Skip to main content

tf_types/generated/
profile_spec.rs

1// GENERATED by `tf-schema codegen --target rust` — DO NOT EDIT BY HAND.
2
3#![allow(unused_imports, non_camel_case_types, non_snake_case, clippy::all)]
4
5use serde::{Deserialize, Serialize};
6use super::*;
7
8#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
9pub struct Feature {
10    /// Stable feature identifier the FeatureGate exposes (e.g. policy-engine, transparency-anchor.rfc6962).
11    pub id: String,
12    /// Human-readable description.
13    #[serde(skip_serializing_if = "Option::is_none", default)]
14    pub description: Option<String>,
15    /// TF-XXXX or DECISIONS.md reference.
16    #[serde(skip_serializing_if = "Option::is_none", default)]
17    pub spec_ref: Option<String>,
18}
19
20/// Declarative profile specification (TF-0010 conformance label + TF-0001 'profiles control complexity'). A profile lists the MUST and SHOULD features a deployment claiming the label has to satisfy. The runtime FeatureGate consults this so daemons can refuse to start when a claimed profile demands a feature that isn't enabled.
21#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
22pub struct ProfileSpec {
23    /// Version of the profile-spec schema.
24    pub profile_version: ProfileSpec_ProfileVersion,
25    /// Conformance-label identifier, e.g. tf-home-compatible.
26    pub profile_id: String,
27    /// Human-readable profile label.
28    pub label: String,
29    /// Free-text description of when this profile applies.
30    #[serde(skip_serializing_if = "Option::is_none", default)]
31    pub description: Option<String>,
32    /// Mandatory features. A daemon claiming this profile MUST satisfy every entry.
33    pub must: Vec<Feature>,
34    /// Recommended features.
35    pub should: Vec<Feature>,
36    /// Features the profile forbids (e.g. constrained profile MUST NOT enable WebSocket-only listener).
37    #[serde(skip_serializing_if = "Option::is_none", default)]
38    pub must_not: Option<Vec<Feature>>,
39    /// Minimum EnforcementLevel the daemon must run at when claiming this profile.
40    #[serde(skip_serializing_if = "Option::is_none", default)]
41    pub min_enforcement_level: Option<ProfileSpec_MinEnforcementLevel>,
42    /// Minimum proof level for actions emitted under this profile.
43    #[serde(skip_serializing_if = "Option::is_none", default)]
44    pub min_proof_level: Option<ProofLevel>,
45    /// Bridge kinds the profile requires (e.g. ['spiffe', 'webauthn']).
46    #[serde(skip_serializing_if = "Option::is_none", default)]
47    pub required_bridges: Option<Vec<String>>,
48    /// Transparency anchor kinds the profile requires.
49    #[serde(skip_serializing_if = "Option::is_none", default)]
50    pub required_anchors: Option<Vec<ProfileSpec_RequiredAnchors_Item>>,
51}
52
53/// Minimum EnforcementLevel the daemon must run at when claiming this profile.
54#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
55pub enum ProfileSpec_MinEnforcementLevel {
56    #[serde(rename = "E0")]
57    E0,
58    #[serde(rename = "E1")]
59    E1,
60    #[serde(rename = "E2")]
61    E2,
62    #[serde(rename = "E3")]
63    E3,
64    #[serde(rename = "E4")]
65    E4,
66    #[serde(rename = "E5")]
67    E5,
68}
69
70/// Version of the profile-spec schema.
71#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
72pub enum ProfileSpec_ProfileVersion {
73    #[serde(rename = "1")]
74    V1,
75}
76
77#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
78pub enum ProfileSpec_RequiredAnchors_Item {
79    #[serde(rename = "rfc6962")]
80    Rfc6962,
81    #[serde(rename = "sigstore")]
82    Sigstore,
83    #[serde(rename = "rfc3161")]
84    Rfc3161,
85    #[serde(rename = "memory")]
86    Memory,
87    #[serde(rename = "custom")]
88    Custom,
89}