use crate::error::{Error, Result};
use parsec_interface::requests::{request::RequestAuth, AuthType};
use std::convert::TryFrom;
#[derive(Clone, Debug)]
pub enum Authentication {
None,
Direct(String),
UnixPeerCredentials,
#[cfg(feature = "spiffe-auth")]
JwtSvid,
}
impl Authentication {
pub fn auth_type(&self) -> AuthType {
match self {
Authentication::None => AuthType::NoAuth,
Authentication::Direct(_) => AuthType::Direct,
Authentication::UnixPeerCredentials => AuthType::UnixPeerCredentials,
#[cfg(feature = "spiffe-auth")]
Authentication::JwtSvid => AuthType::JwtSvid,
}
}
}
impl TryFrom<&Authentication> for RequestAuth {
type Error = Error;
fn try_from(data: &Authentication) -> Result<Self> {
match data {
Authentication::None => Ok(RequestAuth::new(Vec::new())),
Authentication::Direct(name) => Ok(RequestAuth::new(name.bytes().collect())),
Authentication::UnixPeerCredentials => {
let current_uid = users::get_current_uid();
Ok(RequestAuth::new(current_uid.to_le_bytes().to_vec()))
}
#[cfg(feature = "spiffe-auth")]
Authentication::JwtSvid => {
use crate::error::ClientErrorKind;
use log::error;
use spiffe::workload_api::client::WorkloadApiClient;
let client = WorkloadApiClient::default().unwrap();
let token = client.fetch_jwt_token(&["parsec"], None).map_err(|e| {
error!("Error while fetching the JWT-SVID ({}).", e);
Error::Client(ClientErrorKind::Spiffe(e))
})?;
Ok(RequestAuth::new(token.as_bytes().into()))
}
}
}
}
impl PartialEq for Authentication {
fn eq(&self, other: &Self) -> bool {
match (self, other) {
(Authentication::None, Authentication::None) => true,
(Authentication::UnixPeerCredentials, Authentication::UnixPeerCredentials) => true,
(Authentication::Direct(app_name), Authentication::Direct(other_app_name)) => {
app_name == other_app_name
}
#[cfg(feature = "spiffe-auth")]
(Authentication::JwtSvid, Authentication::JwtSvid) => true,
_ => false,
}
}
}