quantrs2_device/cloud/orchestration/
security.rs

1//! Cloud Orchestration — Security Configuration
2//!
3//! Authentication, authorization, encryption, network-security, and compliance
4//! configuration types for cloud orchestration.
5
6use serde::{Deserialize, Serialize};
7use std::collections::HashMap;
8use std::time::Duration;
9
10/// Cloud security configuration
11#[derive(Debug, Clone, Serialize, Deserialize)]
12pub struct CloudSecurityConfig {
13    /// Authentication configuration
14    pub authentication: AuthenticationConfig,
15    /// Authorization configuration
16    pub authorization: AuthorizationConfig,
17    /// Encryption configuration
18    pub encryption: EncryptionConfig,
19    /// Network security
20    pub network_security: NetworkSecurityConfig,
21    /// Compliance configuration
22    pub compliance: ComplianceConfig,
23}
24
25/// Authentication configuration
26#[derive(Debug, Clone, Serialize, Deserialize)]
27pub struct AuthenticationConfig {
28    /// Authentication methods
29    pub methods: Vec<AuthMethod>,
30    /// Multi-factor authentication
31    pub mfa: MFAConfig,
32    /// Single sign-on
33    pub sso: SSOConfig,
34}
35
36/// Authentication methods
37#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
38pub enum AuthMethod {
39    Password,
40    APIKey,
41    Certificate,
42    OAuth2,
43    SAML,
44    Custom(String),
45}
46
47/// MFA configuration
48#[derive(Debug, Clone, Serialize, Deserialize)]
49pub struct MFAConfig {
50    /// Enable MFA
51    pub enabled: bool,
52    /// MFA methods
53    pub methods: Vec<MFAMethod>,
54    /// Backup codes
55    pub backup_codes: bool,
56}
57
58/// MFA methods
59#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
60pub enum MFAMethod {
61    TOTP,
62    SMS,
63    Email,
64    PushNotification,
65    Hardware,
66}
67
68/// SSO configuration
69#[derive(Debug, Clone, Serialize, Deserialize)]
70pub struct SSOConfig {
71    /// Enable SSO
72    pub enabled: bool,
73    /// SSO provider
74    pub provider: SSOProvider,
75    /// SAML configuration
76    pub saml: SAMLConfig,
77    /// OIDC configuration
78    pub oidc: OIDCConfig,
79}
80
81/// SSO providers
82#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
83pub enum SSOProvider {
84    SAML,
85    OIDC,
86    LDAP,
87    ActiveDirectory,
88    Custom(String),
89}
90
91/// SAML configuration
92#[derive(Debug, Clone, Serialize, Deserialize)]
93pub struct SAMLConfig {
94    /// Identity provider URL
95    pub idp_url: String,
96    /// Service provider ID
97    pub sp_id: String,
98    /// Certificate
99    pub certificate: String,
100}
101
102/// OIDC configuration
103#[derive(Debug, Clone, Serialize, Deserialize)]
104pub struct OIDCConfig {
105    /// Client ID
106    pub client_id: String,
107    /// Client secret
108    pub client_secret: String,
109    /// Discovery URL
110    pub discovery_url: String,
111}
112
113/// Authorization configuration
114#[derive(Debug, Clone, Serialize, Deserialize)]
115pub struct AuthorizationConfig {
116    /// Authorization model
117    pub model: AuthorizationModel,
118    /// Role definitions
119    pub roles: Vec<RoleDefinition>,
120    /// Permission system
121    pub permissions: PermissionSystem,
122}
123
124/// Authorization models
125#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
126pub enum AuthorizationModel {
127    RBAC,
128    ABAC,
129    DAC,
130    MAC,
131    Custom(String),
132}
133
134/// Role definition
135#[derive(Debug, Clone, Serialize, Deserialize)]
136pub struct RoleDefinition {
137    /// Role name
138    pub name: String,
139    /// Description
140    pub description: String,
141    /// Permissions
142    pub permissions: Vec<String>,
143    /// Role hierarchy
144    pub parent_roles: Vec<String>,
