pub struct VaultAuthenticationManager { /* private fields */ }
Expand description
Vault-integrated authentication manager
Implementations§
Source§impl VaultAuthenticationManager
impl VaultAuthenticationManager
Sourcepub async fn new_with_vault(
auth_config: AuthConfig,
validation_config: Option<ValidationConfig>,
vault_config: Option<VaultConfig>,
fallback_to_env: bool,
) -> Result<Self, VaultAuthManagerError>
pub async fn new_with_vault( auth_config: AuthConfig, validation_config: Option<ValidationConfig>, vault_config: Option<VaultConfig>, fallback_to_env: bool, ) -> Result<Self, VaultAuthManagerError>
Create a new vault-integrated authentication manager
Sourcepub async fn new_with_default_vault(
auth_config: AuthConfig,
fallback_to_env: bool,
) -> Result<Self, VaultAuthManagerError>
pub async fn new_with_default_vault( auth_config: AuthConfig, fallback_to_env: bool, ) -> Result<Self, VaultAuthManagerError>
Create with default vault configuration (Infisical)
Sourcepub fn auth_manager(&self) -> &AuthenticationManager
pub fn auth_manager(&self) -> &AuthenticationManager
Get the underlying authentication manager
Sourcepub fn vault_integration(&self) -> Option<&VaultIntegration>
pub fn vault_integration(&self) -> Option<&VaultIntegration>
Get vault integration if available
Sourcepub async fn test_vault_connection(&self) -> Result<(), VaultAuthManagerError>
pub async fn test_vault_connection(&self) -> Result<(), VaultAuthManagerError>
Test vault connectivity
Sourcepub async fn refresh_config_from_vault(
&mut self,
) -> Result<(), VaultAuthManagerError>
pub async fn refresh_config_from_vault( &mut self, ) -> Result<(), VaultAuthManagerError>
Refresh configuration from vault
Sourcepub async fn store_secret(
&self,
name: &str,
value: &str,
) -> Result<(), VaultAuthManagerError>
pub async fn store_secret( &self, name: &str, value: &str, ) -> Result<(), VaultAuthManagerError>
Store a secret in the vault (if supported)
Sourcepub async fn get_secret(
&self,
name: &str,
) -> Result<String, VaultAuthManagerError>
pub async fn get_secret( &self, name: &str, ) -> Result<String, VaultAuthManagerError>
Get a secret from the vault
Sourcepub async fn list_vault_secrets(
&self,
) -> Result<Vec<String>, VaultAuthManagerError>
pub async fn list_vault_secrets( &self, ) -> Result<Vec<String>, VaultAuthManagerError>
List available secrets from vault
Sourcepub fn vault_status(&self) -> VaultStatus
pub fn vault_status(&self) -> VaultStatus
Get vault status information
Methods from Deref<Target = AuthenticationManager>§
Sourcepub async fn create_api_key(
&self,
name: String,
role: Role,
expires_at: Option<DateTime<Utc>>,
ip_whitelist: Option<Vec<String>>,
) -> Result<ApiKey, AuthError>
pub async fn create_api_key( &self, name: String, role: Role, expires_at: Option<DateTime<Utc>>, ip_whitelist: Option<Vec<String>>, ) -> Result<ApiKey, AuthError>
Create a new API key
Sourcepub async fn validate_api_key(
&self,
key_secret: &str,
client_ip: Option<&str>,
) -> Result<Option<AuthContext>, AuthError>
pub async fn validate_api_key( &self, key_secret: &str, client_ip: Option<&str>, ) -> Result<Option<AuthContext>, AuthError>
Validate an API key with comprehensive security checks
Sourcepub async fn validate_api_key_legacy(
&self,
key_secret: &str,
) -> Result<Option<AuthContext>, AuthError>
pub async fn validate_api_key_legacy( &self, key_secret: &str, ) -> Result<Option<AuthContext>, AuthError>
Validate an API key (legacy method without IP checking)
Sourcepub async fn update_key(&self, key: ApiKey) -> Result<(), AuthError>
pub async fn update_key(&self, key: ApiKey) -> Result<(), AuthError>
Update an existing API key
Sourcepub async fn revoke_key(&self, key_id: &str) -> Result<bool, AuthError>
pub async fn revoke_key(&self, key_id: &str) -> Result<bool, AuthError>
Revoke/delete an API key
Sourcepub async fn get_rate_limit_stats(&self) -> RateLimitStats
pub async fn get_rate_limit_stats(&self) -> RateLimitStats
Get current rate limit statistics
Sourcepub async fn cleanup_rate_limits(&self)
pub async fn cleanup_rate_limits(&self)
Clean up old rate limit entries (should be called periodically)
Sourcepub async fn check_role_rate_limit(
&self,
role: &Role,
client_ip: &str,
) -> Result<bool, AuthError>
pub async fn check_role_rate_limit( &self, role: &Role, client_ip: &str, ) -> Result<bool, AuthError>
Check if a role-based request should be rate limited
Sourcepub async fn update_role_rate_limit(
&self,
role_key: String,
config: RoleRateLimitConfig,
) -> Result<(), AuthError>
