diff --git a/migrations/2023-08-09-160537_builder_id/down.sql b/migrations/2023-08-09-160537_builder_id/down.sql new file mode 100644 index 0000000..cab5e53 --- /dev/null +++ b/migrations/2023-08-09-160537_builder_id/down.sql @@ -0,0 +1 @@ +ALTER TABLE builds DROP COLUMN builder_id; \ No newline at end of file diff --git a/migrations/2023-08-09-160537_builder_id/up.sql b/migrations/2023-08-09-160537_builder_id/up.sql new file mode 100644 index 0000000..662a903 --- /dev/null +++ b/migrations/2023-08-09-160537_builder_id/up.sql @@ -0,0 +1 @@ +ALTER TABLE builds ADD builder_id TEXT; \ No newline at end of file diff --git a/src/api/build.rs b/src/api/build.rs index 1e12050..ff6bfa5 100644 --- a/src/api/build.rs +++ b/src/api/build.rs @@ -140,6 +140,7 @@ async fn create_build_async( app_id: args.app_id.clone(), public_download, build_log_url: args.build_log_url.clone(), + builder_id: req.get_claims().unwrap().builder_id.clone(), }) .await?; let build_repo_path = config.build_repo_base.join(build.id.to_string()); @@ -536,6 +537,7 @@ pub fn token_subset( scope: args.scope.clone(), name: Some(claims.name.unwrap_or_default() + "/" + &args.name), jti: claims.jti.clone(), + builder_id: claims.builder_id.clone(), prefixes: { if let Some(ref prefixes) = args.prefixes { prefixes.clone() diff --git a/src/bin/gentoken.rs b/src/bin/gentoken.rs index 8023dde..3e19882 100644 --- a/src/bin/gentoken.rs +++ b/src/bin/gentoken.rs @@ -16,6 +16,8 @@ struct Claims { prefixes: Vec, repos: Vec, exp: i64, + #[serde(skip_serializing_if = "Option::is_none")] + builder_id: Option, } fn read_secret(filename: String) -> io::Result { @@ -40,6 +42,7 @@ fn main() { let mut scope: Vec = vec![]; let mut prefixes: Vec = vec![]; let mut repos: Vec = vec![]; + let mut builder_id: Option = None; { let mut ap = ArgumentParser::new(); @@ -79,6 +82,11 @@ fn main() { Store, "Duration for key in seconds (default 1 year)", ); + ap.refer(&mut builder_id).add_option( + &["--builder-id"], + StoreOption, + "Builder ID (default: none)", + ); ap.parse_args_or_exit(); } @@ -130,6 +138,7 @@ fn main() { repos, name: name.clone(), exp: Utc::now().timestamp() + duration, + builder_id, }; if verbose { diff --git a/src/models.rs b/src/models.rs index bb1908e..7545b9a 100644 --- a/src/models.rs +++ b/src/models.rs @@ -13,6 +13,7 @@ pub struct NewBuild { pub app_id: Option, pub public_download: bool, pub build_log_url: Option, + pub builder_id: Option, } #[derive(Identifiable, Serialize, Queryable, Debug, Eq, PartialEq)] @@ -34,6 +35,8 @@ pub struct Build { pub app_id: Option, pub public_download: bool, pub build_log_url: Option, + /// The builder_id of the token used to create this build + pub builder_id: Option, } #[derive(Deserialize, Debug, Eq, PartialEq)] diff --git a/src/schema.rs b/src/schema.rs index c141d7c..b2abc27 100644 --- a/src/schema.rs +++ b/src/schema.rs @@ -25,6 +25,7 @@ diesel::table! { app_id -> Nullable, public_download -> Bool, build_log_url -> Nullable, + builder_id -> Nullable, } } diff --git a/src/tokens.rs b/src/tokens.rs index f5960ce..1c02cf6 100644 --- a/src/tokens.rs +++ b/src/tokens.rs @@ -61,6 +61,8 @@ pub struct Claims { pub exp: i64, pub jti: Option, // an unique ID for the token, for revocation. + pub builder_id: Option, + #[serde(default)] pub scope: Vec, #[serde(default)]