mirror of https://github.com/hashicorp/boundary
parent
670a43ca22
commit
9bc5e492f6
@ -0,0 +1,70 @@
|
||||
// Copyright (c) HashiCorp, Inc.
|
||||
// SPDX-License-Identifier: BUSL-1.1
|
||||
|
||||
package server
|
||||
|
||||
import (
|
||||
"context"
|
||||
"database/sql"
|
||||
|
||||
"github.com/hashicorp/boundary/internal/db/timestamp"
|
||||
"github.com/hashicorp/boundary/internal/errors"
|
||||
plgpb "github.com/hashicorp/boundary/sdk/pbs/plugin"
|
||||
)
|
||||
|
||||
// ListWorkerStorageBucketCredentialState returns a list of storage bucket credential states for the given worker.
|
||||
func (r *Repository) ListWorkerStorageBucketCredentialState(ctx context.Context, workerId string) (map[string]*plgpb.StorageBucketCredentialState, error) {
|
||||
const op = "server.(Repository).ListWorkerStorageBucketCredentialState"
|
||||
if workerId == "" {
|
||||
return nil, errors.New(ctx, errors.InvalidParameter, op, "empty worker id")
|
||||
}
|
||||
type remoteStorageState struct {
|
||||
StorageBucketId string
|
||||
PermissionType string
|
||||
State string
|
||||
CheckedAt *timestamp.Timestamp
|
||||
ErrorDetails string
|
||||
}
|
||||
rows, err := r.reader.Query(ctx, getStorageBucketCredentialStatesByWorkerId, []any{sql.Named("worker_id", workerId)})
|
||||
if err != nil && !errors.Match(errors.T(errors.RecordNotFound), err) {
|
||||
return nil, errors.Wrap(ctx, err, op)
|
||||
}
|
||||
defer rows.Close()
|
||||
remoteStorageStates := map[string]*plgpb.StorageBucketCredentialState{}
|
||||
for rows.Next() {
|
||||
if err := rows.Err(); err != nil {
|
||||
return nil, errors.Wrap(ctx, err, op)
|
||||
}
|
||||
var row remoteStorageState
|
||||
if err := r.reader.ScanRows(ctx, rows, &row); err != nil {
|
||||
return nil, errors.Wrap(ctx, err, op, errors.WithMsg("failed to fetch remote storage state"))
|
||||
}
|
||||
s, ok := remoteStorageStates[row.StorageBucketId]
|
||||
if !ok {
|
||||
s = &plgpb.StorageBucketCredentialState{
|
||||
State: &plgpb.Permissions{},
|
||||
}
|
||||
}
|
||||
state, err := ParseStateType(row.State)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(ctx, err, op)
|
||||
}
|
||||
permissionState := &plgpb.Permission{
|
||||
State: state,
|
||||
ErrorDetails: row.ErrorDetails,
|
||||
CheckedAt: row.CheckedAt.GetTimestamp(),
|
||||
}
|
||||
switch row.PermissionType {
|
||||
case PermissionTypeWrite.String():
|
||||
s.State.Write = permissionState
|
||||
case PermissionTypeRead.String():
|
||||
s.State.Read = permissionState
|
||||
case PermissionTypeDelete.String():
|
||||
s.State.Delete = permissionState
|
||||
default:
|
||||
return nil, errors.New(ctx, errors.Internal, op, "unknown permission type")
|
||||
}
|
||||
remoteStorageStates[row.StorageBucketId] = s
|
||||
}
|
||||
return remoteStorageStates, nil
|
||||
}
|
||||
@ -0,0 +1,96 @@
|
||||
// Copyright (c) HashiCorp, Inc.
