1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288

/* Copyright (c) Fortanix, Inc.
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

use super::*;

/// A Principal who can approve or deny an approval request.
#[derive(Copy, PartialEq, Eq, Hash, Debug, Serialize, Deserialize, Clone)]
#[serde(rename_all = "lowercase")]
pub enum ReviewerPrincipal {
    App(Uuid),
    User(Uuid),
}

/// Approval request status.
#[derive(Debug, Eq, PartialEq, Copy, Serialize, Deserialize, Clone)]
#[serde(rename_all = "UPPERCASE")]
pub enum ApprovalStatus {
    Pending,
    Approved,
    Denied,
    Failed,
}

/// Identifies an object acted upon by an approval request.
#[derive(Copy, Eq, PartialEq, Hash, Debug, Serialize, Deserialize, Clone)]
#[serde(rename_all = "lowercase")]
pub enum ApprovalSubject {
    Group(Uuid),
    Sobject(Uuid),
    App(Uuid),
    Plugin(Uuid),
    Account(Uuid),
    NewAccount,
}

/// Reviewer of an approval request.
#[derive(Debug, Eq, PartialEq, Serialize, Deserialize, Clone)]
pub struct Reviewer {
    #[serde(flatten)]
    pub entity: ReviewerPrincipal,
    #[serde(default)]
    pub requires_password: bool,
    #[serde(default)]
    pub requires_2fa: bool,
}

#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct ApprovalRequest {
    pub acct_id: Uuid,
    pub approvers: Vec<ReviewerPrincipal>,
    #[serde(default)]
    pub body: Option<serde_json::Value>,
    pub created_at: Time,
    #[serde(default)]
    pub denier: Option<ReviewerPrincipal>,
    #[serde(default)]
    pub description: Option<String>,
    pub expiry: Time,
    pub method: String,
    pub operation: String,
    pub request_id: Uuid,
    pub requester: Principal,
    #[serde(default)]
    pub reviewers: Option<Vec<Reviewer>>,
    pub status: ApprovalStatus,
    #[serde(default)]
    pub subjects: Option<HashSet<ApprovalSubject>>,
}

#[derive(Default, Debug, Serialize, Deserialize, Clone)]
pub struct ApprovalRequestRequest {
    #[serde(default)]
    pub body: Option<serde_json::Value>,
    #[serde(default)]
    pub description: Option<String>,
    #[serde(default)]
    pub method: Option<String>,
    #[serde(default)]
    pub operation: Option<String>,
}

#[derive(Serialize, Deserialize, Clone, Default)]
pub struct ListApprovalRequestsParams {
    pub requester: Option<Uuid>,
    pub reviewer: Option<Uuid>,
    pub subject: Option<Uuid>,
    pub status: Option<ApprovalStatus>,
}

impl UrlEncode for ListApprovalRequestsParams {
    fn url_encode(&self, m: &mut HashMap<&'static str, String>) {
        if let Some(ref v) = self.requester {
            m.insert("requester", v.to_string());
        }
        if let Some(ref v) = self.reviewer {
            m.insert("reviewer", v.to_string());
        }
        if let Some(ref v) = self.subject {
            m.insert("subject", v.to_string());
        }
        if let Some(ref v) = self.status {
            m.insert("status", v.to_string());
        }
    }
}

#[derive(Debug, Eq, PartialEq, Default, Serialize, Deserialize, Clone)]
pub struct ApproveRequest {
    /// Password is required if the approval policy requires password authentication.
    pub password: Option<String>,
    /// U2F is required if the approval policy requires two factor authentication.
    pub u2f: Option<U2fAuthRequest>,
}

pub struct OperationListApprovalRequests;
#[allow(unused)]
impl Operation for OperationListApprovalRequests {
    type PathParams = ();
    type QueryParams = ListApprovalRequestsParams;
    type Body = ();
    type Output = Vec<ApprovalRequest>;

    fn method() -> Method {
        Method::Get
    }
    fn path(p: <Self::PathParams as TupleRef>::Ref, q: Option<&Self::QueryParams>) -> String {
        format!("/sys/v1/approval_requests?{q}", q = q.encode())
    }
    fn to_body(body: &Self::Body) -> Option<serde_json::Value> {
        None
    }
}

impl SdkmsClient {
    pub fn list_approval_requests(
        &self,
        query_params: Option<&ListApprovalRequestsParams>,
    ) -> Result<Vec<ApprovalRequest>> {
        self.execute::<OperationListApprovalRequests>(&(), (), query_params)
    }
}

