diff options
| author | benj <benj@rse8.com> | 2023-04-24 13:24:45 -0700 |
|---|---|---|
| committer | benj <benj@rse8.com> | 2023-04-24 13:24:45 -0700 |
| commit | eb92f823c31a5e702af7005231f0d6915aad3342 (patch) | |
| tree | bb624786a47accb2dfcfe95d20c00c9624c28a9c /crates/iam/src/main.rs | |
| parent | 176aae037400b43cb3971cd968afe59c73b3097a (diff) | |
| download | secdiam-eb92f823c31a5e702af7005231f0d6915aad3342.tar secdiam-eb92f823c31a5e702af7005231f0d6915aad3342.tar.gz secdiam-eb92f823c31a5e702af7005231f0d6915aad3342.tar.bz2 secdiam-eb92f823c31a5e702af7005231f0d6915aad3342.tar.lz secdiam-eb92f823c31a5e702af7005231f0d6915aad3342.tar.xz secdiam-eb92f823c31a5e702af7005231f0d6915aad3342.tar.zst secdiam-eb92f823c31a5e702af7005231f0d6915aad3342.zip | |
email templates, sendgrid, creds, and some experimental things
Started playing with namespace configs and integrating with zanzibar impls. Still lot's of experimenting and dead code going on.
Diffstat (limited to '')
| -rw-r--r-- | crates/iam/src/main.rs | 247 |
1 files changed, 42 insertions, 205 deletions
diff --git a/crates/iam/src/main.rs b/crates/iam/src/main.rs index ae44b46..c679af6 100644 --- a/crates/iam/src/main.rs +++ b/crates/iam/src/main.rs @@ -3,14 +3,14 @@ mod command; mod util; use anyhow::bail; -use api::{ - AdminAction, Args, CliError, Command, CreateObject, DevObject, GetObject, LinkObject, - ListObject, -}; +use api::{AdminAction, Args, CliError, Command, CreateObject, DevObject, GetObject, UpdateObject}; use clap::Parser; use command::dev_oauth2_listen; use env_logger::Env; -use secd::{auth::z, Secd, ENV_AUTH_STORE_CONN_STRING, ENV_SPICE_SECRET, ENV_SPICE_SERVER}; +use secd::{ + auth::z, Credential, CredentialType, Secd, ENV_AUTH_STORE_CONN_STRING, ENV_SPICE_SECRET, + ENV_SPICE_SERVER, +}; use util::{error_detail, Result}; use uuid::Uuid; @@ -38,8 +38,7 @@ async fn main() { async fn exec() -> Result<Option<String>> { let args = Args::parse(); Ok(match args.command { - Command::Init { interactive } - | Command::Admin { + Command::Admin { action: AdminAction::Init { interactive }, } => { command::admin_init(interactive) @@ -52,89 +51,25 @@ async fn exec() -> Result<Option<String>> { // let cfg = util::read_config(args.profile).map_err(|_| CliError::InvalidProfile)?; std::env::set_var( ENV_AUTH_STORE_CONN_STRING, + // "sqlite:///home/benj/.config/secdiam/34wxC.sql?mode=rwc", "postgresql://secduser:p4ssw0rd@localhost:5412/secd", ); std::env::set_var(ENV_SPICE_SECRET, "sup3rs3cr3tk3y"); std::env::set_var(ENV_SPICE_SERVER, "http://[::1]:50051"); - let secd = Secd::init(Some( - r#" -definition user {} - -definition organization { - relation r_member: user - relation r_admin: user - - permission member = r_admin + r_member - permission admin = r_admin -} - -definition plugin { - relation r_creator: user | organization#admin - relation r_editor: user - relation r_viewer: user - - permission creator = r_creator + r_creator->admin - permission editor = r_editor + r_creator + r_creator->admin - permission viewer = r_viewer + r_editor + r_creator + r_creator->admin -}"#, - )) - .await - .map_err(|e| CliError::SecdInitializationFailure(e.to_string()))?; - - secd.write(&vec![z::Relationship { - subject: z::Subject::User(( - "user".into(), - Uuid::parse_str("cd1e74de-6107-4191-a7b2-a142c549a9af").unwrap(), - )), - object: ( - "organization".into(), - Uuid::parse_str("862f38b5-7f88-4b55-800f-af8da059e3a7").unwrap(), - ), - relation: "r_member".into(), - }]) - .await - .unwrap(); - - let y = match secd - .check(&z::Relationship { - subject: z::Subject::User(( - "user".into(), - Uuid::parse_str("cd1e74de-6107-4191-a7b2-a142c549a9af").unwrap(), - )), - object: ( - "organization".into(), - Uuid::parse_str("862f38b5-7f88-4b55-800f-af8da059e3a7").unwrap(), - ), - relation: "member".into(), - }) + let secd = Secd::init(None) .await - { - Ok(v) => v, - Err(e) => panic!("fooooooooooooooooooooooooooooooooooooooooooooooo"), - }; - - println!("DID I HAZ IT? {:#?}", y); + .map_err(|e| CliError::SecdInitializationFailure(e.to_string()))?; match rest { Command::Admin { action } => admin(&secd, action).await?, Command::Create { object } => create(&secd, object).await?, Command::Dev { object } => dev(object).await?, Command::Get { object } => get(&secd, object).await?, - Command::Init { .. } => bail!