diff --git a/openstack_cli/Cargo.toml b/openstack_cli/Cargo.toml index 9c668e0fe..fb9e81a3b 100644 --- a/openstack_cli/Cargo.toml +++ b/openstack_cli/Cargo.toml @@ -45,6 +45,7 @@ load_balancer = ["openstack_sdk/load_balancer"] network = ["openstack_sdk/network"] object_store = ["openstack_sdk/object_store"] placement = ["openstack_sdk/placement"] +keystone_ng = ["openstack_sdk/keystone_ng", "openstack_types/keystone_ng"] _test_admin = [] _test_net_auto-allocated-topology = [] _test_net_dhcp_agent_scheduler = [] diff --git a/openstack_cli/src/identity/v4/federation/identity_provider/create.rs b/openstack_cli/src/identity/v4/federation/identity_provider/create.rs new file mode 100644 index 000000000..d1bf68800 --- /dev/null +++ b/openstack_cli/src/identity/v4/federation/identity_provider/create.rs @@ -0,0 +1,209 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! Create IdentityProvider command +//! +//! Wraps invoking of the `v4/federation/identity_providers` with `POST` method + +use clap::Args; +use tracing::info; + +use openstack_sdk::AsyncOpenStack; + +use crate::Cli; +use crate::OpenStackCliError; +use crate::output::OutputProcessor; + +use crate::common::parse_key_val; +use openstack_sdk::api::QueryAsync; +use openstack_sdk::api::identity::v4::federation::identity_provider::create; +use openstack_types::identity::v4::federation::identity_provider::response::create::IdentityProviderResponse; +use serde_json::Value; + +/// Create the identity provider with the specified properties. +/// +/// It is expected that only admin user is able to create global identity +/// providers. +#[derive(Args)] +#[command(about = "Create the identity provider.")] +pub struct IdentityProviderCommand { + /// Request Query parameters + #[command(flatten)] + query: QueryParameters, + + /// Path parameters + #[command(flatten)] + path: PathParameters, + + /// Identity provider data. + #[command(flatten)] + identity_provider: IdentityProvider, +} + +/// Query parameters +#[derive(Args)] +struct QueryParameters {} + +/// Path parameters +#[derive(Args)] +struct PathParameters {} +/// IdentityProvider Body data +#[derive(Args, Clone)] +struct IdentityProvider { + /// The bound issuer that is verified when using the identity provider. + #[arg(help_heading = "Body parameters", long)] + bound_issuer: Option, + + /// Default attribute mapping name which is automatically used when no + /// mapping is explicitly requested. The referred attribute mapping must + /// exist. + #[arg(help_heading = "Body parameters", long)] + default_mapping_name: Option, + + /// The ID of the domain this identity provider belongs to. Empty value + /// identifies that the identity provider can be used by other domains as + /// well. + #[arg(help_heading = "Body parameters", long)] + domain_id: Option, + + /// Optional URL to fetch JsonWebKeySet. Must be specified for JWT + /// authentication when discovery for the provider is not available or not + /// standard compliant. + #[arg(help_heading = "Body parameters", long)] + jwks_url: Option, + + /// List of the jwt validation public keys. + /// + /// Parameter is an array, may be provided multiple times. + #[arg(action=clap::ArgAction::Append, help_heading = "Body parameters", long)] + jwt_validation_pubkeys: Option>, + + /// Identity provider name. + #[arg(help_heading = "Body parameters", long)] + name: String, + + /// The oidc `client_id` to use for the private client. + #[arg(help_heading = "Body parameters", long)] + oidc_client_id: Option, + + /// The oidc `client_secret` to use for the private client. It is never + /// returned back. + #[arg(help_heading = "Body parameters", long)] + oidc_client_secret: Option, + + /// OIDC discovery endpoint for the identity provider. + #[arg(help_heading = "Body parameters", long)] + oidc_discovery_url: Option, + + /// The oidc response mode. + #[arg(help_heading = "Body parameters", long)] + oidc_response_mode: Option, + + /// List of supported response types. + /// + /// Parameter is an array, may be provided multiple times. + #[arg(action=clap::ArgAction::Append, help_heading = "Body parameters", long)] + oidc_response_types: Option>, + + /// Additional special provider specific configuration + #[arg(help_heading = "Body parameters", long, value_name="key=value", value_parser=parse_key_val::)] + provider_config: Option>, +} + +impl IdentityProviderCommand { + /// Perform command action + pub async fn take_action( + &self, + parsed_args: &Cli, + client: &mut AsyncOpenStack, + ) -> Result<(), OpenStackCliError> { + info!("Create IdentityProvider"); + + let op = OutputProcessor::from_args( + parsed_args, + Some("identity.federation/identity_provider"), + Some("create"), + ); + op.validate_args(parsed_args)?; + + let mut ep_builder = create::Request::builder(); + + // Set body parameters + // Set Request.identity_provider data + let args = &self.identity_provider; + let mut identity_provider_builder = create::IdentityProviderBuilder::default(); + if let Some(val) = &args.bound_issuer { + identity_provider_builder.bound_issuer(val); + } + + if let Some(val) = &args.default_mapping_name { + identity_provider_builder.default_mapping_name(val); + } + + if let Some(val) = &args.domain_id { + identity_provider_builder.domain_id(val); + } + + if let Some(val) = &args.jwks_url { + identity_provider_builder.jwks_url(val); + } + + if let Some(val) = &args.jwt_validation_pubkeys { + identity_provider_builder + .jwt_validation_pubkeys(val.iter().map(Into::into).collect::>()); + } + + identity_provider_builder.name(&args.name); + + if let Some(val) = &args.oidc_client_id { + identity_provider_builder.oidc_client_id(val); + } + + if let Some(val) = &args.oidc_client_secret { + identity_provider_builder.oidc_client_secret(val); + } + + if let Some(val) = &args.oidc_discovery_url { + identity_provider_builder.oidc_discovery_url(val); + } + + if let Some(val) = &args.oidc_response_mode { + identity_provider_builder.oidc_response_mode(val); + } + + if let Some(val) = &args.oidc_response_types { + identity_provider_builder + .oidc_response_types(val.iter().map(Into::into).collect::>()); + } + + if let Some(val) = &args.provider_config { + identity_provider_builder.provider_config(val.iter().cloned()); + } + + ep_builder.identity_provider(identity_provider_builder.build().unwrap()); + + let ep = ep_builder + .build() + .map_err(|x| OpenStackCliError::EndpointBuild(x.to_string()))?; + + let data = ep.query_async(client).await?; + op.output_single::(data)?; + // Show command specific hints + op.show_command_hint()?; + Ok(()) + } +} diff --git a/openstack_cli/src/identity/v4/federation/identity_provider/delete.rs b/openstack_cli/src/identity/v4/federation/identity_provider/delete.rs new file mode 100644 index 000000000..8a27f11d8 --- /dev/null +++ b/openstack_cli/src/identity/v4/federation/identity_provider/delete.rs @@ -0,0 +1,94 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! Delete IdentityProvider command +//! +//! Wraps invoking of the `v4/federation/identity_providers/{idp_id}` with `DELETE` method + +use clap::Args; +use tracing::info; + +use openstack_sdk::AsyncOpenStack; + +use crate::Cli; +use crate::OpenStackCliError; +use crate::output::OutputProcessor; + +use openstack_sdk::api::QueryAsync; +use openstack_sdk::api::identity::v4::federation::identity_provider::delete; + +/// Deletes the existing identity provider. +/// +/// It is expected that only admin user is allowed to delete the global +/// identity provider +#[derive(Args)] +#[command(about = "Delete Identity provider.")] +pub struct IdentityProviderCommand { + /// Request Query parameters + #[command(flatten)] + query: QueryParameters, + + /// Path parameters + #[command(flatten)] + path: PathParameters, +} + +/// Query parameters +#[derive(Args)] +struct QueryParameters {} + +/// Path parameters +#[derive(Args)] +struct PathParameters { + /// The ID of the identity provider + #[arg( + help_heading = "Path parameters", + id = "path_param_idp_id", + value_name = "IDP_ID" + )] + idp_id: String, +} + +impl IdentityProviderCommand { + /// Perform command action + pub async fn take_action( + &self, + parsed_args: &Cli, + client: &mut AsyncOpenStack, + ) -> Result<(), OpenStackCliError> { + info!("Delete IdentityProvider"); + + let op = OutputProcessor::from_args( + parsed_args, + Some("identity.federation/identity_provider"), + Some("delete"), + ); + op.validate_args(parsed_args)?; + + let mut ep_builder = delete::Request::builder(); + + ep_builder.idp_id(&self.path.idp_id); + + let ep = ep_builder + .build() + .map_err(|x| OpenStackCliError::EndpointBuild(x.to_string()))?; + openstack_sdk::api::ignore(ep).query_async(client).await?; + // Show command specific hints + op.show_command_hint()?; + Ok(()) + } +} diff --git a/openstack_cli/src/identity/v4/federation/identity_provider/list.rs b/openstack_cli/src/identity/v4/federation/identity_provider/list.rs new file mode 100644 index 000000000..e1d052dec --- /dev/null +++ b/openstack_cli/src/identity/v4/federation/identity_provider/list.rs @@ -0,0 +1,105 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! List IdentityProviders command +//! +//! Wraps invoking of the `v4/federation/identity_providers` with `GET` method + +use clap::Args; +use tracing::info; + +use openstack_sdk::AsyncOpenStack; + +use crate::Cli; +use crate::OpenStackCliError; +use crate::output::OutputProcessor; + +use openstack_sdk::api::QueryAsync; +use openstack_sdk::api::identity::v4::federation::identity_provider::list; +use openstack_types::identity::v4::federation::identity_provider::response::list::IdentityProviderResponse; + +/// List identity providers. Without any filters only global identity providers +/// are returned. With the `domain_id` identity providers owned by the +/// specified identity provider are returned. +/// +/// It is expected that only global or owned identity providers can be +/// returned, while an admin user is able to list all providers. +#[derive(Args)] +#[command(about = "List identity providers.")] +pub struct IdentityProvidersCommand { + /// Request Query parameters + #[command(flatten)] + query: QueryParameters, + + /// Path parameters + #[command(flatten)] + path: PathParameters, +} + +/// Query parameters +#[derive(Args)] +struct QueryParameters { + /// Filters the response by a domain ID. + #[arg(help_heading = "Query parameters", long)] + domain_id: Option, + + /// Filters the response by IDP name. + #[arg(help_heading = "Query parameters", long)] + name: Option, +} + +/// Path parameters +#[derive(Args)] +struct PathParameters {} + +impl IdentityProvidersCommand { + /// Perform command action + pub async fn take_action( + &self, + parsed_args: &Cli, + client: &mut AsyncOpenStack, + ) -> Result<(), OpenStackCliError> { + info!("List IdentityProviders"); + + let op = OutputProcessor::from_args( + parsed_args, + Some("identity.federation/identity_provider"), + Some("list"), + ); + op.validate_args(parsed_args)?; + + let mut ep_builder = list::Request::builder(); + + // Set query parameters + if let Some(val) = &self.query.name { + ep_builder.name(val); + } + if let Some(val) = &self.query.domain_id { + ep_builder.domain_id(val); + } + + let ep = ep_builder + .build() + .map_err(|x| OpenStackCliError::EndpointBuild(x.to_string()))?; + + let data: Vec = ep.query_async(client).await?; + op.output_list::(data)?; + // Show command specific hints + op.show_command_hint()?; + Ok(()) + } +} diff --git a/openstack_cli/src/identity/v4/federation/identity_provider/set.rs b/openstack_cli/src/identity/v4/federation/identity_provider/set.rs new file mode 100644 index 000000000..f11e3fe75 --- /dev/null +++ b/openstack_cli/src/identity/v4/federation/identity_provider/set.rs @@ -0,0 +1,253 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! Set IdentityProvider command +//! +//! Wraps invoking of the `v4/federation/identity_providers/{idp_id}` with `PUT` method + +use clap::Args; +use tracing::info; + +use openstack_sdk::AsyncOpenStack; + +use crate::Cli; +use crate::OpenStackCliError; +use crate::output::OutputProcessor; + +use crate::common::parse_key_val; +use openstack_sdk::api::QueryAsync; +use openstack_sdk::api::identity::v4::federation::identity_provider::set; +use openstack_types::identity::v4::federation::identity_provider::response::set::IdentityProviderResponse; +use serde_json::Value; + +/// Updates the existing identity provider. +#[derive(Args)] +#[command(about = "Update single identity provider.")] +pub struct IdentityProviderCommand { + /// Request Query parameters + #[command(flatten)] + query: QueryParameters, + + /// Path parameters + #[command(flatten)] + path: PathParameters, + + /// New identity provider data. + #[command(flatten)] + identity_provider: IdentityProvider, +} + +/// Query parameters +#[derive(Args)] +struct QueryParameters {} + +/// Path parameters +#[derive(Args)] +struct PathParameters { + /// The ID of the identity provider + #[arg( + help_heading = "Path parameters", + id = "path_param_idp_id", + value_name = "IDP_ID" + )] + idp_id: String, +} +/// IdentityProvider Body data +#[derive(Args, Clone)] +struct IdentityProvider { + /// The new bound issuer that is verified when using the identity provider. + #[arg(help_heading = "Body parameters", long)] + bound_issuer: Option, + + /// Set explicit NULL for the bound_issuer + #[arg(help_heading = "Body parameters", long, action = clap::ArgAction::SetTrue, conflicts_with = "bound_issuer")] + no_bound_issuer: bool, + + /// New default attribute mapping name which is automatically used when no + /// mapping is explicitly requested. The referred attribute mapping must + /// exist. + #[arg(help_heading = "Body parameters", long)] + default_mapping_name: Option, + + /// Set explicit NULL for the default_mapping_name + #[arg(help_heading = "Body