1use std::collections::HashMap;
2use std::fmt;
3
4use secrecy::{ExposeSecret, SecretString};
5use serde::{Deserialize, Deserializer, Serialize};
6use zeroize::{Zeroize, ZeroizeOnDrop};
7
8use super::redaction::redact;
9
10fn null_to_default<'de, D, T>(deserializer: D) -> Result<T, D::Error>
11where
12 D: Deserializer<'de>,
13 T: Default + Deserialize<'de>,
14{
15 Ok(Option::<T>::deserialize(deserializer)?.unwrap_or_default())
16}
17
18#[derive(Debug, Serialize, Default, Clone)]
21pub struct TokenCreateRequest {
22 #[serde(skip_serializing_if = "Option::is_none")]
23 pub id: Option<String>,
24 #[serde(skip_serializing_if = "Option::is_none")]
25 pub policies: Option<Vec<String>>,
26 #[serde(skip_serializing_if = "Option::is_none")]
27 pub meta: Option<HashMap<String, String>>,
28 #[serde(skip_serializing_if = "Option::is_none")]
29 pub no_parent: Option<bool>,
30 #[serde(skip_serializing_if = "Option::is_none")]
31 pub no_default_policy: Option<bool>,
32 #[serde(skip_serializing_if = "Option::is_none")]
33 pub renewable: Option<bool>,
34 #[serde(skip_serializing_if = "Option::is_none")]
35 pub ttl: Option<String>,
36 #[serde(skip_serializing_if = "Option::is_none")]
37 pub explicit_max_ttl: Option<String>,
38 #[serde(skip_serializing_if = "Option::is_none")]
39 pub display_name: Option<String>,
40 #[serde(skip_serializing_if = "Option::is_none")]
41 pub num_uses: Option<u64>,
42 #[serde(skip_serializing_if = "Option::is_none")]
43 pub period: Option<String>,
44 #[serde(skip_serializing_if = "Option::is_none")]
45 pub entity_alias: Option<String>,
46}
47
48#[derive(Deserialize, Zeroize, ZeroizeOnDrop)]
49#[non_exhaustive]
50pub struct TokenLookupResponse {
51 pub accessor: String,
52 pub creation_time: u64,
53 pub creation_ttl: u64,
54 pub display_name: String,
55 pub entity_id: String,
56 pub expire_time: Option<String>,
57 pub explicit_max_ttl: u64,
58 pub id: SecretString,
59 pub issue_time: String,
60 #[zeroize(skip)]
61 pub meta: Option<HashMap<String, String>>,
62 pub num_uses: u64,
63 pub orphan: bool,
64 pub path: String,
65 #[serde(default)]
66 pub policies: Vec<String>,
67 pub renewable: bool,
68 pub ttl: u64,
69 #[serde(rename = "type")]
70 pub token_type: String,
71}
72
73impl Clone for TokenLookupResponse {
74 fn clone(&self) -> Self {
75 Self {
76 accessor: self.accessor.clone(),
77 creation_time: self.creation_time,
78 creation_ttl: self.creation_ttl,
79 display_name: self.display_name.clone(),
80 entity_id: self.entity_id.clone(),
81 expire_time: self.expire_time.clone(),
82 explicit_max_ttl: self.explicit_max_ttl,
83 id: self.id.clone(),
84 issue_time: self.issue_time.clone(),
85 meta: self.meta.clone(),
86 num_uses: self.num_uses,
87 orphan: self.orphan,
88 path: self.path.clone(),
89 policies: self.policies.clone(),
90 renewable: self.renewable,
91 ttl: self.ttl,
92 token_type: self.token_type.clone(),
93 }
94 }
95}
96
97impl fmt::Debug for TokenLookupResponse {
98 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
99 f.debug_struct("TokenLookupResponse")
100 .field("accessor", &self.accessor)
101 .field("creation_time", &self.creation_time)
102 .field("creation_ttl", &self.creation_ttl)
103 .field("display_name", &self.display_name)
104 .field("entity_id", &self.entity_id)
105 .field("expire_time", &self.expire_time)
106 .field("explicit_max_ttl", &self.explicit_max_ttl)
107 .field("id", &redact(self.id.expose_secret()))
