aboutsummaryrefslogtreecommitdiff
path: root/crates/iam/src
diff options
context:
space:
mode:
authorbenj <benj@rse8.com>2023-06-19 17:18:21 -0700
committerbenj <benj@rse8.com>2023-06-19 17:18:21 -0700
commitab6d5cefbea1e8ddf41f385dd85918f651958287 (patch)
treeac3a6b45b1a0e6a833a627307d07e94a95ba3c23 /crates/iam/src
parent3406b370fe290559ff2445097a380d6f48d0f9af (diff)
downloadsecdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar
secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar.gz
secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar.bz2
secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar.lz
secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar.xz
secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar.zst
secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.zip
hack to allow impersonator to impersonate target
Diffstat (limited to '')
-rw-r--r--crates/iam/src/api.rs6
-rw-r--r--crates/iam/src/main.rs24
2 files changed, 22 insertions, 8 deletions
diff --git a/crates/iam/src/api.rs b/crates/iam/src/api.rs
index c662e0c..7865a75 100644
--- a/crates/iam/src/api.rs
+++ b/crates/iam/src/api.rs
@@ -217,6 +217,12 @@ pub enum CreateObject {
#[arg(long, short)]
identity_id: Option<Uuid>,
},
+ Impersonator {
+ /// The identity which will be the source impersonator.
+ impersonator_id: Uuid,
+ /// The identity id which will be the target for impersonation, and for whom a credential will be created.
+ target_id: Uuid,
+ },
Validation {
/// Method by which the validation will occur
#[command(subcommand)]
diff --git a/crates/iam/src/main.rs b/crates/iam/src/main.rs
index 28f4e4c..41e63be 100644
--- a/crates/iam/src/main.rs
+++ b/crates/iam/src/main.rs
@@ -11,7 +11,6 @@ use api::{
use clap::Parser;
use command::dev_oauth2_listen;
-use env_logger::Env;
use secd::{CredentialType, Secd};
use time::OffsetDateTime;
use util::Result;
@@ -24,7 +23,7 @@ const ISSUE_TRACKER_LOC: &str = "https://www.github.com/secdiam/iam";
#[tokio::main]
async fn main() {
- env_logger::init_from_env(Env::default().default_filter_or("debug"));
+ tracing_subscriber::fmt().init();
match exec().await {
Ok(Some(s)) => println!("{}", s),
Err(e) => {
@@ -116,6 +115,13 @@ async fn create(secd: &Secd, cmd: CreateObject) -> Result<Option<String>> {
let credential = secd.create_credential(t, identity_id, expires_at).await?;
Some(serde_json::ser::to_string_pretty(&credential)?.to_string())
}
+ CreateObject::Impersonator {
+ impersonator_id,
+ target_id,
+ } => {
+ let credential = secd.impersonate(&impersonator_id, &target_id).await?;
+ Some(serde_json::to_string(&credential)?.to_string())
+ }
CreateObject::Validation {
method,
identity_id,
@@ -167,9 +173,11 @@ async fn get(secd: &Secd, cmd: GetObject) -> Result<Option<String>> {
key: username,
value: passphrase,
},
- ValidateObject::Session { token } => {
- CredentialType::session_from_str(&token).expect("failed to build session")
- }
+ ValidateObject::Session { token } => CredentialType::session_from_str(&token)
+ .expect(
+ "failed to 23
+build session",
+ ),
});
Some(
@@ -204,21 +212,21 @@ async fn update(secd: &Secd, cmd: UpdateObject) -> Result<Option<String>> {
async fn validate(secd: &Secd, cmd: ValidateObject) -> Result<Option<String>> {
let credential = match cmd {
ValidateObject::ApiToken { token } => {
- secd.validate_credential(CredentialType::api_token_from_str(&token)?)
+ secd.validate_credential(&CredentialType::api_token_from_str(&token)?)
.await?
}
ValidateObject::Passphrase {
username,
passphrase,
} => {
- secd.validate_credential(CredentialType::Passphrase {
+ secd.validate_credential(&CredentialType::Passphrase {
key: username,
value: passphrase,
})
.await?
}
ValidateObject::Session { token } => {
- secd.validate_credential(CredentialType::session_from_str(&token)?)
+ secd.validate_credential(&CredentialType::session_from_str(&token)?)
.await?
}
};
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-06 11:01:58 +0000