parameters", long, action = clap::ArgAction::SetTrue, conflicts_with = "default_mapping_name")] + no_default_mapping_name: bool, + + /// New URL to fetch JsonWebKeySet. This must be set for "jwt" mapping when + /// the provider does not provide discovery endpoint or when it is not + /// standard compliant. + #[arg(help_heading = "Body parameters", long)] + jwks_url: Option, + + /// Set explicit NULL for the jwks_url + #[arg(help_heading = "Body parameters", long, action = clap::ArgAction::SetTrue, conflicts_with = "jwks_url")] + no_jwks_url: bool, + + /// The list of the jwt validation public keys. + /// + /// Parameter is an array, may be provided multiple times. + #[arg(action=clap::ArgAction::Append, help_heading = "Body parameters", long)] + jwt_validation_pubkeys: Option>, + + /// The new name of the federated identity provider. + #[arg(help_heading = "Body parameters", long)] + name: Option, + + /// Set explicit NULL for the name + #[arg(help_heading = "Body parameters", long, action = clap::ArgAction::SetTrue, conflicts_with = "name")] + no_name: bool, + + /// The new oidc `client_id` to use for the private client. + #[arg(help_heading = "Body parameters", long)] + oidc_client_id: Option, + + /// Set explicit NULL for the oidc_client_id + #[arg(help_heading = "Body parameters", long, action = clap::ArgAction::SetTrue, conflicts_with = "oidc_client_id")] + no_oidc_client_id: bool, + + /// The new oidc `client_secret` to use for the private client. + #[arg(help_heading = "Body parameters", long)] + oidc_client_secret: Option, + + /// Set explicit NULL for the oidc_client_secret + #[arg(help_heading = "Body parameters", long, action = clap::ArgAction::SetTrue, conflicts_with = "oidc_client_secret")] + no_oidc_client_secret: bool, + + /// The new OIDC discovery endpoint for the identity provider. + #[arg(help_heading = "Body parameters", long)] + oidc_discovery_url: Option, + + /// Set explicit NULL for the oidc_discovery_url + #[arg(help_heading = "Body parameters", long, action = clap::ArgAction::SetTrue, conflicts_with = "oidc_discovery_url")] + no_oidc_discovery_url: bool, + + /// The new oidc response mode. + #[arg(help_heading = "Body parameters", long)] + oidc_response_mode: Option, + + /// Set explicit NULL for the oidc_response_mode + #[arg(help_heading = "Body parameters", long, action = clap::ArgAction::SetTrue, conflicts_with = "oidc_response_mode")] + no_oidc_response_mode: bool, + + /// The new oidc response mode. + /// + /// Parameter is an array, may be provided multiple times. + #[arg(action=clap::ArgAction::Append, help_heading = "Body parameters", long)] + oidc_response_types: Option>, + + /// New additional provider configuration. + #[arg(help_heading = "Body parameters", long, value_name="key=value", value_parser=parse_key_val::)] + provider_config: Vec<(String, Value)>, +} + +impl IdentityProviderCommand { + /// Perform command action + pub async fn take_action( + &self, + parsed_args: &Cli, + client: &mut AsyncOpenStack, + ) -> Result<(), OpenStackCliError> { + info!("Set IdentityProvider"); + + let op = OutputProcessor::from_args( + parsed_args, + Some("identity.federation/identity_provider"), + Some("set"), + ); + op.validate_args(parsed_args)?; + + let mut ep_builder = set::Request::builder(); + + ep_builder.idp_id(&self.path.idp_id); + + // Set body parameters + // Set Request.identity_provider data + let args = &self.identity_provider; + let mut identity_provider_builder = set::IdentityProviderBuilder::default(); + if let Some(val) = &args.bound_issuer { + identity_provider_builder.bound_issuer(Some(val.into())); + } else if args.no_bound_issuer { + identity_provider_builder.bound_issuer(None); + } + + if let Some(val) = &args.default_mapping_name { + identity_provider_builder.default_mapping_name(Some(val.into())); + } else if args.no_default_mapping_name { + identity_provider_builder.default_mapping_name(None); + } + + if let Some(val) = &args.jwks_url { + identity_provider_builder.jwks_url(Some(val.into())); + } else if args.no_jwks_url { + identity_provider_builder.jwks_url(None); + } + + if let Some(val) = &args.jwt_validation_pubkeys { + identity_provider_builder + .jwt_validation_pubkeys(val.iter().map(Into::into).collect::>()); + } + + if let Some(val) = &args.name { + identity_provider_builder.name(Some(val.into())); + } else if args.no_name { + identity_provider_builder.name(None); + } + + if let Some(val) = &args.oidc_client_id { + identity_provider_builder.oidc_client_id(Some(val.into())); + } else if args.no_oidc_client_id { + identity_provider_builder.oidc_client_id(None); + } + + if let Some(val) = &args.oidc_client_secret { + identity_provider_builder.oidc_client_secret(Some(val.into())); + } else if args.no_oidc_client_secret { + identity_provider_builder.oidc_client_secret(None); + } + + if let Some(val) = &args.oidc_discovery_url { + identity_provider_builder.oidc_discovery_url(Some(val.into())); + } else if args.no_oidc_discovery_url { + identity_provider_builder.oidc_discovery_url(None); + } + + if let Some(val) = &args.oidc_response_mode { + identity_provider_builder.oidc_response_mode(Some(val.into())); + } else if args.no_oidc_response_mode { + identity_provider_builder.oidc_response_mode(None); + } + + if let Some(val) = &args.oidc_response_types { + identity_provider_builder + .oidc_response_types(val.iter().map(Into::into).collect::>()); + } + + identity_provider_builder.provider_config(args.provider_config.iter().cloned()); + + ep_builder.identity_provider(identity_provider_builder.build().unwrap()); + + let ep = ep_builder + .build() + .map_err(|x| OpenStackCliError::EndpointBuild(x.to_string()))?; + + let data = ep.query_async(client).await?; + op.output_single::(data)?; + // Show command specific hints + op.show_command_hint()?; + Ok(()) + } +} diff --git a/openstack_cli/src/identity/v4/federation/identity_provider/show.rs b/openstack_cli/src/identity/v4/federation/identity_provider/show.rs new file mode 100644 index 000000000..fa73dddff --- /dev/null +++ b/openstack_cli/src/identity/v4/federation/identity_provider/show.rs @@ -0,0 +1,94 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! Show IdentityProvider command +//! +//! Wraps invoking of the `v4/federation/identity_providers/{idp_id}` with `GET` method + +use clap::Args; +use tracing::info; + +use openstack_sdk::AsyncOpenStack; + +use crate::Cli; +use crate::OpenStackCliError; +use crate::output::OutputProcessor; + +use openstack_sdk::api::QueryAsync; +use openstack_sdk::api::identity::v4::federation::identity_provider::get; +use openstack_types::identity::v4::federation::identity_provider::response::get::IdentityProviderResponse; + +/// Shows details of the existing identity provider. +#[derive(Args)] +#[command(about = "Get single identity provider.")] +pub struct IdentityProviderCommand { + /// Request Query parameters + #[command(flatten)] + query: QueryParameters, + + /// Path parameters + #[command(flatten)] + path: PathParameters, +} + +/// Query parameters +#[derive(Args)] +struct QueryParameters {} + +/// Path parameters +#[derive(Args)] +struct PathParameters { + /// The ID of the identity provider + #[arg( + help_heading = "Path parameters", + id = "path_param_idp_id", + value_name = "IDP_ID" + )] + idp_id: String, +} + +impl IdentityProviderCommand { + /// Perform command action + pub async fn take_action( + &self, + parsed_args: &Cli, + client: &mut AsyncOpenStack, + ) -> Result<(), OpenStackCliError> { + info!("Show IdentityProvider"); + + let op = OutputProcessor::from_args( + parsed_args, + Some("identity.federation/identity_provider"), + Some("show"), + ); + op.validate_args(parsed_args)?; + + let mut ep_builder = get::Request::builder(); + + ep_builder.idp_id(&self.path.idp_id); + + let ep = ep_builder + .build() + .map_err(|x| OpenStackCliError::EndpointBuild(x.to_string()))?; + + let data = ep.query_async(client).await?; + op.output_single::(data)?; + // Show command specific hints + op.show_command_hint()?; + Ok(()) + } +} diff --git a/openstack_cli/tests/identity/v4/federation/identity_provider/create_autogen.rs b/openstack_cli/tests/identity/v4/federation/identity_provider/create_autogen.rs new file mode 100644 index 000000000..6b845a61a --- /dev/null +++ b/openstack_cli/tests/identity/v4/federation/identity_provider/create_autogen.rs @@ -0,0 +1,32 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +use assert_cmd::prelude::*; +use std::process::Command; + +#[test] +fn help() -> Result<(), Box> { + let mut cmd = Command::cargo_bin("osc")?; + + cmd.arg("identity") + .arg("identity-provider") + .arg("create") + .arg("--help"); + cmd.assert().success(); + + Ok(()) +} diff --git a/openstack_cli/tests/identity/v4/federation/identity_provider/delete_autogen.rs b/openstack_cli/tests/identity/v4/federation/identity_provider/delete_autogen.rs new file mode 100644 index 000000000..cc82b2365 --- /dev/null +++ b/openstack_cli/tests/identity/v4/federation/identity_provider/delete_autogen.rs @@ -0,0 +1,32 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +use assert_cmd::prelude::*; +use std::process::Command; + +#[test] +fn help() -> Result<(), Box> { + let mut cmd = Command::cargo_bin("osc")?; + + cmd.arg("identity") + .arg("identity-provider") + .arg("delete") + .arg("--help"); + cmd.assert().success(); + + Ok(()) +} diff --git a/openstack_cli/tests/identity/v4/federation/identity_provider/list_autogen.rs b/openstack_cli/tests/identity/v4/federation/identity_provider/list_autogen.rs new file mode 100644 index 000000000..12d4fd400 --- /dev/null +++ b/openstack_cli/tests/identity/v4/federation/identity_provider/list_autogen.rs @@ -0,0 +1,32 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +use assert_cmd::prelude::*; +use std::process::Command; + +#[test] +fn help() -> Result<(), Box> { + let mut cmd = Command::cargo_bin("osc")?; + + cmd.arg("identity") + .arg("identity-provider") + .arg("list") + .arg("--help"); + cmd.assert().success(); + + Ok(()) +} diff --git a/openstack_cli/tests/identity/v4/federation/identity_provider/set_autogen.rs b/openstack_cli/tests/identity/v4/federation/identity_provider/set_autogen.rs new file mode 100644 index 000000000..96438338f --- /dev/null +++ b/openstack_cli/tests/identity/v4/federation/identity_provider/set_autogen.rs @@ -0,0 +1,32 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +use assert_cmd::prelude::*; +use std::process::Command; + +#[test] +fn help() -> Result<(), Box> { + let mut cmd = Command::cargo_bin("osc")?; + + cmd.arg("identity") + .arg("identity-provider") + .arg("set") + .arg("--help"); + cmd.assert().success(); + + Ok(()) +} diff --git a/openstack_cli/tests/identity/v4/federation/identity_provider/show_autogen.rs b/openstack_cli/tests/identity/v4/federation/identity_provider/show_autogen.rs new file mode 100644 index 000000000..56e01ca92 --- /dev/null +++ b/openstack_cli/tests/identity/v4/federation/identity_provider/show_autogen.rs @@ -0,0 +1,32 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +use assert_cmd::prelude::*; +use std::process::Command; + +#[test] +fn help() -> Result<(), Box> { + let mut cmd = Command::cargo_bin("osc")?; + + cmd.arg("identity") + .arg("identity-provider") + .arg("show") + .arg("--help"); + cmd.assert().success(); + + Ok(()) +} diff --git a/openstack_sdk/src/api/identity.rs b/openstack_sdk/src/api/identity.rs index 713de4e4b..f9770bff5 100644 --- a/openstack_sdk/src/api/identity.rs +++ b/openstack_sdk/src/api/identity.rs @@ -14,3 +14,5 @@ //! Identity API (Keystone) bindings pub mod v3; +#[cfg(feature = "keystone_ng")] +pub mod v4; diff --git a/openstack_sdk/src/api/identity/v3/auth.rs b/openstack_sdk/src/api/identity/v3/auth.rs index a60e8c824..7dba59b28 100644 --- a/openstack_sdk/src/api/identity/v3/auth.rs +++ b/openstack_sdk/src/api/identity/v3/auth.rs @@ -15,7 +15,7 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod catalog; pub mod domain; pub mod os_federation; diff --git a/openstack_sdk/src/api/identity/v3/auth/os_federation.rs b/openstack_sdk/src/api/identity/v3/auth/os_federation.rs index 06ad242fe..dbde6ce6f 100644 --- a/openstack_sdk/src/api/identity/v3/auth/os_federation.rs +++ b/openstack_sdk/src/api/identity/v3/auth/os_federation.rs @@ -15,7 +15,7 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod identity_provider; pub mod saml2; pub mod websso; diff --git a/openstack_sdk/src/api/identity/v3/auth/os_federation/identity_provider.rs b/openstack_sdk/src/api/identity/v3/auth/os_federation/identity_provider.rs index 9e1d45188..05af55854 100644 --- a/openstack_sdk/src/api/identity/v3/auth/os_federation/identity_provider.rs +++ b/openstack_sdk/src/api/identity/v3/auth/os_federation/identity_provider.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/os_oauth1` REST operations of identity +//! `identity/v4/federation` REST operations of identity pub mod protocol; diff --git a/openstack_sdk/src/api/identity/v3/auth/os_federation/identity_provider/protocol.rs b/openstack_sdk/src/api/identity/v3/auth/os_federation/identity_provider/protocol.rs index 3162ca20f..c0975e232 100644 --- a/openstack_sdk/src/api/identity/v3/auth/os_federation/identity_provider/protocol.rs +++ b/openstack_sdk/src/api/identity/v3/auth/os_federation/identity_provider/protocol.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod websso; diff --git a/openstack_sdk/src/api/identity/v3/auth/token/os_pki.rs b/openstack_sdk/src/api/identity/v3/auth/token/os_pki.rs index 1dd557911..44b2467b8 100644 --- a/openstack_sdk/src/api/identity/v3/auth/token/os_pki.rs +++ b/openstack_sdk/src/api/identity/v3/auth/token/os_pki.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod revoked; diff --git a/openstack_sdk/src/api/identity/v3/domain/group.rs b/openstack_sdk/src/api/identity/v3/domain/group.rs index ec8b42590..6169d742d 100644 --- a/openstack_sdk/src/api/identity/v3/domain/group.rs +++ b/openstack_sdk/src/api/identity/v3/domain/group.