108 .field("issue_time", &self.issue_time)
109 .field("meta", &self.meta)
110 .field("num_uses", &self.num_uses)
111 .field("orphan", &self.orphan)
112 .field("path", &self.path)
113 .field("policies", &self.policies)
114 .field("renewable", &self.renewable)
115 .field("ttl", &self.ttl)
116 .field("token_type", &self.token_type)
117 .finish()
118 }
119}
120
121#[derive(Debug, Serialize, Default, Clone)]
124pub struct AppRoleCreateRequest {
125 #[serde(skip_serializing_if = "Option::is_none")]
126 pub bind_secret_id: Option<bool>,
127 #[serde(skip_serializing_if = "Option::is_none")]
128 pub secret_id_bound_cidrs: Option<Vec<String>>,
129 #[serde(skip_serializing_if = "Option::is_none")]
130 pub token_bound_cidrs: Option<Vec<String>>,
131 #[serde(skip_serializing_if = "Option::is_none")]
132 pub token_policies: Option<Vec<String>>,
133 #[serde(skip_serializing_if = "Option::is_none")]
134 pub token_ttl: Option<String>,
135 #[serde(skip_serializing_if = "Option::is_none")]
136 pub token_max_ttl: Option<String>,
137 #[serde(skip_serializing_if = "Option::is_none")]
138 pub token_num_uses: Option<u64>,
139 #[serde(skip_serializing_if = "Option::is_none")]
140 pub token_type: Option<String>,
141}
142
143#[derive(Debug, Deserialize, Clone)]
144#[non_exhaustive]
145pub struct AppRoleInfo {
146 pub bind_secret_id: bool,
147 #[serde(default, deserialize_with = "null_to_default")]
148 pub secret_id_bound_cidrs: Vec<String>,
149 #[serde(default, deserialize_with = "null_to_default")]
150 pub token_bound_cidrs: Vec<String>,
151 #[serde(default, deserialize_with = "null_to_default")]
152 pub token_policies: Vec<String>,
153 pub token_ttl: u64,
154 pub token_max_ttl: u64,
155 pub token_num_uses: u64,
156 #[serde(default)]
157 pub token_type: String,
158}
159
160#[derive(Debug, Deserialize)]
161pub(crate) struct AppRoleRoleIdResponse {
162 pub role_id: String,
163}
164
165#[derive(Deserialize, Zeroize, ZeroizeOnDrop)]
166#[non_exhaustive]
167pub struct AppRoleSecretIdResponse {
168 pub secret_id: SecretString,
169 pub secret_id_accessor: String,
170 pub secret_id_num_uses: u64,
171 pub secret_id_ttl: u64,
172}
173
174impl Clone for AppRoleSecretIdResponse {
175 fn clone(&self) -> Self {
176 Self {
177 secret_id: self.secret_id.clone(),
178 secret_id_accessor: self.secret_id_accessor.clone(),
179 secret_id_num_uses: self.secret_id_num_uses,
180 secret_id_ttl: self.secret_id_ttl,
181 }
182 }
183}
184
185impl fmt::Debug for AppRoleSecretIdResponse {
186 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
187 f.debug_struct("AppRoleSecretIdResponse")
188 .field("secret_id", &redact(self.secret_id.expose_secret()))
189 .field("secret_id_accessor", &self.secret_id_accessor)
190 .field("secret_id_num_uses", &self.secret_id_num_uses)
191 .field("secret_id_ttl", &self.secret_id_ttl)
192 .finish()
193 }
194}
195
196#[derive(Debug, Deserialize, Clone)]
199#[non_exhaustive]
200pub struct K8sAuthRoleInfo {
201 #[serde(default)]
202 pub bound_service_account_names: Vec<String>,
203 #[serde(default)]
204 pub bound_service_account_namespaces: Vec<String>,
205 #[serde(default)]
206 pub token_policies: Vec<String>,
207 #[serde(default)]
208 pub token_ttl: u64,
209 #[serde(default)]
210 pub token_max_ttl: u64,
211 #[serde(default)]
212 pub token_type: String,
213}
214
215#[derive(Debug, Serialize, Default, Zeroize, ZeroizeOnDrop)]
