From 50d6cb9fc8ad97a11c8959dd9e8e38e428872efd Mon Sep 17 00:00:00 2001 From: Lann Martin Date: Mon, 28 Aug 2023 11:14:07 -0400 Subject: [PATCH 1/2] Clippy lints --- crates/server/src/services/core.rs | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/crates/server/src/services/core.rs b/crates/server/src/services/core.rs index 74f871c4..aae6cd87 100644 --- a/crates/server/src/services/core.rs +++ b/crates/server/src/services/core.rs @@ -79,9 +79,7 @@ impl CoreService { ) -> Result, CoreServiceError> { let state = self.inner.state.read().await; - let proof = state - .log - .prove_consistency(from_log_length as usize, to_log_length as usize); + let proof = state.log.prove_consistency(from_log_length, to_log_length); LogProofBundle::bundle(vec![proof], vec![], &state.log) .map_err(CoreServiceError::BundleFailure) } @@ -96,13 +94,13 @@ impl CoreService { let proofs = entries .iter() - .map(|index| { - let node = if *index < state.leaf_index.len() as RegistryIndex { - state.leaf_index[*index as usize] + .map(|&index| { + let node = if index < state.leaf_index.len() as RegistryIndex { + state.leaf_index[index] } else { - return Err(CoreServiceError::LeafNotFound(*index)); + return Err(CoreServiceError::LeafNotFound(index)); }; - Ok(state.log.prove_inclusion(node, log_length as usize)) + Ok(state.log.prove_inclusion(node, log_length)) }) .collect::, CoreServiceError>>()?; From e92fabae5a75e8d5e537da075dc2496fb168ca8e Mon Sep 17 00:00:00 2001 From: Lann Martin Date: Mon, 28 Aug 2023 15:01:22 -0400 Subject: [PATCH 2/2] Allow multiple permissions per grant/revoke entry --- crates/protocol/src/operator/mod.rs | 33 +++++--- crates/protocol/src/operator/model.rs | 4 +- crates/protocol/src/operator/state.rs | 75 ++++++++++-------- crates/protocol/src/package/mod.rs | 33 +++++--- crates/protocol/src/package/model.rs | 4 +- crates/protocol/src/package/state.rs | 79 ++++++++++--------- .../protocol/tests/operator-logs/longer.json | 4 +- .../protocol/tests/operator-logs/minimal.json | 2 +- .../tests/operator-logs/output/longer.json | 2 +- .../tests/operator-logs/output/minimal.json | 2 +- .../protocol/tests/package-logs/longer.json | 4 +- .../protocol/tests/package-logs/minimal.json | 2 +- .../tests/package-logs/output/longer.json | 4 +- .../tests/package-logs/output/minimal.json | 2 +- crates/server/src/api/debug/mod.rs | 15 ++-- proto/warg/protocol/warg.proto | 8 +- 16 files changed, 154 insertions(+), 119 deletions(-) diff --git a/crates/protocol/src/operator/mod.rs b/crates/protocol/src/operator/mod.rs index 0dea2771..fd23e818 100644 --- a/crates/protocol/src/operator/mod.rs +++ b/crates/protocol/src/operator/mod.rs @@ -69,11 +69,19 @@ impl TryFrom for model::OperatorEntry { }, Contents::GrantFlat(grant_flat) => model::OperatorEntry::GrantFlat { key: grant_flat.key.parse()?, - permission: grant_flat.permission.try_into()?, + permissions: grant_flat + .permissions + .into_iter() + .map(TryInto::try_into) + .collect::>()?, }, Contents::RevokeFlat(revoke_flat) => model::OperatorEntry::RevokeFlat { key_id: revoke_flat.key_id.into(), - permission: revoke_flat.permission.try_into()?, + permissions: revoke_flat + .permissions + .into_iter() + .map(TryInto::try_into) + .collect::>()?, }, }; Ok(output) @@ -140,18 +148,19 @@ impl<'a> From<&'a model::OperatorEntry> for protobuf::OperatorEntry { key: key.to_string(), hash_algorithm: hash_algorithm.to_string(), }), - model::OperatorEntry::GrantFlat { key, permission } => { + model::OperatorEntry::GrantFlat { key, permissions } => { Contents::GrantFlat(protobuf::OperatorGrantFlat { key: key.to_string(), - permission: permission.into(), - }) - } - model::OperatorEntry::RevokeFlat { key_id, permission } => { - Contents::RevokeFlat(protobuf::OperatorRevokeFlat { - key_id: key_id.to_string(), - permission: permission.into(), + permissions: permissions.iter().map(Into::into).collect(), }) } + model::OperatorEntry::RevokeFlat { + key_id, + permissions, + } => Contents::RevokeFlat(protobuf::OperatorRevokeFlat { + key_id: key_id.to_string(), + permissions: permissions.iter().map(Into::into).collect(), + }), }; let contents = Some(contents); protobuf::OperatorEntry { contents } @@ -193,11 +202,11 @@ mod tests { }, model::OperatorEntry::GrantFlat { key: bob_pub.clone(), - permission: model::Permission::Commit, + permissions: vec![model::Permission::Commit], }, model::OperatorEntry::RevokeFlat { key_id: bob_pub.fingerprint(), - permission: model::Permission::Commit, + permissions: vec![model::Permission::Commit], }, ], }; diff --git a/crates/protocol/src/operator/model.rs b/crates/protocol/src/operator/model.rs index 73b2ea5e..eae448f6 100644 --- a/crates/protocol/src/operator/model.rs +++ b/crates/protocol/src/operator/model.rs @@ -74,13 +74,13 @@ pub enum OperatorEntry { /// The author of this entry must have the permission. GrantFlat { key: signing::PublicKey, - permission: Permission, + permissions: Vec, }, /// Remove a permission from a key. /// The author of this entry must have the permission. RevokeFlat { key_id: signing::KeyID, - permission: Permission, + permissions: Vec, }, } diff --git a/crates/protocol/src/operator/state.rs b/crates/protocol/src/operator/state.rs index f76138ee..9ff1f2a5 100644 --- a/crates/protocol/src/operator/state.rs +++ b/crates/protocol/src/operator/state.rs @@ -234,7 +234,7 @@ impl LogState { ) -> Result<(), ValidationError> { for entry in entries { if let Some(permission) = entry.required_permission() { - self.check_key_permission(signer_key_id, permission)?; + self.check_key_permissions(signer_key_id, &[permission])?; } // Process an init entry specially @@ -254,12 +254,13 @@ impl LogState { match entry { model::OperatorEntry::Init { .. } => unreachable!(), // handled above - model::OperatorEntry::GrantFlat { key, permission } => { - self.validate_grant_entry(signer_key_id, key, *permission)? - } - model::OperatorEntry::RevokeFlat { key_id, permission } => { - self.validate_revoke_entry(signer_key_id, key_id, *permission)? + model::OperatorEntry::GrantFlat { key, permissions } => { + self.validate_grant_entry(signer_key_id, key, permissions)? } + model::OperatorEntry::RevokeFlat { + key_id, + permissions, + } => self.validate_revoke_entry(signer_key_id, key_id, permissions)?, } } @@ -293,17 +294,17 @@ impl LogState { &mut self, signer_key_id: &signing::KeyID, key: &signing::PublicKey, - permission: model::Permission, + permissions: &[model::Permission], ) -> Result<(), ValidationError> { // Check that the current key has the permission they're trying to grant - self.check_key_permission(signer_key_id, permission)?; + self.check_key_permissions(signer_key_id, permissions)?; let grant_key_id = key.fingerprint(); self.keys.insert(grant_key_id.clone(), key.clone()); self.permissions .entry(grant_key_id) .or_default() - .insert(permission); + .extend(permissions); Ok(()) } @@ -312,40 +313,46 @@ impl LogState { &mut self, signer_key_id: &signing::KeyID, key_id: &signing::KeyID, - permission: model::Permission, + permissions: &[model::Permission], ) -> Result<(), ValidationError> { // Check that the current key has the permission they're trying to revoke - self.check_key_permission(signer_key_id, permission)?; - - if let Some(set) = self.permissions.get_mut(key_id) { - if set.remove(&permission) { - return Ok(()); + self.check_key_permissions(signer_key_id, permissions)?; + + for permission in permissions { + if !self + .permissions + .get_mut(key_id) + .map(|set| set.remove(permission)) + .unwrap_or(false) + { + return Err(ValidationError::PermissionNotFoundToRevoke { + permission: *permission, + key_id: key_id.clone(), + }); } } - - // Permission not found to remove - Err(ValidationError::PermissionNotFoundToRevoke { - permission, - key_id: key_id.clone(), - }) + Ok(()) } - fn check_key_permission( + fn