NetHsmUserMapping

signstar_config::nethsm::config

Enum NetHsmUserMapping 

Source 
pub enum NetHsmUserMapping {
    Admin(UserId),
    Backup {
        backend_user: SystemWideUserId,
        ssh_authorized_key: AuthorizedKeyEntry,
        system_user: SystemUserId,
    },
    HermeticMetrics {
        backend_users: NetHsmMetricsUsers,
        system_user: SystemUserId,
    },
    Metrics {
        backend_users: NetHsmMetricsUsers,
        ssh_authorized_key: AuthorizedKeyEntry,
        system_user: SystemUserId,
    },
    Signing {
        backend_user: UserId,
        signing_key_id: KeyId,
        key_setup: SigningKeySetup,
        ssh_authorized_key: AuthorizedKeyEntry,
        system_user: SystemUserId,
        tag: String,
    },
}
Expand description

User and data mapping between system users and NetHSM users.

Variants§

§

Admin(UserId)

A NetHsm user in the Administrator role, without a system user mapped to it.

§

Backup

A system user, with SSH access, mapped to a system-wide NetHSM user in the Backup role.

Fields

§backend_user: SystemWideUserId

The name of the NetHSM user.

§ssh_authorized_key: AuthorizedKeyEntry

The SSH public key used for connecting to the system_user.

§system_user: SystemUserId

The name of the system user.

§

HermeticMetrics

A system user, without SSH access, mapped to a system-wide NetHSM user in the Metrics role and one or more NetHsm users in the Operator role with read-only access to zero or more keys.

Fields

§backend_users: NetHsmMetricsUsers

The NetHSM users in the [Metrics][UserRole::Metrics] and [operator][UserRole::Operator] role.

§system_user: SystemUserId

The name of the system user.

§

Metrics

A system user, with SSH access, mapped to a system-wide NetHSM user in the Metrics role and n users in the Operator role with read-only access to zero or more keys.

Fields

§backend_users: NetHsmMetricsUsers

The NetHSM users in the [Metrics][UserRole::Metrics] and [operator][UserRole::Operator] role.

§ssh_authorized_key: AuthorizedKeyEntry

The SSH public key used for connecting to the system_user.

§system_user: SystemUserId

The name of the system user.

§

Signing

A system user, with SSH access, mapped to a NetHSM user in the Operator role with access to a single signing key.

Signing key and NetHSM user are mapped using a tag.

Fields

§backend_user: UserId

The name of the NetHSM user.

§signing_key_id: KeyId

The ID of the NetHSM key.

§key_setup: SigningKeySetup

The setup of a NetHSM key.

§ssh_authorized_key: AuthorizedKeyEntry

The SSH public key used for connecting to the system_user.

§system_user: SystemUserId

The name of the system user.

§tag: String

The tag used for the user and the signing key on the NetHSM.

Implementations§

Source§

impl NetHsmUserMapping

Source

pub fn namespaces(&self) -> Vec<&NamespaceId>

Returns the list of [NamespaceId]s associated with this NetHsmUserMapping.

Source

pub fn tag(&self, namespace: Option<&NamespaceId>) -> Option<&str>

Returns the optional tag used in the NetHsmUserMapping.

§Note

Only NetHsmUserMapping::Signing can have a tag.

Source

pub fn nethsm_user_ids(&self) -> Vec<UserId>

Returns the list of [UserId] objects associated with this NetHsmUserMapping.

Source

pub fn nethsm_user_data<'a>(&'a self) -> HashSet<NetHsmUserData<'a>>

Returns the list of NetHsmUserData objects associated with this NetHsmUserMapping.

Source

pub fn nethsm_user_key_data<'a>( &'a self, filter: NetHsmUserKeysFilter, ) -> Option<NetHsmUserKeyData<'a>>

Returns a filtered list of NetHsmUserKeyData objects from this NetHsmUserMapping.

Based on a NetHsmUserKeysFilter it is possible to target only namespaced or system-wide, or all user mappings that have associated key configs.

