1use std::fmt;
2
3use secrecy::{ExposeSecret, SecretString};
4use serde::{Deserialize, Serialize};
5use zeroize::{Zeroize, ZeroizeOnDrop};
6
7use super::redaction::redact;
8
9#[derive(Debug, Serialize, Default, Zeroize, ZeroizeOnDrop)]
10pub struct AwsConfigRootRequest {
11 #[serde(skip_serializing_if = "Option::is_none")]
12 pub access_key: Option<String>,
13 #[serde(
14 serialize_with = "super::serde_secret::serialize_option",
15 skip_serializing_if = "Option::is_none"
16 )]
17 pub secret_key: Option<SecretString>,
18 #[serde(skip_serializing_if = "Option::is_none")]
19 pub region: Option<String>,
20 #[serde(skip_serializing_if = "Option::is_none")]
21 pub iam_endpoint: Option<String>,
22 #[serde(skip_serializing_if = "Option::is_none")]
23 pub sts_endpoint: Option<String>,
24 #[serde(skip_serializing_if = "Option::is_none")]
25 pub max_retries: Option<i32>,
26}
27
28impl Clone for AwsConfigRootRequest {
29 fn clone(&self) -> Self {
30 Self {
31 access_key: self.access_key.clone(),
32 secret_key: self.secret_key.clone(),
33 region: self.region.clone(),
34 iam_endpoint: self.iam_endpoint.clone(),
35 sts_endpoint: self.sts_endpoint.clone(),
36 max_retries: self.max_retries,
37 }
38 }
39}
40
41#[derive(Debug, Deserialize, Clone)]
42#[non_exhaustive]
43pub struct AwsConfigRoot {
44 #[serde(default)]
45 pub access_key: String,
46 #[serde(default)]
47 pub region: String,
48 #[serde(default)]
49 pub iam_endpoint: String,
50 #[serde(default)]
51 pub sts_endpoint: String,
52 #[serde(default)]
53 pub max_retries: i32,
54}
55
56#[derive(Debug, Serialize, Default, Clone)]
57pub struct AwsRoleRequest {
58 #[serde(skip_serializing_if = "Option::is_none")]
59 pub credential_type: Option<String>,
60 #[serde(skip_serializing_if = "Option::is_none")]
61 pub role_arns: Option<Vec<String>>,
62 #[serde(skip_serializing_if = "Option::is_none")]
63 pub policy_arns: Option<Vec<String>>,
64 #[serde(skip_serializing_if = "Option::is_none")]
65 pub policy_document: Option<String>,
66 #[serde(skip_serializing_if = "Option::is_none")]
67 pub iam_groups: Option<Vec<String>>,
68 #[serde(skip_serializing_if = "Option::is_none")]
69 pub iam_tags: Option<serde_json::Value>,
70 #[serde(skip_serializing_if = "Option::is_none")]
71 pub default_sts_ttl: Option<String>,
72 #[serde(skip_serializing_if = "Option::is_none")]
73 pub max_sts_ttl: Option<String>,
74 #[serde(skip_serializing_if = "Option::is_none")]
75 pub user_path: Option<String>,
76 #[serde(skip_serializing_if = "Option::is_none")]
77 pub permissions_boundary_arn: Option<String>,
78}
79
80#[derive(Debug, Deserialize, Clone)]
81#[non_exhaustive]
82pub struct AwsRole {
83 #[serde(default)]
84 pub credential_type: String,
85 #[serde(default)]
86 pub role_arns: Vec<String>,
87 #[serde(default)]
88 pub policy_arns: Vec<String>,
89 #[serde(default)]
90 pub policy_document: String,
91 #[serde(default)]
92 pub iam_groups: Vec<String>,
93 #[serde(default)]
94 pub default_sts_ttl: u64,
95 #[serde(default)]
96 pub max_sts_ttl: u64,
97}
98
99#[derive(Deserialize, Zeroize, ZeroizeOnDrop)]
100#[non_exhaustive]
101pub struct AwsCredentials {
102 pub access_key: String,
103 pub secret_key: SecretString,
