fakecloud_iam/
state.rs

1use chrono::{DateTime, Utc};
2use parking_lot::RwLock;
3use std::collections::HashMap;
4
5#[derive(Debug, Clone)]
6pub struct IamUser {
7    pub user_name: String,
8    pub user_id: String,
9    pub arn: String,
10    pub path: String,
11    pub created_at: DateTime<Utc>,
12    pub tags: Vec<Tag>,
13    pub permissions_boundary: Option<String>,
14}
15
16#[derive(Debug, Clone)]
17pub struct IamAccessKey {
18    pub access_key_id: String,
19    pub secret_access_key: String,
20    pub user_name: String,
21    pub status: String,
22    pub created_at: DateTime<Utc>,
23}
24
25#[derive(Debug, Clone)]
26pub struct IamRole {
27    pub role_name: String,
28    pub role_id: String,
29    pub arn: String,
30    pub path: String,
31    pub assume_role_policy_document: String,
32    pub created_at: DateTime<Utc>,
33    pub description: Option<String>,
34    pub max_session_duration: i32,
35    pub tags: Vec<Tag>,
36    pub permissions_boundary: Option<String>,
37}
38
39#[derive(Debug, Clone)]
40pub struct IamPolicy {
41    pub policy_name: String,
42    pub policy_id: String,
43    pub arn: String,
44    pub path: String,
45    pub description: String,
46    pub created_at: DateTime<Utc>,
47    pub tags: Vec<Tag>,
48    pub default_version_id: String,
49    pub versions: Vec<PolicyVersion>,
50    pub next_version_num: u32,
51    pub attachment_count: u32,
52}
53
54#[derive(Debug, Clone)]
55pub struct PolicyVersion {
56    pub version_id: String,
57    pub document: String,
58    pub is_default: bool,
59    pub created_at: DateTime<Utc>,
60}
61
62#[derive(Debug, Clone)]
63pub struct IamGroup {
64    pub group_name: String,
65    pub group_id: String,
66    pub arn: String,
67    pub path: String,
68    pub created_at: DateTime<Utc>,
69    pub members: Vec<String>,                     // user names
70    pub inline_policies: HashMap<String, String>, // policy_name -> document
71    pub attached_policies: Vec<String>,           // policy ARNs
72}
73
74#[derive(Debug, Clone)]
75pub struct IamInstanceProfile {
76    pub instance_profile_name: String,
77    pub instance_profile_id: String,
78    pub arn: String,
79    pub path: String,
80    pub created_at: DateTime<Utc>,
81    pub roles: Vec<String>, // role names
82    pub tags: Vec<Tag>,
83}
84
85#[derive(Debug, Clone)]
86pub struct Tag {
87    pub key: String,
88    pub value: String,
89}
90
91#[derive(Debug, Clone)]
92pub struct LoginProfile {
93    pub user_name: String,
94    pub created_at: DateTime<Utc>,
95    pub password_reset_required: bool,
96}
97
98#[derive(Debug, Clone)]
99pub struct SamlProvider {
100    pub arn: String,
101    pub name: String,
102    pub saml_metadata_document: String,
103    pub created_at: DateTime<Utc>,
104    pub valid_until: DateTime<Utc>,
105    pub tags: Vec<Tag>,
106}
107
108#[derive(Debug, Clone)]
109pub struct OidcProvider {
110    pub arn: String,
111    pub url: String,
112    pub client_id_list: Vec<String>,
113    pub thumbprint_list: Vec<String>,
114    pub created_at: DateTime<Utc>,
115    pub tags: Vec<Tag>,
116}
117
118#[derive(Debug, Clone)]
119pub struct ServerCertificate {
120    pub server_certificate_name: String,
121    pub server_certificate_id: String,
122    pub arn: String,
123    pub path: String,
124    pub certificate_body: String,
125    pub certificate_chain: Option<String>,
126    pub upload_date: DateTime<Utc>,
127    pub expiration: DateTime<Utc>,
128    pub tags: Vec<Tag>,
129}
130
131#[derive(Debug, Clone)]
132pub struct SigningCertificate {
133    pub certificate_id: String,
134    pub user_name: String,
135    pub certificate_body: String,
136    pub status: String,
137    pub upload_date: DateTime<Utc>,
138}
139
140#[derive(Debug, Clone)]
141pub struct AccountPasswordPolicy {
142    pub minimum_password_length: u32,
143    pub require_symbols: bool,
144    pub require_numbers: bool,
145    pub require_uppercase_characters: bool,
146    pub require_lowercase_characters: bool,
147    pub allow_users_to_change_password: bool,
148    pub max_password_age: u32,
149    pub password_reuse_prevention: u32,
150    pub hard_expiry: bool,
151}
152
153impl Default for AccountPasswordPolicy {
154    fn default() -> Self {
155        Self {
156            minimum_password_length: 6,
157            require_symbols: false,
158            require_numbers: false,
159            require_uppercase_characters: false,
160            require_lowercase_characters: false,
161            allow_users_to_change_password: false,
162            max_password_age: 0,
163            password_reuse_prevention: 0,
164            hard_expiry: false,
165        }
166    }
167}
168
169#[derive(Debug, Clone)]
170pub struct VirtualMfaDevice {
171    pub serial_number: String,
172    pub base32_string_seed: String,
173    pub qr_code_png: String,
174    pub enable_date: Option<DateTime<Utc>>,
175    pub user: Option<String>,
176    pub tags: Vec<Tag>,
177}
178
179#[derive(Debug, Clone)]
180pub struct ServiceLinkedRoleDeletion {
181    pub deletion_task_id: String,
182    pub status: String,
183}
184
185/// Identity associated with a set of credentials, for GetCallerIdentity resolution.
