Skip to main content

openstack_keystone_core/k8s_auth/
mod.rs

1// Licensed under the Apache License, Version 2.0 (the "License");
2// you may not use this file except in compliance with the License.
3// You may obtain a copy of the License at
4//
5//     http://www.apache.org/licenses/LICENSE-2.0
6//
7// Unless required by applicable law or agreed to in writing, software
8// distributed under the License is distributed on an "AS IS" BASIS,
9// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10// See the License for the specific language governing permissions and
11// limitations under the License.
12//
13// SPDX-License-Identifier: Apache-2.0
14//! # Kubernetes authentication.
15
16use async_trait::async_trait;
17
18pub mod api;
19mod auth;
20pub mod backend;
21pub mod error;
22#[cfg(any(test, feature = "mock"))]
23mod mock;
24pub mod service;
25pub mod types;
26
27use crate::k8s_auth::service::K8sAuthService;
28use crate::keystone::ServiceState;
29use crate::plugin_manager::PluginManagerApi;
30use crate::token::types::TokenRestriction;
31use crate::{auth::AuthenticatedInfo, config::Config};
32use types::*;
33
34pub use error::K8sAuthProviderError;
35#[cfg(any(test, feature = "mock"))]
36pub use mock::MockK8sAuthProvider;
37pub use types::K8sAuthApi;
38
39/// K8s Auth provider.
40pub enum K8sAuthProvider {
41    Service(K8sAuthService),
42    #[cfg(any(test, feature = "mock"))]
43    Mock(MockK8sAuthProvider),
44}
45
46impl K8sAuthProvider {
47    pub fn new<P: PluginManagerApi>(
48        config: &Config,
49        plugin_manager: &P,
50    ) -> Result<Self, K8sAuthProviderError> {
51        Ok(Self::Service(K8sAuthService::new(config, plugin_manager)?))
52    }
53}
54
55#[async_trait]
56impl K8sAuthApi for K8sAuthProvider {
57    /// Authenticate (exchange) the K8s Service account token.
58    async fn authenticate_by_k8s_sa_token(
59        &self,
60        state: &ServiceState,
61        req: &K8sAuthRequest,
62    ) -> Result<(AuthenticatedInfo, TokenRestriction), K8sAuthProviderError> {
63        match self {
64            Self::Service(provider) => provider.authenticate_by_k8s_sa_token(state, req).await,
65            #[cfg(any(test, feature = "mock"))]
66            Self::Mock(provider) => provider.authenticate_by_k8s_sa_token(state, req).await,
67        }
68    }
69
70    /// Register new K8s auth instance.
71    #[tracing::instrument(skip(self, state))]
72    async fn create_auth_instance(
73        &self,
74        state: &ServiceState,
75        instance: K8sAuthInstanceCreate,
76    ) -> Result<K8sAuthInstance, K8sAuthProviderError> {
77        match self {
78            Self::Service(provider) => provider.create_auth_instance(state, instance).await,
79            #[cfg(any(test, feature = "mock"))]
80            Self::Mock(provider) => provider.create_auth_instance(state, instance).await,
81        }
82    }
83
84    /// Register new K8s auth role.
85    #[tracing::instrument(skip(self, state))]
86    async fn create_auth_role(
87        &self,
88        state: &ServiceState,
89        role: K8sAuthRoleCreate,
90    ) -> Result<K8sAuthRole, K8sAuthProviderError> {
91        match self {
92            Self::Service(provider) => provider.create_auth_role(state, role).await,
93            #[cfg(any(test, feature = "mock"))]
94            Self::Mock(provider) => provider.create_auth_role(state, role).await,
95        }
96    }
97
98    /// Delete K8s auth provider.
99    #[tracing::instrument(skip(self, state))]
100    async fn delete_auth_instance<'a>(
101        &self,
102        state: &ServiceState,
103        id: &'a str,
104    ) -> Result<(), K8sAuthProviderError> {
105        match self {
106            Self::Service(provider) => provider.delete_auth_instance(state, id).await,
107            #[cfg(any(test, feature = "mock"))]
108            Self::Mock(provider) => provider.delete_auth_instance(state, id).await,
109        }
110    }
111
112    /// Delete K8s auth role.