|
||||
// SPDX-License-Identifier: BUSL-1.1
|
||||
|
||||
package server
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/hashicorp/boundary/internal/errors"
|
||||
"github.com/hashicorp/boundary/internal/storage/storagebucketcredential"
|
||||
"github.com/hashicorp/boundary/sdk/pbs/controller/api/resources/plugins"
|
||||
"github.com/hashicorp/boundary/sdk/pbs/controller/api/resources/storagebuckets"
|
||||
wrapping "github.com/hashicorp/go-kms-wrapping/v2"
|
||||
"google.golang.org/protobuf/proto"
|
||||
"google.golang.org/protobuf/types/known/structpb"
|
||||
"google.golang.org/protobuf/types/known/wrapperspb"
|
||||
)
|
||||
|
||||
const UpsertWorkerStorageBucketJobName = "upsert_worker_storage_bucket"
|
||||
|
||||
type UpdateStorageBucketCredential struct {
|
||||
StorageBucketId string `gorm:"primary_key"`
|
||||
Version int32
|
||||
CtSecrets []byte
|
||||
KeyId string
|
||||
StorageBucketScopeId string
|
||||
StorageBucketName string
|
||||
StorageBucketDescription string
|
||||
StorageBucketBucketName string
|
||||
StorageBucketBucketPrefix string
|
||||
StorageBucketWorkerFilter string
|
||||
StorageBucketAttributes []byte
|
||||
PluginId string
|
||||
PluginName string
|
||||
PluginDescription string
|
||||
}
|
||||
|
||||
// TableName returns the table name for gorm
|
||||
func (owsbc *UpdateStorageBucketCredential) TableName() string {
|
||||
return "update_worker_storage_bucket_credential"
|
||||
}
|
||||
|
||||
// ToPluginStorageBucket re-formats an storage bucket into the proto used for storage plugin requests
|
||||
func ToPluginStorageBucket(ctx context.Context, usb *UpdateStorageBucketCredential, wrapper wrapping.Wrapper) (*storagebuckets.StorageBucket, error) {
|
||||
const op = "server.ToPluginStorageBucket"
|
||||
switch {
|
||||
case usb == nil:
|
||||
return nil, errors.New(ctx, errors.InvalidParameter, op, "nil update storage bucket credential")
|
||||
}
|
||||
|
||||
sb := &storagebuckets.StorageBucket{
|
||||
Id: usb.StorageBucketId,
|
||||
ScopeId: usb.StorageBucketScopeId,
|
||||
PluginId: usb.PluginId,
|
||||
Name: wrapperspb.String(usb.StorageBucketBucketName),
|
||||
Description: wrapperspb.String(usb.StorageBucketDescription),
|
||||
BucketName: usb.StorageBucketBucketName,
|
||||
BucketPrefix: usb.StorageBucketBucketPrefix,
|
||||
WorkerFilter: usb.StorageBucketWorkerFilter,
|
||||
Plugin: &plugins.PluginInfo{
|
||||
Id: usb.PluginId,
|
||||
Name: usb.PluginName,
|
||||
Description: usb.PluginDescription,
|
||||
},
|
||||
}
|
||||
if usb.StorageBucketAttributes != nil {
|
||||
attrs := &structpb.Struct{}
|
||||
if err := proto.Unmarshal(usb.StorageBucketAttributes, attrs); err != nil {
|
||||
return nil, errors.Wrap(ctx, err, op, errors.WithMsg("unable to unmarshal attributes"))
|
||||
}
|
||||
sb.Attributes = attrs
|
||||
}
|
||||
if usb.CtSecrets != nil {
|
||||
allocFn, ok := storagebucketcredential.SubtypeRegistry.AllocFunc(storagebucketcredential.ManagedSecretSubtype)
|
||||
if !ok {
|
||||
return nil, errors.New(ctx, errors.InvalidParameter, op, "unable to allocate storage bucket credential")
|
||||
}
|
||||
sbc := allocFn()
|
||||
|
||||
sbc.SetKeyId(usb.KeyId)
|
||||
sbc.SetStorageBucketId(usb.StorageBucketId)
|
||||
sbc.SetCtSecrets(usb.CtSecrets)
|
||||
|
||||
if sbc.Decrypt(ctx, wrapper) != nil {
|
||||
return nil, errors.New(ctx, errors.Decrypt, op, "error decrypting secrets")
|
||||
}
|
||||
|
||||
secrets := &structpb.Struct{}
|
||||
if err := proto.Unmarshal(sbc.GetSecrets(), secrets); err != nil {
|
||||
return nil, errors.Wrap(ctx, err, op, errors.WithMsg("unable to unmarshal secrets"))
|
||||
}
|
||||
|
||||
sb.Secrets = secrets
|
||||
}
|
||||
return sb, nil
|
||||
}
|
||||
@ -1,33 +0,0 @@
|
||||
// Copyright (c) HashiCorp, Inc.
|
||||
// SPDX-License-Identifier: BUSL-1.1
|
||||
|
||||
package storagebucketcredential
|
||||
|
||||
import (
|
||||
"github.com/hashicorp/boundary/internal/server/store"
|
||||
)
|
||||
|
||||
// NewWorkerStorageBucketCredentialState returns a new WorkerStorageBucketCredentialState.
|
||||
func NewWorkerStorageBucketCredentialState() *WorkerStorageBucketCredentialState {
|
||||
return &WorkerStorageBucketCredentialState{
|
||||
WorkerStorageBucketCredentialState: &store.WorkerStorageBucketCredentialState{},
|
||||
}
|
||||
}
|
||||
|
||||
type WorkerStorageBucketCredentialState struct {
|
||||
*store.WorkerStorageBucketCredentialState
|
||||
tableName string `gorm:"-"`
|
||||
}
|
||||
|
||||
// TableName returns the table name.
|
||||
func (sbc *WorkerStorageBucketCredentialState) TableName() string {
|
||||
if sbc.tableName != "" {
|
||||
return sbc.tableName
|
||||
}
|
||||
return "worker_storage_bucket_credential_state"
|
||||
}
|
||||
|
||||
// SetTableName sets the table name.
|
||||
func (sbc *WorkerStorageBucketCredentialState) SetTableName(n string) {
|
||||
sbc.tableName = n
|
||||
}
|
||||
Loading…
Reference in new issue