hack to allow impersonator to impersonate target

author: benj <benj@rse8.com> 2023-06-19 17:18:21 -0700
committer: benj <benj@rse8.com> 2023-06-19 17:18:21 -0700
commit: ab6d5cefbea1e8ddf41f385dd85918f651958287 (patch)
tree: ac3a6b45b1a0e6a833a627307d07e94a95ba3c23 /crates/iam
parent: 3406b370fe290559ff2445097a380d6f48d0f9af (diff)
download: secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar
secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar.gz
secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar.bz2
secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar.lz
secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar.xz
secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar.zst
secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.zip
3 files changed, 25 insertions, 9 deletions
diff --git a/crates/iam/Cargo.toml b/crates/iam/Cargo.toml
index 2ee6fc6..25af19e 100644
--- a/crates/iam/Cargo.toml
+++ b/crates/iam/Cargo.toml
@@ -23,7 +23,9 @@ time = { version = "0.3", features = [ "serde" ] }
 tiny_http = "0.12"
 tokio = { version = "1.23.0", features = ["full"] }
 toml = "0.5.9"
+tracing = "0.1.37"
+tracing-subscriber = "0.3.17"
 thiserror =  "1.0"
 url = "2.3.1"
 urlencoding = "2.1.2"
-uuid = { version = "1.2", features = ["v4", "serde"]}
-\ No newline at end of file
+uuid = { version = "1.2", features = ["v4", "serde"]}
diff --git a/crates/iam/src/api.rs b/crates/iam/src/api.rs
index c662e0c..7865a75 100644
--- a/crates/iam/src/api.rs
+++ b/crates/iam/src/api.rs
@@ -217,6 +217,12 @@ pub enum CreateObject {
         #[arg(long, short)]
         identity_id: Option<Uuid>,
     },
+    Impersonator {
+        /// The identity which will be the source impersonator.
+        impersonator_id: Uuid,
+        /// The identity id which will be the target for impersonation, and for whom a credential will be created.
+        target_id: Uuid,
+    },
     Validation {
         /// Method by which the validation will occur
         #[command(subcommand)]
diff --git a/crates/iam/src/main.rs b/crates/iam/src/main.rs
index 28f4e4c..41e63be 100644
--- a/crates/iam/src/main.rs
+++ b/crates/iam/src/main.rs
@@ -11,7 +11,6 @@ use api::{
 
 use clap::Parser;
 use command::dev_oauth2_listen;
-use env_logger::Env;
 use secd::{CredentialType, Secd};
 use time::OffsetDateTime;
 use util::Result;
@@ -24,7 +23,7 @@ const ISSUE_TRACKER_LOC: &str = "https://www.github.com/secdiam/iam";
 
 #[tokio::main]
 async fn main() {
-    env_logger::init_from_env(Env::default().default_filter_or("debug"));
+    tracing_subscriber::fmt().init();
     match exec().await {
         Ok(Some(s)) => println!("{}", s),
         Err(e) => {
@@ -116,6 +115,13 @@ async fn create(secd: &Secd, cmd: CreateObject) -> Result<Option<String>> {
             let credential = secd.create_credential(t, identity_id, expires_at).await?;
             Some(serde_json::ser::to_string_pretty(&credential)?.to_string())
         }
+        CreateObject::Impersonator {
+            impersonator_id,
+            target_id,
+        } => {
+            let credential = secd.impersonate(&impersonator_id, &target_id).await?;
+            Some(serde_json::to_string(&credential)?.to_string())
+        }
         CreateObject::Validation {
             method,
             identity_id,
@@ -167,9 +173,11 @@ async fn get(secd: &Secd, cmd: GetObject) -> Result<Option<String>> {
                     key: username,
                     value: passphrase,
                 },
-                ValidateObject::Session { token } => {
-                    CredentialType::session_from_str(&token).expect("failed to build session")
-                }
+                ValidateObject::Session { token } => CredentialType::session_from_str(&token)
+                    .expect(
+                        "failed to 23
+build session",
+                    ),
             });
 
             Some(
@@ -204,21 +212,21 @@ async fn update(secd: &Secd, cmd: UpdateObject) -> Result<Option<String>> {
 async fn validate(secd: &Secd, cmd: ValidateObject) -> Result<Option<String>> {
     let credential = match cmd {
         ValidateObject::ApiToken { token } => {
-            secd.validate_credential(CredentialType::api_token_from_str(&token)?)
+            secd.validate_credential(&CredentialType::api_token_from_str(&token)?)
                 .await?
         }
         ValidateObject::Passphrase {
             username,
             passphrase,
         } => {
-            secd.validate_credential(CredentialType::Passphrase {
+            secd.validate_credential(&CredentialType::Passphrase {
                 key: username,
                 value: passphrase,
             })
             .await?
         }
         ValidateObject::Session { token } => {
-            secd.validate_credential(CredentialType::session_from_str(&token)?)
+            secd.validate_credential(&CredentialType::session_from_str(&token)?)
                 .await?
         }
     };
author	benj <benj@rse8.com>	2023-06-19 17:18:21 -0700
committer	benj <benj@rse8.com>	2023-06-19 17:18:21 -0700
commit	ab6d5cefbea1e8ddf41f385dd85918f651958287 (patch)
tree	ac3a6b45b1a0e6a833a627307d07e94a95ba3c23 /crates/iam
parent	3406b370fe290559ff2445097a380d6f48d0f9af (diff)
download	secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar.gz secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar.bz2 secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar.lz secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar.xz secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.tar.zst secdiam-ab6d5cefbea1e8ddf41f385dd85918f651958287.zip