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod role; diff --git a/openstack_sdk/src/api/identity/v3/domain/user.rs b/openstack_sdk/src/api/identity/v3/domain/user.rs index ec8b42590..6169d742d 100644 --- a/openstack_sdk/src/api/identity/v3/domain/user.rs +++ b/openstack_sdk/src/api/identity/v3/domain/user.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod role; diff --git a/openstack_sdk/src/api/identity/v3/endpoint/os_endpoint_policy.rs b/openstack_sdk/src/api/identity/v3/endpoint/os_endpoint_policy.rs index a2f4f360a..34b59ea4d 100644 --- a/openstack_sdk/src/api/identity/v3/endpoint/os_endpoint_policy.rs +++ b/openstack_sdk/src/api/identity/v3/endpoint/os_endpoint_policy.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod policy; diff --git a/openstack_sdk/src/api/identity/v3/os_ep_filter.rs b/openstack_sdk/src/api/identity/v3/os_ep_filter.rs index 409a2f16b..e770d9514 100644 --- a/openstack_sdk/src/api/identity/v3/os_ep_filter.rs +++ b/openstack_sdk/src/api/identity/v3/os_ep_filter.rs @@ -15,7 +15,7 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod endpoint; pub mod endpoint_group; pub mod project; diff --git a/openstack_sdk/src/api/identity/v3/os_ep_filter/endpoint.rs b/openstack_sdk/src/api/identity/v3/os_ep_filter/endpoint.rs index a15e0cd17..3ce44937d 100644 --- a/openstack_sdk/src/api/identity/v3/os_ep_filter/endpoint.rs +++ b/openstack_sdk/src/api/identity/v3/os_ep_filter/endpoint.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod project; diff --git a/openstack_sdk/src/api/identity/v3/os_ep_filter/project.rs b/openstack_sdk/src/api/identity/v3/os_ep_filter/project.rs index f278a59ed..08850b672 100644 --- a/openstack_sdk/src/api/identity/v3/os_ep_filter/project.rs +++ b/openstack_sdk/src/api/identity/v3/os_ep_filter/project.rs @@ -15,6 +15,6 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod endpoint; pub mod endpoint_group; diff --git a/openstack_sdk/src/api/identity/v3/os_federation.rs b/openstack_sdk/src/api/identity/v3/os_federation.rs index 0dfcee447..bc787bb1c 100644 --- a/openstack_sdk/src/api/identity/v3/os_federation.rs +++ b/openstack_sdk/src/api/identity/v3/os_federation.rs @@ -15,7 +15,7 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod domain; pub mod identity_provider; pub mod mapping; diff --git a/openstack_sdk/src/api/identity/v3/os_federation/saml2.rs b/openstack_sdk/src/api/identity/v3/os_federation/saml2.rs index bb28f2715..572e39377 100644 --- a/openstack_sdk/src/api/identity/v3/os_federation/saml2.rs +++ b/openstack_sdk/src/api/identity/v3/os_federation/saml2.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod metadata; diff --git a/openstack_sdk/src/api/identity/v3/os_inherit/domain.rs b/openstack_sdk/src/api/identity/v3/os_inherit/domain.rs index 42a4b9b94..a457d92e3 100644 --- a/openstack_sdk/src/api/identity/v3/os_inherit/domain.rs +++ b/openstack_sdk/src/api/identity/v3/os_inherit/domain.rs @@ -15,6 +15,6 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/system` REST operations of identity +//! `identity/v4` REST operations of identity pub mod group; pub mod user; diff --git a/openstack_sdk/src/api/identity/v3/os_inherit/domain/group.rs b/openstack_sdk/src/api/identity/v3/os_inherit/domain/group.rs index 878ffb142..32a75aeff 100644 --- a/openstack_sdk/src/api/identity/v3/os_inherit/domain/group.rs +++ b/openstack_sdk/src/api/identity/v3/os_inherit/domain/group.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/os_oauth1` REST operations of identity +//! `identity/v4/federation` REST operations of identity pub mod role; diff --git a/openstack_sdk/src/api/identity/v3/os_inherit/domain/group/role.rs b/openstack_sdk/src/api/identity/v3/os_inherit/domain/group/role.rs index 6bf8dc579..889eeda81 100644 --- a/openstack_sdk/src/api/identity/v3/os_inherit/domain/group/role.rs +++ b/openstack_sdk/src/api/identity/v3/os_inherit/domain/group/role.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod inherited_to_project; diff --git a/openstack_sdk/src/api/identity/v3/os_inherit/domain/user.rs b/openstack_sdk/src/api/identity/v3/os_inherit/domain/user.rs index 878ffb142..32a75aeff 100644 --- a/openstack_sdk/src/api/identity/v3/os_inherit/domain/user.rs +++ b/openstack_sdk/src/api/identity/v3/os_inherit/domain/user.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/os_oauth1` REST operations of identity +//! `identity/v4/federation` REST operations of identity pub mod role; diff --git a/openstack_sdk/src/api/identity/v3/os_inherit/domain/user/role.rs b/openstack_sdk/src/api/identity/v3/os_inherit/domain/user/role.rs index 6bf8dc579..889eeda81 100644 --- a/openstack_sdk/src/api/identity/v3/os_inherit/domain/user/role.rs +++ b/openstack_sdk/src/api/identity/v3/os_inherit/domain/user/role.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod inherited_to_project; diff --git a/openstack_sdk/src/api/identity/v3/os_inherit/project.rs b/openstack_sdk/src/api/identity/v3/os_inherit/project.rs index 42a4b9b94..a457d92e3 100644 --- a/openstack_sdk/src/api/identity/v3/os_inherit/project.rs +++ b/openstack_sdk/src/api/identity/v3/os_inherit/project.rs @@ -15,6 +15,6 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/system` REST operations of identity +//! `identity/v4` REST operations of identity pub mod group; pub mod user; diff --git a/openstack_sdk/src/api/identity/v3/os_inherit/project/group.rs b/openstack_sdk/src/api/identity/v3/os_inherit/project/group.rs index 878ffb142..32a75aeff 100644 --- a/openstack_sdk/src/api/identity/v3/os_inherit/project/group.rs +++ b/openstack_sdk/src/api/identity/v3/os_inherit/project/group.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/os_oauth1` REST operations of identity +//! `identity/v4/federation` REST operations of identity pub mod role; diff --git a/openstack_sdk/src/api/identity/v3/os_inherit/project/group/role.rs b/openstack_sdk/src/api/identity/v3/os_inherit/project/group/role.rs index 6bf8dc579..889eeda81 100644 --- a/openstack_sdk/src/api/identity/v3/os_inherit/project/group/role.rs +++ b/openstack_sdk/src/api/identity/v3/os_inherit/project/group/role.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod inherited_to_project; diff --git a/openstack_sdk/src/api/identity/v3/os_inherit/project/user.rs b/openstack_sdk/src/api/identity/v3/os_inherit/project/user.rs index 878ffb142..32a75aeff 100644 --- a/openstack_sdk/src/api/identity/v3/os_inherit/project/user.rs +++ b/openstack_sdk/src/api/identity/v3/os_inherit/project/user.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/os_oauth1` REST operations of identity +//! `identity/v4/federation` REST operations of identity pub mod role; diff --git a/openstack_sdk/src/api/identity/v3/os_inherit/project/user/role.rs b/openstack_sdk/src/api/identity/v3/os_inherit/project/user/role.rs index 6bf8dc579..889eeda81 100644 --- a/openstack_sdk/src/api/identity/v3/os_inherit/project/user/role.rs +++ b/openstack_sdk/src/api/identity/v3/os_inherit/project/user/role.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod inherited_to_project; diff --git a/openstack_sdk/src/api/identity/v3/os_oauth1.rs b/openstack_sdk/src/api/identity/v3/os_oauth1.rs index 84d860adb..1a75eb2f9 100644 --- a/openstack_sdk/src/api/identity/v3/os_oauth1.rs +++ b/openstack_sdk/src/api/identity/v3/os_oauth1.rs @@ -15,7 +15,7 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod access_token; pub mod authorize; pub mod consumer; diff --git a/openstack_sdk/src/api/identity/v3/os_oauth2.rs b/openstack_sdk/src/api/identity/v3/os_oauth2.rs index a255daf5b..9f89529e9 100644 --- a/openstack_sdk/src/api/identity/v3/os_oauth2.rs +++ b/openstack_sdk/src/api/identity/v3/os_oauth2.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod token; diff --git a/openstack_sdk/src/api/identity/v3/os_revoke.rs b/openstack_sdk/src/api/identity/v3/os_revoke.rs index bf5fbeea9..d1e783c72 100644 --- a/openstack_sdk/src/api/identity/v3/os_revoke.rs +++ b/openstack_sdk/src/api/identity/v3/os_revoke.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod event; diff --git a/openstack_sdk/src/api/identity/v3/os_simple_cert.rs b/openstack_sdk/src/api/identity/v3/os_simple_cert.rs index fe7947179..5c8045828 100644 --- a/openstack_sdk/src/api/identity/v3/os_simple_cert.rs +++ b/openstack_sdk/src/api/identity/v3/os_simple_cert.rs @@ -15,6 +15,6 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod ca; pub mod certificate; diff --git a/openstack_sdk/src/api/identity/v3/os_trust.rs b/openstack_sdk/src/api/identity/v3/os_trust.rs index fda69fa2d..b00f606ae 100644 --- a/openstack_sdk/src/api/identity/v3/os_trust.rs +++ b/openstack_sdk/src/api/identity/v3/os_trust.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod trust; diff --git a/openstack_sdk/src/api/identity/v3/policy/os_endpoint_policy.rs b/openstack_sdk/src/api/identity/v3/policy/os_endpoint_policy.rs index 07f5430fb..5a3f216b5 100644 --- a/openstack_sdk/src/api/identity/v3/policy/os_endpoint_policy.rs +++ b/openstack_sdk/src/api/identity/v3/policy/os_endpoint_policy.rs @@ -15,6 +15,6 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod endpoint; pub mod service; diff --git a/openstack_sdk/src/api/identity/v3/project/group.rs b/openstack_sdk/src/api/identity/v3/project/group.rs index ec8b42590..6169d742d 100644 --- a/openstack_sdk/src/api/identity/v3/project/group.rs +++ b/openstack_sdk/src/api/identity/v3/project/group.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod role; diff --git a/openstack_sdk/src/api/identity/v3/project/user.rs b/openstack_sdk/src/api/identity/v3/project/user.rs index ec8b42590..6169d742d 100644 --- a/openstack_sdk/src/api/identity/v3/project/user.rs +++ b/openstack_sdk/src/api/identity/v3/project/user.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod role; diff --git a/openstack_sdk/src/api/identity/v3/system.rs b/openstack_sdk/src/api/identity/v3/system.rs index d4a87af42..594b351b5 100644 --- a/openstack_sdk/src/api/identity/v3/system.rs +++ b/openstack_sdk/src/api/identity/v3/system.rs @@ -15,6 +15,6 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/os_oauth1` REST operations of identity +//! `identity/v4/federation` REST operations of identity pub mod group; pub mod user; diff --git a/openstack_sdk/src/api/identity/v3/system/group.rs b/openstack_sdk/src/api/identity/v3/system/group.rs index ec8b42590..6169d742d 100644 --- a/openstack_sdk/src/api/identity/v3/system/group.rs +++ b/openstack_sdk/src/api/identity/v3/system/group.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod role; diff --git a/openstack_sdk/src/api/identity/v3/system/user.rs b/openstack_sdk/src/api/identity/v3/system/user.rs index ec8b42590..6169d742d 100644 --- a/openstack_sdk/src/api/identity/v3/system/user.rs +++ b/openstack_sdk/src/api/identity/v3/system/user.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod role; diff --git a/openstack_sdk/src/api/identity/v3/user/credential.rs b/openstack_sdk/src/api/identity/v3/user/credential.rs index 1e0b4f3ea..3f45e2877 100644 --- a/openstack_sdk/src/api/identity/v3/user/credential.rs +++ b/openstack_sdk/src/api/identity/v3/user/credential.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod os_ec2; diff --git a/openstack_sdk/src/api/identity/v3/user/os_oauth1.rs b/openstack_sdk/src/api/identity/v3/user/os_oauth1.rs index c98da59f7..3f5fc6e7d 100644 --- a/openstack_sdk/src/api/identity/v3/user/os_oauth1.rs +++ b/openstack_sdk/src/api/identity/v3/user/os_oauth1.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `/v3/users/{user_id}/access_rules/{id}` REST operations of identity +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity pub mod access_token; diff --git a/openstack_sdk/src/api/identity/v4.rs b/openstack_sdk/src/api/identity/v4.rs new file mode 100644 index 000000000..5e292b27c --- /dev/null +++ b/openstack_sdk/src/api/identity/v4.rs @@ -0,0 +1,20 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! `Identity` v4 Service bindings +pub mod federation; +pub mod user; diff --git a/openstack_sdk/src/api/identity/v4/federation.rs b/openstack_sdk/src/api/identity/v4/federation.rs new file mode 100644 index 000000000..94801e23e --- /dev/null +++ b/openstack_sdk/src/api/identity/v4/federation.rs @@ -0,0 +1,19 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity +pub mod identity_provider; diff --git a/openstack_sdk/src/api/identity/v4/federation/identity_provider.rs b/openstack_sdk/src/api/identity/v4/federation/identity_provider.rs new file mode 100644 index 000000000..b24575c28 --- /dev/null +++ b/openstack_sdk/src/api/identity/v4/federation/identity_provider.rs @@ -0,0 +1,23 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! `/v4/federation/identity_providers` REST operations of identity +pub mod create; +pub mod delete; +pub mod get; +pub mod list; +pub mod set; diff --git a/openstack_sdk/src/api/identity/v4/federation/identity_provider/create.rs b/openstack_sdk/src/api/identity/v4/federation/identity_provider/create.rs new file mode 100644 index 000000000..61837eb61 --- /dev/null +++ b/openstack_sdk/src/api/identity/v4/federation/identity_provider/create.rs @@ -0,0 +1,321 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! Create the identity provider with the specified properties. +//! +//! It is expected that only admin user is able to create global identity +//! providers. +//! +use derive_builder::Builder; +use http::{HeaderMap, HeaderName, HeaderValue}; + +use crate::api::rest_endpoint_prelude::*; + +use serde::Deserialize; +use serde::Serialize; +use serde_json::Value; +use std::borrow::Cow; +use std::collections::BTreeMap; + +/// Identity provider data. +#[derive(Builder, Debug, Deserialize, Clone, Serialize)] +#[builder(setter(strip_option))] +pub struct IdentityProvider<'a> { + /// The bound issuer that is verified when using the identity provider. