without. without any flags we share as readonly. Change-Id: I973b11d00da237358834acf5a863ebab37e684cc 2021-11-03 13:51:47 +00:00
cmd/uplinkng: improvements to prepare for doc update * improve setup wizard * added access grant file support * improved consistency across commands * a couple bug fixes * added access import and export Change-Id: I30ad9d4771f15430904a503a4d465bc40be471b5 2022-01-25 23:39:26 +00:00			`if !prefixFlags {`
			`ap.prefixes = params.Arg("prefix", "Key prefix access will be restricted to",`
			`clingy.Transform(ulloc.Parse),`
			`clingy.Transform(transformSharePrefix),`
			`clingy.Repeated,`
			`).([]uplink.SharePrefix)`
cmd/uplinkng: share command added In uplink we have command uplink share and we need to port it to uplinkng to have command with same functionality. Command could be executed with parameter or without. without any flags we share as readonly. Change-Id: I973b11d00da237358834acf5a863ebab37e684cc 2021-11-03 13:51:47 +00:00			`}`
			`}`

			`func transformSharePrefix(loc ulloc.Location) (uplink.SharePrefix, error) {`
			`bucket, key, ok := loc.RemoteParts()`
			`if !ok {`
			`return uplink.SharePrefix{}, errs.New("invalid prefix: must be remote: %q", loc)`
			`}`
			`return uplink.SharePrefix{`
			`Bucket: bucket,`
			`Prefix: key,`
			`}, nil`
			`}`

cmd/uplinkng: access creation/restriction and review fixes Change-Id: I649ae3615363685c28c39d1efb6a65fcad507f46 2021-06-22 23:41:22 +01:00			`func (ap accessPermissions) Apply(access uplink.Access) (*uplink.Access, error) {`
			`permission := uplink.Permission{`
cmd/uplinkng: share command added In uplink we have command uplink share and we need to port it to uplinkng to have command with same functionality. Command could be executed with parameter or without. without any flags we share as readonly. Change-Id: I973b11d00da237358834acf5a863ebab37e684cc 2021-11-03 13:51:47 +00:00			`AllowDelete: ap.AllowDelete(),`
			`AllowList: ap.AllowList(),`
			`AllowDownload: ap.AllowDownload(),`
			`AllowUpload: ap.AllowUpload(),`
cmd/uplink: fix some issues with share Because --readonly is default true, passing something like --disallow-deletes=false would not actually update that value because the readonly flag would override. this makes it so that the --disallow-* flags override the --readonly and --writeonly flags. Also fixes some minor formatting issues with share like an extra space after the "Public Access:" entry. Simplifies the handling of the explicit "none" by making the flags for the dates optional and using nil to signify that the value was left unset. Bump the go.mod to go1.18 to enable the use of generics and add a small generic function. This can easily be backed out if it causes problems. Change-Id: I1c5f1321ad17b8ace778ce55561cbbfc24321a68 2022-12-05 16:08:28 +00:00			`NotBefore: ap.NotBefore(),`
			`NotAfter: ap.NotAfter(),`
cmd/uplinkng: initial commit with skeleton Change-Id: I764618cc60c46882955e9b08b72b3c162aa4929f 2021-03-31 16:56:34 +01:00			`}`
cmd/uplinkng: access creation/restriction and review fixes Change-Id: I649ae3615363685c28c39d1efb6a65fcad507f46 2021-06-22 23:41:22 +01:00
cmd/uplinkng: initial setup Change-Id: If4df3ec8b3b554f5228d43e97503eb8a87525b23 2021-08-13 20:31:04 +01:00			`// if we aren't actually restricting anything, then we don't need to Share.`
			`if permission == (uplink.Permission{`
			`AllowDelete: true,`
			`AllowList: true,`
			`AllowDownload: true,`
			`AllowUpload: true,`
			`}) && len(ap.prefixes) == 0 {`
			`return access, nil`
			`}`

cmd/uplinkng: access creation/restriction and review fixes Change-Id: I649ae3615363685c28c39d1efb6a65fcad507f46 2021-06-22 23:41:22 +01:00			`access, err := access.Share(permission, ap.prefixes...)`
			`if err != nil {`
			`return nil, errs.Wrap(err)`
			`}`

			`return access, nil`
cmd/uplinkng: initial commit with skeleton Change-Id: I764618cc60c46882955e9b08b72b3c162aa4929f 2021-03-31 16:56:34 +01:00			`}`
cmd/uplinkng: share command added In uplink we have command uplink share and we need to port it to uplinkng to have command with same functionality. Command could be executed with parameter or without. without any flags we share as readonly. Change-Id: I973b11d00da237358834acf5a863ebab37e684cc 2021-11-03 13:51:47 +00:00
cmd/uplink: fix some issues with share Because --readonly is default true, passing something like --disallow-deletes=false would not actually update that value because the readonly flag would override. this makes it so that the --disallow-* flags override the --readonly and --writeonly flags. Also fixes some minor formatting issues with share like an extra space after the "Public Access:" entry. Simplifies the handling of the explicit "none" by making the flags for the dates optional and using nil to signify that the value was left unset. Bump the go.mod to go1.18 to enable the use of generics and add a small generic function. This can easily be backed out if it causes problems. Change-Id: I1c5f1321ad17b8ace778ce55561cbbfc24321a68 2022-12-05 16:08:28 +00:00			`func defaulted[T any](val *T, def T) T {`
			`if val != nil {`
			`return *val`
			`}`
			`return def`
cmd/uplinkng: share command added In uplink we have command uplink share and we need to port it to uplinkng to have command with same functionality. Command could be executed with parameter or without. without any flags we share as readonly. Change-Id: I973b11d00da237358834acf5a863ebab37e684cc 2021-11-03 13:51:47 +00:00			`}`

cmd/uplink: fix some issues with share Because --readonly is default true, passing something like --disallow-deletes=false would not actually update that value because the readonly flag would override. this makes it so that the --disallow-* flags override the --readonly and --writeonly flags. Also fixes some minor formatting issues with share like an extra space after the "Public Access:" entry. Simplifies the handling of the explicit "none" by making the flags for the dates optional and using nil to signify that the value was left unset. Bump the go.mod to go1.18 to enable the use of generics and add a small generic function. This can easily be backed out if it causes problems. Change-Id: I1c5f1321ad17b8ace778ce55561cbbfc24321a68 2022-12-05 16:08:28 +00:00			`func (ap *accessPermissions) NotBefore() time.Time { return defaulted(ap.notBefore, time.Time{}) }`
			`func (ap *accessPermissions) NotAfter() time.Time { return defaulted(ap.notAfter, time.Time{}) }`
			`func (ap *accessPermissions) AllowDelete() bool { return !defaulted(ap.disallowDeletes, ap.readonly) }`
			`func (ap *accessPermissions) AllowList() bool { return !defaulted(ap.disallowLists, ap.writeonly) }`
			`func (ap *accessPermissions) AllowDownload() bool { return !defaulted(ap.disallowReads, ap.writeonly) }`
			`func (ap *accessPermissions) AllowUpload() bool { return !defaulted(ap.disallowWrites, ap.readonly) }`