aboutsummaryrefslogtreecommitdiff
path: root/crates/iam/src/main.rs
diff options
context:
space:
mode:
Diffstat (limited to 'crates/iam/src/main.rs')
-rw-r--r--crates/iam/src/main.rs247
1 files changed, 42 insertions, 205 deletions
diff --git a/crates/iam/src/main.rs b/crates/iam/src/main.rs
index ae44b46..c679af6 100644
--- a/crates/iam/src/main.rs
+++ b/crates/iam/src/main.rs
@@ -3,14 +3,14 @@ mod command;
mod util;
use anyhow::bail;
-use api::{
- AdminAction, Args, CliError, Command, CreateObject, DevObject, GetObject, LinkObject,
- ListObject,
-};
+use api::{AdminAction, Args, CliError, Command, CreateObject, DevObject, GetObject, UpdateObject};
use clap::Parser;
use command::dev_oauth2_listen;
use env_logger::Env;
-use secd::{auth::z, Secd, ENV_AUTH_STORE_CONN_STRING, ENV_SPICE_SECRET, ENV_SPICE_SERVER};
+use secd::{
+ auth::z, Credential, CredentialType, Secd, ENV_AUTH_STORE_CONN_STRING, ENV_SPICE_SECRET,
+ ENV_SPICE_SERVER,
+};
use util::{error_detail, Result};
use uuid::Uuid;
@@ -38,8 +38,7 @@ async fn main() {
async fn exec() -> Result<Option<String>> {
let args = Args::parse();
Ok(match args.command {
- Command::Init { interactive }
- | Command::Admin {
+ Command::Admin {
action: AdminAction::Init { interactive },
} => {
command::admin_init(interactive)
@@ -52,89 +51,25 @@ async fn exec() -> Result<Option<String>> {
// let cfg = util::read_config(args.profile).map_err(|_| CliError::InvalidProfile)?;
std::env::set_var(
ENV_AUTH_STORE_CONN_STRING,
+ // "sqlite:///home/benj/.config/secdiam/34wxC.sql?mode=rwc",
"postgresql://secduser:p4ssw0rd@localhost:5412/secd",
);
std::env::set_var(ENV_SPICE_SECRET, "sup3rs3cr3tk3y");
std::env::set_var(ENV_SPICE_SERVER, "http://[::1]:50051");
- let secd = Secd::init(Some(
- r#"
-definition user {}
-
-definition organization {
- relation r_member: user
- relation r_admin: user
-
- permission member = r_admin + r_member
- permission admin = r_admin
-}
-
-definition plugin {
- relation r_creator: user | organization#admin
- relation r_editor: user
- relation r_viewer: user
-
- permission creator = r_creator + r_creator->admin
- permission editor = r_editor + r_creator + r_creator->admin
- permission viewer = r_viewer + r_editor + r_creator + r_creator->admin
-}"#,
- ))
- .await
- .map_err(|e| CliError::SecdInitializationFailure(e.to_string()))?;
-
- secd.write(&vec![z::Relationship {
- subject: z::Subject::User((
- "user".into(),
- Uuid::parse_str("cd1e74de-6107-4191-a7b2-a142c549a9af").unwrap(),
- )),
- object: (
- "organization".into(),
- Uuid::parse_str("862f38b5-7f88-4b55-800f-af8da059e3a7").unwrap(),
- ),
- relation: "r_member".into(),
- }])
- .await
- .unwrap();
-
- let y = match secd
- .check(&z::Relationship {
- subject: z::Subject::User((
- "user".into(),
- Uuid::parse_str("cd1e74de-6107-4191-a7b2-a142c549a9af").unwrap(),
- )),
- object: (
- "organization".into(),
- Uuid::parse_str("862f38b5-7f88-4b55-800f-af8da059e3a7").unwrap(),
- ),
- relation: "member".into(),
- })
+ let secd = Secd::init(None)
.await
- {
- Ok(v) => v,
- Err(e) => panic!("fooooooooooooooooooooooooooooooooooooooooooooooo"),
- };
-
- println!("DID I HAZ IT? {:#?}", y);
+ .map_err(|e| CliError::SecdInitializationFailure(e.to_string()))?;
match rest {
Command::Admin { action } => admin(&secd, action).await?,
Command::Create { object } => create(&secd, object).await?,
Command::Dev { object } => dev(object).await?,
Command::Get { object } => get(&secd, object).await?,
- Command::Init { .. } => bail!(CliError::InternalError(error_detail(
- "4a696b66-6231-4a2f-811c-4448a41473d2",
- "Code path should be unreachable",
- ))),
- Command::Link { object, unlink } => todo!(),
- Command::Ls {
- object,
- name,
- before,
- after,
- } => todo!(),
Command::Repl => {
unimplemented!()
}
+ Command::Update { object } => update(&secd, object).await?,
}
}
})
@@ -162,37 +97,23 @@ async fn admin(secd: &Secd, cmd: AdminAction) -> Result<Option<String>> {
}