145}
146
147/// Permission system
148#[derive(Debug, Clone, Serialize, Deserialize)]
149pub struct PermissionSystem {
150    /// Permission model
151    pub model: PermissionModel,
152    /// Resource definitions
153    pub resources: Vec<ResourceDefinition>,
154    /// Action definitions
155    pub actions: Vec<ActionDefinition>,
156}
157
158/// Permission models
159#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
160pub enum PermissionModel {
161    ResourceAction,
162    CapabilityBased,
163    AttributeBased,
164    Custom(String),
165}
166
167/// Resource definition
168#[derive(Debug, Clone, Serialize, Deserialize)]
169pub struct ResourceDefinition {
170    /// Resource type
171    pub resource_type: String,
172    /// Resource attributes
173    pub attributes: HashMap<String, String>,
174    /// Access patterns
175    pub access_patterns: Vec<AccessPattern>,
176}
177
178/// Access pattern
179#[derive(Debug, Clone, Serialize, Deserialize)]
180pub struct AccessPattern {
181    /// Pattern name
182    pub name: String,
183    /// Allowed actions
184    pub actions: Vec<String>,
185    /// Conditions
186    pub conditions: Vec<AccessCondition>,
187}
188
189/// Access condition
190#[derive(Debug, Clone, Serialize, Deserialize)]
191pub struct AccessCondition {
192    /// Attribute
193    pub attribute: String,
194    /// Operator
195    pub operator: String,
196    /// Value
197    pub value: String,
198}
199
200/// Action definition
201#[derive(Debug, Clone, Serialize, Deserialize)]
202pub struct ActionDefinition {
203    /// Action name
204    pub name: String,
205    /// Description
206    pub description: String,
207    /// Required permissions
208    pub required_permissions: Vec<String>,
209}
210
211/// Encryption configuration
212#[derive(Debug, Clone, Serialize, Deserialize)]
213pub struct EncryptionConfig {
214    /// Encryption at rest
215    pub at_rest: EncryptionAtRestConfig,
216    /// Encryption in transit
217    pub in_transit: EncryptionInTransitConfig,
218    /// Key management
219    pub key_management: EncryptionKeyManagementConfig,
220}
221
222/// Encryption at rest configuration
223#[derive(Debug, Clone, Serialize, Deserialize)]
224pub struct EncryptionAtRestConfig {
225    /// Enable encryption
226    pub enabled: bool,
227    /// Encryption algorithm
228    pub algorithm: String,
229    /// Key size
230    pub key_size: usize,
231}
232
233/// Encryption in transit configuration
234#[derive(Debug, Clone, Serialize, Deserialize)]
235pub struct EncryptionInTransitConfig {
236    /// Enable encryption
237    pub enabled: bool,
238    /// TLS version
239    pub tls_version: String,
240    /// Cipher suites
241    pub cipher_suites: Vec<String>,
242}
243
244/// Encryption key management configuration
245#[derive(Debug, Clone, Serialize, Deserialize)]
246pub struct EncryptionKeyManagementConfig {
247    /// Key management service
248    pub service: KeyManagementService,
249    /// Key rotation policy
250    pub rotation_policy: EncryptionKeyRotationPolicy,
251    /// Key backup policy
252    pub backup_policy: EncryptionKeyBackupPolicy,
253}
254
255/// Key management services
256#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
257pub enum KeyManagementService {
258    AwsKms,
259    AzureKeyVault,
260    GoogleKms,
261    HashiCorpVault,
262    Custom(String),
263}
264
265/// Key rotation policy
266#[derive(Debug, Clone, Serialize, Deserialize)]
267pub struct EncryptionKeyRotationPolicy {
268    /// Enable rotation
269    pub enabled: bool,
270    /// Rotation frequency
271    pub frequency: Duration,
272    /// Automatic rotation
273    pub automatic: bool,
274}
275
276/// Key backup policy
277#[derive(Debug, Clone, Serialize, Deserialize)]
