Move access control to be manager-specific

chipsenkbeil · Aug 17, 2022 · 9097892 · 9097892
1 parent 0633530
commit 9097892
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 19 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -26,6 +26,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   failing due to lack of distant launch handler
 - Expose `windows-pipe` and `unix-socket` config and cli options regardless of
   platform (so they can be provided without worrying about which OS)
+- Lock `--access` to `distant manager listen` as a cli parameter and move it
+  out of `[network]` config to be tied to manager config only
 
 ## [0.17.1] - 2022-08-16
 ### Added

diff --git a/src/cli/commands/manager.rs b/src/cli/commands/manager.rs
@@ -1,6 +1,6 @@
 use crate::{
     cli::{Cache, Client, Manager},
-    config::{ManagerConfig, NetworkConfig},
+    config::{AccessControl, ManagerConfig, NetworkConfig},
     paths::user::CACHE_FILE_PATH_STR,
     CliResult,
 };
@@ -33,6 +33,10 @@ pub enum ManagerSubcommand {
 
     /// Listen for incoming requests as a manager
     Listen {
+        /// Type of access to apply to created unix socket or windows pipe
+        #[clap(long, value_enum)]
+        access: Option<AccessControl>,
+
         /// If specified, will fork the process to run as a standalone daemon
         #[clap(long)]
         daemon: bool,
@@ -256,7 +260,13 @@ impl ManagerSubcommand {
 
                 Ok(())
             }
-            Self::Listen { network, user, .. } => {
+            Self::Listen {
+                access,
+                network,
+                user,
+                ..
+            } => {
+                let access = access.or(config.access).unwrap_or_default();
                 let network = network.merge(config.network);
 
                 info!(
@@ -271,13 +281,14 @@ impl ManagerSubcommand {
                         "global"
                     }
                 );
-                let manager_ref = Manager::new(
-                    DistantManagerConfig {
+                let manager_ref = Manager {
+                    access,
+                    config: DistantManagerConfig {
                         user,
                         ..Default::default()
                     },
                     network,
-                )
+                }
                 .listen()
                 .await
                 .context("Failed to start manager")?;

diff --git a/src/cli/manager.rs b/src/cli/manager.rs
@@ -1,21 +1,18 @@
 use crate::{
-    config::NetworkConfig,
+    config::{AccessControl, NetworkConfig},
     paths::{global as global_paths, user as user_paths},
 };
 use anyhow::Context;
 use distant_core::{net::PlainCodec, DistantManager, DistantManagerConfig, DistantManagerRef};
 use log::*;
 
 pub struct Manager {
-    config: DistantManagerConfig,
-    network: NetworkConfig,
+    pub access: AccessControl,
+    pub config: DistantManagerConfig,
+    pub network: NetworkConfig,
 }
 
 impl Manager {
-    pub fn new(config: DistantManagerConfig, network: NetworkConfig) -> Self {
-        Self { config, network }
-    }
-
     /// Begin listening on the network interface specified within [`NetworkConfig`]
     pub async fn listen(self) -> anyhow::Result<DistantManagerRef> {
         let user = self.config.user;
@@ -41,7 +38,7 @@ impl Manager {
                 self.config,
                 socket_path,
                 PlainCodec,
-                self.network.access.unwrap_or_default().into_mode(),
+                self.access.into_mode(),
             )
             .await
             .with_context(|| format!("Failed to start manager at socket {socket_path:?}"))?

diff --git a/src/config/manager.rs b/src/config/manager.rs
@@ -1,4 +1,4 @@
-use super::{CommonConfig, NetworkConfig};
+use super::{AccessControl, CommonConfig, NetworkConfig};
 use clap::Args;
 use distant_core::Destination;
 use serde::{Deserialize, Serialize};
@@ -7,6 +7,10 @@ use service_manager::ServiceManagerKind;
 /// Represents configuration settings for the distant manager
 #[derive(Args, Debug, Default, Serialize, Deserialize)]
 pub struct ManagerConfig {
+    /// Type of access to apply to created unix socket or windows pipe
+    #[clap(long, value_enum)]
+    pub access: Option<AccessControl>,
+
     #[clap(flatten)]
     #[serde(flatten)]
     pub common: CommonConfig,

diff --git a/src/config/network.rs b/src/config/network.rs
@@ -37,10 +37,6 @@ impl Default for AccessControl {
 /// Represents common networking configuration
 #[derive(Args, Clone, Debug, Default, Serialize, Deserialize)]
 pub struct NetworkConfig {
-    /// Type of access to apply to created unix socket or windows pipe
-    #[clap(long, value_enum)]
-    pub access: Option<AccessControl>,
-
     /// Override the path to the Unix socket used by the manager (unix-only)
     #[clap(long)]
     pub unix_socket: Option<std::path::PathBuf>,
@@ -53,7 +49,6 @@ pub struct NetworkConfig {
 impl NetworkConfig {
     pub fn merge(self, other: Self) -> Self {
         Self {
-            access: self.access.or(other.access),
             unix_socket: self.unix_socket.or(other.unix_socket),
             windows_pipe: self.windows_pipe.or(other.windows_pipe),
         }