Skip to main content

openstack_keystone_core/assignment/
backend.rs

1// Licensed under the Apache License, Version 2.0 (the "License");
2// you may not use this file except in compliance with the License.
3// You may obtain a copy of the License at
4//
5//     http://www.apache.org/licenses/LICENSE-2.0
6//
7// Unless required by applicable law or agreed to in writing, software
8// distributed under the License is distributed on an "AS IS" BASIS,
9// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10// See the License for the specific language governing permissions and
11// limitations under the License.
12//
13// SPDX-License-Identifier: Apache-2.0
14
15use async_trait::async_trait;
16
17use crate::assignment::AssignmentProviderError;
18use crate::assignment::types::assignment::*;
19use crate::keystone::ServiceState;
20
21#[cfg_attr(test, mockall::automock)]
22#[async_trait]
23pub trait AssignmentBackend: Send + Sync {
24    /// Check assignment grant.
25    async fn check_grant(
26        &self,
27        state: &ServiceState,
28        params: &Assignment,
29    ) -> Result<bool, AssignmentProviderError>;
30
31    /// Create assignment grant.
32    async fn create_grant(
33        &self,
34        state: &ServiceState,
35        params: AssignmentCreate,
36    ) -> Result<Assignment, AssignmentProviderError>;
37
38    /// List Role assignments
39    async fn list_assignments(
40        &self,
41        state: &ServiceState,
42        params: &RoleAssignmentListParameters,
43    ) -> Result<Vec<Assignment>, AssignmentProviderError>;
44
45    /// List all role assignments for multiple actors on multiple targets
46    ///
47    /// It is a naive interpretation of the effective role assignments where we
48    /// check all roles assigned to the user (including groups) on a
49    /// concrete target (including all higher targets the role can be
50    /// inherited from)
51    async fn list_assignments_for_multiple_actors_and_targets(
52        &self,
53        state: &ServiceState,
54        params: &RoleAssignmentListForMultipleActorTargetParameters,
55    ) -> Result<Vec<Assignment>, AssignmentProviderError>;
56
57    /// Revoke assignment grant.
58    async fn revoke_grant(
59        &self,
60        state: &ServiceState,
61        params: &Assignment,
62    ) -> Result<(), AssignmentProviderError>;
63}