216pub struct K8sAuthConfigRequest {
217 pub kubernetes_host: String,
218 #[serde(skip_serializing_if = "Option::is_none")]
219 pub kubernetes_ca_cert: Option<String>,
220 #[serde(
221 serialize_with = "super::serde_secret::serialize_option",
222 skip_serializing_if = "Option::is_none"
223 )]
224 pub token_reviewer_jwt: Option<SecretString>,
225 #[serde(skip_serializing_if = "Option::is_none")]
226 pub disable_local_ca_jwt: Option<bool>,
227}
228
229impl Clone for K8sAuthConfigRequest {
230 fn clone(&self) -> Self {
231 Self {
232 kubernetes_host: self.kubernetes_host.clone(),
233 kubernetes_ca_cert: self.kubernetes_ca_cert.clone(),
234 token_reviewer_jwt: self.token_reviewer_jwt.clone(),
235 disable_local_ca_jwt: self.disable_local_ca_jwt,
236 }
237 }
238}
239
240#[derive(Debug, Serialize, Default, Clone)]
241pub struct K8sAuthRoleRequest {
242 pub bound_service_account_names: Vec<String>,
243 pub bound_service_account_namespaces: Vec<String>,
244 #[serde(skip_serializing_if = "Option::is_none")]
245 pub token_policies: Option<Vec<String>>,
246 #[serde(skip_serializing_if = "Option::is_none")]
247 pub token_ttl: Option<String>,
248 #[serde(skip_serializing_if = "Option::is_none")]
249 pub token_max_ttl: Option<String>,
250}
251
252#[derive(Debug, Serialize, Default, Zeroize, ZeroizeOnDrop)]
255pub struct UserpassUserRequest {
256 #[serde(
257 serialize_with = "super::serde_secret::serialize_option",
258 skip_serializing_if = "Option::is_none"
259 )]
260 pub password: Option<SecretString>,
261 #[serde(skip_serializing_if = "Option::is_none")]
262 pub token_policies: Option<Vec<String>>,
263 #[serde(skip_serializing_if = "Option::is_none")]
264 pub token_ttl: Option<String>,
265 #[serde(skip_serializing_if = "Option::is_none")]
266 pub token_max_ttl: Option<String>,
267 #[serde(skip_serializing_if = "Option::is_none")]
268 pub token_bound_cidrs: Option<Vec<String>>,
269 #[serde(skip_serializing_if = "Option::is_none")]
270 pub token_num_uses: Option<u64>,
271}
272
273impl Clone for UserpassUserRequest {
274 fn clone(&self) -> Self {
275 Self {
276 password: self.password.clone(),
277 token_policies: self.token_policies.clone(),
278 token_ttl: self.token_ttl.clone(),
279 token_max_ttl: self.token_max_ttl.clone(),
280 token_bound_cidrs: self.token_bound_cidrs.clone(),
281 token_num_uses: self.token_num_uses,
282 }
283 }
284}
285
286#[derive(Debug, Deserialize, Clone)]
287#[non_exhaustive]
288pub struct UserpassUserInfo {
289 #[serde(default)]
290 pub token_policies: Vec<String>,
291 pub token_ttl: u64,
292 pub token_max_ttl: u64,
293 #[serde(default)]
294 pub token_bound_cidrs: Vec<String>,
295 pub token_num_uses: u64,
296}
297
298#[derive(Debug, Serialize, Default, Zeroize, ZeroizeOnDrop)]
301pub struct LdapConfigRequest {
302 pub url: String,
303 #[serde(skip_serializing_if = "Option::is_none")]
304 pub userdn: Option<String>,
305 #[serde(skip_serializing_if = "Option::is_none")]
306 pub userattr: Option<String>,
307 #[serde(skip_serializing_if = "Option::is_none")]
308 pub groupdn: Option<String>,
309 #[serde(skip_serializing_if = "Option::is_none")]
310 pub groupattr: Option<String>,
311 #[serde(skip_serializing_if = "Option::is_none")]
312 pub groupfilter: Option<String>,
313 #[serde(skip_serializing_if = "Option::is_none")]
314 pub binddn: Option<String>,
315 #[serde(
316 serialize_with = "super::serde_secret::serialize_option",
