cosmian_kms_server_database 5.6.1

Crate containing the database for the Cosmian KMS server and the supported stores
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

use std::{
    collections::{HashMap, HashSet},
    sync::Arc,
};

use cosmian_kmip::{kmip_0::kmip_types::State, kmip_2_1::KmipOperation};
use cosmian_kms_interfaces::SessionParams;

use super::Database;
use crate::error::DbResult;

/// Methods that manipulate permissions
impl Database {
    /// List all the KMIP operations granted to the `user`
    /// on all the objects in the database
    /// (i.e. the objects for which `user` is not the owner)
    /// The result is a list of tuples (uid, owner, state, operations, `is_wrapped`)
    /// where `operations` is a list of KMIP operations that `user` can perform on the object
    pub async fn list_user_operations_granted(
        &self,
        user: &str,
        params: Option<Arc<dyn SessionParams>>,
    ) -> DbResult<HashMap<String, (String, State, HashSet<KmipOperation>)>> {
        Ok(self
            .permissions
            .list_user_operations_granted(user, params)
            .await?)
    }

    /// List all the KMIP operations granted per `user` on the given object
    /// This is called by the owner only
    pub async fn list_object_operations_granted(
        &self,
        uid: &str,
        params: Option<Arc<dyn SessionParams>>,
    ) -> DbResult<HashMap<String, HashSet<KmipOperation>>> {
        Ok(self
            .permissions
            .list_object_operations_granted(uid, params)
            .await?)
    }

    /// Grant the ability to `user` to perform the KMIP `operations`
    /// on the object identified by its `uid`
    pub async fn grant_operations(
        &self,
        uid: &str,
        user: &str,
        operations: HashSet<KmipOperation>,
        params: Option<Arc<dyn SessionParams>>,
    ) -> DbResult<()> {
        Ok(self
            .permissions
            .grant_operations(uid, user, operations, params)
            .await?)
    }

    /// Remove the ability to `user` to perform the `operations`
    /// on the object identified by its `uid`
    pub async fn remove_operations(
        &self,
        uid: &str,
        user: &str,
        operations: HashSet<KmipOperation>,
        params: Option<Arc<dyn SessionParams>>,
    ) -> DbResult<()> {
        Ok(self
            .permissions
            .remove_operations(uid, user, operations, params)
            .await?)
    }

    /// List all the operations that have been granted to a user on an object
    ///
    /// These operations may have been directly granted or via the wildcard user
    /// unless `no_inherited_access` is set to `true`
    pub async fn list_user_operations_on_object(
        &self,
        uid: &str,
        user: &str,
        no_inherited_access: bool,
        params: Option<Arc<dyn SessionParams>>,
    ) -> DbResult<HashSet<KmipOperation>> {
        Ok(self
            .permissions
            .list_user_operations_on_object(uid, user, no_inherited_access, params)
            .await?)
    }
}