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) bound_issuer: Option>, + + /// Default attribute mapping name which is automatically used when no + /// mapping is explicitly requested. The referred attribute mapping must + /// exist. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) default_mapping_name: Option>, + + /// The ID of the domain this identity provider belongs to. Empty value + /// identifies that the identity provider can be used by other domains as + /// well. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) domain_id: Option>, + + /// Optional URL to fetch JsonWebKeySet. Must be specified for JWT + /// authentication when discovery for the provider is not available or not + /// standard compliant. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) jwks_url: Option>, + + /// List of the jwt validation public keys. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) jwt_validation_pubkeys: Option>>, + + /// Identity provider name. + #[serde()] + #[builder(setter(into))] + pub(crate) name: Cow<'a, str>, + + /// The oidc `client_id` to use for the private client. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) oidc_client_id: Option>, + + /// The oidc `client_secret` to use for the private client. It is never + /// returned back. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) oidc_client_secret: Option>, + + /// OIDC discovery endpoint for the identity provider. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) oidc_discovery_url: Option>, + + /// The oidc response mode. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) oidc_response_mode: Option>, + + /// List of supported response types. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) oidc_response_types: Option>>, + + /// Additional special provider specific configuration + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, private, setter(into, name = "_provider_config"))] + pub(crate) provider_config: Option, Value>>, +} + +impl<'a> IdentityProviderBuilder<'a> { + /// Additional special provider specific configuration + pub fn provider_config(&mut self, iter: I) -> &mut Self + where + I: Iterator, + K: Into>, + V: Into, + { + self.provider_config + .get_or_insert(None) + .get_or_insert_with(BTreeMap::new) + .extend(iter.map(|(k, v)| (k.into(), v.into()))); + self + } +} + +#[derive(Builder, Debug, Clone)] +#[builder(setter(strip_option))] +pub struct Request<'a> { + /// Identity provider data. + #[builder(setter(into))] + pub(crate) identity_provider: IdentityProvider<'a>, + + #[builder(setter(name = "_headers"), default, private)] + _headers: Option, +} +impl<'a> Request<'a> { + /// Create a builder for the endpoint. + pub fn builder() -> RequestBuilder<'a> { + RequestBuilder::default() + } +} + +impl<'a> RequestBuilder<'a> { + /// Add a single header to the Identity_Provider. + pub fn header(&mut self, header_name: K, header_value: V) -> &mut Self + where + K: Into, + V: Into, + { + self._headers + .get_or_insert(None) + .get_or_insert_with(HeaderMap::new) + .insert(header_name.into(), header_value.into()); + self + } + + /// Add multiple headers. + pub fn headers(&mut self, iter: I) -> &mut Self + where + I: Iterator, + T: Into<(Option, HeaderValue)>, + { + self._headers + .get_or_insert(None) + .get_or_insert_with(HeaderMap::new) + .extend(iter.map(Into::into)); + self + } +} + +impl RestEndpoint for Request<'_> { + fn method(&self) -> http::Method { + http::Method::POST + } + + fn endpoint(&self) -> Cow<'static, str> { + "federation/identity_providers".to_string().into() + } + + fn parameters(&self) -> QueryParams<'_> { + QueryParams::default() + } + + fn body(&self) -> Result)>, BodyError> { + let mut params = JsonBodyParams::default(); + + params.push( + "identity_provider", + serde_json::to_value(&self.identity_provider)?, + ); + + params.into_body() + } + + fn service_type(&self) -> ServiceType { + ServiceType::Identity + } + + fn response_key(&self) -> Option> { + Some("identity_provider".into()) + } + + /// Returns headers to be set into the request + fn request_headers(&self) -> Option<&HeaderMap> { + self._headers.as_ref() + } + + /// Returns required API version + fn api_version(&self) -> Option { + Some(ApiVersion::new(4, 0)) + } +} + +#[cfg(test)] +mod tests { + use super::*; + #[cfg(feature = "sync")] + use crate::api::Query; + use crate::test::client::FakeOpenStackClient; + use crate::types::ServiceType; + use http::{HeaderName, HeaderValue}; + use httpmock::MockServer; + use serde_json::json; + + #[test] + fn test_service_type() { + assert_eq!( + Request::builder() + .identity_provider( + IdentityProviderBuilder::default() + .name("foo") + .build() + .unwrap() + ) + .build() + .unwrap() + .service_type(), + ServiceType::Identity + ); + } + + #[test] + fn test_response_key() { + assert_eq!( + Request::builder() + .identity_provider( + IdentityProviderBuilder::default() + .name("foo") + .build() + .unwrap() + ) + .build() + .unwrap() + .response_key() + .unwrap(), + "identity_provider" + ); + } + + #[cfg(feature = "sync")] + #[test] + fn endpoint() { + let server = MockServer::start(); + let client = FakeOpenStackClient::new(server.base_url()); + let mock = server.mock(|when, then| { + when.method(httpmock::Method::POST) + .path("/federation/identity_providers".to_string()); + + then.status(200) + .header("content-type", "application/json") + .json_body(json!({ "identity_provider": {} })); + }); + + let endpoint = Request::builder() + .identity_provider( + IdentityProviderBuilder::default() + .name("foo") + .build() + .unwrap(), + ) + .build() + .unwrap(); + let _: serde_json::Value = endpoint.query(&client).unwrap(); + mock.assert(); + } + + #[cfg(feature = "sync")] + #[test] + fn endpoint_headers() { + let server = MockServer::start(); + let client = FakeOpenStackClient::new(server.base_url()); + let mock = server.mock(|when, then| { + when.method(httpmock::Method::POST) + .path("/federation/identity_providers".to_string()) + .header("foo", "bar") + .header("not_foo", "not_bar"); + then.status(200) + .header("content-type", "application/json") + .json_body(json!({ "identity_provider": {} })); + }); + + let endpoint = Request::builder() + .identity_provider( + IdentityProviderBuilder::default() + .name("foo") + .build() + .unwrap(), + ) + .headers( + [( + Some(HeaderName::from_static("foo")), + HeaderValue::from_static("bar"), + )] + .into_iter(), + ) + .header( + HeaderName::from_static("not_foo"), + HeaderValue::from_static("not_bar"), + ) + .build() + .unwrap(); + let _: serde_json::Value = endpoint.query(&client).unwrap(); + mock.assert(); + } +} diff --git a/openstack_sdk/src/api/identity/v4/federation/identity_provider/delete.rs b/openstack_sdk/src/api/identity/v4/federation/identity_provider/delete.rs new file mode 100644 index 000000000..34727be95 --- /dev/null +++ b/openstack_sdk/src/api/identity/v4/federation/identity_provider/delete.rs @@ -0,0 +1,192 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! Deletes the existing identity provider. +//! +//! It is expected that only admin user is allowed to delete the global +//! identity provider +//! +use derive_builder::Builder; +use http::{HeaderMap, HeaderName, HeaderValue}; + +use crate::api::rest_endpoint_prelude::*; + +use std::borrow::Cow; + +#[derive(Builder, Debug, Clone)] +#[builder(setter(strip_option))] +pub struct Request<'a> { + /// The ID of the identity provider + #[builder(default, setter(into))] + idp_id: Cow<'a, str>, + + #[builder(setter(name = "_headers"), default, private)] + _headers: Option, +} +impl<'a> Request<'a> { + /// Create a builder for the endpoint. + pub fn builder() -> RequestBuilder<'a> { + RequestBuilder::default() + } +} + +impl<'a> RequestBuilder<'a> { + /// Add a single header to the Identity_Provider. + pub fn header(&mut self, header_name: K, header_value: V) -> &mut Self + where + K: Into, + V: Into, + { + self._headers + .get_or_insert(None) + .get_or_insert_with(HeaderMap::new) + .insert(header_name.into(), header_value.into()); + self + } + + /// Add multiple headers. + pub fn headers(&mut self, iter: I) -> &mut Self + where + I: Iterator, + T: Into<(Option, HeaderValue)>, + { + self._headers + .get_or_insert(None) + .get_or_insert_with(HeaderMap::new) + .extend(iter.map(Into::into)); + self + } +} + +impl RestEndpoint for Request<'_> { + fn method(&self) -> http::Method { + http::Method::DELETE + } + + fn endpoint(&self) -> Cow<'static, str> { + format!( + "federation/identity_providers/{idp_id}", + idp_id = self.idp_id.as_ref(), + ) + .into() + } + + fn parameters(&self) -> QueryParams<'_> { + QueryParams::default() + } + + fn service_type(&self) -> ServiceType { + ServiceType::Identity + } + + fn response_key(&self) -> Option> { + None + } + + /// Returns headers to be set into the request + fn request_headers(&self) -> Option<&HeaderMap> { + self._headers.as_ref() + } + + /// Returns required API version + fn api_version(&self) -> Option { + Some(ApiVersion::new(4, 0)) + } +} + +#[cfg(test)] +mod tests { + use super::*; + #[cfg(feature = "sync")] + use crate::api::Query; + use crate::test::client::FakeOpenStackClient; + use crate::types::ServiceType; + use http::{HeaderName, HeaderValue}; + use httpmock::MockServer; + use serde_json::json; + + #[test] + fn test_service_type() { + assert_eq!( + Request::builder().build().unwrap().service_type(), + ServiceType::Identity + ); + } + + #[test] + fn test_response_key() { + assert!(Request::builder().build().unwrap().response_key().is_none()) + } + + #[cfg(feature = "sync")] + #[test] + fn endpoint() { + let server = MockServer::start(); + let client = FakeOpenStackClient::new(server.base_url()); + let mock = server.mock(|when, then| { + when.method(httpmock::Method::DELETE).path(format!( + "/federation/identity_providers/{idp_id}", + idp_id = "idp_id", + )); + + then.status(200) + .header("content-type", "application/json") + .json_body(json!({ "dummy": {} })); + }); + + let endpoint = Request::builder().idp_id("idp_id").build().unwrap(); + let _: serde_json::Value = endpoint.query(&client).unwrap(); + mock.assert(); + } + + #[cfg(feature = "sync")] + #[test] + fn endpoint_headers() { + let server = MockServer::start(); + let client = FakeOpenStackClient::new(server.base_url()); + let mock = server.mock(|when, then| { + when.method(httpmock::Method::DELETE) + .path(format!( + "/federation/identity_providers/{idp_id}", + idp_id = "idp_id", + )) + .header("foo", "bar") + .header("not_foo", "not_bar"); + then.status(200) + .header("content-type", "application/json") + .json_body(json!({ "dummy": {} })); + }); + + let endpoint = Request::builder() + .idp_id("idp_id") + .headers( + [( + Some(HeaderName::from_static("foo")), + HeaderValue::from_static("bar"), + )] + .into_iter(), + ) + .header( + HeaderName::from_static("not_foo"), + HeaderValue::from_static("not_bar"), + ) + .build() + .unwrap(); + let _: serde_json::Value = endpoint.query(&client).unwrap(); + mock.assert(); + } +} diff --git a/openstack_sdk/src/api/identity/v4/federation/identity_provider/get.rs b/openstack_sdk/src/api/identity/v4/federation/identity_provider/get.rs new file mode 100644 index 000000000..7ce5f859f --- /dev/null +++ b/openstack_sdk/src/api/identity/v4/federation/identity_provider/get.rs @@ -0,0 +1,192 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! Shows details of the existing identity provider. +//! +use derive_builder::Builder; +use http::{HeaderMap, HeaderName, HeaderValue}; + +use crate::api::rest_endpoint_prelude::*; + +use std::borrow::Cow; + +#[derive(Builder, Debug, Clone)] +#[builder(setter(strip_option))] +pub struct Request<'a> { + /// The ID of the identity provider + #[builder(default, setter(into))] + idp_id: Cow<'a, str>, + + #[builder(setter(name = "_headers"), default, private)] + _headers: Option, +} +impl<'a> Request<'a> { + /// Create a builder for the endpoint. + pub fn builder() -> RequestBuilder<'a> { + RequestBuilder::default() + } +} + +impl<'a> RequestBuilder<'a> { + /// Add a single header to the Identity_Provider. + pub fn header(&mut self, header_name: K, header_value: V) -> &mut Self + where + K: Into, + V: Into, + { + self._headers + .get_or_insert(None) + .get_or_insert_with(HeaderMap::new) + .insert(header_name.into(), header_value.into()); + self + } + + /// Add multiple headers. + pub fn headers(&mut self, iter: I) -> &mut Self + where + I: Iterator, + T: Into<(Option, HeaderValue)>, + { + self._headers + .get_or_insert(None) + .get_or_insert_with(HeaderMap::new) + .extend(iter.map(Into::into)); + self + } +} + +impl RestEndpoint for Request<'_> { + fn method(&self) -> http::Method { + http::Method::GET + } + + fn endpoint(&self) -> Cow<'static, str> { + format!( + "federation/identity_providers/{idp_id}", + idp_id = self.idp_id.as_ref(), + ) + .into() + } + + fn parameters(&self) -> QueryParams<'_> { + QueryParams::default() + } + + fn service_type(&self) -> ServiceType { + ServiceType::Identity + } + + fn response_key(&self) -> Option> { + Some("identity_provider".into()) + } + + /// Returns headers to be set into the request + fn request_headers(&self) -> Option<&HeaderMap> { + self._headers.as_ref() + } + + /// Returns required API version + fn api_version(&self) -> Option { + Some(ApiVersion::new(4, 0)) + } +} + +#[cfg(test)] +mod tests { + use super::*; + #[cfg(feature = "sync")] + use crate::api::Query; + use crate::test::client::FakeOpenStackClient; + use crate::types::ServiceType; + use http::{HeaderName, HeaderValue}; + use httpmock::MockServer; + use serde_json::json; + + #[test] + fn test_service_type() { + assert_eq!( + Request::builder().build().unwrap().service_type(), + ServiceType::Identity + ); + } + + #[test] + fn test_response_key() { + assert_eq!