186#[derive(Debug, Clone)]
187pub struct CredentialIdentity {
188    pub arn: String,
189    pub user_id: String,
190    pub account_id: String,
191}
192
193#[derive(Debug, Clone)]
194pub struct SshPublicKey {
195    pub ssh_public_key_id: String,
196    pub user_name: String,
197    pub ssh_public_key_body: String,
198    pub status: String,
199    pub upload_date: DateTime<Utc>,
200    pub fingerprint: String,
201}
202
203/// Tracks when an access key was last used.
204#[derive(Debug, Clone)]
205pub struct AccessKeyLastUsed {
206    pub last_used_date: DateTime<Utc>,
207    pub service_name: String,
208    pub region: String,
209}
210
211pub struct IamState {
212    pub account_id: String,
213    pub users: HashMap<String, IamUser>,
214    pub access_keys: HashMap<String, Vec<IamAccessKey>>, // username -> keys
215    pub roles: HashMap<String, IamRole>,
216    pub policies: HashMap<String, IamPolicy>, // arn -> policy
217    pub role_policies: HashMap<String, Vec<String>>, // role_name -> managed policy arns
218    pub role_inline_policies: HashMap<String, HashMap<String, String>>, // role_name -> {policy_name -> doc}
219    pub user_policies: HashMap<String, Vec<String>>, // user_name -> managed policy arns
220    pub user_inline_policies: HashMap<String, HashMap<String, String>>, // user_name -> {policy_name -> doc}
221    pub groups: HashMap<String, IamGroup>,
222    pub instance_profiles: HashMap<String, IamInstanceProfile>,
223    pub login_profiles: HashMap<String, LoginProfile>,
224    pub saml_providers: HashMap<String, SamlProvider>, // arn -> provider
225    pub oidc_providers: HashMap<String, OidcProvider>, // arn -> provider
226    pub server_certificates: HashMap<String, ServerCertificate>, // name -> cert
227    pub signing_certificates: HashMap<String, Vec<SigningCertificate>>, // user_name -> certs
228    pub account_aliases: Vec<String>,
229    pub account_password_policy: Option<AccountPasswordPolicy>,
230    pub virtual_mfa_devices: HashMap<String, VirtualMfaDevice>, // serial_number -> device
231    pub service_linked_role_deletions: HashMap<String, ServiceLinkedRoleDeletion>,
232    /// Maps access key ID to the identity that should be returned by GetCallerIdentity.
233    pub credential_identities: HashMap<String, CredentialIdentity>,
234    pub credential_report_generated: bool,
235    pub ssh_public_keys: HashMap<String, Vec<SshPublicKey>>, // user_name -> keys
236    pub access_key_last_used: HashMap<String, AccessKeyLastUsed>,
237}
238
239impl IamState {
240    pub fn new(account_id: &str) -> Self {
241        Self {
242            account_id: account_id.to_string(),
243            users: HashMap::new(),
244            access_keys: HashMap::new(),
245            roles: HashMap::new(),
246            policies: HashMap::new(),
247            role_policies: HashMap::new(),
248            role_inline_policies: HashMap::new(),
249            user_policies: HashMap::new(),
250            user_inline_policies: HashMap::new(),
251            groups: HashMap::new(),
252            instance_profiles: HashMap::new(),
253            login_profiles: HashMap::new(),
254            saml_providers: HashMap::new(),
255            oidc_providers: HashMap::new(),
256            server_certificates: HashMap::new(),
257            signing_certificates: HashMap::new(),
258            account_aliases: Vec::new(),
259            account_password_policy: None,
260            virtual_mfa_devices: HashMap::new(),
261            service_linked_role_deletions: HashMap::new(),
262            credential_identities: HashMap::new(),
263            credential_report_generated: false,
264            ssh_public_keys: HashMap::new(),
265            access_key_last_used: HashMap::new(),
266        }
267    }
268
269    pub fn reset(&mut self) {
270        let account_id = self.account_id.clone();
271        *self = Self::new(&account_id);
272    }
273}
274
275pub type SharedIamState = std::sync::Arc<RwLock<IamState>>;
fakecloud_iam/state.rs

fakecloud_iam/
state.rs
