API: init Admin endpoints
This commit is contained in:
Johannes Kirschbauer
62
pkgs/clan-cli/clan_cli/api/admin.py
Normal file
62
pkgs/clan-cli/clan_cli/api/admin.py
Normal file
@@ -0,0 +1,62 @@
|
|||||||
|
from clan_cli.api import API
|
||||||
|
from clan_cli.inventory import (
|
||||||
|
AdminConfig,
|
||||||
|
ServiceAdmin,
|
||||||
|
ServiceAdminRole,
|
||||||
|
ServiceAdminRoleDefault,
|
||||||
|
ServiceMeta,
|
||||||
|
load_inventory_eval,
|
||||||
|
save_inventory,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@API.register
|
||||||
|
def get_admin_service(base_url: str) -> ServiceAdmin | None:
|
||||||
|
"""
|
||||||
|
Return the admin service of a clan.
|
||||||
|
|
||||||
|
There is only one admin service. This might be changed in the future
|
||||||
|
"""
|
||||||
|
inventory = load_inventory_eval(base_url)
|
||||||
|
return inventory.services.admin.get("admin")
|
||||||
|
|
||||||
|
|
||||||
|
@API.register
|
||||||
|
def set_admin_service(
|
||||||
|
base_url: str, allowed_keys: list[str], instance_name: str = "admin"
|
||||||
|
) -> None:
|
||||||
|
"""
|
||||||
|
Set the admin service of a clan
|
||||||
|
Every machine is by default part of the admin service via the 'all' tag
|
||||||
|
"""
|
||||||
|
inventory = load_inventory_eval(base_url)
|
||||||
|
|
||||||
|
if not allowed_keys:
|
||||||
|
raise ValueError("At least one key must be provided to ensure access")
|
||||||
|
|
||||||
|
keys = []
|
||||||
|
for keyfile in allowed_keys:
|
||||||
|
if not keyfile.startswith("/"):
|
||||||
|
raise ValueError(f"Keyfile '{keyfile}' must be an absolute path")
|
||||||
|
with open(keyfile) as f:
|
||||||
|
pubkey = f.read()
|
||||||
|
keys.append(pubkey)
|
||||||
|
|
||||||
|
instance = ServiceAdmin(
|
||||||
|
meta=ServiceMeta(name=instance_name),
|
||||||
|
roles=ServiceAdminRole(
|
||||||
|
default=ServiceAdminRoleDefault(
|
||||||
|
config=AdminConfig(allowedKeys=keys),
|
||||||
|
machines=[],
|
||||||
|
tags=["all"],
|
||||||
|
)
|
||||||
|
),
|
||||||
|
)
|
||||||
|
|
||||||
|
inventory.services.admin[instance_name] = instance
|
||||||
|
|
||||||
|
save_inventory(
|
||||||
|
inventory,
|
||||||
|
base_url,
|
||||||
|
f"Set admin service: '{instance_name}'",
|
||||||
|
)
|
||||||
@@ -22,16 +22,25 @@ from clan_cli.git import commit_file
|
|||||||
from ..cmd import run_no_stdout
|
from ..cmd import run_no_stdout
|
||||||
from ..nix import nix_eval
|
from ..nix import nix_eval
|
||||||
from .classes import (
|
from .classes import (
|
||||||
|
AdminConfig,
|
||||||
Inventory,
|
Inventory,
|
||||||
|
# Machine classes
|
||||||
Machine,
|
Machine,
|
||||||
MachineDeploy,
|
MachineDeploy,
|
||||||
|
# General classes
|
||||||
Meta,
|
Meta,
|
||||||
Service,
|
Service,
|
||||||
|
# Admin service
|
||||||
|
ServiceAdmin,
|
||||||
|
ServiceAdminRole,
|
||||||
|
ServiceAdminRoleDefault,
|
||||||
|
# Borgbackup service
|
||||||
ServiceBorgbackup,
|
ServiceBorgbackup,
|
||||||
ServiceBorgbackupRole,
|
ServiceBorgbackupRole,
|
||||||
ServiceBorgbackupRoleClient,
|
ServiceBorgbackupRoleClient,
|
||||||
ServiceBorgbackupRoleServer,
|
ServiceBorgbackupRoleServer,
|
||||||
ServiceMeta,
|
ServiceMeta,
|
||||||
|
# Single Disk service
|
||||||
ServiceSingleDisk,
|
ServiceSingleDisk,
|
||||||
ServiceSingleDiskRole,
|
ServiceSingleDiskRole,
|
||||||
ServiceSingleDiskRoleDefault,
|
ServiceSingleDiskRoleDefault,
|
||||||
@@ -58,6 +67,11 @@ __all__ = [
|
|||||||
"ServiceSingleDiskRole",
|
"ServiceSingleDiskRole",
|
||||||
"ServiceSingleDiskRoleDefault",
|
"ServiceSingleDiskRoleDefault",
|
||||||
"SingleDiskConfig",
|
"SingleDiskConfig",
|
||||||
|
# Admin service
|
||||||
|
"ServiceAdmin",
|
||||||
|
"ServiceAdminRole",
|
||||||
|
"ServiceAdminRoleDefault",
|
||||||
|
"AdminConfig",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user