pub trait SecretsWriter {
// Required methods
fn create_secrets_dir(&self) -> Result<(), Error>;
fn create_non_administrative_secrets(&self) -> Result<(), Error>;
}Expand description
A trait to create non-administrative secrets and accompanying directories.
Required Methods§
Sourcefn create_secrets_dir(&self) -> Result<(), Error>
fn create_secrets_dir(&self) -> Result<(), Error>
Creates secrets directories for all non-administrative mappings.
Sourcefn create_non_administrative_secrets(&self) -> Result<(), Error>
fn create_non_administrative_secrets(&self) -> Result<(), Error>
Creates non-administrative secrets for all mappings of system users to backend users.
Implementations on Foreign Types§
Source§impl SecretsWriter for ExtendedUserMapping
impl SecretsWriter for ExtendedUserMapping
Source§fn create_secrets_dir(&self) -> Result<(), Error>
fn create_secrets_dir(&self) -> Result<(), Error>
Creates secrets directories for all non-administrative mappings.
Matches the SystemUserId in a mapping with an actual user on the system.
Creates the passphrase directory for the user and ensures correct ownership of it and all
parent directories up until the user’s home directory.
§Errors
Returns an error if
- no system user is available in the mapping,
- the system user of the mapping is not available on the system,
- the directory could not be created,
- the ownership of any directory between the user’s home and the passphrase directory can not be changed.
Source§fn create_non_administrative_secrets(&self) -> Result<(), Error>
fn create_non_administrative_secrets(&self) -> Result<(), Error>
Creates passphrases for all non-administrative mappings.
Creates a random alphanumeric, 30-char long passphrase for each backend user of each non-administrative user mapping.
- If
selfis configured to useNonAdministrativeSecretHandling::Plaintext, the passphrase is stored in a secrets file, defined byget_plaintext_secret_file. - If
selfis configured to useNonAdministrativeSecretHandling::SystemdCreds, the passphrase is encrypted using systemd-creds and stored in a secrets file, defined byget_systemd_creds_secret_file.
§Errors
Returns an error if
- the targeted system user does not exist in the mapping or on the system,
- the function is called using a non-root user,
- the systemd-creds command is not available when trying to encrypt the passphrase,
- the encryption of the passphrase using systemd-creds fails,
- the secrets file can not be created,
- the secrets file can not be written to,
- or the ownership and permissions of the secrets file can not be changed.