( + Request::builder().build().unwrap().response_key().unwrap(), + "identity_provider" + ); + } + + #[cfg(feature = "sync")] + #[test] + fn endpoint() { + let server = MockServer::start(); + let client = FakeOpenStackClient::new(server.base_url()); + let mock = server.mock(|when, then| { + when.method(httpmock::Method::GET).path(format!( + "/federation/identity_providers/{idp_id}", + idp_id = "idp_id", + )); + + then.status(200) + .header("content-type", "application/json") + .json_body(json!({ "identity_provider": {} })); + }); + + let endpoint = Request::builder().idp_id("idp_id").build().unwrap(); + let _: serde_json::Value = endpoint.query(&client).unwrap(); + mock.assert(); + } + + #[cfg(feature = "sync")] + #[test] + fn endpoint_headers() { + let server = MockServer::start(); + let client = FakeOpenStackClient::new(server.base_url()); + let mock = server.mock(|when, then| { + when.method(httpmock::Method::GET) + .path(format!( + "/federation/identity_providers/{idp_id}", + idp_id = "idp_id", + )) + .header("foo", "bar") + .header("not_foo", "not_bar"); + then.status(200) + .header("content-type", "application/json") + .json_body(json!({ "identity_provider": {} })); + }); + + let endpoint = Request::builder() + .idp_id("idp_id") + .headers( + [( + Some(HeaderName::from_static("foo")), + HeaderValue::from_static("bar"), + )] + .into_iter(), + ) + .header( + HeaderName::from_static("not_foo"), + HeaderValue::from_static("not_bar"), + ) + .build() + .unwrap(); + let _: serde_json::Value = endpoint.query(&client).unwrap(); + mock.assert(); + } +} diff --git a/openstack_sdk/src/api/identity/v4/federation/identity_provider/list.rs b/openstack_sdk/src/api/identity/v4/federation/identity_provider/list.rs new file mode 100644 index 000000000..52d78fda1 --- /dev/null +++ b/openstack_sdk/src/api/identity/v4/federation/identity_provider/list.rs @@ -0,0 +1,195 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! List identity providers. Without any filters only global identity providers +//! are returned. With the `domain_id` identity providers owned by the +//! specified identity provider are returned. +//! +//! It is expected that only global or owned identity providers can be +//! returned, while an admin user is able to list all providers. +//! +use derive_builder::Builder; +use http::{HeaderMap, HeaderName, HeaderValue}; + +use crate::api::rest_endpoint_prelude::*; + +use std::borrow::Cow; + +#[derive(Builder, Debug, Clone)] +#[builder(setter(strip_option))] +pub struct Request<'a> { + /// Filters the response by a domain ID. + #[builder(default, setter(into))] + domain_id: Option>, + + /// Filters the response by IDP name. + #[builder(default, setter(into))] + name: Option>, + + #[builder(setter(name = "_headers"), default, private)] + _headers: Option, +} +impl<'a> Request<'a> { + /// Create a builder for the endpoint. + pub fn builder() -> RequestBuilder<'a> { + RequestBuilder::default() + } +} + +impl<'a> RequestBuilder<'a> { + /// Add a single header to the Identity_Provider. + pub fn header(&mut self, header_name: K, header_value: V) -> &mut Self + where + K: Into, + V: Into, + { + self._headers + .get_or_insert(None) + .get_or_insert_with(HeaderMap::new) + .insert(header_name.into(), header_value.into()); + self + } + + /// Add multiple headers. + pub fn headers(&mut self, iter: I) -> &mut Self + where + I: Iterator, + T: Into<(Option, HeaderValue)>, + { + self._headers + .get_or_insert(None) + .get_or_insert_with(HeaderMap::new) + .extend(iter.map(Into::into)); + self + } +} + +impl RestEndpoint for Request<'_> { + fn method(&self) -> http::Method { + http::Method::GET + } + + fn endpoint(&self) -> Cow<'static, str> { + "federation/identity_providers".to_string().into() + } + + fn parameters(&self) -> QueryParams<'_> { + let mut params = QueryParams::default(); + params.push_opt("name", self.name.as_ref()); + params.push_opt("domain_id", self.domain_id.as_ref()); + + params + } + + fn service_type(&self) -> ServiceType { + ServiceType::Identity + } + + fn response_key(&self) -> Option> { + Some("identity_providers".into()) + } + + /// Returns headers to be set into the request + fn request_headers(&self) -> Option<&HeaderMap> { + self._headers.as_ref() + } + + /// Returns required API version + fn api_version(&self) -> Option { + Some(ApiVersion::new(4, 0)) + } +} + +#[cfg(test)] +mod tests { + use super::*; + #[cfg(feature = "sync")] + use crate::api::Query; + use crate::test::client::FakeOpenStackClient; + use crate::types::ServiceType; + use http::{HeaderName, HeaderValue}; + use httpmock::MockServer; + use serde_json::json; + + #[test] + fn test_service_type() { + assert_eq!( + Request::builder().build().unwrap().service_type(), + ServiceType::Identity + ); + } + + #[test] + fn test_response_key() { + assert_eq!( + Request::builder().build().unwrap().response_key().unwrap(), + "identity_providers" + ); + } + + #[cfg(feature = "sync")] + #[test] + fn endpoint() { + let server = MockServer::start(); + let client = FakeOpenStackClient::new(server.base_url()); + let mock = server.mock(|when, then| { + when.method(httpmock::Method::GET) + .path("/federation/identity_providers".to_string()); + + then.status(200) + .header("content-type", "application/json") + .json_body(json!({ "identity_providers": {} })); + }); + + let endpoint = Request::builder().build().unwrap(); + let _: serde_json::Value = endpoint.query(&client).unwrap(); + mock.assert(); + } + + #[cfg(feature = "sync")] + #[test] + fn endpoint_headers() { + let server = MockServer::start(); + let client = FakeOpenStackClient::new(server.base_url()); + let mock = server.mock(|when, then| { + when.method(httpmock::Method::GET) + .path("/federation/identity_providers".to_string()) + .header("foo", "bar") + .header("not_foo", "not_bar"); + then.status(200) + .header("content-type", "application/json") + .json_body(json!({ "identity_providers": {} })); + }); + + let endpoint = Request::builder() + .headers( + [( + Some(HeaderName::from_static("foo")), + HeaderValue::from_static("bar"), + )] + .into_iter(), + ) + .header( + HeaderName::from_static("not_foo"), + HeaderValue::from_static("not_bar"), + ) + .build() + .unwrap(); + let _: serde_json::Value = endpoint.query(&client).unwrap(); + mock.assert(); + } +} diff --git a/openstack_sdk/src/api/identity/v4/federation/identity_provider/set.rs b/openstack_sdk/src/api/identity/v4/federation/identity_provider/set.rs new file mode 100644 index 000000000..cba6057ad --- /dev/null +++ b/openstack_sdk/src/api/identity/v4/federation/identity_provider/set.rs @@ -0,0 +1,324 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! Updates the existing identity provider. +//! +use derive_builder::Builder; +use http::{HeaderMap, HeaderName, HeaderValue}; + +use crate::api::rest_endpoint_prelude::*; + +use serde::Deserialize; +use serde::Serialize; +use serde_json::Value; +use std::borrow::Cow; +use std::collections::BTreeMap; + +/// New identity provider data. +#[derive(Builder, Debug, Deserialize, Clone, Serialize)] +#[builder(setter(strip_option))] +pub struct IdentityProvider<'a> { + /// The new bound issuer that is verified when using the identity provider. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) bound_issuer: Option>>, + + /// New default attribute mapping name which is automatically used when no + /// mapping is explicitly requested. The referred attribute mapping must + /// exist. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) default_mapping_name: Option>>, + + /// New URL to fetch JsonWebKeySet. This must be set for "jwt" mapping when + /// the provider does not provide discovery endpoint or when it is not + /// standard compliant. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) jwks_url: Option>>, + + /// The list of the jwt validation public keys. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) jwt_validation_pubkeys: Option>>, + + /// The new name of the federated identity provider. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) name: Option>>, + + /// The new oidc `client_id` to use for the private client. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) oidc_client_id: Option>>, + + /// The new oidc `client_secret` to use for the private client. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) oidc_client_secret: Option>>, + + /// The new OIDC discovery endpoint for the identity provider. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) oidc_discovery_url: Option>>, + + /// The new oidc response mode. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) oidc_response_mode: Option>>, + + /// The new oidc response mode. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) oidc_response_types: Option>>, + + /// New additional provider configuration. + #[serde()] + #[builder(private, setter(into, name = "_provider_config"))] + pub(crate) provider_config: BTreeMap, Value>, +} + +impl<'a> IdentityProviderBuilder<'a> { + /// New additional provider configuration. + pub fn provider_config(&mut self, iter: I) -> &mut Self + where + I: Iterator, + K: Into>, + V: Into, + { + self.provider_config + .get_or_insert_with(BTreeMap::new) + .extend(iter.map(|(k, v)| (k.into(), v.into()))); + self + } +} + +#[derive(Builder, Debug, Clone)] +#[builder(setter(strip_option))] +pub struct Request<'a> { + /// New identity provider data. + #[builder(setter(into))] + pub(crate) identity_provider: IdentityProvider<'a>, + + /// The ID of the identity provider + #[builder(default, setter(into))] + idp_id: Cow<'a, str>, + + #[builder(setter(name = "_headers"), default, private)] + _headers: Option, +} +impl<'a> Request<'a> { + /// Create a builder for the endpoint. + pub fn builder() -> RequestBuilder<'a> { + RequestBuilder::default() + } +} + +impl<'a> RequestBuilder<'a> { + /// Add a single header to the Identity_Provider. + pub fn header(&mut self, header_name: K, header_value: V) -> &mut Self + where + K: Into, + V: Into, + { + self._headers + .get_or_insert(None) + .get_or_insert_with(HeaderMap::new) + .insert(header_name.into(), header_value.into()); + self + } + + /// Add multiple headers. + pub fn headers(&mut self, iter: I) -> &mut Self + where + I: Iterator, + T: Into<(Option, HeaderValue)>, + { + self._headers + .get_or_insert(None) + .get_or_insert_with(HeaderMap::new) + .extend(iter.map(Into::into)); + self + } +} + +impl RestEndpoint for Request<'_> { + fn method(&self) -> http::Method { + http::Method::PUT + } + + fn endpoint(&self) -> Cow<'static, str> { + format!( + "federation/identity_providers/{idp_id}", + idp_id = self.idp_id.as_ref(), + ) + .into() + } + + fn parameters(&self) -> QueryParams<'_> { + QueryParams::default() + } + + fn body(&self) -> Result)>, BodyError> { + let mut params = JsonBodyParams::default(); + + params.push( + "identity_provider", + serde_json::to_value(&self.identity_provider)?, + ); + + params.into_body() + } + + fn service_type(&self) -> ServiceType { + ServiceType::Identity + } + + fn response_key(&self) -> Option> { + Some("identity_provider".into()) + } + + /// Returns headers to be set into the request + fn request_headers(&self) -> Option<&HeaderMap> { + self._headers.as_ref() + } + + /// Returns required API version + fn api_version(&self) -> Option { + Some(ApiVersion::new(4, 0)) + } +} + +#[cfg(test)] +mod tests { + use super::*; + #[cfg(feature = "sync")] + use crate::api::Query; + use crate::test::client::FakeOpenStackClient; + use crate::types::ServiceType; + use http::{HeaderName, HeaderValue}; + use httpmock::MockServer; + use serde_json::json; + + #[test] + fn test_service_type() { + assert_eq!( + Request::builder() + .identity_provider( + IdentityProviderBuilder::default() + .provider_config(BTreeMap::::new().into_iter()) + .build() + .unwrap() + ) + .build() + .unwrap() + .service_type(), + ServiceType::Identity + ); + } + + #[test] + fn test_response_key() { + assert_eq!( + Request::builder() + .identity_provider( + IdentityProviderBuilder::default() + .provider_config(BTreeMap::::new().into_iter()) + .build() + .unwrap() + ) + .build() + .unwrap() + .response_key() + .unwrap(), + "identity_provider" + ); + } + + #[cfg(feature = "sync")] + #[test] + fn endpoint() { + let server = MockServer::start(); + let client = FakeOpenStackClient::new(server.base_url()); + let mock = server.mock(|when, then| { + when.method(httpmock::Method::PUT).path(format!( + "/federation/identity_providers/{idp_id}", + idp_id = "idp_id", + )); + + then.status(200) + .header("content-type", "application/json") + .json_body(json!({ "identity_provider": {} })); + }); + + let endpoint = Request::builder() + .idp_id("idp_id") + .identity_provider( + IdentityProviderBuilder::default() + .provider_config(BTreeMap::::new().into_iter()) + .build() + .unwrap(), + ) + .build() + .unwrap(); + let _: serde_json::Value = endpoint.query(&client).unwrap(); + mock.assert(); + } + + #[cfg(feature = "sync")] + #[test] + fn endpoint_headers() { + let server = MockServer::start(); + let client = FakeOpenStackClient::new(server.base_url()); + let mock = server.mock(|when, then| { + when.method(httpmock::Method::PUT) + .path(format!( + "/federation/identity_providers/{idp_id}", + idp_id = "idp_id", + )) + .header("foo", "bar") + .header("not_foo", "not_bar"); + then.status(200) + .header("content-type", "application/json") + .json_body(json!