317 skip_serializing_if = "Option::is_none"
318 )]
319 pub bindpass: Option<SecretString>,
320 #[serde(skip_serializing_if = "Option::is_none")]
321 pub starttls: Option<bool>,
322 #[serde(skip_serializing_if = "Option::is_none")]
323 pub insecure_tls: Option<bool>,
324 #[serde(skip_serializing_if = "Option::is_none")]
325 pub certificate: Option<String>,
326 #[serde(skip_serializing_if = "Option::is_none")]
327 pub token_policies: Option<Vec<String>>,
328 #[serde(skip_serializing_if = "Option::is_none")]
329 pub token_ttl: Option<String>,
330 #[serde(skip_serializing_if = "Option::is_none")]
331 pub token_max_ttl: Option<String>,
332}
333
334impl Clone for LdapConfigRequest {
335 fn clone(&self) -> Self {
336 Self {
337 url: self.url.clone(),
338 userdn: self.userdn.clone(),
339 userattr: self.userattr.clone(),
340 groupdn: self.groupdn.clone(),
341 groupattr: self.groupattr.clone(),
342 groupfilter: self.groupfilter.clone(),
343 binddn: self.binddn.clone(),
344 bindpass: self.bindpass.clone(),
345 starttls: self.starttls,
346 insecure_tls: self.insecure_tls,
347 certificate: self.certificate.clone(),
348 token_policies: self.token_policies.clone(),
349 token_ttl: self.token_ttl.clone(),
350 token_max_ttl: self.token_max_ttl.clone(),
351 }
352 }
353}
354
355#[derive(Debug, Deserialize, Clone)]
356#[non_exhaustive]
357pub struct LdapConfig {
358 pub url: String,
359 pub userdn: String,
360 pub userattr: String,
361 pub groupdn: String,
362 pub groupattr: String,
363 pub groupfilter: String,
364 pub starttls: bool,
365 pub insecure_tls: bool,
366}
367
368#[derive(Debug, Serialize, Default, Clone)]
369pub struct LdapGroupRequest {
370 #[serde(skip_serializing_if = "Option::is_none")]
371 pub policies: Option<Vec<String>>,
372}
373
374#[derive(Debug, Deserialize, Clone)]
375#[non_exhaustive]
376pub struct LdapGroup {
377 #[serde(default)]
378 pub policies: Vec<String>,
379}
380
381#[derive(Debug, Serialize, Default, Clone)]
382pub struct LdapUserRequest {
383 #[serde(skip_serializing_if = "Option::is_none")]
384 pub policies: Option<Vec<String>>,
385 #[serde(skip_serializing_if = "Option::is_none")]
386 pub groups: Option<Vec<String>>,
387}
388
389#[derive(Debug, Deserialize, Clone)]
390#[non_exhaustive]
391pub struct LdapUser {
392 #[serde(default)]
393 pub policies: Vec<String>,
394 #[serde(default)]
395 pub groups: Vec<String>,
396}
397
398#[derive(Debug, Serialize, Default, Clone)]
401pub struct CertRoleRequest {
402 pub certificate: String,
403 #[serde(skip_serializing_if = "Option::is_none")]
404 pub allowed_common_names: Option<Vec<String>>,
405 #[serde(skip_serializing_if = "Option::is_none")]
406 pub allowed_dns_sans: Option<Vec<String>>,
407 #[serde(skip_serializing_if = "Option::is_none")]
408 pub allowed_uri_sans: Option<Vec<String>>,
409 #[serde(skip_serializing_if = "Option::is_none")]
410 pub required_extensions: Option<Vec<String>>,
411 #[serde(skip_serializing_if = "Option::is_none")]
412 pub token_policies: Option<Vec<String>>,
413 #[serde(skip_serializing_if = "Option::is_none")]
414 pub token_ttl: Option<String>,
415 #[serde(skip_serializing_if = "Option::is_none")]
416 pub token_max_ttl: Option<String>,
417 #[serde(skip_serializing_if = "Option::is_none")]
418 pub display_name: Option<String>,
419}
420
421#[derive(Debug, Deserialize, Clone)]
422#[non_exhaustive]
423pub struct CertRoleInfo {
424 pub certificate: String,