async fn create(secd: &Secd, cmd: CreateObject) -> Result<Option<String>> {
Ok(match cmd {
- CreateObject::ApiKey {
- identity,
- expired_at,
+ CreateObject::Credential {
+ method,
+ identity_id,
} => {
- println!("create object");
- None
- }
- CreateObject::Group { name, identities } => {
- println!("create group");
- None
- }
- CreateObject::Permission { services, actions } => {
- println!("create permission");
- None
- }
- CreateObject::Role { name, permissions } => {
- println!("create role");
- None
- }
- CreateObject::Service { name, uri } => {
- println!("create service");
- None
- }
- CreateObject::ServiceAction { name, program } => {
- println!("create service action");
- None
+ let t = match method {
+ api::CredentialMethod::Passphrase {
+ username,
+ passphrase,
+ } => CredentialType::Passphrase {
+ key: username,
+ value: passphrase,
+ },
+ };
+
+ let credential = secd.create_credential(t, identity_id).await?;
+ Some(serde_json::ser::to_string(&credential)?.to_string())
}
- CreateObject::Session {
- validation_id,
- secret_code,
- } => todo!(),
CreateObject::Validation {
method,
identity_id,
@@ -236,9 +157,13 @@ async fn get(secd: &Secd, cmd: GetObject) -> Result<Option<String>> {
println!("get object group");
None
}
- GetObject::Identity { session_token } => {
- Some(serde_json::ser::to_string(&secd.get_identity(&session_token).await?)?.to_string())
- }
+ GetObject::Identity {
+ identity_id,
+ session_token,
+ } => Some(
+ serde_json::ser::to_string(&secd.get_identity(identity_id, session_token).await?)?
+ .to_string(),
+ ),
GetObject::Permission { name, id } => {
println!("get object permission");
@@ -265,105 +190,17 @@ async fn get(secd: &Secd, cmd: GetObject) -> Result<Option<String>> {
}
})
}
-async fn link(secd: &Secd, cmd: LinkObject, should_unlink: bool) -> Result<Option<String>> {
- Ok(match cmd {
- LinkObject::Group {
- group_name,
- group_id,
- identity_ids,
- } => {
- println!("link object group");
- None
- }
- LinkObject::Identity {
- identity_id,
- group_names,
- group_ids,
- } => {
- println!("link object identity");
- None
- }
- LinkObject::Permission {
- permission_name,
- permission_id,
- role_names,
- role_ids,
- } => {
- println!("link object permission");
- None
- }
- LinkObject::Role {
- role_name,
- role_id,
- permission_names,
- permission_ids,
- } => {
- println!("link object role");
- None
- }
- LinkObject::Service {
- service_name,
- service_id,
- permission_names,
- permission_ids,
- } => {
- println!("link object service");
- None
- }
- LinkObject::ServiceAction {
- service_action_name,
- service_action_id,
- service_name,
- service_ids,
- } => {
- println!("link object service action");
- None
- }
- })
-}
-async fn list(
- secd: &Secd,
- cmd: ListObject,
- filter_name: Option<String>,
- filter_before: Option<i64>,
- filter_after: Option<i64>,
-) -> Result<Option<String>> {
+
+async fn update(secd: &Secd, cmd: UpdateObject) -> Result<Option<String>> {
Ok(match cmd {
- ListObject::ApiKey => {
- println!("list object api key");
- None
- }
- ListObject::Group => {
- println!("list object group");
- None
- }
- ListObject::Identity => {
- println!("list object identity");
- None
- }
- ListObject::Permission => {
- println!("list object permission");
- None
- }
- ListObject::Role => {
- println!("list object role");
- None
- }
- ListObject::Service => {
- println!("list object service");
- None
- }
- ListObject::ServiceAction => {
- println!("list object service action");
- None
- }
- ListObject::Session => {
- println!("list object session");
- None
- }
- ListObject::Validation => {
- println!("list object valiation");
- None
+ UpdateObject::Identity { id, metadata } => {
+ let identity = if metadata.is_some() {
+ secd.update_identity_metadata(id, metadata.unwrap()).await?
+ } else {
+ secd.get_identity(Some(id), None).await?
+ };
+
+ Some(serde_json::to_string(&identity)?.to_string())
}
})
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-06 07:11:59 +0000