113    #[tracing::instrument(skip(self, state))]
114    async fn delete_auth_role<'a>(
115        &self,
116        state: &ServiceState,
117        id: &'a str,
118    ) -> Result<(), K8sAuthProviderError> {
119        match self {
120            Self::Service(provider) => provider.delete_auth_role(state, id).await,
121            #[cfg(any(test, feature = "mock"))]
122            Self::Mock(provider) => provider.delete_auth_role(state, id).await,
123        }
124    }
125
126    /// Register new K8s auth instance.
127    #[tracing::instrument(skip(self, state))]
128    async fn get_auth_instance<'a>(
129        &self,
130        state: &ServiceState,
131        id: &'a str,
132    ) -> Result<Option<K8sAuthInstance>, K8sAuthProviderError> {
133        match self {
134            Self::Service(provider) => provider.get_auth_instance(state, id).await,
135            #[cfg(any(test, feature = "mock"))]
136            Self::Mock(provider) => provider.get_auth_instance(state, id).await,
137        }
138    }
139
140    /// Register new K8s auth role.
141    #[tracing::instrument(skip(self, state))]
142    async fn get_auth_role<'a>(
143        &self,
144        state: &ServiceState,
145        id: &'a str,
146    ) -> Result<Option<K8sAuthRole>, K8sAuthProviderError> {
147        match self {
148            Self::Service(provider) => provider.get_auth_role(state, id).await,
149            #[cfg(any(test, feature = "mock"))]
150            Self::Mock(provider) => provider.get_auth_role(state, id).await,
151        }
152    }
153
154    /// List K8s auth instances.
155    #[tracing::instrument(skip(self, state))]
156    async fn list_auth_instances(
157        &self,
158        state: &ServiceState,
159        params: &K8sAuthInstanceListParameters,
160    ) -> Result<Vec<K8sAuthInstance>, K8sAuthProviderError> {
161        match self {
162            Self::Service(provider) => provider.list_auth_instances(state, params).await,
163            #[cfg(any(test, feature = "mock"))]
164            Self::Mock(provider) => provider.list_auth_instances(state, params).await,
165        }
166    }
167
168    /// List K8s auth roles.
169    #[tracing::instrument(skip(self, state))]
170    async fn list_auth_roles(
171        &self,
172        state: &ServiceState,
173        params: &K8sAuthRoleListParameters,
174    ) -> Result<Vec<K8sAuthRole>, K8sAuthProviderError> {
175        match self {
176            Self::Service(provider) => provider.list_auth_roles(state, params).await,
177            #[cfg(any(test, feature = "mock"))]
178            Self::Mock(provider) => provider.list_auth_roles(state, params).await,
179        }
180    }
181
182    /// Update K8s auth instance.
183    #[tracing::instrument(skip(self, state))]
184    async fn update_auth_instance<'a>(
185        &self,
186        state: &ServiceState,
187        id: &'a str,
188        data: K8sAuthInstanceUpdate,
189    ) -> Result<K8sAuthInstance, K8sAuthProviderError> {
190        match self {
191            Self::Service(provider) => provider.update_auth_instance(state, id, data).await,
192            #[cfg(any(test, feature = "mock"))]
193            Self::Mock(provider) => provider.update_auth_instance(state, id, data).await,
194        }
195    }
196
197    /// Update K8s auth role.
198    #[tracing::instrument(skip(self, state))]
199    async fn update_auth_role<'a>(
200        &self,
201        state: &ServiceState,
202        id: &'a str,
203        data: K8sAuthRoleUpdate,
204    ) -> Result<K8sAuthRole, K8sAuthProviderError> {
205        match self {
206            Self::Service(provider) => provider.update_auth_role(state, id, data).await,
207            #[cfg(any(test, feature = "mock"))]
208            Self::Mock(provider) => provider.update_auth_role(state, id, data).await,
209        }
210    }
211}