425 #[serde(default)]
426 pub allowed_common_names: Vec<String>,
427 #[serde(default)]
428 pub allowed_dns_sans: Vec<String>,
429 #[serde(default)]
430 pub token_policies: Vec<String>,
431 pub token_ttl: u64,
432 pub token_max_ttl: u64,
433 pub display_name: String,
434}
435
436#[derive(Debug, Serialize, Default, Clone)]
439pub struct GithubConfigRequest {
440 pub organization: String,
441 #[serde(skip_serializing_if = "Option::is_none")]
442 pub base_url: Option<String>,
443 #[serde(skip_serializing_if = "Option::is_none")]
444 pub token_policies: Option<Vec<String>>,
445 #[serde(skip_serializing_if = "Option::is_none")]
446 pub token_ttl: Option<String>,
447 #[serde(skip_serializing_if = "Option::is_none")]
448 pub token_max_ttl: Option<String>,
449}
450
451#[derive(Debug, Deserialize, Clone)]
452#[non_exhaustive]
453pub struct GithubConfig {
454 pub organization: String,
455 pub base_url: String,
456 #[serde(default)]
457 pub token_policies: Vec<String>,
458 pub token_ttl: u64,
459 pub token_max_ttl: u64,
460}
461
462#[derive(Debug, Serialize, Default, Clone)]
463pub struct GithubTeamMapping {
464 #[serde(skip_serializing_if = "Option::is_none")]
465 pub value: Option<String>,
466}
467
468#[derive(Debug, Deserialize, Clone)]
469#[non_exhaustive]
470pub struct GithubTeamInfo {
471 #[serde(default)]
472 pub value: String,
473}
474
475#[derive(Debug, Serialize, Default, Zeroize, ZeroizeOnDrop)]
478pub struct OidcConfigRequest {
479 #[serde(skip_serializing_if = "Option::is_none")]
480 pub oidc_discovery_url: Option<String>,
481 #[serde(skip_serializing_if = "Option::is_none")]
482 pub oidc_client_id: Option<String>,
483 #[serde(
484 serialize_with = "super::serde_secret::serialize_option",
485 skip_serializing_if = "Option::is_none"
486 )]
487 pub oidc_client_secret: Option<SecretString>,
488 #[serde(skip_serializing_if = "Option::is_none")]
489 pub jwt_validation_pubkeys: Option<Vec<String>>,
490 #[serde(skip_serializing_if = "Option::is_none")]
491 pub bound_issuer: Option<String>,
492 #[serde(skip_serializing_if = "Option::is_none")]
493 pub default_role: Option<String>,
494 #[serde(skip_serializing_if = "Option::is_none")]
495 pub jwt_supported_algs: Option<Vec<String>>,
496}
497
498impl Clone for OidcConfigRequest {
499 fn clone(&self) -> Self {
500 Self {
501 oidc_discovery_url: self.oidc_discovery_url.clone(),
502 oidc_client_id: self.oidc_client_id.clone(),
503 oidc_client_secret: self.oidc_client_secret.clone(),
504 jwt_validation_pubkeys: self.jwt_validation_pubkeys.clone(),
505 bound_issuer: self.bound_issuer.clone(),
506 default_role: self.default_role.clone(),
507 jwt_supported_algs: self.jwt_supported_algs.clone(),
508 }
509 }
510}
511
512#[derive(Debug, Deserialize, Clone)]
513#[non_exhaustive]
514pub struct OidcConfig {
515 pub oidc_discovery_url: Option<String>,
516 pub oidc_client_id: Option<String>,
517 pub bound_issuer: Option<String>,
518 pub default_role: Option<String>,
519 #[serde(default)]
520 pub jwt_supported_algs: Vec<String>,
521}
522
523#[derive(Debug, Serialize, Default, Clone)]
524pub struct OidcRoleRequest {
525 #[serde(skip_serializing_if = "Option::is_none")]
526 pub role_type: Option<String>,
527 #[serde(skip_serializing_if = "Option::is_none")]
528 pub bound_audiences: Option<Vec<String>>,
529 #[serde(skip_serializing_if = "Option::is_none")]
530 pub user_claim: Option<String>,
