babbarc/workspaces
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add access list for workspaces

Browse Source
This commit is contained in:
yeti 2025-04-18 04:46:00 +01:00
parent 833080739b
commit a729d4e36f
2 changed files with 47 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
access.yml Normal file
View File

@ -0,0 +1,15 @@
pallav:
rw:
- darshan
- param
darshan:
rw:
- param
ro:
- pallav
param:
ro:
- pallav
- darshan

34
ssh_router.sh
View File

@ -1,7 +1,6 @@
#!/bin/bash #!/bin/bash
MODE="$1" # 'rw' or 'readonly' PERSON="$1"
PERSON="$2"
WORKSPACE="$SSH_ORIGINAL_COMMAND" WORKSPACE="$SSH_ORIGINAL_COMMAND"
IMAGE="analytics-backend-workspace" # change to match your setup IMAGE="analytics-backend-workspace" # change to match your setup
TMUX_SESSION="$WORKSPACE|analytics-backend" TMUX_SESSION="$WORKSPACE|analytics-backend"
@ -51,8 +50,39 @@ check_devuser_attached() {
fi fi
} }
get_access_mode_and_session() {
local yaml_file="access.yml"
local workspace="$1"
local person="$2"
# Special case: user accessing their own workspace
if [[ "$workspace" == "$person" ]]; then
echo "access=rw"
return 0
fi
# Check rw
if yq '.["'"$person"'"].rw // []' "$yaml_file" | grep -q "\b$workspace\b"; then
echo "access=rw"
return 0
fi
# Check ro
if yq '.["'"$person"'"].ro // []' "$yaml_file" | grep -q "\b$workspace\b"; then
echo "access=ro"
return 0
fi
# No access → exit with error
log "$person has no access to $workspace" >&2
exit 1
}
# === Main === # === Main ===
read -r access_line < <(get_access_mode_and_session "$WORKSPACE" "$PERSON") || exit 1
MODE="${access_line#access=}"
case "$MODE" in case "$MODE" in
rw) rw)
start_container_if_needed start_container_if_needed