check_key_permissions( &self, key_id: &signing::KeyID, - permission: model::Permission, + permissions: &[model::Permission], ) -> Result<(), ValidationError> { - if let Some(available_permissions) = self.permissions.get(key_id) { - if available_permissions.contains(&permission) { - return Ok(()); + for permission in permissions { + if !self + .permissions + .get(key_id) + .map(|p| p.contains(permission)) + .unwrap_or(false) + { + return Err(ValidationError::UnauthorizedAction { + key_id: key_id.clone(), + needed_permission: *permission, + }); } } - - // Needed permission not found - Err(ValidationError::UnauthorizedAction { - key_id: key_id.clone(), - needed_permission: permission, - }) + Ok(()) } fn snapshot(&self) -> Snapshot { @@ -488,12 +495,12 @@ mod tests { // This entry is valid model::OperatorEntry::GrantFlat { key: bob_pub, - permission: model::Permission::Commit, + permissions: vec![model::Permission::Commit], }, // This entry is not valid model::OperatorEntry::RevokeFlat { key_id: "not-valid".to_string().into(), - permission: model::Permission::Commit, + permissions: vec![model::Permission::Commit], }, ], }; diff --git a/crates/protocol/src/package/mod.rs b/crates/protocol/src/package/mod.rs index 80773af4..678a1744 100644 --- a/crates/protocol/src/package/mod.rs +++ b/crates/protocol/src/package/mod.rs @@ -69,11 +69,19 @@ impl TryFrom for model::PackageEntry { }, Contents::GrantFlat(grant_flat) => model::PackageEntry::GrantFlat { key: grant_flat.key.parse()?, - permission: grant_flat.permission.try_into()?, + permissions: grant_flat + .permissions + .into_iter() + .map(TryInto::try_into) + .collect::>()?, }, Contents::RevokeFlat(revoke_flat) => model::PackageEntry::RevokeFlat { key_id: revoke_flat.key_id.into(), - permission: revoke_flat.permission.try_into()?, + permissions: revoke_flat + .permissions + .into_iter() + .map(TryInto::try_into) + .collect::>()?, }, Contents::Release(release) => model::PackageEntry::Release { version: release @@ -151,18 +159,19 @@ impl<'a> From<&'a model::PackageEntry> for protobuf::PackageEntry { key: key.to_string(), hash_algorithm: hash_algorithm.to_string(), }), - model::PackageEntry::GrantFlat { key, permission } => { + model::PackageEntry::GrantFlat { key, permissions } => { Contents::GrantFlat(protobuf::PackageGrantFlat { key: key.to_string(), - permission: permission.into(), - }) - } - model::PackageEntry::RevokeFlat { key_id, permission } => { - Contents::RevokeFlat(protobuf::PackageRevokeFlat { - key_id: key_id.to_string(), - permission: permission.into(), + permissions: permissions.iter().map(Into::into).collect(), }) } + model::PackageEntry::RevokeFlat { + key_id, + permissions, + } => Contents::RevokeFlat(protobuf::PackageRevokeFlat { + key_id: key_id.to_string(), + permissions: permissions.iter().map(Into::into).collect(), + }), model::PackageEntry::Release { version, content } => { Contents::Release(protobuf::PackageRelease { version: version.to_string(), @@ -217,11 +226,11 @@ mod tests { }, model::PackageEntry::GrantFlat { key: bob_pub.clone(), - permission: model::Permission::Release, + permissions: vec![model::Permission::Release, model::Permission::Yank], }, model::PackageEntry::RevokeFlat { key_id: bob_pub.fingerprint(), - permission: model::Permission::Release, + permissions: vec![model::Permission::Release], }, model::PackageEntry::Release { version: Version::new(1, 0, 0), diff --git a/crates/protocol/src/package/model.rs b/crates/protocol/src/package/model.rs index 209412e4..50169a78 100644 --- a/crates/protocol/src/package/model.rs +++ b/crates/protocol/src/package/model.rs @@ -81,13 +81,13 @@ pub enum PackageEntry { /// The author of this entry must have the permission. GrantFlat { key: signing::PublicKey, - permission: Permission, + permissions: Vec, }, /// Remove a permission from a key. /// The author of this entry must have the