278pub struct EncryptionKeyBackupPolicy {
279    /// Enable backup
280    pub enabled: bool,
281    /// Backup frequency
282    pub frequency: Duration,
283    /// Backup locations
284    pub locations: Vec<String>,
285}
286
287/// Network security configuration
288#[derive(Debug, Clone, Serialize, Deserialize)]
289pub struct NetworkSecurityConfig {
290    /// Firewall configuration
291    pub firewall: FirewallConfig,
292    /// VPN configuration
293    pub vpn: VPNConfig,
294    /// DDoS protection
295    pub ddos_protection: DDoSProtectionConfig,
296}
297
298/// Firewall configuration
299#[derive(Debug, Clone, Serialize, Deserialize)]
300pub struct FirewallConfig {
301    /// Enable firewall
302    pub enabled: bool,
303    /// Firewall rules
304    pub rules: Vec<FirewallRule>,
305    /// Default policy
306    pub default_policy: FirewallPolicy,
307}
308
309/// Firewall rule
310#[derive(Debug, Clone, Serialize, Deserialize)]
311pub struct FirewallRule {
312    /// Rule name
313    pub name: String,
314    /// Source
315    pub source: String,
316    /// Destination
317    pub destination: String,
318    /// Port
319    pub port: String,
320    /// Protocol
321    pub protocol: String,
322    /// Action
323    pub action: FirewallAction,
324}
325
326/// Firewall policies
327#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
328pub enum FirewallPolicy {
329    Allow,
330    Deny,
331    Log,
332}
333
334/// Firewall actions
335#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
336pub enum FirewallAction {
337    Allow,
338    Deny,
339    Log,
340}
341
342/// VPN configuration
343#[derive(Debug, Clone, Serialize, Deserialize)]
344pub struct VPNConfig {
345    /// Enable VPN
346    pub enabled: bool,
347    /// VPN type
348    pub vpn_type: VPNType,
349    /// Connection settings
350    pub connection: VPNConnectionConfig,
351}
352
353/// VPN types
354#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
355pub enum VPNType {
356    SiteToSite,
357    PointToSite,
358    PointToPoint,
359    Custom(String),
360}
361
362/// VPN connection configuration
363#[derive(Debug, Clone, Serialize, Deserialize)]
364pub struct VPNConnectionConfig {
365    /// Gateway address
366    pub gateway: String,
367    /// Pre-shared key
368    pub psk: String,
369    /// Encryption
370    pub encryption: String,
371}
372
373/// DDoS protection configuration
374#[derive(Debug, Clone, Serialize, Deserialize)]
375pub struct DDoSProtectionConfig {
376    /// Enable protection
377    pub enabled: bool,
378    /// Protection level
379    pub level: DDoSProtectionLevel,
380    /// Rate limiting
381    pub rate_limiting: RateLimitingConfig,
382}
383
384/// DDoS protection levels
385#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
386pub enum DDoSProtectionLevel {
387    Basic,
388    Standard,
389    Premium,
390    Custom(String),
391}
392
393/// Rate limiting configuration
394#[derive(Debug, Clone, Serialize, Deserialize)]
395pub struct RateLimitingConfig {
396    /// Enable rate limiting
397    pub enabled: bool,
398    /// Request limits
399    pub limits: HashMap<String, usize>,
400    /// Time windows
401    pub windows: HashMap<String, Duration>,
402}
403
404/// Compliance configuration
405#[derive(Debug, Clone, Serialize, Deserialize)]
406pub struct ComplianceConfig {
407    /// Compliance frameworks
408    pub frameworks: Vec<ComplianceFramework>,
409    /// Audit configuration
410    pub audit: AuditConfig,
411    /// Data governance
412    pub data_governance: DataGovernanceConfig,
413}
414
415/// Compliance frameworks
416#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
417pub enum ComplianceFramework {
418    SOC2,
419    ISO27001,
420    GDPR,
421    HIPAA,
422    PciDss,