pub struct OperationGetApprovalRequest;
#[allow(unused)]
impl Operation for OperationGetApprovalRequest {
    type PathParams = (Uuid,);
    type QueryParams = ();
    type Body = ();
    type Output = ApprovalRequest;

    fn method() -> Method {
        Method::Get
    }
    fn path(p: <Self::PathParams as TupleRef>::Ref, q: Option<&Self::QueryParams>) -> String {
        format!("/sys/v1/approval_requests/{id}", id = p.0)
    }
    fn to_body(body: &Self::Body) -> Option<serde_json::Value> {
        None
    }
}

impl SdkmsClient {
    pub fn get_approval_request(&self, id: &Uuid) -> Result<ApprovalRequest> {
        self.execute::<OperationGetApprovalRequest>(&(), (id,), None)
    }
}

pub struct OperationCreateApprovalRequest;
#[allow(unused)]
impl Operation for OperationCreateApprovalRequest {
    type PathParams = ();
    type QueryParams = ();
    type Body = ApprovalRequestRequest;
    type Output = ApprovalRequest;

    fn method() -> Method {
        Method::Post
    }
    fn path(p: <Self::PathParams as TupleRef>::Ref, q: Option<&Self::QueryParams>) -> String {
        format!("/sys/v1/approval_requests")
    }
}

impl SdkmsClient {
    pub fn create_approval_request(&self, req: &ApprovalRequestRequest) -> Result<ApprovalRequest> {
        self.execute::<OperationCreateApprovalRequest>(req, (), None)
    }
}

pub struct OperationApproveRequest;
#[allow(unused)]
impl Operation for OperationApproveRequest {
    type PathParams = (Uuid,);
    type QueryParams = ();
    type Body = ApproveRequest;
    type Output = ApprovalRequest;

    fn method() -> Method {
        Method::Post
    }
    fn path(p: <Self::PathParams as TupleRef>::Ref, q: Option<&Self::QueryParams>) -> String {
        format!("/sys/v1/approval_requests/{id}/approve", id = p.0)
    }
}

impl SdkmsClient {
    pub fn approve_request(&self, id: &Uuid, req: &ApproveRequest) -> Result<ApprovalRequest> {
        self.execute::<OperationApproveRequest>(req, (id,), None)
    }
}

pub struct OperationDenyRequest;
#[allow(unused)]
impl Operation for OperationDenyRequest {
    type PathParams = (Uuid,);
    type QueryParams = ();
    type Body = ();
    type Output = ApprovalRequest;

    fn method() -> Method {
        Method::Post
    }
    fn path(p: <Self::PathParams as TupleRef>::Ref, q: Option<&Self::QueryParams>) -> String {
        format!("/sys/v1/approval_requests/{id}/deny", id = p.0)
    }
    fn to_body(body: &Self::Body) -> Option<serde_json::Value> {
        None
    }
}

impl SdkmsClient {
    pub fn deny_request(&self, id: &Uuid) -> Result<ApprovalRequest> {
        self.execute::<OperationDenyRequest>(&(), (id,), None)
    }
}

pub struct OperationGetApprovalRequestResult;
#[allow(unused)]
impl Operation for OperationGetApprovalRequestResult {
    type PathParams = (Uuid,);
    type QueryParams = ();
    type Body = ();
    type Output = ApprovableResult;

    fn method() -> Method {
        Method::Post
    }
    fn path(p: <Self::PathParams as TupleRef>::Ref, q: Option<&Self::QueryParams>) -> String {
        format!("/sys/v1/approval_requests/{id}/result", id = p.0)
    }
    fn to_body(body: &Self::Body) -> Option<serde_json::Value> {
        None
    }
}

impl SdkmsClient {
    pub fn get_approval_request_result(&self, id: &Uuid) -> Result<ApprovableResult> {
        self.execute::<OperationGetApprovalRequestResult>(&(), (id,), None)
    }
}

pub struct OperationDeleteApprovalRequest;
#[allow(unused)]
impl Operation for OperationDeleteApprovalRequest {
    type PathParams = (Uuid,);
    type QueryParams = ();
    type Body = ();
    type Output = ();

    fn method() -> Method {
        Method::Delete
    }
    fn path(p: <Self::PathParams as TupleRef>::Ref, q: Option<&Self::QueryParams>) -> String {
        format!("/sys/v1/approval_requests/{id}", id = p.0)
    }
    fn to_body(body: &Self::Body) -> Option<serde_json::Value> {
        None
    }
}

impl SdkmsClient {
    pub fn delete_approval_request(&self, id: &Uuid) -> Result<()> {
        self.execute::<OperationDeleteApprovalRequest>(&(), (id,), None)
    }
}