permission. RevokeFlat { key_id: signing::KeyID, - permission: Permission, + permissions: Vec, }, /// Release a version of a package. /// The version must not have been released yet. diff --git a/crates/protocol/src/package/state.rs b/crates/protocol/src/package/state.rs index ba0868f7..da68a789 100644 --- a/crates/protocol/src/package/state.rs +++ b/crates/protocol/src/package/state.rs @@ -334,7 +334,7 @@ impl LogState { ) -> Result<(), ValidationError> { for entry in entries { if let Some(permission) = entry.required_permission() { - self.check_key_permission(signer_key_id, permission)?; + self.check_key_permissions(signer_key_id, &[permission])?; } // Process an init entry specially @@ -354,12 +354,13 @@ impl LogState { match entry { model::PackageEntry::Init { .. } => unreachable!(), // handled above - model::PackageEntry::GrantFlat { key, permission } => { - self.validate_grant_entry(signer_key_id, key, *permission)? - } - model::PackageEntry::RevokeFlat { key_id, permission } => { - self.validate_revoke_entry(signer_key_id, key_id, *permission)? + model::PackageEntry::GrantFlat { key, permissions } => { + self.validate_grant_entry(signer_key_id, key, permissions)? } + model::PackageEntry::RevokeFlat { + key_id, + permissions, + } => self.validate_revoke_entry(signer_key_id, key_id, permissions)?, model::PackageEntry::Release { version, content } => self.validate_release_entry( record_id, signer_key_id, @@ -410,17 +411,17 @@ impl LogState { &mut self, signer_key_id: &signing::KeyID, key: &signing::PublicKey, - permission: model::Permission, + permissions: &[model::Permission], ) -> Result<(), ValidationError> { // Check that the current key has the permission they're trying to grant - self.check_key_permission(signer_key_id, permission)?; + self.check_key_permissions(signer_key_id, permissions)?; let grant_key_id = key.fingerprint(); self.keys.insert(grant_key_id.clone(), key.clone()); self.permissions .entry(grant_key_id) .or_default() - .insert(permission); + .extend(permissions); Ok(()) } @@ -429,22 +430,25 @@ impl LogState { &mut self, signer_key_id: &signing::KeyID, key_id: &signing::KeyID, - permission: model::Permission, + permissions: &[model::Permission], ) -> Result<(), ValidationError> { // Check that the current key has the permission they're trying to revoke - self.check_key_permission(signer_key_id, permission)?; - - if let Some(set) = self.permissions.get_mut(key_id) { - if set.remove(&permission) { - return Ok(()); + self.check_key_permissions(signer_key_id, permissions)?; + + for permission in permissions { + if !self + .permissions + .get_mut(key_id) + .map(|set| set.remove(permission)) + .unwrap_or(false) + { + return Err(ValidationError::PermissionNotFoundToRevoke { + permission: *permission, + key_id: key_id.clone(), + }); } } - - // Permission not found to remove - Err(ValidationError::PermissionNotFoundToRevoke { - permission, - key_id: key_id.clone(), - }) + Ok(()) } fn validate_release_entry( @@ -503,22 +507,25 @@ impl LogState { } } - fn check_key_permission( + fn check_key_permissions( &self, key_id: &signing::KeyID, - permission: model::Permission, + permissions: &[model::Permission], ) -> Result<(), ValidationError> { - if let Some(available_permissions) = self.permissions.get(key_id) { - if available_permissions.contains(&permission) { - return Ok(()); + for permission in permissions { + if !self + .permissions + .get(key_id) + .map(|p| p.contains(permission)) + .unwrap_or(false) + { + return Err(ValidationError::UnauthorizedAction { + key_id: key_id.clone(), + needed_permission: *permission, + }); } } - - // Needed permission not found - Err(ValidationError::UnauthorizedAction { - key_id: key_id.clone(), - needed_permission: permission, - }) + Ok(()) } fn snapshot(&self) -> Snapshot { @@ -642,7 +649,7 @@ mod tests { }, model::PackageEntry::GrantFlat { key: bob_pub.clone(), - permission: model::Permission::Release, + permissions: model::Permission::all().into(), }, ], }; @@ -702,7 +709,7 @@ mod tests { entries: vec![ model::PackageEntry::RevokeFlat { key_id: bob_id.clone(), - permission: model::Permission::Release, + permissions: model::Permission::all().into(), }, model::PackageEntry::Yank { version: Version::new(1, 1, 0), @@ -809,12 +816,12 @@ mod tests { // This entry is valid model::PackageEntry::GrantFlat { key: bob_pub, - permission: model::Permission::Release, + permissions: vec![model::Permission::Release], }, // This entry is not valid model::PackageEntry::RevokeFlat { key_id: "not-valid".to_string().into(), - permission: model::Permission::Release, + permissions: vec![model::Permission::Release], }, ], }; diff --git a/crates/protocol/tests/operator-logs/longer.json b/crates/protocol/tests/operator-logs/longer.json index 955bb5e7..7867354a 100644 --- a/crates/protocol/tests/operator-logs/longer.json +++ b/crates/protocol/tests/operator-logs/longer.json @@ -15,7 +15,7 @@ { "grantFlat": { "key": "ecdsa-p256:A5qc6uBi070EBb4GihGzpx6Cm5+oZnv4dWpBhhuZVagu", - "permission": "OPERATOR_PERMISSION_COMMIT" + "permissions": ["OPERATOR_PERMISSION_COMMIT"] } } ] @@ -31,7 +31,7 @@ { "revokeFlat": { "key_id": "sha256:8ed824821ce75c381458f8097996ab77780550ba7fb9c240e4799bb781941abb", - "permission": "OPERATOR_PERMISSION_COMMIT" + "permissions": ["OPERATOR_PERMISSION_COMMIT"] } } ] diff --git a/crates/protocol/tests/operator-logs/minimal.json b/crates/protocol/tests/operator-logs/minimal.json index 205282c6..e87c7d6d 100644 --- a/crates/protocol/tests/operator-logs/minimal.json +++ b/crates/protocol/tests/operator-logs/minimal.json @@ -15,7 +15,7 @@ { "grantFlat": { "key": "ecdsa-p256:A4yBQt9Im8xnO9Sr9PT7OrOUQP8Olijcq1dPwtdTpigm", - "permission": "OPERATOR_PERMISSION_COMMIT" + "permissions": ["OPERATOR_PERMISSION_COMMIT"] } } ] diff --git a/crates/protocol/tests/operator-logs/output/longer.json b/crates/protocol/tests/operator-logs/output/longer.json index f288dd49..5794b4e0 100644 --- a/crates/protocol/tests/operator-logs/output/longer.json +++ b/crates/protocol/tests/operator-logs/output/longer.json @@ -2,7 +2,7 @@ "Valid": { "algorithm": "sha256", "head": { - "digest": "sha256:8b5346ce285dfe10ecf489a4f49e26043af85e21238f1edc37843df7b2332f7c", + "digest": "sha256:d81986fad78bbabf8fafb3c8c65111b4d70901b7986231442c22b835acfa993f", "timestamp": "1671221120.153436500" }, "permissions": { diff --git a/crates/protocol/tests/operator-logs/output/minimal.json b/crates/protocol/tests/operator-logs/output/minimal.json index 49d6cc7b..694ba7fa 100644 --- a/crates/protocol/tests/operator-logs/output/minimal.json +++ b/crates/protocol/tests/operator-logs/output/minimal.json @@ -2,7 +2,7 @@ "Valid": { "algorithm": "sha256", "head": { - "digest": "sha256:8ddc765163415d17f9d174296703ced99fa9256c7a19a7f58409e2bc06636031", + "digest": "sha256:16ecafc12f77da3654f683244d82877a15963a67472583eef7b4e1bdacd8f0e8", "timestamp": "1671221120.153436500" }, "permissions": { diff --git a/crates/protocol/tests/package-logs/longer.json b/crates/protocol/tests/package-logs/longer.json index 69865b0e..86f20c16 100644 --- a/crates/protocol/tests/package-logs/longer.json +++ b/crates/protocol/tests/package-logs/longer.json @@ -14,7 +14,7 @@ { "grantFlat": { "key": "ecdsa-p256:A5qc6uBi070EBb4GihGzpx6Cm5+oZnv4dWpBhhuZVagu", - "permission": "PACKAGE_PERMISSION_RELEASE" + "permissions": ["PACKAGE_PERMISSION_RELEASE"] } } ] @@ -44,7 +44,7 @@ { "revokeFlat": { "key_id": "sha256:8ed824821ce75c381458f8097996ab77780550ba7fb9c240e4799bb781941abb", - "permission": "PACKAGE_PERMISSION_RELEASE" + "permissions": ["PACKAGE_PERMISSION_RELEASE"] } }, { diff --git a/crates/protocol/tests/package-logs/minimal.json b/crates/protocol/tests/package-logs/minimal.json index dc4c0e44..c175524a 100644 --- a/crates/protocol/tests/package-logs/minimal.json +++ b/crates/protocol/tests/package-logs/minimal.json @@ -14,7 +14,7 @@ { "grantFlat": { "key": "ecdsa-p256:A4yBQt9Im8xnO9Sr9PT7OrOUQP8Olijcq1dPwtdTpigm", - "permission": "PACKAGE_PERMISSION_RELEASE" + "permissions": ["PACKAGE_PERMISSION_RELEASE"] } } ] diff --git a/crates/protocol/tests/package-logs/output/longer.json b/crates/protocol/tests/package-logs/output/longer.json index a568d1f9..71bf4c14 100644 --- a/crates/protocol/tests/package-logs/output/longer.json +++ b/crates/protocol/tests/package-logs/output/longer.json @@ -2,7 +2,7 @@ "Valid": { "algorithm": "sha256", "head": { - "digest": "sha256:08f62d1529ef076d9f2e1f16fc7b5848381efdc59b61bed8d0a32f0257f7573d", + "digest": "sha256:e85a8f3c25dbb77b443b9fc7b80464a37c9e4ba18b707d4d878331384b241bfe", "timestamp": "1671221120.153436500" }, "permissions": { @@ -14,7 +14,7 @@ }, "releases": { "1.0.0": { - "recordId": "sha256:a1b99a9b53d9616ab78c32d6983f277017878350532320abc4b9419d5afd41bb", + "recordId": "sha256:9cceb5c0132deb4eb971802826ff72666b2fc85139360a5ae8d17d02772745a4", "version": "1.0.0", "by": "sha256:8ed824821ce75c381458f8097996ab77780550ba7fb9c240e4799bb781941abb", "timestamp": "1671221120.153436500", diff --git a/crates/protocol/tests/package-logs/output/minimal.json b/crates/protocol/tests/package-logs/output/minimal.json index 0056c854..3f56cea8 100644 --- a/crates/protocol/tests/package-logs/output/minimal.json +++ b/crates/protocol/tests/package-logs/output/minimal.json @@ -2,7 +2,7 @@ "Valid": { "algorithm": "sha256", "head": { - "digest": "sha256:e1b205d2510baf03712dc20a515fcc93e6fe891877fe3af50d73cf147d9e39ba", + "digest": "sha256:c5c223c636afbdd1c346ebd47ac80d4b8ca4a29bc3bed8960d77858af02ea5fb", "timestamp": "1671221120.153436500" }, "permissions": { diff --git a/crates/server/src/api/debug/mod.rs b/crates/server/src/api/debug/mod.rs index 94c62bed..ea6da319 100644 --- a/crates/server/src/api/debug/mod.rs +++ b/crates/server/src/api/debug/mod.rs @@ -73,8 +73,8 @@ struct EntryInfo { key: Option, #[serde(skip_serializing_if = "Option::is_none")] key_id: Option, - #[serde(skip_serializing_if = "Option::is_none")] - permission: Option, + #[serde(skip_serializing_if = "Vec::is_empty")] + permissions: Vec, #[serde(skip_serializing_if = "Option::is_none")] version: Option, #[serde(skip_serializing_if = "Option::is_none")] @@ -129,16 +129,19 @@ async fn get_package_info( key: Some(key.to_string()), ..Default::default() }, - GrantFlat { key, permission } => EntryInfo { + GrantFlat { key, permissions } => EntryInfo { kind: "grant", key: Some(key.to_string()), - permission: Some(*permission), + permissions: permissions.clone(), ..Default::default() }, - RevokeFlat { key_id, permission } => EntryInfo { + RevokeFlat { + key_id, + permissions, + } => EntryInfo { kind: "revoke", key_id: Some(key_id.clone()), - permission: Some(*permission), + permissions: permissions.clone(), ..Default::default() }, Release { version, content } => EntryInfo { diff --git a/proto/warg/protocol/warg.proto b/proto/warg/protocol/warg.proto index c9ff29ef..a92555cd 100644 --- a/proto/warg/protocol/warg.proto +++ b/proto/warg/protocol/warg.proto @@ -47,14 +47,14 @@ message OperatorGrantFlat { // The key being given the permission. string key = 1; // The permission to grant the key. - OperatorPermission permission = 2; + repeated OperatorPermission permissions = 2; } message OperatorRevokeFlat { // The key whose permission is being revoked. string key_id = 1; // The permission to grant the key. - OperatorPermission permission = 2; + repeated OperatorPermission permissions = 2; } message PackageRecord { @@ -94,12 +94,12 @@ message PackageInit { message PackageGrantFlat { string key = 1; - PackagePermission permission = 2; + repeated PackagePermission permissions = 2; } message PackageRevokeFlat { string key_id = 1; - PackagePermission permission = 2; + repeated PackagePermission permissions = 2; } message PackageRelease {