LCOV - 050dd70dd490b28fffe527eae9fb8a1222b5c59c.info

LCOV - code coverage report

Current view:	top level - pageserver/src - auth.rs (source / functions)		Coverage	Total	Hit
Test:	050dd70dd490b28fffe527eae9fb8a1222b5c59c.info	Lines:	0.0 %	20	0
Test Date:	2024-06-25 21:28:46	Functions:	0.0 %	1	0

            Line data    Source code

       1              : use utils::auth::{AuthError, Claims, Scope};
       2              : use utils::id::TenantId;
       3              : 
       4            0 : pub fn check_permission(claims: &Claims, tenant_id: Option<TenantId>) -> Result<(), AuthError> {
       5            0 :     match (&claims.scope, tenant_id) {
       6            0 :         (Scope::Tenant, None) => Err(AuthError(
       7            0 :             "Attempt to access management api with tenant scope. Permission denied".into(),
       8            0 :         )),
       9            0 :         (Scope::Tenant, Some(tenant_id)) => {
      10            0 :             if claims.tenant_id.unwrap() != tenant_id {
      11            0 :                 return Err(AuthError("Tenant id mismatch. Permission denied".into()));
      12            0 :             }
      13            0 :             Ok(())
      14              :         }
      15            0 :         (Scope::PageServerApi, None) => Ok(()), // access to management api for PageServerApi scope
      16            0 :         (Scope::PageServerApi, Some(_)) => Ok(()), // access to tenant api using PageServerApi scope
      17            0 :         (Scope::Admin | Scope::SafekeeperData | Scope::GenerationsApi, _) => Err(AuthError(
      18            0 :             format!(
      19            0 :                 "JWT scope '{:?}' is ineligible for Pageserver auth",
      20            0 :                 claims.scope
      21            0 :             )
      22            0 :             .into(),
      23            0 :         )),
      24              :     }
      25            0 : }

Generated by: LCOV version 2.1-beta