wami 0.10.0

Who Am I - Multicloud Identity, IAM, STS, and SSO operations library for Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149

//! Microsoft Azure Provider Implementation
//!
//! This module contains the Azure-specific implementation of the CloudProvider trait.
//! Currently a stub implementation - full Azure support to be added in future versions.

use super::{CloudProvider, ResourceLimits, ResourceType};
use crate::error::Result;

/// Microsoft Azure provider implementation
///
/// # Status
///
/// ⚠️ **Stub Implementation** - This is a placeholder for future Azure support.
///
/// # Azure Differences from AWS
///
/// - Uses GUIDs for resource IDs
/// - Resource ID format: `/subscriptions/{sub}/resourceGroups/{rg}/providers/{ns}/{type}/{name}`
/// - Different resource limits
/// - Role-based access control (RBAC) model
#[derive(Debug, Clone)]
pub struct AzureProvider {
    subscription_id: String,
    resource_group: String,
    limits: ResourceLimits,
}

impl AzureProvider {
    /// Creates a new Azure provider
    ///
    /// # Example
    ///
    /// ```rust
    /// use wami::provider::AzureProvider;
    ///
    /// let provider = AzureProvider::new("sub-123", "my-rg");
    /// ```
    pub fn new(subscription_id: impl Into<String>, resource_group: impl Into<String>) -> Self {
        Self {
            subscription_id: subscription_id.into(),
            resource_group: resource_group.into(),
            limits: ResourceLimits {
                max_tags_per_resource: 50, // Azure tag limit
                ..Default::default()
            },
        }
    }
}

impl CloudProvider for AzureProvider {
    fn name(&self) -> &str {
        "azure"
    }

    fn generate_resource_identifier(
        &self,
        resource_type: ResourceType,
        _account_id: &str,
        _path: &str,
        name: &str,
    ) -> String {
        let resource_type_name = match resource_type {
            ResourceType::User => "users",
            ResourceType::Group => "groups",
            ResourceType::Role => "roleAssignments",
            ResourceType::SamlProvider => "samlIdentityProviders",
            ResourceType::OidcProvider => "oidcIdentityProviders",
            _ => "resources",
        };

        // Identity providers use Azure AD endpoint, not resource manager
        if matches!(
            resource_type,
            ResourceType::SamlProvider | ResourceType::OidcProvider
        ) {
            format!(
                "/tenants/{}/identityProviders/{}",
                self.subscription_id, name
            )
        } else {
            format!(
                "/subscriptions/{}/resourceGroups/{}/providers/Microsoft.Authorization/{}/{}",
                self.subscription_id, self.resource_group, resource_type_name, name
            )
        }
    }

    fn generate_resource_id(&self, _resource_type: ResourceType) -> String {
        // Azure uses GUIDs
        uuid::Uuid::new_v4().to_string()
    }

    fn resource_limits(&self) -> &ResourceLimits {
        &self.limits
    }

    fn validate_service_name(&self, _service: &str) -> Result<()> {
        Ok(())
    }

    fn validate_path(&self, _path: &str) -> Result<()> {
        Ok(())
    }

    fn generate_service_linked_role_name(
        &self,
        service_name: &str,
        custom_suffix: Option<&str>,
    ) -> String {
        if let Some(suffix) = custom_suffix {
            format!("{}-{}", service_name, suffix)
        } else {
            service_name.to_string()
        }
    }

    fn generate_service_linked_role_path(&self, _service_name: &str) -> String {
        String::new()
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_azure_provider_name() {
        let provider = AzureProvider::new("sub-123", "my-rg");
        assert_eq!(provider.name(), "azure");
    }

    #[test]
    fn test_generate_azure_resource_id_format() {
        let provider = AzureProvider::new("sub-123", "my-rg");
        let resource_id =
            provider.generate_resource_identifier(ResourceType::User, "", "", "alice");
        assert!(resource_id.contains("/subscriptions/sub-123/"));
        assert!(resource_id.contains("/resourceGroups/my-rg/"));
        assert!(resource_id.contains("Microsoft.Authorization"));
    }

    #[test]
    fn test_generate_guid() {
        let provider = AzureProvider::new("sub-123", "my-rg");
        let id = provider.generate_resource_id(ResourceType::User);
        // Should be a valid GUID
        assert!(uuid::Uuid::parse_str(&id).is_ok());
    }
}