Trait Implementations§

Source§

impl Clone for NetHsmUserMapping

Source§

fn clone(&self) -> NetHsmUserMapping

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for NetHsmUserMapping

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for NetHsmUserMapping

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Hash for NetHsmUserMapping

Source§

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher. Read more
1.3.0 · Source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more
Source§

impl MappingAuthorizedKeyEntry for NetHsmUserMapping

Source§

fn authorized_key_entry(&self) -> Option<&AuthorizedKeyEntry>

Returns an optional SSH authorized_keys entry. Read more
Source§

impl<'a> MappingBackendDomain<NetHsmConfigDomainFilter<'a>> for NetHsmUserMapping

Source§

fn backend_domain( &self, filter: Option<&NetHsmConfigDomainFilter<'_>>, ) -> Option<String>

Returns the optional tag of the NetHsmUserMapping.

§Note

Delegates to NetHsmUserMapping::tag.

Source§

impl<'a> MappingBackendKeyId<NetHsmBackendKeyIdFilter<'a>> for NetHsmUserMapping

Source§

fn backend_key_id( &self, filter: &NetHsmBackendKeyIdFilter<'a>, ) -> Option<String>

Returns an optional String representing a backend key ID according to a filter.
Source§

impl MappingBackendUserIds for NetHsmUserMapping

Source§

fn backend_user_ids(&self, filter: BackendUserIdFilter) -> Vec<String>

Returns a list of Strings representing backend User IDs according to a filter.
Source§

fn backend_user_with_passphrase( &self, name: &str, passphrase: Passphrase, ) -> Result<Box<dyn UserWithPassphrase>, Error>

Returns a specific UserWithPassphrase implementation for a backend user. Read more
Source§

fn backend_users_with_new_passphrase( &self, filter: BackendUserIdFilter, ) -> Vec<Box<dyn UserWithPassphrase>>

Returns a list of UserWithPassphrase implementations according to a filter. Read more
Source§

impl MappingBackendUserSecrets for NetHsmUserMapping

Source§

fn create_non_admin_backend_user_secrets( &self, secret_handling: NonAdministrativeSecretHandling, ) -> Result<Option<Vec<Box<dyn UserWithPassphrase>>>, Error>

Creates on-disk secrets for non-administrative backend users of the mapping. Read more
Source§

fn load_non_admin_backend_user_secrets( &self, secret_handling: NonAdministrativeSecretHandling, filter: NonAdminBackendUserIdFilter, ) -> Result<Option<Vec<Box<dyn UserWithPassphrase>>>, Error>

Loads secrets from on-disk files for each non-administrative backend user matching a filter. Read more
Source§

impl MappingSystemUserId for NetHsmUserMapping

Source§

fn system_user_id(&self) -> Option<&SystemUserId>

Returns a reference to the SystemUserId. Read more
Source§

fn system_user_id_as_existing_unix_user(&self) -> Result<Option<User>, Error>

Returns the tracked system user ID as [User] if it exists. Read more
Source§

fn system_user_id_as_current_unix_user(&self) -> Result<Option<User>, Error>

Returns the tracked system user ID as the current [User] if it exists. Read more
Source§

impl Ord for NetHsmUserMapping

Source§

fn cmp(&self, other: &NetHsmUserMapping) -> Ordering

This method returns an Ordering between self and other. Read more
1.21.0 · Source§

fn max(self, other: Self) -> Self
where Self: Sized,

Compares and returns the maximum of two values. Read more
1.21.0 · Source§

fn min(self, other: Self) -> Self
where Self: Sized,

Compares and returns the minimum of two values. Read more
1.50.0 · Source§

fn clamp(self, min: Self, max: Self) -> Self
where Self: Sized,

Restrict a value to a certain interval. Read more
Source§

impl PartialEq for NetHsmUserMapping

Source§

fn eq(&self, other: &NetHsmUserMapping) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl PartialOrd for NetHsmUserMapping

