proxmox-backup/src/bin/proxmox_backup_manager/user.rs

use anyhow::Error;
use serde_json::Value;

use std::collections::HashMap;

use proxmox::api::{api, cli::*, RpcEnvironment, ApiHandler};

use pbs_api_types::{ACL_PATH_SCHEMA, Authid, Userid};

use proxmox_backup::api2;

fn render_expire(value: &Value, _record: &Value) -> Result<String, Error> {
    let never = String::from("never");
    if value.is_null() { return Ok(never); }
    let text = match value.as_i64() {
        Some(epoch) if epoch == 0 => never,
        Some(epoch) => {
            if let Ok(epoch_string) = proxmox::tools::time::strftime_local("%c", epoch as i64) {
                epoch_string
            } else {
                epoch.to_string()
            }
        },
        None => value.to_string(),
    };
    Ok(text)
}

#[api(
    input: {
        properties: {
            "output-format": {
                schema: OUTPUT_FORMAT,
                optional: true,
            },
        }
    }
)]
/// List configured users.
fn list_users(param: Value, rpcenv: &mut dyn RpcEnvironment) -> Result<Value, Error> {

    let output_format = get_output_format(&param);

    let info = &api2::access::user::API_METHOD_LIST_USERS;
    let mut data = match info.handler {
        ApiHandler::Sync(handler) => (handler)(param, info, rpcenv)?,
        _ => unreachable!(),
    };

    let options = default_table_format_options()
        .column(ColumnConfig::new("userid"))
        .column(
            ColumnConfig::new("enable")
                .renderer(pbs_tools::format::render_bool_with_default_true)
        )
        .column(
            ColumnConfig::new("expire")
                .renderer(render_expire)
        )
        .column(ColumnConfig::new("firstname"))
        .column(ColumnConfig::new("lastname"))
        .column(ColumnConfig::new("email"))
        .column(ColumnConfig::new("comment"));

    format_and_print_result_full(&mut data, &info.returns, &output_format, &options);

    Ok(Value::Null)
}

#[api(
    input: {
        properties: {
            "output-format": {
                schema: OUTPUT_FORMAT,
                optional: true,
            },
            userid: {
                type: Userid,
            }
        }
    }
)]
/// List tokens associated with user.
fn list_tokens(param: Value, rpcenv: &mut dyn RpcEnvironment) -> Result<Value, Error> {

    let output_format = get_output_format(&param);

    let info = &api2::access::user::API_METHOD_LIST_TOKENS;
    let mut data = match info.handler {
        ApiHandler::Sync(handler) => (handler)(param, info, rpcenv)?,
        _ => unreachable!(),
    };

    let options = default_table_format_options()
        .column(ColumnConfig::new("tokenid"))
        .column(
            ColumnConfig::new("enable")
                .renderer(pbs_tools::format::render_bool_with_default_true)
        )
        .column(
            ColumnConfig::new("expire")
                .renderer(render_expire)
        )
        .column(ColumnConfig::new("comment"));

    format_and_print_result_full(&mut data, &info.returns, &output_format, &options);

    Ok(Value::Null)
}


#[api(
    input: {
        properties: {
            "output-format": {
                schema: OUTPUT_FORMAT,
                optional: true,
            },
            "auth-id": {
                type: Authid,
            },
            path: {
                schema: ACL_PATH_SCHEMA,
                optional: true,
            },
        }
    }
)]
/// List permissions of user/token.
fn list_permissions(param: Value, rpcenv: &mut dyn RpcEnvironment) -> Result<Value, Error> {

    let output_format = get_output_format(&param);

    let info = &api2::access::API_METHOD_LIST_PERMISSIONS;
    let data = match info.handler {
        ApiHandler::Sync(handler) => (handler)(param, info, rpcenv)?,
        _ => unreachable!(),
    };

    if output_format == "text" {
        println!("Privileges with (*) have the propagate flag set\n");
        let data:HashMap<String, HashMap<String, bool>> = serde_json::from_value(data)?;
        let mut paths:Vec<String> = data.keys().cloned().collect();
        paths.sort_unstable();
        for path in paths {
            println!("Path: {}", path);
            let priv_map = data.get(&path).unwrap();
            let mut privs:Vec<String> = priv_map.keys().cloned().collect();
            if privs.is_empty() {
                println!("- NoAccess");
            } else {
                privs.sort_unstable();
                for privilege in privs {
                    if *priv_map.get(&privilege).unwrap() {
                        println!("- {} (*)", privilege);
                    } else {
                        println!("- {}", privilege);
                    }
                }
            }
        }
    } else {
        format_and_print_result(&data, &output_format);
    }

