Skip to main content

openstack_keystone_core/identity/
backend.rs

1// Licensed under the Apache License, Version 2.0 (the "License");
2// you may not use this file except in compliance with the License.
3// You may obtain a copy of the License at
4//
5//     http://www.apache.org/licenses/LICENSE-2.0
6//
7// Unless required by applicable law or agreed to in writing, software
8// distributed under the License is distributed on an "AS IS" BASIS,
9// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10// See the License for the specific language governing permissions and
11// limitations under the License.
12//
13// SPDX-License-Identifier: Apache-2.0
14
15use async_trait::async_trait;
16use chrono::{DateTime, Utc};
17use std::collections::HashSet;
18
19use crate::auth::AuthenticatedInfo;
20use crate::identity::IdentityProviderError;
21use crate::identity::types::*;
22use crate::keystone::ServiceState;
23
24#[cfg_attr(test, mockall::automock)]
25#[async_trait]
26pub trait IdentityBackend: Send + Sync {
27    /// Add the user to the group.
28    async fn add_user_to_group<'a>(
29        &self,
30        state: &ServiceState,
31        user_id: &'a str,
32        group_id: &'a str,
33    ) -> Result<(), IdentityProviderError>;
34
35    /// Add the user to the group with expiration.
36    async fn add_user_to_group_expiring<'a>(
37        &self,
38        state: &ServiceState,
39        user_id: &'a str,
40        group_id: &'a str,
41        idp_id: &'a str,
42    ) -> Result<(), IdentityProviderError>;
43
44    /// Add user group membership relations.
45    async fn add_users_to_groups<'a>(
46        &self,
47        state: &ServiceState,
48        memberships: Vec<(&'a str, &'a str)>,
49    ) -> Result<(), IdentityProviderError>;
50
51    /// Add expiring user group membership relations.
52    async fn add_users_to_groups_expiring<'a>(
53        &self,
54        state: &ServiceState,
55        memberships: Vec<(&'a str, &'a str)>,
56        idp_id: &'a str,
57    ) -> Result<(), IdentityProviderError>;
58
59    /// Authenticate a user by a password.
60    async fn authenticate_by_password(
61        &self,
62        state: &ServiceState,
63        auth: &UserPasswordAuthRequest,
64    ) -> Result<AuthenticatedInfo, IdentityProviderError>;
65
66    /// Create group.
67    async fn create_group(
68        &self,
69        state: &ServiceState,
70        group: GroupCreate,
71    ) -> Result<Group, IdentityProviderError>;
72
73    /// Create service account.
74    async fn create_service_account(
75        &self,
76        state: &ServiceState,
77        sa: ServiceAccountCreate,
78    ) -> Result<ServiceAccount, IdentityProviderError>;
79
80    /// Create user.
81    async fn create_user(
82        &self,
83        state: &ServiceState,
84        user: UserCreate,
85    ) -> Result<UserResponse, IdentityProviderError>;
86
87    /// Delete group by ID.
88    async fn delete_group<'a>(
89        &self,
90        state: &ServiceState,
91        group_id: &'a str,
92    ) -> Result<(), IdentityProviderError>;
93
94    /// Delete user.
95    async fn delete_user<'a>(
96        &self,
97        state: &ServiceState,
98        user_id: &'a str,
99    ) -> Result<(), IdentityProviderError>;
100
101    /// Get single group by ID.
102    async fn get_group<'a>(
103        &self,
104        state: &ServiceState,
105        group_id: &'a str,
106    ) -> Result<Option<Group>, IdentityProviderError>;
107
108    /// Get single service account by ID.
109    async fn get_service_account<'a>(
110        &self,
111        state: &ServiceState,
112        user_id: &'a str,
113    ) -> Result<Option<ServiceAccount>, IdentityProviderError>;
114
115    /// Get single user by ID.
116    async fn get_user<'a>(
117        &self,
118        state: &ServiceState,
119        user_id: &'a str,
120    ) -> Result<Option<UserResponse>, IdentityProviderError>;
121
122    /// Get single user by ID.
123    async fn get_user_domain_id<'a>(
124        &self,
125        state: &ServiceState,
126        user_id: &'a str,
127    ) -> Result<String, IdentityProviderError>;
128
129    /// Find federated user by IDP and Unique ID.
130    async fn find_federated_user<'a>(
131        &self,
132        state: &ServiceState,
133        idp_id: &'a str,
134        unique_id: &'a str,
135    ) -> Result<Option<UserResponse>, IdentityProviderError>;
136
137    /// List groups.
138    async fn list_groups(
139        &self,
140        state: &ServiceState,
141        params: &GroupListParameters,
142    ) -> Result<Vec<Group>, IdentityProviderError>;
143
144    /// List Users.
145    async fn list_users(
146        &self,
147        state: &ServiceState,
148        params: &UserListParameters,
149    ) -> Result<Vec<UserResponse>, IdentityProviderError>;
150
151    /// List groups a user is member of.
152    async fn list_groups_of_user<'a>(
153        &self,
154        state: &ServiceState,
155        user_id: &'a str,
156    ) -> Result<Vec<Group>, IdentityProviderError>;
157
158    /// Remove the user from the group.
159    async fn remove_user_from_group<'a>(
160        &self,
161        state: &ServiceState,
162        user_id: &'a str,
163        group_id: &'a str,
164    ) -> Result<(), IdentityProviderError>;
165
166    /// Remove the user from the group with expiration.
167    async fn remove_user_from_group_expiring<'a>(
168        &self,
169        state: &ServiceState,
170        user_id: &'a str,
171        group_id: &'a str,
172        idp_id: &'a str,
173    ) -> Result<(), IdentityProviderError>;
174
175    /// Remove the user from multiple groups.
176    async fn remove_user_from_groups<'a>(
177        &self,
178        state: &ServiceState,
179        user_id: &'a str,
180        group_ids: HashSet<&'a str>,
181    ) -> Result<(), IdentityProviderError>;
182
183    /// Remove the user from multiple expiring groups.
184    async fn remove_user_from_groups_expiring<'a>(
185        &self,
186        state: &ServiceState,
187        user_id: &'a str,
188        group_ids: HashSet<&'a str>,
189        idp_id: &'a str,
190    ) -> Result<(), IdentityProviderError>;
191
192    /// Set group memberships for the user.
193    async fn set_user_groups<'a>(
194        &self,
195        state: &ServiceState,
196        user_id: &'a str,
197        group_ids: HashSet<&'a str>,
198    ) -> Result<(), IdentityProviderError>;
199
200    /// Set expiring group memberships for the user.
201    async fn set_user_groups_expiring<'a>(
202        &self,
203        state: &ServiceState,
204        user_id: &'a str,
205        group_ids: HashSet<&'a str>,
206        idp_id: &'a str,
207        last_verified: Option<&'a DateTime<Utc>>,
208    ) -> Result<(), IdentityProviderError>;
209}