423    Custom(String),
424}
425
426/// Audit configuration
427#[derive(Debug, Clone, Serialize, Deserialize)]
428pub struct AuditConfig {
429    /// Enable auditing
430    pub enabled: bool,
431    /// Audit events
432    pub events: Vec<AuditEvent>,
433    /// Log retention
434    pub retention: Duration,
435}
436
437/// Audit events
438#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
439pub enum AuditEvent {
440    Authentication,
441    Authorization,
442    DataAccess,
443    ConfigChange,
444    SecurityEvent,
445    Custom(String),
446}
447
448/// Data governance configuration
449#[derive(Debug, Clone, Serialize, Deserialize)]
450pub struct DataGovernanceConfig {
451    /// Data classification
452    pub classification: DataClassificationConfig,
453    /// Data retention
454    pub retention: DataRetentionConfig,
455    /// Data privacy
456    pub privacy: DataPrivacyConfig,
457}
458
459/// Data classification configuration
460#[derive(Debug, Clone, Serialize, Deserialize)]
461pub struct DataClassificationConfig {
462    /// Classification levels
463    pub levels: Vec<ClassificationLevel>,
464    /// Auto-classification
465    pub auto_classification: bool,
466}
467
468/// Classification level
469#[derive(Debug, Clone, Serialize, Deserialize)]
470pub struct ClassificationLevel {
471    /// Level name
472    pub name: String,
473    /// Sensitivity score
474    pub sensitivity: u8,
475    /// Handling requirements
476    pub requirements: Vec<String>,
477}
478
479/// Data retention configuration
480#[derive(Debug, Clone, Serialize, Deserialize)]
481pub struct DataRetentionConfig {
482    /// Retention policies
483    pub policies: Vec<RetentionPolicy>,
484    /// Default retention
485    pub default_retention: Duration,
486}
487
488/// Retention policy
489#[derive(Debug, Clone, Serialize, Deserialize)]
490pub struct RetentionPolicy {
491    /// Data type
492    pub data_type: String,
493    /// Retention period
494    pub retention_period: Duration,
495    /// Disposal method
496    pub disposal_method: DisposalMethod,
497}
498
499/// Disposal methods
500#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
501pub enum DisposalMethod {
502    Delete,
503    Archive,
504    Anonymize,
505    Custom(String),
506}
507
508/// Data privacy configuration
509#[derive(Debug, Clone, Serialize, Deserialize)]
510pub struct DataPrivacyConfig {
511    /// Privacy controls
512    pub controls: Vec<PrivacyControl>,
513    /// Consent management
514    pub consent: ConsentManagementConfig,
515}
516
517/// Privacy controls
518#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
519pub enum PrivacyControl {
520    Anonymization,
521    Pseudonymization,
522    DataMinimization,
523    AccessControl,
524    Custom(String),
525}
526
527/// Consent management configuration
528#[derive(Debug, Clone, Serialize, Deserialize)]
529pub struct ConsentManagementConfig {
530    /// Enable consent management
531    pub enabled: bool,
532    /// Consent types
533    pub consent_types: Vec<String>,
534    /// Withdrawal process
535    pub withdrawal_process: WithdrawalProcess,
536}
537
538/// Withdrawal process
539#[derive(Debug, Clone, Serialize, Deserialize)]
540pub struct WithdrawalProcess {
541    /// Methods available
542    pub methods: Vec<WithdrawalMethod>,
543    /// Processing time
544    pub processing_time: Duration,
545    /// Confirmation required
546    pub confirmation_required: bool,
547}
548
549/// Withdrawal methods
550#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
551pub enum WithdrawalMethod {
552    Online,
553    Email,
554    Phone,
555    Mail,
556    Custom(String),
557}
quantrs2_device/cloud/orchestration/security.rs

quantrs2_device/cloud/orchestration/
security.rs