Source§

fn partial_cmp(&self, other: &NetHsmUserMapping) -> Option<Ordering>

This method returns an ordering between self and other values if one exists. Read more
1.0.0 · Source§

fn lt(&self, other: &Rhs) -> bool

Tests less than (for self and other) and is used by the < operator. Read more
1.0.0 · Source§

fn le(&self, other: &Rhs) -> bool

Tests less than or equal to (for self and other) and is used by the <= operator. Read more
1.0.0 · Source§

fn gt(&self, other: &Rhs) -> bool

Tests greater than (for self and other) and is used by the > operator. Read more
1.0.0 · Source§

fn ge(&self, other: &Rhs) -> bool

Tests greater than or equal to (for self and other) and is used by the >= operator. Read more
Source§

impl Serialize for NetHsmUserMapping

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl Eq for NetHsmUserMapping

Source§

impl StructuralPartialEq for NetHsmUserMapping

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
§

impl<T> Conv for T

§

fn conv<T>(self) -> T
where Self: Into<T>,

Converts self into T using Into<T>. Read more
§

impl<T> FmtForward for T

§

fn fmt_binary(self) -> FmtBinary<Self>
where Self: Binary,

Causes self to use its Binary implementation when Debug-formatted.
§

fn fmt_display(self) -> FmtDisplay<Self>
where Self: Display,

Causes self to use its Display implementation when Debug-formatted.
§

fn fmt_lower_exp(self) -> FmtLowerExp<Self>
where Self: LowerExp,

Causes self to use its LowerExp implementation when Debug-formatted.
§

fn fmt_lower_hex(self) -> FmtLowerHex<Self>
where Self: LowerHex,

Causes self to use its LowerHex implementation when Debug-formatted.
§

fn fmt_octal(self) -> FmtOctal<Self>
where Self: Octal,

Causes self to use its Octal implementation when Debug-formatted.
§

fn fmt_pointer(self) -> FmtPointer<Self>
where Self: Pointer,

Causes self to use its Pointer implementation when Debug-formatted.
§

fn fmt_upper_exp(self) -> FmtUpperExp<Self>
where Self: UpperExp,

Causes self to use its UpperExp implementation when Debug-formatted.
§

fn fmt_upper_hex(self) -> FmtUpperHex<Self>
where Self: UpperHex,

Causes self to use its UpperHex implementation when Debug-formatted.
§

fn fmt_list(self) -> FmtList<Self>
where &'a Self: for<'a> IntoIterator,

Formats each item in a sequence. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T, O> Matches<O> for T
where T: PartialEq<O>,

§

fn validate_matches(&self, other: &O) -> bool

§

impl<T> Pipe for T
where T: ?Sized,

§

fn pipe<R>(self, func: impl FnOnce(Self) -> R) -> R
where Self: Sized,

Pipes by value. This is generally the method you want to use. Read more
§

fn pipe_ref<'a, R>(&'a self, func: impl FnOnce(&'a Self) -> R) -> R
where R: 'a,

Borrows self and passes that borrow into the pipe function. Read more
§

fn pipe_ref_mut<'a, R>(&'a mut self, func: impl FnOnce(&'a mut Self) -> R) -> R
where R: 'a,

Mutably borrows self and passes that borrow into the pipe function. Read more
§

fn pipe_borrow<'a, B, R>(&'a self, func: impl FnOnce(&'a B) -> R) -> R
where Self: Borrow<B>, B: 'a + ?Sized, R: 'a,

Borrows self, then passes self.borrow() into the pipe function. Read more
§

fn pipe_borrow_mut<'a, B, R>( &'a mut self, func: impl FnOnce(&'a mut B) -> R, ) -> R
where Self: BorrowMut<B>, B: 'a + ?Sized, R: 'a,

Mutably borrows self, then passes self.borrow_mut() into the pipe function. Read more
§

fn pipe_as_ref<'a, U, R>(&'a self, func: impl FnOnce(&'a U) -> R) -> R
where Self: AsRef<U>, U: 'a + ?Sized, R: 'a,

Borrows self, then passes self.as_ref() into the pipe function.
§

fn pipe_as_mut<'a, U, R>(&'a mut self, func: impl FnOnce(&'a mut U) -> R) -> R
where Self: AsMut<U>, U: 'a + ?Sized, R: 'a,