531 #[serde(skip_serializing_if = "Option::is_none")]
532 pub bound_claims: Option<HashMap<String, String>>,
533 #[serde(skip_serializing_if = "Option::is_none")]
534 pub token_policies: Option<Vec<String>>,
535 #[serde(skip_serializing_if = "Option::is_none")]
536 pub token_ttl: Option<String>,
537 #[serde(skip_serializing_if = "Option::is_none")]
538 pub token_max_ttl: Option<String>,
539 #[serde(skip_serializing_if = "Option::is_none")]
540 pub allowed_redirect_uris: Option<Vec<String>>,
541 #[serde(skip_serializing_if = "Option::is_none")]
542 pub groups_claim: Option<String>,
543 #[serde(skip_serializing_if = "Option::is_none")]
544 pub claim_mappings: Option<HashMap<String, String>>,
545}
546
547#[derive(Debug, Deserialize, Clone)]
548#[non_exhaustive]
549pub struct OidcRoleInfo {
550 pub role_type: String,
551 #[serde(default)]
552 pub bound_audiences: Vec<String>,
553 pub user_claim: String,
554 #[serde(default)]
555 pub bound_claims: HashMap<String, String>,
556 #[serde(default)]
557 pub token_policies: Vec<String>,
558 pub token_ttl: u64,
559 pub token_max_ttl: u64,
560 #[serde(default)]
561 pub allowed_redirect_uris: Vec<String>,
562}
563
564#[derive(Debug, Serialize, Zeroize, ZeroizeOnDrop)]
567pub struct RadiusConfigRequest {
568 pub host: String,
569 #[serde(serialize_with = "super::serde_secret::serialize")]
570 pub secret: SecretString,
571 #[serde(skip_serializing_if = "Option::is_none")]
572 pub port: Option<u16>,
573 #[serde(skip_serializing_if = "Option::is_none")]
574 pub unregistered_user_policies: Option<String>,
575 #[serde(skip_serializing_if = "Option::is_none")]
576 pub dial_timeout: Option<u64>,
577 #[serde(skip_serializing_if = "Option::is_none")]
578 pub read_timeout: Option<u64>,
579 #[serde(skip_serializing_if = "Option::is_none")]
580 pub nas_port: Option<u16>,
581 #[serde(skip_serializing_if = "Option::is_none")]
582 pub token_policies: Option<Vec<String>>,
583 #[serde(skip_serializing_if = "Option::is_none")]
584 pub token_ttl: Option<String>,
585 #[serde(skip_serializing_if = "Option::is_none")]
586 pub token_max_ttl: Option<String>,
587}
588
589impl Clone for RadiusConfigRequest {
590 fn clone(&self) -> Self {
591 Self {
592 host: self.host.clone(),
593 secret: self.secret.clone(),
594 port: self.port,
595 unregistered_user_policies: self.unregistered_user_policies.clone(),
596 dial_timeout: self.dial_timeout,
597 read_timeout: self.read_timeout,
598 nas_port: self.nas_port,
599 token_policies: self.token_policies.clone(),
600 token_ttl: self.token_ttl.clone(),
601 token_max_ttl: self.token_max_ttl.clone(),
602 }
603 }
604}
605
606#[derive(Debug, Deserialize, Clone)]
607#[non_exhaustive]
608pub struct RadiusConfig {
609 pub host: String,
610 #[serde(default)]
611 pub port: u16,
612 #[serde(default)]
613 pub unregistered_user_policies: String,
614 #[serde(default)]
615 pub dial_timeout: u64,
616 #[serde(default)]
617 pub read_timeout: u64,
618 #[serde(default)]
619 pub nas_port: u16,
620}
621
622#[derive(Debug, Serialize, Default, Clone)]
623pub struct RadiusUserRequest {
624 #[serde(skip_serializing_if = "Option::is_none")]
625 pub policies: Option<Vec<String>>,
626}
627
628#[derive(Debug, Deserialize, Clone)]
629#[non_exhaustive]
630pub struct RadiusUser {
631 #[serde(default)]
632 pub policies: Vec<String>,
633}
634
635#[derive(Debug, Serialize, Default, Zeroize, ZeroizeOnDrop)]
638pub struct KerberosConfigRequest {
