aboutsummaryrefslogtreecommitdiff
path: root/crates/iam/src/main.rs
diff options
context:
space:
mode:
Diffstat (limited to 'crates/iam/src/main.rs')
-rw-r--r--crates/iam/src/main.rs287
1 files changed, 287 insertions, 0 deletions
diff --git a/crates/iam/src/main.rs b/crates/iam/src/main.rs
new file mode 100644
index 0000000..c187380
--- /dev/null
+++ b/crates/iam/src/main.rs
@@ -0,0 +1,287 @@
+mod api;
+mod command;
+mod util;
+
+use api::{AdminAction, Args, CliError, Command, CreateObject, GetObject, LinkObject, ListObject};
+use clap::Parser;
+use secd::{Secd, SecdError};
+use util::Result;
+
+use crate::api::ValidationMethod;
+
+const CONFIG_DIR_NAME: &str = "secdiam";
+const CONFIG_PROFILE_FILE: &str = "profiles.toml";
+const CONFIG_LOGIN_TEMPLATE: &str = "default_login.html";
+const CONFIG_SIGNUP_TEMPLATE: &str = "default_signup.html";
+const ISSUE_TRACKER_LOC: &str = "https://www.github.com/secdiam/iam";
+
+#[async_std::main]
+async fn main() {
+ match exec().await {
+ Ok(Some(s)) => println!("{}", s),
+ Err(e) => {
+ println!("{}", e);
+ std::process::exit(1);
+ }
+ _ => {}
+ }
+}
+
+async fn exec() -> Result<Option<String>> {
+ let args = Args::parse();
+ Ok(match args.command {
+ Command::Init { interactive } => admin(AdminAction::Init { interactive })
+ .await
+ .map_err(|_| CliError::AdminInitializationError)?,
+ Command::Admin { action } => admin(action).await?,
+
+ rest @ _ => {
+ let cfg = util::read_config(args.profile).map_err(|_| CliError::InvalidProfile)?;
+ let secd = Secd::init(
+ cfg.store,
+ Some(&cfg.store_conn),
+ cfg.emailer,
+ cfg.email_template_login,
+ cfg.email_template_signup,
+ )
+ .await
+ .map_err(|e| CliError::SecdInitializationFailure(e.to_string()))?;
+
+ match rest {
+ Command::Create { object } => create(&secd, object).await?,
+ Command::Get { object } => get(&secd, object).await?,
+ Command::Link { object, unlink } => link(&secd, object, unlink).await?,
+ Command::Ls {
+ object,
+ name,
+ before,
+ after,
+ } => list(&secd, object, name, before, after).await?,
+ Command::Repl => {
+ unimplemented!()
+ }
+ _ => None,
+ }
+ }
+ })
+}
+
+async fn admin(cmd: AdminAction) -> Result<Option<String>> {
+ Ok(match cmd {
+ AdminAction::Backend { action } => {
+ println!("do backend stuff!");
+ None
+ }
+ AdminAction::Create { object } => {
+ println!("do create!");
+ None
+ }
+ AdminAction::Init { interactive } => {
+ command::admin_init(interactive)
+ .await
+ .map_err(|_| CliError::AdminInitializationError)?;
+ None
+ }
+ AdminAction::Seal => {
+ println!("do seal");
+ None
+ }
+ AdminAction::Unseal { secret_key } => {
+ println!("do unseal: {}", secret_key);
+ None
+ }
+ })
+}
+async fn create(secd: &Secd, cmd: CreateObject) -> Result<Option<String>> {
+ Ok(match cmd {
+ CreateObject::ApiKey {
+ identity,
+ expires_at,
+ } => {
+ println!("create object");
+ None
+ }
+ CreateObject::Group { name, identities } => {
+ println!("create group");
+ None
+ }
+ CreateObject::Permission { services, actions } => {
+ println!("create permission");
+ None
+ }
+ CreateObject::Role { name, permissions } => {
+ println!("create role");
+ None
+ }
+ CreateObject::Service { name, uri } => {
+ println!("create service");
+ None
+ }
+ CreateObject::ServiceAction { name, program } => {
+ println!("create service action");