Mutably borrows self, then passes self.as_mut() into the pipe function.
§

fn pipe_deref<'a, T, R>(&'a self, func: impl FnOnce(&'a T) -> R) -> R
where Self: Deref<Target = T>, T: 'a + ?Sized, R: 'a,

Borrows self, then passes self.deref() into the pipe function.
§

fn pipe_deref_mut<'a, T, R>( &'a mut self, func: impl FnOnce(&'a mut T) -> R, ) -> R
where Self: DerefMut<Target = T> + Deref, T: 'a + ?Sized, R: 'a,

Mutably borrows self, then passes self.deref_mut() into the pipe function.
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
§

impl<T> Tap for T

§

fn tap(self, func: impl FnOnce(&Self)) -> Self

Immutable access to a value. Read more
§

fn tap_mut(self, func: impl FnOnce(&mut Self)) -> Self

Mutable access to a value. Read more
§

fn tap_borrow<B>(self, func: impl FnOnce(&B)) -> Self
where Self: Borrow<B>, B: ?Sized,

Immutable access to the Borrow<B> of a value. Read more
§

fn tap_borrow_mut<B>(self, func: impl FnOnce(&mut B)) -> Self
where Self: BorrowMut<B>, B: ?Sized,

Mutable access to the BorrowMut<B> of a value. Read more
§

fn tap_ref<R>(self, func: impl FnOnce(&R)) -> Self
where Self: AsRef<R>, R: ?Sized,

Immutable access to the AsRef<R> view of a value. Read more
§

fn tap_ref_mut<R>(self, func: impl FnOnce(&mut R)) -> Self
where Self: AsMut<R>, R: ?Sized,

Mutable access to the AsMut<R> view of a value. Read more
§

fn tap_deref<T>(self, func: impl FnOnce(&T)) -> Self
where Self: Deref<Target = T>, T: ?Sized,

Immutable access to the Deref::Target of a value. Read more
§

fn tap_deref_mut<T>(self, func: impl FnOnce(&mut T)) -> Self
where Self: DerefMut<Target = T> + Deref, T: ?Sized,

Mutable access to the Deref::Target of a value. Read more
§

fn tap_dbg(self, func: impl FnOnce(&Self)) -> Self

Calls .tap() only in debug builds, and is erased in release builds.
§

fn tap_mut_dbg(self, func: impl FnOnce(&mut Self)) -> Self

Calls .tap_mut() only in debug builds, and is erased in release builds.
§

fn tap_borrow_dbg<B>(self, func: impl FnOnce(&B)) -> Self
where Self: Borrow<B>, B: ?Sized,

Calls .tap_borrow() only in debug builds, and is erased in release builds.
§

fn tap_borrow_mut_dbg<B>(self, func: impl FnOnce(&mut B)) -> Self
where Self: BorrowMut<B>, B: ?Sized,

Calls .tap_borrow_mut() only in debug builds, and is erased in release builds.
§

fn tap_ref_dbg<R>(self, func: impl FnOnce(&R)) -> Self
where Self: AsRef<R>, R: ?Sized,

Calls .tap_ref() only in debug builds, and is erased in release builds.
§

fn tap_ref_mut_dbg<R>(self, func: impl FnOnce(&mut R)) -> Self
where Self: AsMut<R>, R: ?Sized,

Calls .tap_ref_mut() only in debug builds, and is erased in release builds.
§

fn tap_deref_dbg<T>(self, func: impl FnOnce(&T)) -> Self
where Self: Deref<Target = T>, T: ?Sized,

Calls .tap_deref() only in debug builds, and is erased in release builds.
§

fn tap_deref_mut_dbg<T>(self, func: impl FnOnce(&mut T)) -> Self
where Self: DerefMut<Target = T> + Deref, T: ?Sized,

Calls .tap_deref_mut() only in debug builds, and is erased in release builds.
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
§

impl<T> TryConv for T

§

fn try_conv<T>(self) -> Result<T, Self::Error>
where Self: TryInto<T>,

Attempts to convert self into T using TryInto<T>. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,