Expand description
Pod provisioning — seeded containers, WebID + account scaffolding, admin override, quota enforcement.
The provisioning surface is intentionally declarative: callers
describe what the pod should look like (containers, ACLs, a WebID
profile document) and the module wires them into a Storage
backend. Admin-mode callers bypass ownership checks.
Parity note (rows 14/164/166, JSS #301 + #297): provisioning also
drops settings/publicTypeIndex.jsonld (typed
solid:TypeIndex + solid:ListedDocument),
settings/privateTypeIndex.jsonld (typed
solid:TypeIndex + solid:UnlistedDocument) and a public-read ACL
carve-out settings/publicTypeIndex.jsonld.acl so Solid clients
can discover a freshly bootstrapped pod’s public profile without
fighting the default-private /settings/.acl.
Structs§
- Admin
Override - A verified admin-override marker. The consumer crate constructs this only after validating a shared-secret header against configuration; the marker carries no data beyond its own existence.
- Provision
Outcome - Result of provisioning a pod.
- Provision
Plan - Seed plan applied to a fresh pod.
- Quota
Tracker - Tracks per-pod byte usage against a configurable quota.
Constants§
- PRIVATE_
TYPE_ INDEX_ PATH - Storage path of the private type-index document.
- PUBLIC_
TYPE_ INDEX_ ACL_ PATH - Storage path of the sibling ACL for the public type-index document.
- PUBLIC_
TYPE_ INDEX_ PATH - Storage path of the public type-index document.
Functions§
- check_
admin_ override - Match an admin-secret header value against the configured secret.
Both sides are compared with constant-time equality to avoid
timing leaks. Returns
Some(AdminOverride)on match. - provision_
pod - Seed a pod on the provided storage.