Move access control to be manager-specific

2 years ago · 9097892c61
parent 0633530a13
commit 9097892c61
5 changed files with 28 additions and 19 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -26,6 +26,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
  failing due to lack of distant launch handler
 - Expose `windows-pipe` and `unix-socket` config and cli options regardless of
  platform (so they can be provided without worrying about which OS)
+- Lock `--access` to `distant manager listen` as a cli parameter and move it
+  out of `[network]` config to be tied to manager config only

 ## [0.17.1] - 2022-08-16
 ### Added
--- a/src/cli/commands/manager.rs
+++ b/src/cli/commands/manager.rs
@ -1,6 +1,6 @@
 use crate::{
    cli::{Cache, Client, Manager},
-    config::{ManagerConfig, NetworkConfig},
+    config::{AccessControl, ManagerConfig, NetworkConfig},
    paths::user::CACHE_FILE_PATH_STR,
    CliResult,
 };
@ -33,6 +33,10 @@ pub enum ManagerSubcommand {

    /// Listen for incoming requests as a manager
    Listen {
+        /// Type of access to apply to created unix socket or windows pipe
+        #[clap(long, value_enum)]
+        access: Option<AccessControl>,
+
        /// If specified, will fork the process to run as a standalone daemon
        #[clap(long)]
        daemon: bool,
@ -256,7 +260,13 @@ impl ManagerSubcommand {

                Ok(())
            }
-            Self::Listen { network, user, .. } => {
+            Self::Listen {
+                access,
+                network,
+                user,
+                ..
+            } => {
+                let access = access.or(config.access).unwrap_or_default();
                let network = network.merge(config.network);

                info!(
@ -271,13 +281,14 @@ impl ManagerSubcommand {
                        "global"
                    }
                );
-                let manager_ref = Manager::new(
-                    DistantManagerConfig {
+                let manager_ref = Manager {
+                    access,
+                    config: DistantManagerConfig {
                        user,
                        ..Default::default()
                    },
                    network,
-                )
+                }
                .listen()
                .await
                .context("Failed to start manager")?;
--- a/src/cli/manager.rs
+++ b/src/cli/manager.rs
@ -1,5 +1,5 @@
 use crate::{
-    config::NetworkConfig,
+    config::{AccessControl, NetworkConfig},
    paths::{global as global_paths, user as user_paths},
 };
 use anyhow::Context;
@ -7,15 +7,12 @@ use distant_core::{net::PlainCodec, DistantManager, DistantManagerConfig, Distan
 use log::*;

 pub struct Manager {
-    config: DistantManagerConfig,
-    network: NetworkConfig,
+    pub access: AccessControl,
+    pub config: DistantManagerConfig,
+    pub network: NetworkConfig,
 }

 impl Manager {
-    pub fn new(config: DistantManagerConfig, network: NetworkConfig) -> Self {
-        Self { config, network }
-    }
-
    /// Begin listening on the network interface specified within [`NetworkConfig`]
    pub async fn listen(self) -> anyhow::Result<DistantManagerRef> {
        let user = self.config.user;
@ -41,7 +38,7 @@ impl Manager {
                self.config,
                socket_path,
                PlainCodec,
-                self.network.access.unwrap_or_default().into_mode(),
+                self.access.into_mode(),
            )
            .await
            .with_context(|| format!("Failed to start manager at socket {socket_path:?}"))?
--- a/src/config/manager.rs
+++ b/src/config/manager.rs
@ -1,4 +1,4 @@
-use super::{CommonConfig, NetworkConfig};
+use super::{AccessControl, CommonConfig, NetworkConfig};
 use clap::Args;
 use distant_core::Destination;
 use serde::{Deserialize, Serialize};
@ -7,6 +7,10 @@ use service_manager::ServiceManagerKind;
 /// Represents configuration settings for the distant manager
 #[derive(Args, Debug, Default, Serialize, Deserialize)]
 pub struct ManagerConfig {
+    /// Type of access to apply to created unix socket or windows pipe
+    #[clap(long, value_enum)]
+    pub access: Option<AccessControl>,
+
    #[clap(flatten)]
    #[serde(flatten)]
    pub common: CommonConfig,
--- a/src/config/network.rs
+++ b/src/config/network.rs
@ -37,10 +37,6 @@ impl Default for AccessControl {
 /// Represents common networking configuration
 #[derive(Args, Clone, Debug, Default, Serialize, Deserialize)]
 pub struct NetworkConfig {
-    /// Type of access to apply to created unix socket or windows pipe
-    #[clap(long, value_enum)]
-    pub access: Option<AccessControl>,
-
    /// Override the path to the Unix socket used by the manager (unix-only)
    #[clap(long)]
    pub unix_socket: Option<std::path::PathBuf>,
@ -53,7 +49,6 @@ pub struct NetworkConfig {
 impl NetworkConfig {
    pub fn merge(self, other: Self) -> Self {
        Self {
-            access: self.access.or(other.access),
            unix_socket: self.unix_socket.or(other.unix_socket),
            windows_pipe: self.windows_pipe.or(other.windows_pipe),
        }