From ab6d5cefbea1e8ddf41f385dd85918f651958287 Mon Sep 17 00:00:00 2001 From: benj Date: Mon, 19 Jun 2023 17:18:21 -0700 Subject: hack to allow impersonator to impersonate target --- crates/iam/Cargo.toml | 4 +++- crates/iam/src/api.rs | 6 ++++++ crates/iam/src/main.rs | 24 ++++++++++++++++-------- 3 files changed, 25 insertions(+), 9 deletions(-) (limited to 'crates/iam') diff --git a/crates/iam/Cargo.toml b/crates/iam/Cargo.toml index 2ee6fc6..25af19e 100644 --- a/crates/iam/Cargo.toml +++ b/crates/iam/Cargo.toml @@ -23,7 +23,9 @@ time = { version = "0.3", features = [ "serde" ] } tiny_http = "0.12" tokio = { version = "1.23.0", features = ["full"] } toml = "0.5.9" +tracing = "0.1.37" +tracing-subscriber = "0.3.17" thiserror = "1.0" url = "2.3.1" urlencoding = "2.1.2" -uuid = { version = "1.2", features = ["v4", "serde"]} \ No newline at end of file +uuid = { version = "1.2", features = ["v4", "serde"]} diff --git a/crates/iam/src/api.rs b/crates/iam/src/api.rs index c662e0c..7865a75 100644 --- a/crates/iam/src/api.rs +++ b/crates/iam/src/api.rs @@ -217,6 +217,12 @@ pub enum CreateObject { #[arg(long, short)] identity_id: Option, }, + Impersonator { + /// The identity which will be the source impersonator. + impersonator_id: Uuid, + /// The identity id which will be the target for impersonation, and for whom a credential will be created. + target_id: Uuid, + }, Validation { /// Method by which the validation will occur #[command(subcommand)] diff --git a/crates/iam/src/main.rs b/crates/iam/src/main.rs index 28f4e4c..41e63be 100644 --- a/crates/iam/src/main.rs +++ b/crates/iam/src/main.rs @@ -11,7 +11,6 @@ use api::{ use clap::Parser; use command::dev_oauth2_listen; -use env_logger::Env; use secd::{CredentialType, Secd}; use time::OffsetDateTime; use util::Result; @@ -24,7 +23,7 @@ const ISSUE_TRACKER_LOC: &str = "https://www.github.com/secdiam/iam"; #[tokio::main] async fn main() { - env_logger::init_from_env(Env::default().default_filter_or("debug")); + tracing_subscriber::fmt().init(); match exec().await { Ok(Some(s)) => println!("{}", s), Err(e) => { @@ -116,6 +115,13 @@ async fn create(secd: &Secd, cmd: CreateObject) -> Result> { let credential = secd.create_credential(t, identity_id, expires_at).await?; Some(serde_json::ser::to_string_pretty(&credential)?.to_string()) } + CreateObject::Impersonator { + impersonator_id, + target_id, + } => { + let credential = secd.impersonate(&impersonator_id, &target_id).await?; + Some(serde_json::to_string(&credential)?.to_string()) + } CreateObject::Validation { method, identity_id, @@ -167,9 +173,11 @@ async fn get(secd: &Secd, cmd: GetObject) -> Result> { key: username, value: passphrase, }, - ValidateObject::Session { token } => { - CredentialType::session_from_str(&token).expect("failed to build session") - } + ValidateObject::Session { token } => CredentialType::session_from_str(&token) + .expect( + "failed to 23 +build session", + ), }); Some( @@ -204,21 +212,21 @@ async fn update(secd: &Secd, cmd: UpdateObject) -> Result> { async fn validate(secd: &Secd, cmd: ValidateObject) -> Result> { let credential = match cmd { ValidateObject::ApiToken { token } => { - secd.validate_credential(CredentialType::api_token_from_str(&token)?) + secd.validate_credential(&CredentialType::api_token_from_str(&token)?) .await? } ValidateObject::Passphrase { username, passphrase, } => { - secd.validate_credential(CredentialType::Passphrase { + secd.validate_credential(&CredentialType::Passphrase { key: username, value: passphrase, }) .await? } ValidateObject::Session { token } => { - secd.validate_credential(CredentialType::session_from_str(&token)?) + secd.validate_credential(&CredentialType::session_from_str(&token)?) .await? } }; -- cgit v1.2.3