1use serde::{Deserialize, Serialize};
7use std::collections::HashMap;
8use std::time::Duration;
9
10#[derive(Debug, Clone, Serialize, Deserialize)]
12pub struct CloudSecurityConfig {
13 pub authentication: AuthenticationConfig,
15 pub authorization: AuthorizationConfig,
17 pub encryption: EncryptionConfig,
19 pub network_security: NetworkSecurityConfig,
21 pub compliance: ComplianceConfig,
23}
24
25#[derive(Debug, Clone, Serialize, Deserialize)]
27pub struct AuthenticationConfig {
28 pub methods: Vec<AuthMethod>,
30 pub mfa: MFAConfig,
32 pub sso: SSOConfig,
34}
35
36#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
38pub enum AuthMethod {
39 Password,
40 APIKey,
41 Certificate,
42 OAuth2,
43 SAML,
44 Custom(String),
45}
46
47#[derive(Debug, Clone, Serialize, Deserialize)]
49pub struct MFAConfig {
50 pub enabled: bool,
52 pub methods: Vec<MFAMethod>,
54 pub backup_codes: bool,
56}
57
58#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
60pub enum MFAMethod {
61 TOTP,
62 SMS,
63 Email,
64 PushNotification,
65 Hardware,
66}
67
68#[derive(Debug, Clone, Serialize, Deserialize)]
70pub struct SSOConfig {
71 pub enabled: bool,
73 pub provider: SSOProvider,
75 pub saml: SAMLConfig,
77 pub oidc: OIDCConfig,
79}
80
81#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
83pub enum SSOProvider {
84 SAML,
85 OIDC,
86 LDAP,
87 ActiveDirectory,
88 Custom(String),
89}
90
91#[derive(Debug, Clone, Serialize, Deserialize)]
93pub struct SAMLConfig {
94 pub idp_url: String,
96 pub sp_id: String,
98 pub certificate: String,
100}
101
102#[derive(Debug, Clone, Serialize, Deserialize)]
104pub struct OIDCConfig {
105 pub client_id: String,
107 pub client_secret: String,
109 pub discovery_url: String,
111}
112
113#[derive(Debug, Clone, Serialize, Deserialize)]
115pub struct AuthorizationConfig {
116 pub model: AuthorizationModel,
118 pub roles: Vec<RoleDefinition>,
120 pub permissions: PermissionSystem,
122}
123
124#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
126pub enum AuthorizationModel {
127 RBAC,
128 ABAC,
129 DAC,
130 MAC,
131 Custom(String),
132}
133
134#[derive(Debug, Clone, Serialize, Deserialize)]
136pub struct RoleDefinition {
137 pub name: String,
139 pub description: String,
141 pub permissions: Vec<String>,
143 pub parent_roles: Vec<String>,
145}
146
147#[derive(Debug, Clone, Serialize, Deserialize)]
149pub struct PermissionSystem {
150 pub model: PermissionModel,
152 pub resources: Vec<ResourceDefinition>,
154 pub actions: Vec<ActionDefinition>,
156}
157
158#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
160pub enum PermissionModel {
161 ResourceAction,
162 CapabilityBased,
163 AttributeBased,
164 Custom(String),
165}
166
167#[derive(Debug, Clone, Serialize, Deserialize)]
169pub struct ResourceDefinition {
170 pub resource_type: String,
172 pub attributes: HashMap<String, String>,
174 pub access_patterns: Vec<AccessPattern>,
176}
177
178#[derive(Debug, Clone, Serialize, Deserialize)]
180pub struct AccessPattern {
181 pub name: String,
183 pub actions: Vec<String>,
185 pub conditions: Vec<AccessCondition>,
187}
188
189#[derive(Debug, Clone, Serialize, Deserialize)]
191pub struct AccessCondition {
192 pub attribute: String,
194 pub operator: String,
196 pub value: String,
198}
199
200#[derive(Debug, Clone, Serialize, Deserialize)]
202pub struct ActionDefinition {
203 pub name: String,
205 pub description: String,
207 pub required_permissions: Vec<String>,
209}
210
211#[derive(Debug, Clone, Serialize, Deserialize)]
213pub struct EncryptionConfig {
214 pub at_rest: EncryptionAtRestConfig,
216 pub in_transit: EncryptionInTransitConfig,
218 pub key_management: EncryptionKeyManagementConfig,
220}
221
222#[derive(Debug, Clone, Serialize, Deserialize)]
224pub struct EncryptionAtRestConfig {
225 pub enabled: bool,
227 pub algorithm: String,
229 pub key_size: usize,
231}
232
233#[derive(Debug, Clone, Serialize, Deserialize)]
235pub struct EncryptionInTransitConfig {
236 pub enabled: bool,
238 pub tls_version: String,
240 pub cipher_suites: Vec<String>,
242}
243
244#[derive(Debug, Clone, Serialize, Deserialize)]
246pub struct EncryptionKeyManagementConfig {
247 pub service: KeyManagementService,
249 pub rotation_policy: EncryptionKeyRotationPolicy,
251 pub backup_policy: EncryptionKeyBackupPolicy,
253}
254
255#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
257pub enum KeyManagementService {
258 AwsKms,
259 AzureKeyVault,
260 GoogleKms,
261 HashiCorpVault,
262 Custom(String),
263}
264
265#[derive(Debug, Clone, Serialize, Deserialize)]
267pub struct EncryptionKeyRotationPolicy {
268 pub enabled: bool,
270 pub frequency: Duration,
272 pub automatic: bool,
274}
275
276#[derive(Debug, Clone, Serialize, Deserialize)]
278pub struct EncryptionKeyBackupPolicy {
279 pub enabled: bool,
281 pub frequency: Duration,
