Skip to main content

openstack_keystone_core/
config.rs

1// Licensed under the Apache License, Version 2.0 (the "License");
2// you may not use this file except in compliance with the License.
3// You may obtain a copy of the License at
4//
5//     http://www.apache.org/licenses/LICENSE-2.0
6//
7// Unless required by applicable law or agreed to in writing, software
8// distributed under the License is distributed on an "AS IS" BASIS,
9// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10// See the License for the specific language governing permissions and
11// limitations under the License.
12//
13// SPDX-License-Identifier: Apache-2.0
14//! # Keystone configuration
15//!
16//! Parsing of the Keystone configuration file implementation.
17use config::{File, FileFormat};
18use eyre::{Report, WrapErr};
19use serde::Deserialize;
20use std::path::PathBuf;
21
22mod application_credentials;
23mod assignment;
24mod auth;
25mod catalog;
26mod common;
27mod database;
28mod default;
29mod distributed_storage;
30mod federation;
31mod fernet_token;
32mod identity;
33mod identity_mapping;
34mod k8s_auth;
35mod policy;
36mod resource;
37mod revoke;
38mod role;
39mod security_compliance;
40mod token;
41mod token_restriction;
42mod trust;
43mod webauthn;
44
45use application_credentials::ApplicationCredentialProvider;
46use assignment::AssignmentProvider;
47use auth::AuthProvider;
48use catalog::CatalogProvider;
49use database::DatabaseSection;
50pub use default::DefaultSection;
51use distributed_storage::DistributedStorageConfiguration;
52use federation::FederationProvider;
53pub use fernet_token::FernetTokenProvider;
54pub use identity::*;
55use identity_mapping::IdentityMappingProvider;
56use k8s_auth::K8sAuthProvider;
57use policy::PolicyProvider;
58use resource::ResourceProvider;
59use revoke::RevokeProvider;
60use role::RoleProvider;
61use security_compliance::SecurityComplianceProvider;
62use token::TokenProvider;
63pub use token::TokenProviderDriver;
64use token_restriction::TokenRestrictionProvider;
65use trust::TrustProvider;
66use webauthn::WebauthnSection;
67
68/// Keystone configuration.
69#[derive(Debug, Default, Deserialize, Clone)]
70pub struct Config {
71    /// Application credentials provider configuration.
72    #[serde(default)]
73    pub application_credential: ApplicationCredentialProvider,
74
75    /// API policy enforcement.
76    #[serde(default)]
77    pub api_policy: PolicyProvider,
78
79    /// Assignments (roles) provider configuration.
80    #[serde(default)]
81    pub assignment: AssignmentProvider,
82
83    /// Authentication configuration.
84    pub auth: AuthProvider,
85
86    /// Catalog provider configuration.
87    #[serde(default)]
88    pub catalog: CatalogProvider,
89
90    /// Database configuration.
91    //#[serde(default)]
92    pub database: DatabaseSection,
93
94    /// Global configuration options.
95    #[serde(rename = "DEFAULT", default)]
96    pub default: DefaultSection,
97
98    /// Distributed storage configuration.
99    #[serde(default)]
100    pub distributed_storage: Option<DistributedStorageConfiguration>,
101
102    /// Federation provider configuration.
103    #[serde(default)]
104    pub federation: FederationProvider,
105
106    /// Fernet tokens provider configuration.
107    #[serde(default)]
108    pub fernet_tokens: FernetTokenProvider,
109
110    /// Identity provider configuration.
111    #[serde(default)]
112    pub identity: IdentityProvider,
113
114    /// Identity mapping provider configuration.
115    #[serde(default)]
116    pub identity_mapping: IdentityMappingProvider,
117
118    /// K8s Auth provider configuration.
119    #[serde(default)]
120    pub k8s_auth: K8sAuthProvider,
121
122    /// Resource provider configuration.
123    #[serde(default)]
124    pub resource: ResourceProvider,
125
126    /// Revoke provider configuration.
127    #[serde(default)]
128    pub revoke: RevokeProvider,
129
130    /// Role provider configuration.
131    #[serde(default)]
132    pub role: RoleProvider,
133
134    /// Security compliance configuration.
135    #[serde(default)]
136    pub security_compliance: SecurityComplianceProvider,
137
138    /// Token provider configuration.
139    #[serde(default)]
140    pub token: TokenProvider,
141
142    /// Token restriction provider configuration.
143    #[serde(default)]
144    pub token_restriction: TokenRestrictionProvider,
145
146    /// Trust provider configuration.
147    #[serde(default)]
148    pub trust: TrustProvider,
149
150    /// Webauthn configuration.
151    #[serde(default)]
152    pub webauthn: WebauthnSection,
153}
154
155impl Config {
156    pub fn new(path: PathBuf) -> Result<Self, Report> {
157        let mut builder = config::Config::builder();
158
159        if std::path::Path::new(&path).is_file() {
160            builder = builder
161                .add_source(File::from(path).format(FileFormat::Ini))
162                .add_source(
163                    config::Environment::with_prefix("OS")
164                        .prefix_separator("_")
165                        .separator("__"),
166                );
167        }
168
169        builder.try_into()
170    }
171}
172
173impl TryFrom<config::ConfigBuilder<config::builder::DefaultState>> for Config {
174    type Error = Report;
175    fn try_from(
176        builder: config::ConfigBuilder<config::builder::DefaultState>,
177    ) -> Result<Self, Self::Error> {
178        builder
179            .build()
180            .wrap_err("Failed to read configuration file")?
181            .try_deserialize()
182            .wrap_err("Failed to parse configuration file")
183    }
184}