pub async fn update_role_rate_limit( &self, role_key: String, config: RoleRateLimitConfig, ) -> Result<(), AuthError>
Update role rate limit configuration
Sourcepub async fn cleanup_role_rate_limits(&self)
pub async fn cleanup_role_rate_limits(&self)
Clean up old role rate limit entries
Sourcepub async fn disable_key(&self, key_id: &str) -> Result<bool, AuthError>
pub async fn disable_key(&self, key_id: &str) -> Result<bool, AuthError>
Disable/enable an API key without deleting it
Sourcepub async fn enable_key(&self, key_id: &str) -> Result<bool, AuthError>
pub async fn enable_key(&self, key_id: &str) -> Result<bool, AuthError>
Enable a previously disabled API key
Sourcepub async fn update_key_expiration(
&self,
key_id: &str,
expires_at: Option<DateTime<Utc>>,
) -> Result<bool, AuthError>
pub async fn update_key_expiration( &self, key_id: &str, expires_at: Option<DateTime<Utc>>, ) -> Result<bool, AuthError>
Update key expiration date
Sourcepub async fn update_key_ip_whitelist(
&self,
key_id: &str,
ip_whitelist: Vec<String>,
) -> Result<bool, AuthError>
pub async fn update_key_ip_whitelist( &self, key_id: &str, ip_whitelist: Vec<String>, ) -> Result<bool, AuthError>
Update key IP whitelist
Sourcepub async fn list_keys_by_role(&self, role: &Role) -> Vec<ApiKey>
pub async fn list_keys_by_role(&self, role: &Role) -> Vec<ApiKey>
Get keys by role
Sourcepub async fn list_active_keys(&self) -> Vec<ApiKey>
pub async fn list_active_keys(&self) -> Vec<ApiKey>
Get active keys only
Sourcepub async fn list_expired_keys(&self) -> Vec<ApiKey>
pub async fn list_expired_keys(&self) -> Vec<ApiKey>
Get expired keys
Sourcepub async fn bulk_revoke_keys(
&self,
key_ids: &[String],
) -> Result<Vec<String>, AuthError>
pub async fn bulk_revoke_keys( &self, key_ids: &[String], ) -> Result<Vec<String>, AuthError>
Bulk revoke keys (useful for security incidents)
Sourcepub async fn cleanup_expired_keys(&self) -> Result<u32, AuthError>
pub async fn cleanup_expired_keys(&self) -> Result<u32, AuthError>
Clean up expired keys
Sourcepub async fn get_key_usage_stats(&self) -> Result<KeyUsageStats, AuthError>
pub async fn get_key_usage_stats(&self) -> Result<KeyUsageStats, AuthError>
Get key usage statistics
Sourcepub async fn bulk_create_keys(
&self,
requests: Vec<KeyCreationRequest>,
) -> Result<Vec<Result<ApiKey, AuthError>>, AuthError>
pub async fn bulk_create_keys( &self, requests: Vec<KeyCreationRequest>, ) -> Result<Vec<Result<ApiKey, AuthError>>, AuthError>
Create multiple API keys for bulk provisioning
Sourcepub fn check_api_completeness(&self) -> ApiCompletenessCheck
pub fn check_api_completeness(&self) -> ApiCompletenessCheck
Check if the authentication manager has all required methods for production use
pub async fn start_background_tasks(&self) -> Result<(), AuthError>
pub async fn stop_background_tasks(&self) -> Result<(), AuthError>
pub async fn health_check(&self) -> Result<(), AuthError>
pub async fn process_request( &self, request: Request, _context: &RequestContext, ) -> Result<Request, AuthError>
pub async fn process_response( &self, response: Response, _context: &RequestContext, ) -> Result<Response, AuthError>
Sourcepub async fn generate_token_for_key(
&self,
key_id: &str,
client_ip: Option<String>,
session_id: Option<String>,
scope: Vec<String>,
) -> Result<TokenPair, AuthError>
pub async fn generate_token_for_key( &self, key_id: &str, client_ip: Option<String>, session_id: Option<String>, scope: Vec<String>, ) -> Result<TokenPair, AuthError>
Generate a JWT token pair for an API key
Sourcepub async fn validate_jwt_token(
&self,
token: &str,
) -> Result<AuthContext, AuthError>
pub async fn validate_jwt_token( &self, token: &str, ) -> Result<AuthContext, AuthError>
Validate a JWT token and return auth context
Sourcepub async fn refresh_jwt_token(
&self,
refresh_token: &str,
client_ip: Option<String>,
scope: Vec<String>,
) -> Result<String, AuthError>
pub async fn refresh_jwt_token( &self, refresh_token: &str, client_ip: Option<String>, scope: Vec<String>, ) -> Result<String, AuthError>
Refresh an access token using a refresh token
Sourcepub async fn cleanup_jwt_blacklist(&self) -> Result<usize, AuthError>
pub async fn cleanup_jwt_blacklist(&self) -> Result<usize, AuthError>
Clean up expired tokens from blacklist
Sourcepub fn decode_jwt_token_info(
&self,
token: &str,
) -> Result<TokenClaims, AuthError>
pub fn decode_jwt_token_info( &self, token: &str, ) -> Result<TokenClaims, AuthError>
Get token info without validation (for debugging)