    Ok(Value::Null)
}


pub fn user_commands() -> CommandLineInterface {

    let cmd_def = CliCommandMap::new()
        .insert("list", CliCommand::new(&&API_METHOD_LIST_USERS))
        .insert(
            "create",
            // fixme: howto handle password parameter?
            CliCommand::new(&api2::access::user::API_METHOD_CREATE_USER)
                .arg_param(&["userid"])
        )
        .insert(
            "update",
            CliCommand::new(&api2::access::user::API_METHOD_UPDATE_USER)
                .arg_param(&["userid"])
                .completion_cb("userid", pbs_config::user::complete_userid)
        )
        .insert(
            "remove",
            CliCommand::new(&api2::access::user::API_METHOD_DELETE_USER)
                .arg_param(&["userid"])
                .completion_cb("userid", pbs_config::user::complete_userid)
        )
        .insert(
            "list-tokens",
            CliCommand::new(&&API_METHOD_LIST_TOKENS)
                .arg_param(&["userid"])
                .completion_cb("userid", pbs_config::user::complete_userid)
        )
        .insert(
            "generate-token",
            CliCommand::new(&api2::access::user::API_METHOD_GENERATE_TOKEN)
                .arg_param(&["userid", "tokenname"])
                .completion_cb("userid", pbs_config::user::complete_userid)
        )
        .insert(
            "delete-token",
            CliCommand::new(&api2::access::user::API_METHOD_DELETE_TOKEN)
                .arg_param(&["userid", "tokenname"])
                .completion_cb("userid", pbs_config::user::complete_userid)
                .completion_cb("tokenname", pbs_config::user::complete_token_name)
        )
        .insert(
            "permissions",
            CliCommand::new(&&API_METHOD_LIST_PERMISSIONS)
                .arg_param(&["auth-id"])
                .completion_cb("auth-id", pbs_config::user::complete_authid)
                .completion_cb("path", pbs_config::datastore::complete_acl_path)
        );

    cmd_def.into()
}
proxmox-backup-manager: split out users.rs 2020-05-21 08:53:06 +00:00			`use anyhow::Error;`
			`use serde_json::Value;`

manager: add user permissions command useful for debugging complex ACL setups. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-16 09:18:02 +00:00			`use std::collections::HashMap;`

proxmox-backup-manager: split out users.rs 2020-05-21 08:53:06 +00:00			`use proxmox::api::{api, cli::*, RpcEnvironment, ApiHandler};`

move datastore config to pbs_config workspace 2021-09-10 06:40:58 +00:00			`use pbs_api_types::{ACL_PATH_SCHEMA, Authid, Userid};`

proxmox-backup-manager: split out users.rs 2020-05-21 08:53:06 +00:00			`use proxmox_backup::api2;`

manager: user/token list: fix rendering 0 (never) expire date Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2021-01-14 12:59:08 +00:00			`fn render_expire(value: &Value, _record: &Value) -> Result<String, Error> {`
			`let never = String::from("never");`
			`if value.is_null() { return Ok(never); }`
			`let text = match value.as_i64() {`
			`Some(epoch) if epoch == 0 => never,`
			`Some(epoch) => {`
			`if let Ok(epoch_string) = proxmox::tools::time::strftime_local("%c", epoch as i64) {`
			`epoch_string`
			`} else {`
			`epoch.to_string()`
			`}`
			`},`
			`None => value.to_string(),`
			`};`
			`Ok(text)`
			`}`

proxmox-backup-manager: split out users.rs 2020-05-21 08:53:06 +00:00			`#[api(`
			`input: {`
			`properties: {`
			`"output-format": {`
			`schema: OUTPUT_FORMAT,`
			`optional: true,`
			`},`
			`}`
			`}`
			`)]`
			`/// List configured users.`
			`fn list_users(param: Value, rpcenv: &mut dyn RpcEnvironment) -> Result<Value, Error> {`

			`let output_format = get_output_format(&param);`

			`let info = &api2::access::user::API_METHOD_LIST_USERS;`
			`let mut data = match info.handler {`
			`ApiHandler::Sync(handler) => (handler)(param, info, rpcenv)?,`
			`_ => unreachable!(),`
			`};`