({ "identity_provider": {} })); + }); + + let endpoint = Request::builder() + .idp_id("idp_id") + .identity_provider( + IdentityProviderBuilder::default() + .provider_config(BTreeMap::::new().into_iter()) + .build() + .unwrap(), + ) + .headers( + [( + Some(HeaderName::from_static("foo")), + HeaderValue::from_static("bar"), + )] + .into_iter(), + ) + .header( + HeaderName::from_static("not_foo"), + HeaderValue::from_static("not_bar"), + ) + .build() + .unwrap(); + let _: serde_json::Value = endpoint.query(&client).unwrap(); + mock.assert(); + } +} diff --git a/openstack_sdk/src/api/identity/v4/user.rs b/openstack_sdk/src/api/identity/v4/user.rs new file mode 100644 index 000000000..1341be53d --- /dev/null +++ b/openstack_sdk/src/api/identity/v4/user.rs @@ -0,0 +1,19 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! `/v4/federation/identity_providers/{idp_id}` REST operations of identity +pub mod passkey; diff --git a/openstack_sdk/src/api/identity/v4/user/passkey.rs b/openstack_sdk/src/api/identity/v4/user/passkey.rs new file mode 100644 index 000000000..8963e2059 --- /dev/null +++ b/openstack_sdk/src/api/identity/v4/user/passkey.rs @@ -0,0 +1,20 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! `/v4/users/{user_id}/passkeys/register_start` REST operations of identity +pub mod register_finish; +pub mod register_start; diff --git a/openstack_sdk/src/api/identity/v4/user/passkey/register_finish.rs b/openstack_sdk/src/api/identity/v4/user/passkey/register_finish.rs new file mode 100644 index 000000000..ebd2f374e --- /dev/null +++ b/openstack_sdk/src/api/identity/v4/user/passkey/register_finish.rs @@ -0,0 +1,376 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +use derive_builder::Builder; +use http::{HeaderMap, HeaderName, HeaderValue}; + +use crate::api::rest_endpoint_prelude::*; + +use serde::Deserialize; +use serde::Serialize; +use std::borrow::Cow; + +/// https://www.w3.org/TR/webauthn-3/#sctn-authenticator-credential-properties-extension +#[derive(Builder, Debug, Deserialize, Clone, Serialize)] +#[builder(setter(strip_option))] +pub struct CredProps { + /// A user agent supplied hint that this credential may have created a + /// resident key. It is returned from the user agent, not the authenticator + /// meaning that this is an unreliable signal. + /// + /// Note that this extension is UNSIGNED and may have been altered by page + /// javascript. + #[serde()] + #[builder(setter(into))] + pub(crate) rk: bool, +} + +#[derive(Debug, Deserialize, Clone, Serialize)] +pub enum CredProtect { + #[serde(rename = "UserVerificationOptional")] + Userverificationoptional, + #[serde(rename = "UserVerificationOptionalWithCredentialIDList")] + Userverificationoptionalwithcredentialidlist, + #[serde(rename = "UserVerificationRequired")] + Userverificationrequired, +} + +/// https://w3c.github.io/webauthn/#dictdef-authenticationextensionsclientoutputs +/// The default option here for Options are None, so it can be derived +#[derive(Builder, Debug, Deserialize, Clone, Serialize)] +#[builder(setter(strip_option))] +pub struct Extensions { + /// Indicates whether the client used the provided appid extension. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) appid: Option, + + /// https://www.w3.org/TR/webauthn-3/#sctn-authenticator-credential-properties-extension + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) cred_props: Option, + + /// Valid credential protection policies + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default)] + pub(crate) cred_protect: Option, + + /// Indicates if the client successfully applied a HMAC Secret. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) hmac_secret: Option, + + /// Indicates the current minimum PIN length. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) min_pin_length: Option, +} + +#[derive(Debug, Deserialize, Clone, Serialize)] +pub enum Transports { + #[serde(rename = "Ble")] + Ble, + #[serde(rename = "Hybrid")] + Hybrid, + #[serde(rename = "Internal")] + Internal, + #[serde(rename = "Nfc")] + Nfc, + #[serde(rename = "Test")] + Test, + #[serde(rename = "Unknown")] + Unknown, + #[serde(rename = "Usb")] + Usb, +} + +/// https://w3c.github.io/webauthn/#authenticatorattestationresponse +#[derive(Builder, Debug, Deserialize, Clone, Serialize)] +#[builder(setter(strip_option))] +pub struct Response<'a> { + /// https://w3c.github.io/webauthn/#dom-authenticatorattestationresponse-attestationobject. + #[serde()] + #[builder(setter(into))] + pub(crate) attestation_object: Cow<'a, str>, + + /// https://w3c.github.io/webauthn/#dom-authenticatorresponse-clientdatajson. + #[serde()] + #[builder(setter(into))] + pub(crate) client_data_json: Cow<'a, str>, + + /// https://w3c.github.io/webauthn/#dom-authenticatorattestationresponse-gettransports. + #[serde(skip_serializing_if = "Option::is_none")] + #[builder(default, setter(into))] + pub(crate) transports: Option>, +} + +#[derive(Builder, Debug, Clone)] +#[builder(setter(strip_option))] +pub struct Request<'a> { + /// https://w3c.github.io/webauthn/#dictdef-authenticationextensionsclientoutputs + /// The default option here for Options are None, so it can be derived + #[builder(setter(into))] + pub(crate) extensions: Extensions, + + /// The id of the PublicKey credential, likely in base64. + /// + /// This is NEVER actually used in a real registration, because the true + /// credential ID is taken from the attestation data. + #[builder(setter(into))] + pub(crate) id: Cow<'a, str>, + + /// The id of the credential, as binary. + /// + /// This is NEVER actually used in a real registration, because the true + /// credential ID is taken from the attestation data. + #[builder(setter(into))] + pub(crate) raw_id: Cow<'a, str>, + + /// https://w3c.github.io/webauthn/#authenticatorattestationresponse + #[builder(setter(into))] + pub(crate) response: Response<'a>, + + /// The type of credential. + #[builder(setter(into))] + pub(crate) type_: Cow<'a, str>, + + /// The ID of the user. + #[builder(default, setter(into))] + user_id: Cow<'a, str>, + + #[builder(setter(name = "_headers"), default, private)] + _headers: Option, +} +impl<'a> Request<'a> { + /// Create a builder for the endpoint. + pub fn builder() -> RequestBuilder<'a> { + RequestBuilder::default() + } +} + +impl<'a> RequestBuilder<'a> { + /// Add a single header to the Register_Finish. + pub fn header(&mut self, header_name: K, header_value: V) -> &mut Self + where + K: Into, + V: Into, + { + self._headers + .get_or_insert(None) + .get_or_insert_with(HeaderMap::new) + .insert(header_name.into(), header_value.into()); + self + } + + /// Add multiple headers. + pub fn headers(&mut self, iter: I) -> &mut Self + where + I: Iterator, + T: Into<(Option, HeaderValue)>, + { + self._headers + .get_or_insert(None) + .get_or_insert_with(HeaderMap::new) + .extend(iter.map(Into::into)); + self + } +} + +impl RestEndpoint for Request<'_> { + fn method(&self) -> http::Method { + http::Method::POST + } + + fn endpoint(&self) -> Cow<'static, str> { + format!( + "users/{user_id}/passkeys/register_finish", + user_id = self.user_id.as_ref(), + ) + .into() + } + + fn parameters(&self) -> QueryParams<'_> { + QueryParams::default() + } + + fn body(&self) -> Result)>, BodyError> { + let mut params = JsonBodyParams::default(); + + params.push("extensions", serde_json::to_value(&self.extensions)?); + params.push("id", serde_json::to_value(&self.id)?); + params.push("raw_id", serde_json::to_value(&self.raw_id)?); + params.push("response", serde_json::to_value(&self.response)?); + params.push("type_", serde_json::to_value(&self.type_)?); + + params.into_body() + } + + fn service_type(&self) -> ServiceType { + ServiceType::Identity + } + + fn response_key(&self) -> Option> { + None + } + + /// Returns headers to be set into the request + fn request_headers(&self) -> Option<&HeaderMap> { + self._headers.as_ref() + } + + /// Returns required API version + fn api_version(&self) -> Option { + Some(ApiVersion::new(4, 0)) + } +} + +#[cfg(test)] +mod tests { + use super::*; + #[cfg(feature = "sync")] + use crate::api::Query; + use crate::test::client::FakeOpenStackClient; + use crate::types::ServiceType; + use http::{HeaderName, HeaderValue}; + use httpmock::MockServer; + use serde_json::json; + + #[test] + fn test_service_type() { + assert_eq!( + Request::builder() + .extensions(ExtensionsBuilder::default().build().unwrap()) + .id("foo") + .raw_id("foo") + .response( + ResponseBuilder::default() + .attestation_object("foo") + .client_data_json("foo") + .build() + .unwrap() + ) + .type_("foo") + .build() + .unwrap() + .service_type(), + ServiceType::Identity + ); + } + + #[test] + fn test_response_key() { + assert!(Request::builder() + .extensions(ExtensionsBuilder::default().build().unwrap()) + .id("foo") + .raw_id("foo") + .response( + ResponseBuilder::default() + .attestation_object("foo") + .client_data_json("foo") + .build() + .unwrap() + ) + .type_("foo") + .build() + .unwrap() + .response_key() + .is_none()) + } + + #[cfg(feature = "sync")] + #[test] + fn endpoint() { + let server = MockServer::start(); + let client = FakeOpenStackClient::new(server.base_url()); + let mock = server.mock(|when, then| { + when.method(httpmock::Method::POST).path(format!( + "/users/{user_id}/passkeys/register_finish", + user_id = "user_id", + )); + + then.status(200) + .header("content-type", "application/json") + .json_body(json!({ "dummy": {} })); + }); + + let endpoint = Request::builder() + .user_id("user_id") + .extensions(ExtensionsBuilder::default().build().unwrap()) + .id("foo") + .raw_id("foo") + .response( + ResponseBuilder::default() + .attestation_object("foo") + .client_data_json("foo") + .build() + .unwrap(), + ) + .type_("foo") + .build() + .unwrap(); + let _: serde_json::Value = endpoint.query(&client).unwrap(); + mock.assert(); + } + + #[cfg(feature = "sync")] + #[test] + fn endpoint_headers() { + let server = MockServer::start(); + let client = FakeOpenStackClient::new(server.base_url()); + let mock = server.mock(|when, then| { + when.method(httpmock::Method::POST) + .path(format!( + "/users/{user_id}/passkeys/register_finish", + user_id = "user_id", + )) + .header("foo", "bar") + .header("not_foo", "not_bar"); + then.status(200) + .header("content-type", "application/json") + .json_body(json!({ "dummy": {} })); + }); + + let endpoint = Request::builder() + .user_id("user_id") + .extensions(ExtensionsBuilder::default().build().unwrap()) + .id("foo") + .raw_id("foo") + .response( + ResponseBuilder::default() + .attestation_object("foo") + .client_data_json("foo") + .build() + .unwrap(), + ) + .type_("foo") + .headers( + [( + Some(HeaderName::from_static("foo")), + HeaderValue::from_static("bar"), + )] + .into_iter(), + ) + .header( + HeaderName::from_static("not_foo"), + HeaderValue::from_static("not_bar"), + ) + .build() + .unwrap(); + let _: serde_json::Value = endpoint.query(&client).unwrap(); + mock.assert(); + } +} diff --git a/openstack_sdk/src/api/identity/v4/user/passkey/register_start.rs b/openstack_sdk/src/api/identity/v4/user/passkey/register_start.rs new file mode 100644 index 000000000..81ecb8b08 --- /dev/null +++ b/openstack_sdk/src/api/identity/v4/user/passkey/register_start.rs @@ -0,0 +1,220 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! Generate a challenge that the user must sign with the passkey or security +//! device. Signed challenge must be sent to the +//! `/v4/users/{user_id}/passkey/register_finish` endpoint. +//! +use derive_builder::Builder; +use http::{HeaderMap, HeaderName, HeaderValue}; + +use crate::api::rest_endpoint_prelude::*; + +use std::borrow::Cow; + +#[derive(Builder, Debug, Clone)] +#[builder(setter(strip_option))] +pub struct Request<'a> { + /// The description for the passkey (name). + #[builder(setter(into))] + pub(crate) description: Option>, + + /// The ID of the user. + #[builder(default, setter(into))] + user_id: Cow<'a, str>, + + #[builder(setter(name = "_headers"), default, private)] + _headers: Option, +} +impl<'a> Request<'a> { + /// Create a builder for the endpoint. + pub fn builder() -> RequestBuilder<'a> { + RequestBuilder::default() + } +} + +impl<'a> RequestBuilder<'a> { + /// Add a single header to the Register_Start. + pub fn header(&mut self, header_name: K, header_value: V) -> &mut Self + where + K: Into, + V: Into, + { + self._headers + .get_or_insert(None) + .get_or_insert_with(HeaderMap::new) + .insert(header_name.into(), header_value.into()); + self + } + + /// Add multiple headers. + pub fn headers(&mut self, iter: I) -> &mut Self + where + I: Iterator, + T: Into<(Option, HeaderValue)>, + { + self._headers + .get_or_insert(None) + .get_or_insert_with(HeaderMap::new) + .extend(iter.map(Into::into)); + self + } +} + +impl RestEndpoint for Request<'_> { + fn method(&self) -> http::Method { + http::Method::POST + } + + fn endpoint(&self) -> Cow<'static, str> { + format!( + "users/{user_id}/passkeys/register_start", + user_id = self.user_id.as_ref(), + ) + .into() + } + + fn parameters(&self) -> QueryParams<'_> { + QueryParams::default() + } + + fn body(&self) -> Result)>, BodyError> { + let mut params = JsonBodyParams::default(); + + params.push("description", serde_json::to_value(&self.description)?); + + params.into_body() + } + + fn service_type(&self) -> ServiceType { + ServiceType::Identity + } + + fn response_key(&self) -> Option> { + Some("public_key".into()) + } + + /// Returns headers to be set into the request + fn request_headers(&self) -> Option<&HeaderMap> { + self._headers.as_ref() + } + + /// Returns required API version + fn api_version(&self) -> Option { + Some(ApiVersion::new(4, 0)) + } +} + +#[cfg(test)] +mod tests { + use super::*; + #[cfg(feature = "sync")] + use crate::api::Query; + use crate::test::client::FakeOpenStackClient; + use crate::types::ServiceType; + use http::{HeaderName, HeaderValue}; + use httpmock::MockServer; + use serde_json::json; + + #[test] + fn test_service_type() { + assert_eq!( + Request::builder() + .description("foo") + .build() + .unwrap() + .service_type(), + ServiceType::Identity + ); + } + + #[test] + fn test_response_key() { + assert_eq!( + Request::builder() + .description("foo") + .build() + .unwrap() + .response_key() + .unwrap(), + "public_key" + ); + } + + #[cfg(feature = "sync")] + #[test] + fn endpoint() { + let server = MockServer::start(); + let client = FakeOpenStackClient::new(server.base_url()); + let mock = server.mock(|when, then| { + when.method(httpmock::Method::POST).path(format!