mockforge-core 0.3.114

Shared logic for MockForge - routing, validation, latency, proxy
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185

//! Access justification storage for privileged access management
//!
//! This module provides storage and retrieval of access justifications
//! for privileged users.

use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};
use std::collections::HashMap;
use std::sync::Arc;
use tokio::sync::RwLock;
use uuid::Uuid;

/// Access justification
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct AccessJustification {
    /// User ID
    pub user_id: Uuid,
    /// Justification text
    pub justification: String,
    /// Business need description
    pub business_need: Option<String>,
    /// Requested by (manager/user ID)
    pub requested_by: Option<Uuid>,
    /// Approved by
    pub approved_by: Option<Uuid>,
    /// Approval date
    pub approved_at: Option<DateTime<Utc>>,
    /// Expiration date
    pub expires_at: Option<DateTime<Utc>>,
    /// Created date
    pub created_at: DateTime<Utc>,
    /// Last updated
    pub updated_at: DateTime<Utc>,
}

impl AccessJustification {
    /// Create a new justification
    pub fn new(
        user_id: Uuid,
        justification: String,
        business_need: Option<String>,
        requested_by: Option<Uuid>,
        expires_at: Option<DateTime<Utc>>,
    ) -> Self {
        let now = Utc::now();
        Self {
            user_id,
            justification,
            business_need,
            requested_by,
            approved_by: None,
            approved_at: None,
            expires_at,
            created_at: now,
            updated_at: now,
        }
    }

    /// Check if justification is expired
    pub fn is_expired(&self) -> bool {
        self.expires_at.map(|exp| Utc::now() > exp).unwrap_or(false)
    }

    /// Check if justification is approved
    pub fn is_approved(&self) -> bool {
        self.approved_by.is_some() && self.approved_at.is_some()
    }
}

/// Justification storage trait
#[async_trait::async_trait]
pub trait JustificationStorage: Send + Sync {
    /// Get justification for a user
    async fn get_justification(
        &self,
        user_id: Uuid,
    ) -> Result<Option<AccessJustification>, crate::Error>;

    /// Set justification for a user
    async fn set_justification(
        &self,
        justification: AccessJustification,
    ) -> Result<(), crate::Error>;

    /// Get all justifications
    async fn get_all_justifications(&self) -> Result<Vec<AccessJustification>, crate::Error>;

    /// Get expired justifications
    async fn get_expired_justifications(&self) -> Result<Vec<AccessJustification>, crate::Error>;

    /// Delete justification for a user
    async fn delete_justification(&self, user_id: Uuid) -> Result<(), crate::Error>;
}

/// In-memory justification storage (for development/testing)
pub struct InMemoryJustificationStorage {
    justifications: Arc<RwLock<HashMap<Uuid, AccessJustification>>>,
}

impl InMemoryJustificationStorage {
    /// Create a new in-memory justification storage
    pub fn new() -> Self {
        Self {
            justifications: Arc::new(RwLock::new(HashMap::new())),
        }
    }
}

impl Default for InMemoryJustificationStorage {
    fn default() -> Self {
        Self::new()
    }
}

#[async_trait::async_trait]
impl JustificationStorage for InMemoryJustificationStorage {
    async fn get_justification(
        &self,
        user_id: Uuid,
    ) -> Result<Option<AccessJustification>, crate::Error> {
        let justifications = self.justifications.read().await;
        Ok(justifications.get(&user_id).cloned())
    }

    async fn set_justification(
        &self,
        justification: AccessJustification,
    ) -> Result<(), crate::Error> {
        let mut justifications = self.justifications.write().await;
        justifications.insert(justification.user_id, justification);
        Ok(())
    }

    async fn get_all_justifications(&self) -> Result<Vec<AccessJustification>, crate::Error> {
        let justifications = self.justifications.read().await;
        Ok(justifications.values().cloned().collect())
    }

    async fn get_expired_justifications(&self) -> Result<Vec<AccessJustification>, crate::Error> {
        let justifications = self.justifications.read().await;
        Ok(justifications.values().filter(|j| j.is_expired()).cloned().collect())
    }

    async fn delete_justification(&self, user_id: Uuid) -> Result<(), crate::Error> {
        let mut justifications = self.justifications.write().await;
        justifications.remove(&user_id);
        Ok(())
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[tokio::test]
    async fn test_justification_storage() {
        let storage = InMemoryJustificationStorage::new();
        let user_id = Uuid::new_v4();
        let justification = AccessJustification::new(
            user_id,
            "Required for system administration".to_string(),
            Some("Manage production infrastructure".to_string()),
            Some(Uuid::new_v4()),
            Some(Utc::now() + chrono::Duration::days(365)),
        );

        storage.set_justification(justification.clone()).await.unwrap();
        let retrieved = storage.get_justification(user_id).await.unwrap();
        assert!(retrieved.is_some());
        assert_eq!(retrieved.unwrap().justification, "Required for system administration");
    }

    #[test]
    fn test_justification_expiration() {
        let justification = AccessJustification::new(
            Uuid::new_v4(),
            "Test".to_string(),
            None,
            None,
            Some(Utc::now() - chrono::Duration::days(1)), // Expired
        );

        assert!(justification.is_expired());
    }
}