From 6fd2bdaba54b56798c7e9d8fb3a0ffe361d9ba76 Mon Sep 17 00:00:00 2001 From: Augustus Mayo Date: Tue, 19 Nov 2024 06:57:05 -0600 Subject: [PATCH 1/6] Fix mapper serialization --- v-api/src/mapper/mod.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/v-api/src/mapper/mod.rs b/v-api/src/mapper/mod.rs index b3d65d9..66bb307 100644 --- a/v-api/src/mapper/mod.rs +++ b/v-api/src/mapper/mod.rs @@ -79,6 +79,7 @@ pub enum MappingRulesData { Default(DefaultMapperData), EmailAddress(EmailAddressMapperData), EmailDomain(EmailDomainMapperData), + #[serde(rename = "github_username")] GitHubUsername(GitHubUsernameMapperData), } From a4ec3918cf75dbc459e0b12cd3e97fd5a4ae21bf Mon Sep 17 00:00:00 2001 From: Augustus Mayo Date: Tue, 19 Nov 2024 09:54:31 -0600 Subject: [PATCH 2/6] Add more endpoint comments --- v-api/src/endpoints/handlers.rs | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/v-api/src/endpoints/handlers.rs b/v-api/src/endpoints/handlers.rs index d5a4731..a2210aa 100644 --- a/v-api/src/endpoints/handlers.rs +++ b/v-api/src/endpoints/handlers.rs @@ -302,7 +302,7 @@ mod macros { // DEVICE CODE - // Get the metadata about an OAuth provider necessary to begin a device code exchange + /// Retrieve the metadata about an OAuth provider #[endpoint { method = GET, path = "/login/oauth/{provider}/device" @@ -314,6 +314,7 @@ mod macros { get_device_provider_op(&rqctx, path).await } + /// Exchange an OAuth device code request for an access token #[endpoint { method = POST, path = "/login/oauth/{provider}/device/exchange", @@ -327,8 +328,9 @@ mod macros { exchange_device_token_op(&rqctx, path, body).await } - // MAGIC LINK + // MAGIC LINK + /// Send a new magic link authentication link #[endpoint { method = POST, path = "/login/magic/{channel}/send" @@ -341,6 +343,7 @@ mod macros { magic_link_send_op(&rqctx, path, body).await } + /// Exchange a magic link access code for an access token #[endpoint { method = POST, path = "/login/magic/{channel}/exchange" @@ -392,7 +395,7 @@ mod macros { // API USER - /// Retrieve the user information of the calling user + /// View details for the calling user #[endpoint { method = GET, path = "/self", @@ -403,7 +406,7 @@ mod macros { get_self_op(&rqctx).await } - /// Get user information for a given user id + /// View details for a user #[endpoint { method = GET, path = "/api-user/{user_id}", @@ -415,7 +418,7 @@ mod macros { get_api_user_op(&rqctx, path).await } - /// Create a new user with a given set of permissions + /// Create a new user #[endpoint { method = POST, path = "/api-user", @@ -440,7 +443,7 @@ mod macros { update_api_user_op(&rqctx, path.into_inner(), body.into_inner()).await } - /// List the active and expired API tokens for a given user + /// List api keys for a user #[endpoint { method = GET, path = "/api-user/{user_id}/token", @@ -452,8 +455,7 @@ mod macros { list_api_user_tokens_op(&rqctx, path.into_inner()).await } - // Create a new API token for a given user with a specific set of permissions and expiration. This - // is the only time that the returned token will be accessible + /// Create a new api key for a user #[endpoint { method = POST, path = "/api-user/{user_id}/token", @@ -466,7 +468,7 @@ mod macros { create_api_user_token_op(&rqctx, path.into_inner(), body.into_inner()).await } - // Get details for a specific API token + /// View details of an api key for a user #[endpoint { method = GET, path = "/api-user/{user_id}/token/{api_key_id}", @@ -478,7 +480,7 @@ mod macros { get_api_user_token_op(&rqctx, path.into_inner()).await } - // Revoke a specific API token so it can no longer be used + /// Revoke an api key for a user #[endpoint { method = DELETE, path = "/api-user/{user_id}/token/{api_key_id}", @@ -490,6 +492,7 @@ mod macros { delete_api_user_token_op(&rqctx, path.into_inner()).await } + /// Add a user to a group #[endpoint { method = POST, path = "/api-user/{user_id}/group", @@ -502,6 +505,7 @@ mod macros { add_api_user_to_group_op(&rqctx, path.into_inner(), body.into_inner()).await } + /// Remove a user from a group #[endpoint { method = DELETE, path = "/api-user/{user_id}/group/{group_id}", @@ -528,6 +532,7 @@ mod macros { // GROUPS + /// List all groups #[endpoint { method = GET, path = "/group", @@ -538,6 +543,7 @@ mod macros { get_groups_op(&rqctx).await } + /// Create a group #[endpoint { method = POST, path = "/group", @@ -549,6 +555,7 @@ mod macros { create_group_op(&rqctx, body.into_inner()).await } + /// Update a group #[endpoint { method = PUT, path = "/group/{group_id}", @@ -561,6 +568,7 @@ mod macros { update_group_op(&rqctx, path.into_inner(), body.into_inner()).await } + /// Delete a group #[endpoint { method = DELETE, path = "/group/{group_id}", @@ -574,6 +582,7 @@ mod macros { // MAPPERS + /// List all mappers #[endpoint { method = GET, path = "/mapper", @@ -585,6 +594,7 @@ mod macros { get_mappers_op(&rqctx, query.into_inner()).await } + /// Create a mapper #[endpoint { method = POST, path = "/mapper", @@ -596,6 +606,7 @@ mod macros { create_mapper_op(&rqctx, body.into_inner()).await } + /// Delete a mapper #[endpoint { method = DELETE, path = "/mapper/{mapper_id}", @@ -611,6 +622,7 @@ mod macros { use v_api::endpoints::login::local::{local_login_op, LocalLogin}; #[cfg(feature = "local-dev")] + /// Login as a local development user #[endpoint { method = POST, path = "/login/local" From 19c009e7a1b9593c9da66d2898747ff47873124c Mon Sep 17 00:00:00 2001 From: Augustus Mayo Date: Tue, 19 Nov 2024 10:13:06 -0600 Subject: [PATCH 3/6] Start documenting mappers --- v-api/src/mapper/mod.rs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/v-api/src/mapper/mod.rs b/v-api/src/mapper/mod.rs index 66bb307..59e9556 100644 --- a/v-api/src/mapper/mod.rs +++ b/v-api/src/mapper/mod.rs @@ -35,11 +35,14 @@ pub mod email_domain; pub mod github_username; #[async_trait] +/// Mapping rules that determine permissions and groups for users pub trait MapperRule: Send + Sync where T: VAppPermission, { + /// Determines the permissions for a given user. async fn permissions_for(&self, user: &UserInfo) -> Result, StoreError>; + /// Determines the access groups for a given user. async fn groups_for( &self, user: &UserInfo, @@ -54,11 +57,15 @@ pub enum MappingEngineError { Other(Box), } +/// Interface for generating mapping rules from mapper configurations pub trait MappingEngine: Send + Sync + 'static { + /// Creates a new mapping rule from a Mapper configuration fn create_mapping(&self, value: Mapper) -> Result>, MappingEngineError>; + /// Validates whether the provided data represents a known mapping rule fn validate_mapping_data(&self, value: &Value) -> bool; } +/// Default implementation of the MappingEngine trait pub struct DefaultMappingEngine { caller: Caller, group: GroupContext, @@ -73,6 +80,7 @@ where } } +/// The default mapping rule configurations that are supported by the default mapping engine #[derive(Debug, Deserialize, Serialize, JsonSchema)] #[serde(tag = "rule", rename_all = "snake_case")] pub enum MappingRulesData { From d1d16a78e6a10cac798a8a1b845c71993ab01f5d Mon Sep 17 00:00:00 2001 From: "oxide-renovate[bot]" <146848827+oxide-renovate[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 15:49:46 -0600 Subject: [PATCH 4/6] Update Rust crate mockall to 0.13.1 (#172) Co-authored-by: oxide-renovate[bot] <146848827+oxide-renovate[bot]@users.noreply.github.com> --- Cargo.lock | 8 ++++---- Cargo.toml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index da0d1db..0b0bd77 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1386,9 +1386,9 @@ dependencies = [ [[package]] name = "mockall" -version = "0.13.0" +version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d4c28b3fb6d753d28c20e826cd46ee611fda1cf3cde03a443a974043247c065a" +checksum = "39a6bfcc6c8c7eed5ee98b9c3e33adc726054389233e201c95dab2d41a3839d2" dependencies = [ "cfg-if", "downcast", @@ -1400,9 +1400,9 @@ dependencies = [ [[package]] name = "mockall_derive" -version = "0.13.0" +version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "341014e7f530314e9a1fdbc7400b244efea7122662c96bfa248c31da5bfb2020" +checksum = "25ca3004c2efe9011bd4e461bd8256445052b9615405b4f7ea43fc8ca5c20898" dependencies = [ "cfg-if", "proc-macro2", diff --git a/Cargo.toml b/Cargo.toml index e4d32f2..c31b3ce 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -25,7 +25,7 @@ http = "1" http-body-util = "0.1.2" hyper = "1.5.0" jsonwebtoken = "9.3.0" -mockall = "0.13.0" +mockall = "0.13.1" newtype-uuid = { version = "1.1.3", features = ["schemars08", "serde", "v4"] } oauth2 = { version = "4.4.2", default-features = false, features = ["rustls-tls"] } partial-struct = { git = "https://github.com/oxidecomputer/partial-struct" } From 786f6ae0114476adb47c9229e698831650847b41 Mon Sep 17 00:00:00 2001 From: "oxide-renovate[bot]" <146848827+oxide-renovate[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 15:50:06 -0600 Subject: [PATCH 5/6] Update Rust crate serde_json to v1.0.133 (#171) Co-authored-by: oxide-renovate[bot] <146848827+oxide-renovate[bot]@users.noreply.github.com> --- Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0b0bd77..2c28bdd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2166,9 +2166,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.132" +version = "1.0.133" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d726bfaff4b320266d395898905d0eba0345aae23b54aee3a737e260fd46db03" +checksum = "c7fceb2473b9166b2294ef05efcb65a3db80803f0b03ef86a5fc88a2b85ee377" dependencies = [ "itoa", "memchr", From 032cc120a38f7274c348db608bc78d67c89944bd Mon Sep 17 00:00:00 2001 From: "oxide-renovate[bot]" <146848827+oxide-renovate[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 15:50:19 -0600 Subject: [PATCH 6/6] Lock file maintenance (#173) Co-authored-by: oxide-renovate[bot] <146848827+oxide-renovate[bot]@users.noreply.github.com> --- Cargo.lock | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2c28bdd..5c2637f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -203,9 +203,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.37" +version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "40545c26d092346d8a8dab71ee48e7685a7a9cba76e634790c215b41a4a7b4cf" +checksum = "fd9de9f2205d5ef3fd67e685b0df337994ddd4495e2a28d185500d0e1edfea47" dependencies = [ "shlex", ] @@ -265,9 +265,9 @@ checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" [[package]] name = "cpufeatures" -version = "0.2.14" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0" +checksum = "0ca741a962e1b0bff6d724a1a0958b686406e853bb14061f218562e1896f95e6" dependencies = [ "libc", ] @@ -998,7 +998,7 @@ dependencies = [ "http 1.1.0", "hyper 1.5.0", "hyper-util", - "rustls 0.23.16", + "rustls 0.23.17", "rustls-native-certs", "rustls-pki-types", "tokio", @@ -1282,9 +1282,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.162" +version = "0.2.164" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "18d287de67fe55fd7e1581fe933d965a5a9477b38e949cfa9f8574ef01506398" +checksum = "433bfe06b8c75da9b2e3fbea6e5329ff87748f0b144ef75306e674c3f6f7c13f" [[package]] name = "libm" @@ -1945,9 +1945,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.16" +version = "0.23.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eee87ff5d9b36712a58574e12e9f0ea80f915a5b0ac518d322b24a465617925e" +checksum = "7f1a745511c54ba6d4465e8d5dfbd81b45791756de28d4981af70d6dca128f1e" dependencies = [ "once_cell", "ring", @@ -2638,7 +2638,7 @@ version = "0.26.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0c7bc40d0e5a97695bb96e27995cd3a08538541b0a846f65bba7a359f36700d4" dependencies = [ - "rustls 0.23.16", + "rustls 0.23.17", "rustls-pki-types", "tokio", ] @@ -3298,7 +3298,7 @@ dependencies = [ "hyper-util", "log", "percent-encoding", - "rustls 0.23.16", + "rustls 0.23.17", "rustls-pemfile 2.2.0", "seahash", "serde",