Skip to main content

openstack_keystone_core/config/
identity.rs

1// Licensed under the Apache License, Version 2.0 (the "License");
2// you may not use this file except in compliance with the License.
3// You may obtain a copy of the License at
4//
5//     http://www.apache.org/licenses/LICENSE-2.0
6//
7// Unless required by applicable law or agreed to in writing, software
8// distributed under the License is distributed on an "AS IS" BASIS,
9// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10// See the License for the specific language governing permissions and
11// limitations under the License.
12//
13// SPDX-License-Identifier: Apache-2.0
14use serde::Deserialize;
15use std::collections::HashMap;
16
17use crate::config::common::default_sql_driver;
18
19/// Identity provider.
20#[derive(Debug, Deserialize, Clone)]
21pub struct IdentityProvider {
22    /// Caching.
23    #[serde(default)]
24    pub caching: bool,
25
26    /// Identity provider driver.
27    #[serde(default = "default_sql_driver")]
28    pub driver: String,
29
30    /// Maximal password length.
31    #[serde(default = "default_max_password_length")]
32    pub max_password_length: usize,
33
34    /// Default password hashing algorithm.
35    #[serde(default)]
36    pub password_hashing_algorithm: PasswordHashingAlgo,
37
38    /// Default number of password hashing rounds.
39    pub password_hash_rounds: Option<usize>,
40
41    /// User options id to name mapping.
42    #[serde(default = "default_user_options_mapping")]
43    pub user_options_id_name_mapping: HashMap<String, String>,
44}
45
46impl Default for IdentityProvider {
47    fn default() -> Self {
48        Self {
49            caching: false,
50            driver: default_sql_driver(),
51            max_password_length: default_max_password_length(),
52            password_hashing_algorithm: PasswordHashingAlgo::Bcrypt,
53            password_hash_rounds: None,
54            user_options_id_name_mapping: default_user_options_mapping(),
55        }
56    }
57}
58
59/// Password hashing algorithm.
60#[derive(Debug, Default, Deserialize, Clone)]
61pub enum PasswordHashingAlgo {
62    /// Bcrypt.
63    #[default]
64    Bcrypt,
65    // #[cfg(test)]
66    /// None. Should not be used outside of testing where expected value is
67    /// necessary.
68    None,
69}
70
71fn default_user_options_mapping() -> HashMap<String, String> {
72    HashMap::from([
73        (
74            "1000".into(),
75            "ignore_change_password_upon_first_use".into(),
76        ),
77        ("1001".into(), "ignore_password_expiry".into()),
78        ("1002".into(), "ignore_lockout_failure_attempts".into()),
79        ("1003".into(), "lock_password".into()),
80        ("1004".into(), "ignore_user_inactivity".into()),
81        ("MFAR".into(), "multi_factor_auth_rules".into()),
82        ("MFAE".into(), "multi_factor_auth_rules".into()),
83    ])
84}
85
86fn default_max_password_length() -> usize {
87    4096
88}