Trait AdminCredentials

pub trait AdminCredentials: DeserializeOwned + Serialize {
    // Required method
    fn validate(&self) -> Result<(), Error>;

    // Provided methods
    fn load(
        secrets_handling: AdministrativeSecretHandling,
    ) -> Result<Self, Error> { ... }
    fn load_from_file(
        path: impl AsRef<Path>,
        secrets_handling: AdministrativeSecretHandling,
    ) -> Result<Self, Error> { ... }
    fn store(
        &self,
        secrets_handling: AdministrativeSecretHandling,
    ) -> Result<(), Error> { ... }
}

Administrative credentials.

Requires implementations to also derive DeserializeOwned and Serialize.

Provides blanket implementations for loading of administrative credentials from default system locations (AdminCredentials::load) and specific paths (AdminCredentials::load_from_file), as well as storing of administrative credentials in the default system location (AdminCredentials::store). Technically, only the implementation of AdminCredentials::validate is required.

Required Methods

fn validate(&self) -> Result<(), Error>

Validates the AdminCredentials.

Errors

This method is supposed to return an error if an assumption about the integrity of the administrative credentials cannot be met. It is called in the blanket implementation of AdminCredentials::load_from_file.

Provided Methods

fn load(secrets_handling: AdministrativeSecretHandling) -> Result<Self, Error>

Loads an AdminCredentials from the default file location.

Errors

Returns an error if AdminCredentials::load_from_file fails.

Panics

This method panics when providing AdministrativeSecretHandling::ShamirsSecretSharing as secrets_handling.

fn load_from_file( path: impl AsRef<Path>, secrets_handling: AdministrativeSecretHandling, ) -> Result<Self, Error>

Loads an AdminCredentials from file.

Errors

Returns an error if

• the method is called by a system user that is not root,
• the file at path does not exist,
• the file at path is not a file,
• the file at path is considered as plaintext but can not be loaded,
• the file at path is considered as systemd-creds encrypted but can not be decrypted,
• or the file at path is considered as systemd-creds encrypted but can not be loaded after decryption.

Panics

This method panics when providing AdministrativeSecretHandling::ShamirsSecretSharing as secrets_handling.

fn store( &self, secrets_handling: AdministrativeSecretHandling, ) -> Result<(), Error>

Stores the AdminCredentials as a file in the default location.

Depending on secrets_handling, the file path and contents differ:

• AdministrativeSecretHandling::Plaintext: the file path is defined by get_plaintext_credentials_file and the contents are plaintext,
• AdministrativeSecretHandling::SystemdCreds: the file path is defined by get_systemd_creds_credentials_file and the contents are systemd-creds encrypted.

Automatically creates the directory in which the administrative credentials are created. After storing the AdminCredentials as file, its file permissions and ownership are adjusted so that it is only accessible by root.

Errors

Returns an error if

• the method is called by a system user that is not root,
• the directory for administrative credentials cannot be created,
• self cannot be turned into its TOML representation,
• the systemd-creds command is not found,
• systemd-creds fails to encrypt the TOML representation of self,
• the target file can not be created,
• the plaintext or systemd-creds encrypted data can not be written to file,
• or the ownership or permissions of the target file can not be adjusted.

Panics

This method panics when providing AdministrativeSecretHandling::ShamirsSecretSharing as secrets_handling.

Dyn Compatibility

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors

impl AdminCredentials for NetHsmAdminCredentials