104 #[serde(default)]
105 pub security_token: Option<SecretString>,
106 #[serde(default)]
107 pub arn: Option<String>,
108}
109
110impl Clone for AwsCredentials {
111 fn clone(&self) -> Self {
112 Self {
113 access_key: self.access_key.clone(),
114 secret_key: self.secret_key.clone(),
115 security_token: self.security_token.clone(),
116 arn: self.arn.clone(),
117 }
118 }
119}
120
121impl fmt::Debug for AwsCredentials {
122 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
123 f.debug_struct("AwsCredentials")
124 .field("access_key", &self.access_key)
125 .field("secret_key", &redact(self.secret_key.expose_secret()))
126 .field(
127 "security_token",
128 &self
129 .security_token
130 .as_ref()
131 .map(|s| redact(s.expose_secret())),
132 )
133 .field("arn", &self.arn)
134 .finish()
135 }
136}
137
138#[derive(Debug, Serialize, Default, Clone)]
139pub struct AwsStsRequest {
140 #[serde(skip_serializing_if = "Option::is_none")]
141 pub role_arn: Option<String>,
142 #[serde(skip_serializing_if = "Option::is_none")]
143 pub ttl: Option<String>,
144}
145
146#[derive(Debug, Serialize, Default, Zeroize, ZeroizeOnDrop)]
149pub struct AwsAuthConfigRequest {
150 #[serde(skip_serializing_if = "Option::is_none")]
151 pub access_key: Option<String>,
152 #[serde(
153 serialize_with = "super::serde_secret::serialize_option",
154 skip_serializing_if = "Option::is_none"
155 )]
156 pub secret_key: Option<SecretString>,
157 #[serde(skip_serializing_if = "Option::is_none")]
158 pub endpoint: Option<String>,
159 #[serde(skip_serializing_if = "Option::is_none")]
160 pub iam_endpoint: Option<String>,
161 #[serde(skip_serializing_if = "Option::is_none")]
162 pub sts_endpoint: Option<String>,
163 #[serde(skip_serializing_if = "Option::is_none")]
164 pub sts_region: Option<String>,
165 #[serde(skip_serializing_if = "Option::is_none")]
166 pub max_retries: Option<i32>,
167}
168
169impl Clone for AwsAuthConfigRequest {
170 fn clone(&self) -> Self {
171 Self {
172 access_key: self.access_key.clone(),
173 secret_key: self.secret_key.clone(),
174 endpoint: self.endpoint.clone(),
175 iam_endpoint: self.iam_endpoint.clone(),
176 sts_endpoint: self.sts_endpoint.clone(),
177 sts_region: self.sts_region.clone(),
178 max_retries: self.max_retries,
179 }
180 }
181}
182
183#[derive(Debug, Deserialize, Clone)]
184#[non_exhaustive]
185pub struct AwsAuthConfig {
186 #[serde(default)]
187 pub access_key: String,
188 #[serde(default)]
189 pub endpoint: String,
190 #[serde(default)]
191 pub iam_endpoint: String,
192 #[serde(default)]
193 pub sts_endpoint: String,
194 #[serde(default)]
195 pub sts_region: String,
196 #[serde(default)]
197 pub max_retries: i32,
198}
199
200#[derive(Debug, Serialize, Default, Clone)]
201pub struct AwsAuthRoleRequest {
202 #[serde(skip_serializing_if = "Option::is_none")]
203 pub auth_type: Option<String>,
204 #[serde(skip_serializing_if = "Option::is_none")]
205 pub bound_ami_id: Option<Vec<String>>,
206 #[serde(skip_serializing_if = "Option::is_none")]
207 pub bound_account_id: Option<Vec<String>>,
208 #[serde(skip_serializing_if = "Option::is_none")]
209 pub bound_region: Option<Vec<String>>,