+ None
+ }
+ CreateObject::Session {
+ validation_id,
+ secret_code,
+ } => {
+ let session = secd
+ .exchange_code_for_session(validation_id, secret_code)
+ .await
+ .map_err(|e| match e {
+ SecdError::InvalidCode => CliError::InvalidCode,
+ _ => CliError::Unknown,
+ })?;
+ serde_json::to_string(&session).ok()
+ }
+ CreateObject::Validation { method, identity } => match method {
+ ValidationMethod::Email { address } => {
+ secd.create_validation_request(Some(&address)).await?;
+ None
+ }
+ _ => unimplemented!(),
+ },
+ })
+}
+async fn get(secd: &Secd, cmd: GetObject) -> Result<Option<String>> {
+ Ok(match cmd {
+ GetObject::ApiKey { public_key } => {
+ println!("get object api key");
+ None
+ }
+ GetObject::Group { name, id } => {
+ println!("get object group");
+ None
+ }
+ GetObject::Identity { id } => {
+ println!("get object identity");
+ None
+ }
+ GetObject::Permission { name, id } => {
+ println!("get object permission");
+ None
+ }
+ GetObject::Role { name, id } => {
+ println!("get object role");
+ None
+ }
+ GetObject::Service { name, id } => {
+ println!("get object service");
+ None
+ }
+ GetObject::ServiceAction { name, id } => {
+ println!("get object service action");
+ None
+ }
+ GetObject::Session { secret } => {
+ println!("get object session");
+ None
+ }
+ GetObject::Validation { id } => {
+ println!("get object validation");
+ None
+ }
+ })
+}
+async fn link(secd: &Secd, cmd: LinkObject, should_unlink: bool) -> Result<Option<String>> {
+ Ok(match cmd {
+ LinkObject::Group {
+ group_name,
+ group_id,
+ identity_ids,
+ } => {
+ println!("link object group");
+ None
+ }
+ LinkObject::Identity {
+ identity_id,
+ group_names,
+ group_ids,
+ } => {
+ println!("link object identity");
+ None
+ }
+ LinkObject::Permission {
+ permission_name,
+ permission_id,
+ role_names,
+ role_ids,
+ } => {
+ println!("link object permission");
+ None
+ }
+ LinkObject::Role {
+ role_name,
+ role_id,
+ permission_names,
+ permission_ids,
+ } => {
+ println!("link object role");
+ None
+ }
+ LinkObject::Service {
+ service_name,
+ service_id,
+ permission_names,
+ permission_ids,
+ } => {
+ println!("link object service");
+ None
+ }
+ LinkObject::ServiceAction {
+ service_action_name,
+ service_action_id,
+ service_name,
+ service_ids,
+ } => {
+ println!("link object service action");
+ None
+ }
+ })
+}
+async fn list(
+ secd: &Secd,
+ cmd: ListObject,
+ filter_name: Option<String>,
+ filter_before: Option<i64>,
+ filter_after: Option<i64>,
+) -> Result<Option<String>> {
+ Ok(match cmd {
+ ListObject::ApiKey => {
+ println!("list object api key");
+ None
+ }
+ ListObject::Group => {
+ println!("list object group");
+ None
+ }
+ ListObject::Identity => {
+ println!("list object identity");
+ None
+ }
+ ListObject::Permission => {
+ println!("list object permission");
+ None
+ }
+ ListObject::Role => {
+ println!("list object role");
+ None
+ }
+ ListObject::Service => {
+ println!("list object service");
+ None
+ }
+ ListObject::ServiceAction => {
+ println!("list object service action");
+ None
+ }
+ ListObject::Session => {
+ println!("list object session");
+ None
+ }
+ ListObject::Validation => {
+ println!("list object valiation");
+ None
+ }
+ })
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-06 06:39:40 +0000