			`let options = default_table_format_options()`
			`.column(ColumnConfig::new("userid"))`
			`.column(`
			`ColumnConfig::new("enable")`
add pbs-tools subcrate Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2021-07-06 11:26:35 +00:00			`.renderer(pbs_tools::format::render_bool_with_default_true)`
proxmox-backup-manager: split out users.rs 2020-05-21 08:53:06 +00:00			`)`
			`.column(`
			`ColumnConfig::new("expire")`
manager: user/token list: fix rendering 0 (never) expire date Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2021-01-14 12:59:08 +00:00			`.renderer(render_expire)`
proxmox-backup-manager: split out users.rs 2020-05-21 08:53:06 +00:00			`)`
			`.column(ColumnConfig::new("firstname"))`
			`.column(ColumnConfig::new("lastname"))`
			`.column(ColumnConfig::new("email"))`
			`.column(ColumnConfig::new("comment"));`

adaptions for proxmox 0.9 and proxmox-api-macro 0.3 Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-12-18 11:26:07 +00:00			`format_and_print_result_full(&mut data, &info.returns, &output_format, &options);`
proxmox-backup-manager: split out users.rs 2020-05-21 08:53:06 +00:00
			`Ok(Value::Null)`
			`}`

manager: add token commands to generate, list and delete tokens. adding them to ACLs already works out of the box. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-15 12:49:04 +00:00			`#[api(`
			`input: {`
			`properties: {`
			`"output-format": {`
			`schema: OUTPUT_FORMAT,`
			`optional: true,`
			`},`
			`userid: {`
			`type: Userid,`
			`}`
			`}`
			`}`
			`)]`
			`/// List tokens associated with user.`
			`fn list_tokens(param: Value, rpcenv: &mut dyn RpcEnvironment) -> Result<Value, Error> {`

			`let output_format = get_output_format(&param);`

			`let info = &api2::access::user::API_METHOD_LIST_TOKENS;`
			`let mut data = match info.handler {`
			`ApiHandler::Sync(handler) => (handler)(param, info, rpcenv)?,`
			`_ => unreachable!(),`
			`};`

			`let options = default_table_format_options()`
			`.column(ColumnConfig::new("tokenid"))`
			`.column(`
			`ColumnConfig::new("enable")`
add pbs-tools subcrate Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2021-07-06 11:26:35 +00:00			`.renderer(pbs_tools::format::render_bool_with_default_true)`
manager: add token commands to generate, list and delete tokens. adding them to ACLs already works out of the box. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-15 12:49:04 +00:00			`)`
			`.column(`
			`ColumnConfig::new("expire")`
manager: user/token list: fix rendering 0 (never) expire date Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2021-01-14 12:59:08 +00:00			`.renderer(render_expire)`
manager: add token commands to generate, list and delete tokens. adding them to ACLs already works out of the box. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-15 12:49:04 +00:00			`)`
			`.column(ColumnConfig::new("comment"));`

adaptions for proxmox 0.9 and proxmox-api-macro 0.3 Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-12-18 11:26:07 +00:00			`format_and_print_result_full(&mut data, &info.returns, &output_format, &options);`
manager: add token commands to generate, list and delete tokens. adding them to ACLs already works out of the box. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-15 12:49:04 +00:00
			`Ok(Value::Null)`
			`}`


manager: add user permissions command useful for debugging complex ACL setups. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-16 09:18:02 +00:00			`#[api(`
			`input: {`
			`properties: {`
			`"output-format": {`
			`schema: OUTPUT_FORMAT,`
			`optional: true,`
			`},`
api: replace auth_id with auth-id in parameters, and fix up the completion for the ACL update parameter. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-30 14:18:41 +00:00			`"auth-id": {`
manager: add user permissions command useful for debugging complex ACL setups. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-16 09:18:02 +00:00			`type: Authid,`
			`},`
			`path: {`
			`schema: ACL_PATH_SCHEMA,`
			`optional: true,`
			`},`
			`}`
			`}`
			`)]`
			`/// List permissions of user/token.`
			`fn list_permissions(param: Value, rpcenv: &mut dyn RpcEnvironment) -> Result<Value, Error> {`

			`let output_format = get_output_format(&param);`

			`let info = &api2::access::API_METHOD_LIST_PERMISSIONS;`
clippy: more misc fixes Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2021-01-25 13:43:00 +00:00			`let data = match info.handler {`
manager: add user permissions command useful for debugging complex ACL setups. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-16 09:18:02 +00:00			`ApiHandler::Sync(handler) => (handler)(param, info, rpcenv)?,`
			`_ => unreachable!(),`
			`};`