639 #[serde(
640 serialize_with = "super::serde_secret::serialize_option",
641 skip_serializing_if = "Option::is_none"
642 )]
643 pub keytab: Option<SecretString>,
644 #[serde(skip_serializing_if = "Option::is_none")]
645 pub service_account: Option<String>,
646}
647
648impl Clone for KerberosConfigRequest {
649 fn clone(&self) -> Self {
650 Self {
651 keytab: self.keytab.clone(),
652 service_account: self.service_account.clone(),
653 }
654 }
655}
656
657#[derive(Debug, Deserialize, Clone)]
658#[non_exhaustive]
659pub struct KerberosConfig {
660 #[serde(default)]
661 pub service_account: String,
662}
663
664#[derive(Debug, Serialize, Default, Zeroize, ZeroizeOnDrop)]
665pub struct KerberosLdapConfigRequest {
666 pub url: String,
667 #[serde(skip_serializing_if = "Option::is_none")]
668 pub userdn: Option<String>,
669 #[serde(skip_serializing_if = "Option::is_none")]
670 pub userattr: Option<String>,
671 #[serde(skip_serializing_if = "Option::is_none")]
672 pub groupdn: Option<String>,
673 #[serde(skip_serializing_if = "Option::is_none")]
674 pub groupattr: Option<String>,
675 #[serde(skip_serializing_if = "Option::is_none")]
676 pub groupfilter: Option<String>,
677 #[serde(skip_serializing_if = "Option::is_none")]
678 pub binddn: Option<String>,
679 #[serde(
680 serialize_with = "super::serde_secret::serialize_option",
681 skip_serializing_if = "Option::is_none"
682 )]
683 pub bindpass: Option<SecretString>,
684 #[serde(skip_serializing_if = "Option::is_none")]
685 pub starttls: Option<bool>,
686 #[serde(skip_serializing_if = "Option::is_none")]
687 pub insecure_tls: Option<bool>,
688 #[serde(skip_serializing_if = "Option::is_none")]
689 pub certificate: Option<String>,
690 #[serde(skip_serializing_if = "Option::is_none")]
691 pub token_policies: Option<Vec<String>>,
692 #[serde(skip_serializing_if = "Option::is_none")]
693 pub token_ttl: Option<String>,
694 #[serde(skip_serializing_if = "Option::is_none")]
695 pub token_max_ttl: Option<String>,
696}
697
698impl Clone for KerberosLdapConfigRequest {
699 fn clone(&self) -> Self {
700 Self {
701 url: self.url.clone(),
702 userdn: self.userdn.clone(),
703 userattr: self.userattr.clone(),
704 groupdn: self.groupdn.clone(),
705 groupattr: self.groupattr.clone(),
706 groupfilter: self.groupfilter.clone(),
707 binddn: self.binddn.clone(),
708 bindpass: self.bindpass.clone(),
709 starttls: self.starttls,
710 insecure_tls: self.insecure_tls,
711 certificate: self.certificate.clone(),
712 token_policies: self.token_policies.clone(),
713 token_ttl: self.token_ttl.clone(),
714 token_max_ttl: self.token_max_ttl.clone(),
715 }
716 }
717}
718
719#[derive(Debug, Deserialize, Clone)]
720#[non_exhaustive]
721pub struct KerberosLdapConfig {
722 pub url: String,
723 #[serde(default)]
724 pub userdn: String,
725 #[serde(default)]
726 pub userattr: String,
727 #[serde(default)]
728 pub groupdn: String,
729 #[serde(default)]
730 pub groupattr: String,
731 #[serde(default)]
732 pub groupfilter: String,
733 pub starttls: bool,
734 pub insecure_tls: bool,
735}
736
737#[derive(Debug, Serialize, Default, Clone)]
738pub struct KerberosGroupRequest {
739 #[serde(skip_serializing_if = "Option::is_none")]
740 pub policies: Option<Vec<String>>,
741}
742
743#[derive(Debug, Deserialize, Clone)]
744#[non_exhaustive]
745pub struct KerberosGroup {
746 #[serde(default)]
747 pub policies: Vec<String>,
748}