bucketwarden-auth 0.1.0

BucketWarden local identity, access key, and session credential store.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

use super::*;

impl AuthStore {
    pub fn identity_provider_support_report(&self) -> IdentityProviderSupportReport {
        IdentityProviderSupportReport::current()
    }

    pub fn credential_support_report(&self) -> CredentialSupportReport {
        CredentialSupportReport::current()
    }

    pub fn temporary_credential_support_report(&self) -> TemporaryCredentialSupportReport {
        TemporaryCredentialSupportReport::current()
    }

    pub(crate) fn require_enabled_principal(
        &self,
        principal_id: &str,
    ) -> Result<&Principal, AuthError> {
        let principal = self
            .principals
            .get(principal_id)
            .ok_or_else(|| AuthError::UnknownPrincipal(principal_id.to_string()))?;
        if principal.enabled {
            Ok(principal)
        } else {
            Err(AuthError::DisabledPrincipal(principal_id.to_string()))
        }
    }

    pub(crate) fn require_enabled_tenant(&mut self, tenant_id: &str) -> Result<(), AuthError> {
        if tenant_id == DEFAULT_TENANT_ID && !self.tenants.contains_key(tenant_id) {
            self.create_tenant(DEFAULT_TENANT_ID);
        }
        let tenant = self
            .tenants
            .get(tenant_id)
            .ok_or_else(|| AuthError::UnknownTenant(tenant_id.to_string()))?;
        if tenant.enabled {
            Ok(())
        } else {
            Err(AuthError::DisabledTenant(tenant_id.to_string()))
        }
    }

    pub(crate) fn credential_mut(
        &mut self,
        access_key_id: &str,
    ) -> Result<&mut CredentialRecord, AuthError> {
        self.credentials
            .get_mut(access_key_id)
            .ok_or_else(|| AuthError::UnknownAccessKey(access_key_id.to_string()))
    }
}