283 pub locations: Vec<String>,
285}
286
287#[derive(Debug, Clone, Serialize, Deserialize)]
289pub struct NetworkSecurityConfig {
290 pub firewall: FirewallConfig,
292 pub vpn: VPNConfig,
294 pub ddos_protection: DDoSProtectionConfig,
296}
297
298#[derive(Debug, Clone, Serialize, Deserialize)]
300pub struct FirewallConfig {
301 pub enabled: bool,
303 pub rules: Vec<FirewallRule>,
305 pub default_policy: FirewallPolicy,
307}
308
309#[derive(Debug, Clone, Serialize, Deserialize)]
311pub struct FirewallRule {
312 pub name: String,
314 pub source: String,
316 pub destination: String,
318 pub port: String,
320 pub protocol: String,
322 pub action: FirewallAction,
324}
325
326#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
328pub enum FirewallPolicy {
329 Allow,
330 Deny,
331 Log,
332}
333
334#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
336pub enum FirewallAction {
337 Allow,
338 Deny,
339 Log,
340}
341
342#[derive(Debug, Clone, Serialize, Deserialize)]
344pub struct VPNConfig {
345 pub enabled: bool,
347 pub vpn_type: VPNType,
349 pub connection: VPNConnectionConfig,
351}
352
353#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
355pub enum VPNType {
356 SiteToSite,
357 PointToSite,
358 PointToPoint,
359 Custom(String),
360}
361
362#[derive(Debug, Clone, Serialize, Deserialize)]
364pub struct VPNConnectionConfig {
365 pub gateway: String,
367 pub psk: String,
369 pub encryption: String,
371}
372
373#[derive(Debug, Clone, Serialize, Deserialize)]
375pub struct DDoSProtectionConfig {
376 pub enabled: bool,
378 pub level: DDoSProtectionLevel,
380 pub rate_limiting: RateLimitingConfig,
382}
383
384#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
386pub enum DDoSProtectionLevel {
387 Basic,
388 Standard,
389 Premium,
390 Custom(String),
391}
392
393#[derive(Debug, Clone, Serialize, Deserialize)]
395pub struct RateLimitingConfig {
396 pub enabled: bool,
398 pub limits: HashMap<String, usize>,
400 pub windows: HashMap<String, Duration>,
402}
403
404#[derive(Debug, Clone, Serialize, Deserialize)]
406pub struct ComplianceConfig {
407 pub frameworks: Vec<ComplianceFramework>,
409 pub audit: AuditConfig,
411 pub data_governance: DataGovernanceConfig,
413}
414
415#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
417pub enum ComplianceFramework {
418 SOC2,
419 ISO27001,
420 GDPR,
421 HIPAA,
422 PciDss,
423 Custom(String),
424}
425
426#[derive(Debug, Clone, Serialize, Deserialize)]
428pub struct AuditConfig {
429 pub enabled: bool,
431 pub events: Vec<AuditEvent>,
433 pub retention: Duration,
435}
436
437#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
439pub enum AuditEvent {
440 Authentication,
441 Authorization,
442 DataAccess,
443 ConfigChange,
444 SecurityEvent,
445 Custom(String),
446}
447
448#[derive(Debug, Clone, Serialize, Deserialize)]
450pub struct DataGovernanceConfig {
451 pub classification: DataClassificationConfig,
453 pub retention: DataRetentionConfig,
455 pub privacy: DataPrivacyConfig,
457}
458
459#[derive(Debug, Clone, Serialize, Deserialize)]
461pub struct DataClassificationConfig {
462 pub levels: Vec<ClassificationLevel>,
464 pub auto_classification: bool,
466}
467
468#[derive(Debug, Clone, Serialize, Deserialize)]
470pub struct ClassificationLevel {
471 pub name: String,
473 pub sensitivity: u8,
475 pub requirements: Vec<String>,
477}
478
479#[derive(Debug, Clone, Serialize, Deserialize)]
481pub struct DataRetentionConfig {
482 pub policies: Vec<RetentionPolicy>,
484 pub default_retention: Duration,
486}
487
488#[derive(Debug, Clone, Serialize, Deserialize)]
490pub struct RetentionPolicy {
491 pub data_type: String,
493 pub retention_period: Duration,
495 pub disposal_method: DisposalMethod,
497}
498
499#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
501pub enum DisposalMethod {
502 Delete,
503 Archive,
504 Anonymize,
505 Custom(String),
506}
507
508#[derive(Debug, Clone, Serialize, Deserialize)]
510pub struct DataPrivacyConfig {
511 pub controls: Vec<PrivacyControl>,
513 pub consent: ConsentManagementConfig,
515}
516
517#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
519pub enum PrivacyControl {
520 Anonymization,
521 Pseudonymization,
522 DataMinimization,
523 AccessControl,
524 Custom(String),
525}
526
527#[derive(Debug, Clone, Serialize, Deserialize)]
529pub struct ConsentManagementConfig {
530 pub enabled: bool,
532 pub consent_types: Vec<String>,
534 pub withdrawal_process: WithdrawalProcess,
536}
537
538#[derive(Debug, Clone, Serialize, Deserialize)]
540pub struct WithdrawalProcess {
541 pub methods: Vec<WithdrawalMethod>,
543 pub processing_time: Duration,
545 pub confirmation_required: bool,
547}
548
549#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
551pub enum WithdrawalMethod {
552 Online,
553 Email,
554 Phone,
555 Mail,
556 Custom(String),
557}