Skip to main content

IamState

fakecloud_iam

Struct IamState 

Source 
pub struct IamState {
Show 34 fields
    pub account_id: String,
    pub users: BTreeMap<String, IamUser>,
    pub access_keys: BTreeMap<String, Vec<IamAccessKey>>,
    pub roles: BTreeMap<String, IamRole>,
    pub policies: BTreeMap<String, IamPolicy>,
    pub role_policies: BTreeMap<String, Vec<String>>,
    pub role_inline_policies: BTreeMap<String, BTreeMap<String, String>>,
    pub user_policies: BTreeMap<String, Vec<String>>,
    pub user_inline_policies: BTreeMap<String, BTreeMap<String, String>>,
    pub groups: BTreeMap<String, IamGroup>,
    pub instance_profiles: BTreeMap<String, IamInstanceProfile>,
    pub login_profiles: BTreeMap<String, LoginProfile>,
    pub saml_providers: BTreeMap<String, SamlProvider>,
    pub oidc_providers: BTreeMap<String, OidcProvider>,
    pub server_certificates: BTreeMap<String, ServerCertificate>,
    pub signing_certificates: BTreeMap<String, Vec<SigningCertificate>>,
    pub account_aliases: Vec<String>,
    pub account_password_policy: Option<AccountPasswordPolicy>,
    pub virtual_mfa_devices: BTreeMap<String, VirtualMfaDevice>,
    pub service_linked_role_deletions: BTreeMap<String, ServiceLinkedRoleDeletion>,
    pub credential_identities: BTreeMap<String, CredentialIdentity>,
    pub sts_temp_credentials: BTreeMap<String, StsTempCredential>,
    pub credential_report_generated: bool,
    pub ssh_public_keys: BTreeMap<String, Vec<SshPublicKey>>,
    pub access_key_last_used: BTreeMap<String, AccessKeyLastUsed>,
    pub service_specific_credentials: BTreeMap<String, Vec<ServiceSpecificCredential>>,
    pub extra_tags: BTreeMap<String, Vec<(String, String)>>,
    pub organizations_root_credentials_management: bool,
    pub organizations_root_sessions: bool,
    pub service_last_accessed_jobs: BTreeMap<String, ServiceLastAccessedJob>,
    pub organizations_access_reports: BTreeMap<String, OrganizationsAccessReport>,
    pub global_endpoint_token_version: Option<String>,
    pub delegation_requests: BTreeMap<String, DelegationRequest>,
    pub outbound_web_identity_federation_enabled: bool,

}

Fields§

§account_id: String§users: BTreeMap<String, IamUser>§access_keys: BTreeMap<String, Vec<IamAccessKey>>§roles: BTreeMap<String, IamRole>§policies: BTreeMap<String, IamPolicy>§role_policies: BTreeMap<String, Vec<String>>§role_inline_policies: BTreeMap<String, BTreeMap<String, String>>§user_policies: BTreeMap<String, Vec<String>>§user_inline_policies: BTreeMap<String, BTreeMap<String, String>>§groups: BTreeMap<String, IamGroup>§instance_profiles: BTreeMap<String, IamInstanceProfile>§login_profiles: BTreeMap<String, LoginProfile>§saml_providers: BTreeMap<String, SamlProvider>§oidc_providers: BTreeMap<String, OidcProvider>§server_certificates: BTreeMap<String, ServerCertificate>§signing_certificates: BTreeMap<String, Vec<SigningCertificate>>§account_aliases: Vec<String>§account_password_policy: Option<AccountPasswordPolicy>§virtual_mfa_devices: BTreeMap<String, VirtualMfaDevice>§service_linked_role_deletions: BTreeMap<String, ServiceLinkedRoleDeletion>§credential_identities: BTreeMap<String, CredentialIdentity>

Maps access key ID to the identity that should be returned by GetCallerIdentity.

§sts_temp_credentials: BTreeMap<String, StsTempCredential>

Temporary credentials issued by STS, keyed by access key ID. Includes the secret access key and session token — required for SigV4 verification and IAM enforcement. Expired entries are purged lazily on lookup.

§credential_report_generated: bool§ssh_public_keys: BTreeMap<String, Vec<SshPublicKey>>§access_key_last_used: BTreeMap<String, AccessKeyLastUsed>§service_specific_credentials: BTreeMap<String, Vec<ServiceSpecificCredential>>

Per-user service-specific credentials (Codecommit/Keyspaces).

§extra_tags: BTreeMap<String, Vec<(String, String)>>

Per-resource-arn tag map for SAML/Server cert/MFA device tags.

§organizations_root_credentials_management: bool

Organizations integration toggles.

§organizations_root_sessions: bool§service_last_accessed_jobs: BTreeMap<String, ServiceLastAccessedJob>

Generated ServiceLastAccessed jobs keyed by job id.

§organizations_access_reports: BTreeMap<String, OrganizationsAccessReport>

Organizations access reports keyed by job id.

§global_endpoint_token_version: Option<String>

SetSecurityTokenServicePreferences value (e.g. v1Token, v2Token). None means caller hasn’t configured a preference.

§delegation_requests: BTreeMap<String, DelegationRequest>

Delegation requests keyed by id. Records every state transition (PENDING -> ACCEPTED/REJECTED/SENT) and the parameters supplied at create-time so GetDelegationRequest can roundtrip them.

§outbound_web_identity_federation_enabled: bool

Whether outbound web identity federation is enabled for this account. Toggled by EnableOutboundWebIdentityFederation / DisableOutboundWebIdentityFederation.

Implementations§

Source§

impl IamState

Source

pub fn new(account_id: &str) -> Self

Source

pub fn reset(&mut self)

Source

pub fn credential_secret(&mut self, access_key_id: &str) -> Option<SecretLookup>

Look up the secret access key, session token, and resolved principal for a given access key ID.

Searches IAM user access keys first, then STS temporary credentials. Expired STS temporary credentials are purged in-place and skipped.

Returns None if the AKID is unknown or its STS credential has expired.

Required for SigV4 signature verification (batch 3) and principal resolution (batch 4). Callers must hold a write lock on IamState to allow the lazy purge; read-only callers should use IamState::credential_secret_readonly.

Source

pub fn credential_secret_readonly( &self, access_key_id: &str, ) -> Option<SecretLookup>

Read-only variant of IamState::credential_secret that does not purge expired entries. Prefer the mutable variant wherever possible to keep the temp-credential table small.

Trait Implementations§

Source§

impl AccountState for IamState

Source§

fn new_for_account(account_id: &str, _region: &str, _endpoint: &str) -> Self

Create a fresh, empty state for the given account.
Source§

fn inherit_from(&mut self, _sibling: &Self)

Called after a new account state is created via MultiAccountState::get_or_create, with a reference to an existing sibling state. Services can override this to propagate shared resources (e.g. body caches) to the new state.
Source§

impl Clone for IamState

Source§

fn clone(&self) -> IamState

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for IamState

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for IamState

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for IamState

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FromRef<T> for T
where T: Clone,

Source§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
Source§

impl<A, B, T> HttpServerConnExec<A, B> for T
where B: Body,

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more