(CliError::InternalError(error_detail( - "4a696b66-6231-4a2f-811c-4448a41473d2", - "Code path should be unreachable", - ))), - Command::Link { object, unlink } => todo!(), - Command::Ls { - object, - name, - before, - after, - } => todo!(), Command::Repl => { unimplemented!() } + Command::Update { object } => update(&secd, object).await?, } } }) @@ -162,37 +97,23 @@ async fn admin(secd: &Secd, cmd: AdminAction) -> Result<Option<String>> { } async fn create(secd: &Secd, cmd: CreateObject) -> Result<Option<String>> { Ok(match cmd { - CreateObject::ApiKey { - identity, - expired_at, + CreateObject::Credential { + method, + identity_id, } => { - println!("create object"); - None - } - CreateObject::Group { name, identities } => { - println!("create group"); - None - } - CreateObject::Permission { services, actions } => { - println!("create permission"); - None - } - CreateObject::Role { name, permissions } => { - println!("create role"); - None - } - CreateObject::Service { name, uri } => { - println!("create service"); - None - } - CreateObject::ServiceAction { name, program } => { - println!("create service action"); - None + let t = match method { + api::CredentialMethod::Passphrase { + username, + passphrase, + } => CredentialType::Passphrase { + key: username, + value: passphrase, + }, + }; + + let credential = secd.create_credential(t, identity_id).await?; + Some(serde_json::ser::to_string(&credential)?.to_string()) } - CreateObject::Session { - validation_id, - secret_code, - } => todo!(), CreateObject::Validation { method, identity_id, @@ -236,9 +157,13 @@ async fn get(secd: &Secd, cmd: GetObject) -> Result<Option<String>> { println!("get object group"); None } - GetObject::Identity { session_token } => { - Some(serde_json::ser::to_string(&secd.get_identity(&session_token).await?)?.to_string()) - } + GetObject::Identity { + identity_id, + session_token, + } => Some( + serde_json::ser::to_string(&secd.get_identity(identity_id, session_token).await?)? + .to_string(), + ), GetObject::Permission { name, id } => { println!("get object permission"); @@ -265,105 +190,17 @@ async fn get(secd: &Secd, cmd: GetObject) -> Result<Option<String>> { } }) } -async fn link(secd: &Secd, cmd: LinkObject, should_unlink: bool) -> Result<Option<String>> { - Ok(match cmd { - LinkObject::Group { - group_name, - group_id, - identity_ids, - } => { - println!("link object group"); - None - } - LinkObject::Identity { - identity_id, - group_names, - group_ids, - } => { - println!("link object identity"); - None - } - LinkObject::Permission { - permission_name, - permission_id, - role_names, - role_ids, - } => { - println!("link object permission"); - None - } - LinkObject::Role { - role_name, - role_id, - permission_names, - permission_ids, - } => { - println!("link object role"); - None - } - LinkObject::Service { - service_name, - service_id, - permission_names, - permission_ids, - } => { - println!("link object service"); - None - } - LinkObject::ServiceAction { - service_action_name, - service_action_id, - service_name, - service_ids, - } => { - println!("link object service action"); - None - } - }) -} -async fn list( - secd: &Secd, - cmd: ListObject, - filter_name: Option<String>, - filter_before: Option<i64>, - filter_after: Option<i64>, -) -> Result<Option<String>> { + +async fn update(secd: &Secd, cmd: UpdateObject) -> Result<Option<String>> { Ok(match cmd { - ListObject::ApiKey => { - println!("list object api key"); - None - } - ListObject::Group => { - println!("list object group"); - None - } - ListObject::Identity => { - println!("list object identity"); - None - } - ListObject::Permission => { - println!("list object permission"); - None - } - ListObject::Role => { - println!("list object role"); - None - } - ListObject::Service => { - println!("list object service"); - None - } - ListObject::ServiceAction => { - println!("list object service action"); - None - } - ListObject::Session => { - println!("list object session"); - None - } - ListObject::Validation => { - println!("list object valiation"); - None + UpdateObject::Identity { id, metadata } => { + let identity = if metadata.is_some() { + secd.update_identity_metadata(id, metadata.unwrap()).await? + } else { + secd.get_identity(Some(id), None).await? + }; + + Some(serde_json::to_string(&identity)?.to_string()) } }) } |