Skip to content

Commit

Permalink
Allow resources to be specified when creating cluster credentials
Browse files Browse the repository at this point in the history
  • Loading branch information
@Westwooo
Westwooo committed Feb 5, 2025
1 parent 815a885 commit 70b36eb
Show file tree
Hide file tree
Showing 2 changed files with 67 additions and 7 deletions.
59 changes: 57 additions & 2 deletions src/cli/credentials_create.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ use crate::state::State;
use nu_engine::command_prelude::Call;
use nu_engine::CallExt;
use nu_protocol::engine::{Command, EngineState, Stack};
use nu_protocol::{Category, PipelineData, ShellError, Signature, SyntaxShape};
use nu_protocol::{Category, PipelineData, ShellError, Signature, SyntaxShape, Value};
use std::sync::{Arc, Mutex};

#[derive(Clone)]
Expand Down Expand Up @@ -53,6 +53,16 @@ impl Command for CredentialsCreate {
SyntaxShape::String,
"the clusters which should be contacted",
None,
).named(
"bucket",
SyntaxShape::String,
"the bucket the created credentials have access to, leave empty to allow access to all buckets",
None,
).named(
"scopes",
SyntaxShape::List(Box::new(SyntaxShape::String)),
"the scopes the created credentials have access to, leave empty to allow access to all scopes",
None,
)
}

Expand Down Expand Up @@ -84,6 +94,44 @@ fn credentials_create(
let read = call.has_flag(engine_state, stack, "read")?;
let write = call.has_flag(engine_state, stack, "write")?;
let use_registered = call.has_flag(engine_state, stack, "registered")?;
let bucket = call.get_flag(engine_state, stack, "bucket")?;
let scopes_flag: Option<Value> = call.get_flag(engine_state, stack, "scopes")?;

let scopes = if let Some(scopes) = scopes_flag {
if bucket.is_none() {
return Err(ShellError::GenericError {
error: "--scopes cannot be used without specifying a bucket".to_string(),
msg: "".to_string(),
span: None,
help: Some(
"Use the --bucket flag to specify a bucket the credentials are allowed to access"
.to_string(),
),
inner: vec![],
});
}

match scopes {
Value::String { val, .. } => {
Ok(vec!(val))
},
Value::List { vals, .. } => {
vals.iter().map(|v| v.as_str().map(|s| s.to_string())).collect()
}
_ => Err(ShellError::GenericError {
error: "--scopes cannot be used without specifying a bucket".to_string(),
msg: "".to_string(),
span: None,
help: Some(
"Use the --bucket flag to specify a bucket the credentials are allowed to access"
.to_string(),
),
inner: vec![],
})
}?
} else {
vec!["*".to_string()]
};

if !read && !write {
return Err(ShellError::GenericError {
Expand Down Expand Up @@ -144,7 +192,14 @@ fn credentials_create(
get_username_and_password(username_flag, password_flag)?
};

let payload = CredentialsCreateRequest::new(name.clone(), password.clone(), read, write);
let payload = CredentialsCreateRequest::new(
name.clone(),
password.clone(),
read,
write,
bucket.clone(),
scopes.clone(),
);

client
.create_credentials(
Expand Down
15 changes: 10 additions & 5 deletions src/client/cloud_json.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -537,7 +537,14 @@ struct Bucket {
}

impl CredentialsCreateRequest {
pub fn new(name: String, password: String, read: bool, write: bool) -> Self {
pub fn new(
name: String,
password: String,
read: bool,
write: bool,
bucket: Option<String>,
scopes: Vec<String>,
) -> Self {
let mut privileges = vec![];

if read {
Expand All @@ -555,10 +562,8 @@ impl CredentialsCreateRequest {
privileges,
resources: Resources {
buckets: vec![Bucket {
name: "*".to_string(),
scopes: Some(vec![Scope {
name: "*".to_string(),
}]),
name: bucket.unwrap_or("*".to_string()),
scopes: Some(scopes.iter().map(|s| Scope { name: s.into() }).collect()),
}],
},
}],
Expand Down

0 comments on commit 70b36eb

Please sign in to comment.