210 #[serde(skip_serializing_if = "Option::is_none")]
211 pub bound_vpc_id: Option<Vec<String>>,
212 #[serde(skip_serializing_if = "Option::is_none")]
213 pub bound_subnet_id: Option<Vec<String>>,
214 #[serde(skip_serializing_if = "Option::is_none")]
215 pub bound_iam_role_arn: Option<Vec<String>>,
216 #[serde(skip_serializing_if = "Option::is_none")]
217 pub bound_iam_instance_profile_arn: Option<Vec<String>>,
218 #[serde(skip_serializing_if = "Option::is_none")]
219 pub bound_iam_principal_arn: Option<Vec<String>>,
220 #[serde(skip_serializing_if = "Option::is_none")]
221 pub bound_ec2_instance_id: Option<Vec<String>>,
222 #[serde(skip_serializing_if = "Option::is_none")]
223 pub token_ttl: Option<String>,
224 #[serde(skip_serializing_if = "Option::is_none")]
225 pub token_max_ttl: Option<String>,
226 #[serde(skip_serializing_if = "Option::is_none")]
227 pub token_policies: Option<Vec<String>>,
228}
229
230#[derive(Debug, Deserialize, Clone)]
231#[non_exhaustive]
232pub struct AwsAuthRoleInfo {
233 #[serde(default)]
234 pub auth_type: String,
235 #[serde(default)]
236 pub bound_ami_id: Vec<String>,
237 #[serde(default)]
238 pub bound_account_id: Vec<String>,
239 #[serde(default)]
240 pub bound_region: Vec<String>,
241 #[serde(default)]
242 pub bound_iam_role_arn: Vec<String>,
243 #[serde(default)]
244 pub bound_iam_principal_arn: Vec<String>,
245 #[serde(default)]
246 pub token_ttl: u64,
247 #[serde(default)]
248 pub token_max_ttl: u64,
249 #[serde(default)]
250 pub token_policies: Vec<String>,
251}
252
253#[derive(Debug, Serialize, Default, Zeroize, ZeroizeOnDrop)]
254pub struct AwsAuthLoginRequest {
255 #[serde(skip_serializing_if = "Option::is_none")]
256 pub role: Option<String>,
257 #[serde(
258 serialize_with = "super::serde_secret::serialize_option",
259 skip_serializing_if = "Option::is_none"
260 )]
261 pub identity: Option<SecretString>,
262 #[serde(
263 serialize_with = "super::serde_secret::serialize_option",
264 skip_serializing_if = "Option::is_none"
265 )]
266 pub signature: Option<SecretString>,
267 #[serde(
268 serialize_with = "super::serde_secret::serialize_option",
269 skip_serializing_if = "Option::is_none"
270 )]
271 pub pkcs7: Option<SecretString>,
272 #[serde(skip_serializing_if = "Option::is_none")]
273 pub nonce: Option<String>,
274 #[serde(skip_serializing_if = "Option::is_none")]
275 pub iam_http_request_method: Option<String>,
276 #[serde(skip_serializing_if = "Option::is_none")]
277 pub iam_request_url: Option<String>,
278 #[serde(skip_serializing_if = "Option::is_none")]
279 pub iam_request_body: Option<String>,
280 #[serde(skip_serializing_if = "Option::is_none")]
281 pub iam_request_headers: Option<String>,
282}
283
284impl Clone for AwsAuthLoginRequest {
285 fn clone(&self) -> Self {
286 Self {
287 role: self.role.clone(),
288 identity: self.identity.clone(),
289 signature: self.signature.clone(),
290 pkcs7: self.pkcs7.clone(),
291 nonce: self.nonce.clone(),
292 iam_http_request_method: self.iam_http_request_method.clone(),
293 iam_request_url: self.iam_request_url.clone(),
294 iam_request_body: self.iam_request_body.clone(),
295 iam_request_headers: self.iam_request_headers.clone(),
296 }
297 }
298}