			`if output_format == "text" {`
			`println!("Privileges with (*) have the propagate flag set\n");`
			`let data:HashMap<String, HashMap<String, bool>> = serde_json::from_value(data)?;`
			`let mut paths:Vec<String> = data.keys().cloned().collect();`
			`paths.sort_unstable();`
			`for path in paths {`
			`println!("Path: {}", path);`
			`let priv_map = data.get(&path).unwrap();`
			`let mut privs:Vec<String> = priv_map.keys().cloned().collect();`
			`if privs.is_empty() {`
			`println!("- NoAccess");`
			`} else {`
			`privs.sort_unstable();`
			`for privilege in privs {`
			`if *priv_map.get(&privilege).unwrap() {`
			`println!("- {} (*)", privilege);`
			`} else {`
			`println!("- {}", privilege);`
			`}`
			`}`
			`}`
			`}`
			`} else {`
clippy: more misc fixes Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2021-01-25 13:43:00 +00:00			`format_and_print_result(&data, &output_format);`
manager: add user permissions command useful for debugging complex ACL setups. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-16 09:18:02 +00:00			`}`

			`Ok(Value::Null)`
			`}`


proxmox-backup-manager: split out users.rs 2020-05-21 08:53:06 +00:00			`pub fn user_commands() -> CommandLineInterface {`

			`let cmd_def = CliCommandMap::new()`
			`.insert("list", CliCommand::new(&&API_METHOD_LIST_USERS))`
			`.insert(`
			`"create",`
			`// fixme: howto handle password parameter?`
			`CliCommand::new(&api2::access::user::API_METHOD_CREATE_USER)`
			`.arg_param(&["userid"])`
			`)`
			`.insert(`
			`"update",`
			`CliCommand::new(&api2::access::user::API_METHOD_UPDATE_USER)`
			`.arg_param(&["userid"])`
move user configuration to pbs_config workspace Also moved memcom.rs and cached_user_info.rs 2021-09-10 04:53:53 +00:00			`.completion_cb("userid", pbs_config::user::complete_userid)`
proxmox-backup-manager: split out users.rs 2020-05-21 08:53:06 +00:00			`)`
			`.insert(`
			`"remove",`
			`CliCommand::new(&api2::access::user::API_METHOD_DELETE_USER)`
			`.arg_param(&["userid"])`
move user configuration to pbs_config workspace Also moved memcom.rs and cached_user_info.rs 2021-09-10 04:53:53 +00:00			`.completion_cb("userid", pbs_config::user::complete_userid)`
manager: add token commands to generate, list and delete tokens. adding them to ACLs already works out of the box. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-15 12:49:04 +00:00			`)`
			`.insert(`
			`"list-tokens",`
			`CliCommand::new(&&API_METHOD_LIST_TOKENS)`
			`.arg_param(&["userid"])`
move user configuration to pbs_config workspace Also moved memcom.rs and cached_user_info.rs 2021-09-10 04:53:53 +00:00			`.completion_cb("userid", pbs_config::user::complete_userid)`
manager: add token commands to generate, list and delete tokens. adding them to ACLs already works out of the box. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-15 12:49:04 +00:00			`)`
			`.insert(`
			`"generate-token",`
			`CliCommand::new(&api2::access::user::API_METHOD_GENERATE_TOKEN)`
			`.arg_param(&["userid", "tokenname"])`
move user configuration to pbs_config workspace Also moved memcom.rs and cached_user_info.rs 2021-09-10 04:53:53 +00:00			`.completion_cb("userid", pbs_config::user::complete_userid)`
manager: add token commands to generate, list and delete tokens. adding them to ACLs already works out of the box. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-15 12:49:04 +00:00			`)`
			`.insert(`
			`"delete-token",`
			`CliCommand::new(&api2::access::user::API_METHOD_DELETE_TOKEN)`
			`.arg_param(&["userid", "tokenname"])`
move user configuration to pbs_config workspace Also moved memcom.rs and cached_user_info.rs 2021-09-10 04:53:53 +00:00			`.completion_cb("userid", pbs_config::user::complete_userid)`
			`.completion_cb("tokenname", pbs_config::user::complete_token_name)`
manager: add user permissions command useful for debugging complex ACL setups. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-16 09:18:02 +00:00			`)`
			`.insert(`
			`"permissions",`
			`CliCommand::new(&&API_METHOD_LIST_PERMISSIONS)`
api: replace auth_id with auth-id in parameters, and fix up the completion for the ACL update parameter. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-30 14:18:41 +00:00			`.arg_param(&["auth-id"])`
move user configuration to pbs_config workspace Also moved memcom.rs and cached_user_info.rs 2021-09-10 04:53:53 +00:00			`.completion_cb("auth-id", pbs_config::user::complete_authid)`
move datastore config to pbs_config workspace 2021-09-10 06:40:58 +00:00			`.completion_cb("path", pbs_config::datastore::complete_acl_path)`
proxmox-backup-manager: split out users.rs 2020-05-21 08:53:06 +00:00			`);`

			`cmd_def.into()`
			`}`