( + "/users/{user_id}/passkeys/register_start", + user_id = "user_id", + )); + + then.status(200) + .header("content-type", "application/json") + .json_body(json!({ "public_key": {} })); + }); + + let endpoint = Request::builder() + .user_id("user_id") + .description("foo") + .build() + .unwrap(); + let _: serde_json::Value = endpoint.query(&client).unwrap(); + mock.assert(); + } + + #[cfg(feature = "sync")] + #[test] + fn endpoint_headers() { + let server = MockServer::start(); + let client = FakeOpenStackClient::new(server.base_url()); + let mock = server.mock(|when, then| { + when.method(httpmock::Method::POST) + .path(format!( + "/users/{user_id}/passkeys/register_start", + user_id = "user_id", + )) + .header("foo", "bar") + .header("not_foo", "not_bar"); + then.status(200) + .header("content-type", "application/json") + .json_body(json!({ "public_key": {} })); + }); + + let endpoint = Request::builder() + .user_id("user_id") + .description("foo") + .headers( + [( + Some(HeaderName::from_static("foo")), + HeaderValue::from_static("bar"), + )] + .into_iter(), + ) + .header( + HeaderName::from_static("not_foo"), + HeaderValue::from_static("not_bar"), + ) + .build() + .unwrap(); + let _: serde_json::Value = endpoint.query(&client).unwrap(); + mock.assert(); + } +} diff --git a/openstack_types/Cargo.toml b/openstack_types/Cargo.toml index 990f1dac8..a73074f76 100644 --- a/openstack_types/Cargo.toml +++ b/openstack_types/Cargo.toml @@ -36,6 +36,7 @@ object_store = [] placement = [] # include openapi specs openapi = [] +keystone_ng = [] [dependencies] chrono = { workspace= true } diff --git a/openstack_types/data/identity/keystone_rust.yaml b/openstack_types/data/identity/keystone_rust.yaml new file mode 100644 index 000000000..a0647cf96 --- /dev/null +++ b/openstack_types/data/identity/keystone_rust.yaml @@ -0,0 +1,3206 @@ +openapi: 3.1.0 +info: + title: openstack_keystone + description: OpenStack Keystone service + contact: + name: Artem Goncharov (gtema) + license: + name: Apache-2.0 + identifier: Apache-2.0 + version: 4.0.1 +paths: + /: + get: + tags: + - version + summary: Versions + description: Version discovery + operationId: version + responses: + '200': + description: Versions + content: + application/json: + schema: + $ref: '#/components/schemas/Versions' + /v3: + get: + tags: + - version + summary: Version discovery endpoint + description: Version discovery + operationId: version + responses: + '200': + description: Versions + content: + application/json: + schema: + $ref: '#/components/schemas/SingleVersion' + /v3/auth/tokens: + get: + tags: + - auth + summary: Validate token + description: Validate token + operationId: show + parameters: + - name: nocatalog + in: query + description: |- + The authentication response excludes the service catalog. By default, the response includes + the service catalog. + required: false + schema: + type: + - boolean + - 'null' + - name: allow_expired + in: query + description: Allow fetching a token that has expired. By default expired tokens return a 404 exception. + required: false + schema: + type: + - boolean + - 'null' + responses: + '200': + description: Token object + content: + application/json: + schema: + $ref: '#/components/schemas/TokenResponse' + post: + tags: + - auth + summary: Authenticate user issuing a new token + description: Issue token + operationId: post + parameters: + - name: nocatalog + in: query + description: |- + The authentication response excludes the service catalog. By default, the response includes + the service catalog. + required: false + schema: + type: + - boolean + - 'null' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AuthRequest' + required: true + responses: + '200': + description: Token object + content: + application/json: + schema: + $ref: '#/components/schemas/TokenResponse' + /v3/groups: + get: + tags: + - groups + summary: List groups + description: List groups + operationId: list + parameters: + - name: domain_id + in: query + description: Filter users by Domain ID + required: false + schema: + type: + - string + - 'null' + - name: name + in: query + description: Filter users by Name + required: false + schema: + type: + - string + - 'null' + responses: + '200': + description: List of groups + content: + application/json: + schema: + $ref: '#/components/schemas/GroupList' + '500': + description: Internal error + post: + tags: + - groups + summary: Create group + description: Create new Group + operationId: create + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/GroupCreateRequest' + required: true + responses: + '201': + description: Group object + content: + application/json: + schema: + $ref: '#/components/schemas/GroupResponse' + /v3/groups/{group_id}: + get: + tags: + - groups + summary: Get single group + description: Get group by ID + operationId: show + parameters: + - name: group_id + in: path + required: true + schema: + type: string + responses: + '200': + description: Group object + content: + application/json: + schema: + $ref: '#/components/schemas/GroupResponse' + '404': + description: Group not found + delete: + tags: + - groups + summary: Delete group + description: Delete group by ID + operationId: remove + parameters: + - name: group_id + in: path + required: true + schema: + type: string + responses: + '204': + description: Deleted + '404': + description: group not found + /v3/role_assignments: + get: + tags: + - roles + summary: List role assignments + description: List roles + operationId: list + parameters: + - name: scope.domain.id + in: query + description: Filters the response by a domain ID. + required: false + schema: + type: + - string + - 'null' + - name: group.id + in: query + description: Filters the response by a group ID. + required: false + schema: + type: + - string + - 'null' + - name: effective + in: query + description: |- + Returns the effective assignments, including any assignments gained by virtue of group + membership. + required: false + schema: + type: + - boolean + - 'null' + - name: scope.project.id + in: query + description: Filters the response by a project ID. + required: false + schema: + type: + - string + - 'null' + - name: role.id + in: query + description: Filters the response by a role ID. + required: false + schema: + type: + - string + - 'null' + - name: user.id + in: query + description: Filters the response by a user ID. + required: false + schema: + type: + - string + - 'null' + - name: include_names + in: query + description: |- + If set to true, then the names of any entities returned will be include as well as their + IDs. Any value other than 0 (including no value) will be interpreted as true. + + New in version 3.6 + required: false + schema: + type: + - boolean + - 'null' + responses: + '200': + description: List of role assignments + content: + application/json: + schema: + $ref: '#/components/schemas/AssignmentList' + '500': + description: Internal error + /v3/roles: + get: + tags: + - roles + summary: List roles + description: List roles + operationId: list + parameters: + - name: domain_id + in: query + description: Filter users by Domain ID + required: false + schema: + type: + - string + - 'null' + - name: name + in: query + description: Filter users by Name + required: false + schema: + type: + - string + - 'null' + responses: + '200': + description: List of roles + content: + application/json: + schema: + $ref: '#/components/schemas/RoleList' + '500': + description: Internal error + /v3/roles/{role_id}: + get: + tags: + - roles + summary: Get single role + description: Get role by ID + operationId: show + parameters: + - name: role_id + in: path + required: true + schema: + type: string + responses: + '200': + description: Role object + content: + application/json: + schema: + $ref: '#/components/schemas/RoleResponse' + '404': + description: Role not found + /v3/users: + get: + tags: + - users + summary: List users + description: List users + operationId: list + parameters: + - name: domain_id + in: query + description: Filter users by Domain ID + required: false + schema: + type: + - string + - 'null' + - name: name + in: query + description: Filter users by Name + required: false + schema: + type: + - string + - 'null' + responses: + '200': + description: List of users + content: + application/json: + schema: + $ref: '#/components/schemas/UserList' + '500': + description: Internal error + post: + tags: + - users + summary: Create user + description: Create new user + operationId: create + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserCreateRequest' + required: true + responses: + '201': + description: New user + content: + application/json: + schema: + $ref: '#/components/schemas/UserResponse' + /v3/users/{user_id}: + get: + tags: + - users + summary: Get single user + operationId: show + parameters: + - name: user_id + in: path + required: true + schema: + type: string + responses: + '200': + description: Single user + content: + application/json: + schema: + $ref: '#/components/schemas/UserResponse' + '404': + description: User not found + delete: + tags: + - users + summary: Delete user + description: Delete user by ID + operationId: remove + parameters: + - name: user_id + in: path + required: true + schema: + type: string + responses: + '204': + description: Deleted + '404': + description: User not found + /v3/users/{user_id}/groups: + get: + tags: + - users + summary: List groups a user is member of + description: List groups a user is member of + operationId: groups + parameters: + - name: user_id + in: path + required: true + schema: + type: string + responses: + '200': + description: List of user groups + content: + application/json: + schema: + $ref: '#/components/schemas/GroupList' + '500': + description: Internal error + /v4: + get: + tags: + - version + summary: Version discovery endpoint + description: Version discovery + operationId: version + responses: + '200': + description: Versions + content: + application/json: + schema: + $ref: '#/components/schemas/SingleVersion' + /v4/auth/passkey/finish: + post: + tags: + - passkey + - auth + summary: Finish user passkey authentication. + description: |- + Exchange the challenge signed with one of the users passkeys or security devices for the + unscoped Keystone API token. + operationId: /auth/passkey/finish:post + requestBody: + content: + application/json: + schema: {} + required: true + responses: + '200': + description: Authentication Token object + headers: + x-subject-token: + schema: + type: string + description: Keystone token + content: + application/json: + schema: + $ref: '#/components/schemas/TokenResponse' + /v4/auth/passkey/start: + post: + tags: + - passkey + - auth + summary: Start passkey authentication for the user. + description: |- + Initiate a passkey login for the user. The user must have at least one passkey previously + registered. When the user does not exist a fake challenge is being returned to prevent id + scanning. + operationId: /auth/passkey/start:post + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PasskeyAuthenticationStartRequest' + required: true + responses: + '200': + description: Challenge that must be signed with any of the user passkeys + content: + application/json: + schema: + $ref: '#/components/schemas/PasskeyAuthenticationStartResponse' + '500': + description: Internal error + /v4/auth/tokens: + get: + tags: + - auth + summary: Validate token + description: Validate token + operationId: show + parameters: + - name: nocatalog + in: query + description: |- + The authentication response excludes the service catalog. By default, the response includes + the service catalog. + required: false + schema: + type: + - boolean + - 'null' + - name: allow_expired + in: query + description: Allow fetching a token that has expired. By default expired tokens return a 404 exception. + required: false + schema: + type: + - boolean + - 'null' + responses: + '200': + description: Token object + content: + application/json: + schema: + $ref: '#/components/schemas/TokenResponse' + post: + tags: + - auth + summary: Authenticate user issuing a new token + description: Issue token + operationId: post + parameters: + - name: nocatalog + in: query + description: |- + The authentication response excludes the service catalog. By default, the response includes + the service catalog. + required: false + schema: + type: + - boolean + - 'null' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AuthRequest' + required: true + responses: + '200': + description: Token object + content: + application/json: + schema: + $ref: '#/components/schemas/TokenResponse' + /v4/federation/identity_providers: + get: + tags: + - identity_providers + summary: List identity providers. + description: |- + List identity providers. Without any filters only global identity providers are returned. + With the `domain_id` identity providers owned by the specified identity provider are returned. + + It is expected that only global or owned identity providers can be returned, while an admin + user is able to list all providers. + operationId: /federation/identity_provider:list + parameters: + - name: name + in: query + description: Filters the response by IDP name. + required: false + schema: + type: + - string + - 'null' + - name: domain_id + in: query + description: Filters the response by a domain ID. + required: false + schema: + type: + - string + - 'null' + responses: + '200': + description: List of identity providers + content: + application/json: + schema: + $ref: '#/components/schemas/IdentityProviderList' + '500': + description: Internal error + security: + - x-auth: [] + post: + tags: + - identity_providers + summary: Create the identity provider. + description: |- + Create the identity provider with the specified properties. + + It is expected that only admin user is able to create global identity providers. + operationId: /federation/identity_provider:create + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IdentityProviderCreateRequest' + required: true + responses: + '201': + description: identity provider object + content: + application/json: + schema: + $ref: '#/components/schemas/IdentityProviderResponse' + security: + - x-auth: [] + /v4/federation/identity_providers/{idp_id}: + get: + tags: + - identity_providers + summary: Get single identity provider. + description: Shows details of the existing identity provider. + operationId: /federation/identity_provider:show + parameters: + - name: idp_id + in: path + description: The ID of the identity provider + required: true + schema: + type: string + responses: + '200': + description: Identity provider object + content: + application/json: + schema: + $ref: '#/components/schemas/IdentityProviderResponse' + '404': + description: Resource not found + security: + - x-auth: [] + put: + tags: + - identity_providers + summary: Update single identity provider. + description: Updates the existing identity provider. + operationId: /federation/identity_provider:update + parameters: + - name: idp_id + in: path + description: The ID of the identity provider + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IdentityProviderUpdateRequest' + required: true + responses: + '200': + description: IDP object + content: + application/json: + schema: + $ref: '#/components/schemas/IdentityProviderResponse' + '404': + description: IDP not found + security: + - x-auth: [] + delete: + tags: + - identity_providers + summary: Delete Identity provider. + description: |- + Deletes the existing identity provider. + + It is expected that only admin user is allowed to delete the global identity provider + operationId: /federation/identity_provider:delete + parameters: + - name: idp_id + in: path + description: The ID of the identity provider + required: true + schema: + type: string + responses: + '204': + description: Deleted + '404': + description: identity provider not found + security: + - x-auth: [] + /v4/federation/identity_providers/{idp_id}/auth: + post: + tags: + - identity_providers + summary: Authenticate using identity provider. + description: |- + Initiate the authentication for the given identity provider. Mapping can be passed, otherwise + the one which is set as a default on the identity provider level is used. + + The API returns the link to the identity provider which must be open in the web browser. Once + user authenticates in the identity provider UI a redirect to the url passed as a callback in + the request is being done as a typical oauth2 authorization code callback. The client is + responsible for serving this callback server and use received authorization code and state to + exchange it for the Keystone token passing it to the `/v4/federation/oidc/callback`. + + Desired scope (OpenStack) can be also passed to get immediately scoped token after the + authentication completes instead of the unscoped token. + + This is an unauthenticated API call. User, mapping, scope validation will happen when the + callback is invoked. + operationId: federation/identity_provider/auth:post + parameters: + - name: idp_id + in: path + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IdentityProviderAuthRequest' + required: true + responses: + '201': + description: Authentication data + content: + application/json: + schema: + $ref: '#/components/schemas/IdentityProviderAuthResponse' + /v4/federation/identity_providers/{idp_id}/jwt: + post: + tags: + - identity_providers + summary: Authentication using the JWT. + description: |- + This operation allows user to exchange the JWT issued by the trusted identity provider for the + regular Keystone session token. Request specifies the necessary authentication mapping, which + is also used to validate expected claims. + operationId: /federation/identity_provider/jwt:login + parameters: + - name: openstack-mapping + in: header + description: Federated attribute mapping + required: true + schema: + type: string + - name: idp_id + in: path + required: true + schema: + type: string + responses: + '200': + description: Authentication Token object + headers: + x-subject-token: + schema: + type: string + description: Keystone token + content: + application/json: + schema: + $ref: '#/components/schemas/TokenResponse' + security: + - jwt: [] + /v4/federation/mappings: + get: + tags: + - mappings + summary: List federation mappings. + description: |- + List available federation mappings. + + Without `domain_id` specified global mappings are returned. + + It is expected that listing mappings belonging to the other domain is only allowed to the admin + user. + operationId: /federation/identity_provider/mapping:list + parameters: + - name: name + in: query + description: Filters the response by IDP name. + required: false + schema: + type: + - string + - 'null' + - name: domain_id + in: query + description: Filters the response by a domain ID. + required: false + schema: + type: + - string + - 'null' + - name: idp_id + in: query + description: Filters the response by a idp ID. + required: false + schema: + type: + - string + - 'null' + - name: type + in: query + description: Filters the response by a mapping type. + required: false + schema: + oneOf: + - type: 'null' + - $ref: '#/components/schemas/MappingType' + responses: + '200': + description: List of mappings + content: + application/json: + schema: + $ref: '#/components/schemas/MappingList' + '500': + description: Internal error + security: + - x-auth: [] + post: + tags: + - mappings + summary: Create attribute mapping. + operationId: /federation/identity_provider/mapping:create + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/MappingCreateRequest' + required: true + responses: + '201': + description: mapping object + content: + application/json: + schema: + $ref: '#/components/schemas/MappingResponse' + security: + - x-auth: [] + /v4/federation/mappings/{id}: + get: + tags: + - mappings + summary: Get single mapping. + description: Show the attribute mapping attribute by the ID. + operationId: /federation/identity_provider/mapping:show + parameters: + - name: id + in: path + description: The ID of the attribute mapping. + required: true + schema: + type: string + responses: + '200': + description: mapping object + content: + application/json: + schema: + $ref: '#/components/schemas/MappingResponse' + '404': + description: mapping not found + security: + - x-auth: [] + put: + tags: + - mappings + summary: Update attribute mapping. + description: 'TODO: describe domain_id update rules' + operationId: /federation/identity_provider/mapping:update + parameters: + - name: id + in: path + description: The ID of the attribute mapping. + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/MappingUpdateRequest' + required: true + responses: + '200': + description: mapping object + content: + application/json: + schema: + $ref: '#/components/schemas/MappingResponse' + '404': + description: mapping not found + security: + - x-auth: [] + delete: + tags: + - mappings + summary: Delete attribute mapping. + operationId: /federation/identity_provider/mapping:delete + parameters: + - name: id + in: path + description: The ID of the attribute mapping + required: true + schema: + type: string + responses: + '204': + description: Deleted + '404': + description: Mapping not found + security: + - x-auth: [] + /v4/federation/oidc/callback: + post: + tags: + - identity_providers + summary: Authentication callback. + description: |- + This operation allows user to exchange the authorization code retrieved from the identity + provider after calling the `/v4/federation/identity_providers/{idp_id}/auth` for the Keystone + token. When desired scope was passed in that auth initialization call the scoped token is + returned (assuming the user is having roles assigned on that scope). + operationId: /federation/oidc:callback + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AuthCallbackParameters' + required: true + responses: + '200': + description: Authentication Token object + headers: + x-subject-token: + schema: + type: string + description: Keystone token + content: + application/json: + schema: + $ref: '#/components/schemas/TokenResponse' + security: + - oauth2: + - openid + /v4/groups: + get: + tags: + - groups + summary: List groups + description: List groups + operationId: list + parameters: + - name: domain_id + in: query + description: Filter users by Domain ID + required: false + schema: + type: + - string + - 'null' + - name: name + in: query + description: Filter users by Name + required: false + schema: + type: + - string + - 'null' + responses: + '200': + description: List of groups + content: + application/json: + schema: + $ref: '#/components/schemas/GroupList' + '500': + description: Internal error + post: + tags: + - groups + summary: Create group + description: Create new Group + operationId: create + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/GroupCreateRequest' + required: true + responses: + '201': + description: Group object + content: + application/json: + schema: + $ref: '#/components/schemas/GroupResponse' + /v4/groups/{group_id}: + get: + tags: + - groups + summary: Get single group + description: Get group by ID + operationId: show + parameters: + - name: group_id + in: path + required: true + schema: + type: string + responses: + '200': + description: Group object + content: + application/json: + schema: + $ref: '#/components/schemas/GroupResponse' + '404': + description: Group not found + delete: + tags: + - groups + summary: Delete group + description: Delete group by ID + operationId: remove + parameters: + - name: group_id + in: path + required: true + schema: + type: string + responses: + '204': + description: Deleted + '404': + description: group not found + /v4/role_assignments: + get: + tags: + - roles + summary: List role assignments + description: List roles + operationId: list + parameters: + - name: scope.domain.id + in: query + description: Filters the response by a domain ID. + required: false + schema: + type: + - string + - 'null' + - name: group.id + in: query + description: Filters the response by a group ID. + required: false + schema: + type: + - string + - 'null' + - name: effective + in: query + description: |- + Returns the effective assignments, including any assignments gained by virtue of group + membership. + required: false + schema: + type: + - boolean + - 'null' + - name: scope.project.id + in: query + description: Filters the response by a project ID. + required: false + schema: + type: + - string + - 'null' + - name: role.id + in: query + description: Filters the response by a role ID. + required: false + schema: + type: + - string + - 'null' + - name: user.id + in: query + description: Filters the response by a user ID. + required: false + schema: + type: + - string + - 'null' + - name: include_names + in: query + description: |- + If set to true, then the names of any entities returned will be include as well as their + IDs. Any value other than 0 (including no value) will be interpreted as true. + + New in version 3.6 + required: false + schema: + type: + - boolean + - 'null' + responses: + '200': + description: List of role assignments + content: + application/json: + schema: + $ref: '#/components/schemas/AssignmentList' + '500': + description: Internal error + /v4/roles: + get: + tags: + - roles + summary: List roles + description: List roles + operationId: list + parameters: + - name: domain_id + in: query + description: Filter users by Domain ID + required: false + schema: + type: + - string + - 'null' + - name: name + in: query + description: Filter users by Name + required: false + schema: + type: + - string + - 'null' + responses: + '200': + description: List of roles + content: + application/json: + schema: + $ref: '#/components/schemas/RoleList' + '500': + description: Internal error + /v4/roles/{role_id}: + get: + tags: + - roles + summary: Get single role + description: Get role by ID + operationId: show + parameters: + - name: role_id + in: path + required: true + schema: + type: string + responses: + '200': + description: Role object + content: + application/json: + schema: + $ref: '#/components/schemas/RoleResponse' + '404': + description: Role not found + /v4/users: + get: + tags: + - users + summary: List users + description: List users + operationId: list + parameters: + - name: domain_id + in: query + description: Filter users by Domain ID + required: false + schema: + type: + - string + - 'null' + - name: name + in: query + description: Filter users by Name + required: false + schema: + type: + - string + - 'null' + responses: + '200': + description: List of users + content: + application/json: + schema: + $ref: '#/components/schemas/UserList' + '500': + description: Internal error + post: + tags: + - users + summary: Create user + description: Create new user + operationId: create + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserCreateRequest' + required: true + responses: + '201': + description: New user + content: + application/json: + schema: + $ref: '#/components/schemas/UserResponse' + /v4/users/{user_id}: + get: + tags: + - users + summary: Get single user + operationId: show + parameters: + - name: user_id + in: path + required: true + schema: + type: string + responses: + '200': + description: Single user + content: + application/json: + schema: + $ref: '#/components/schemas/UserResponse' + '404': + description: User not found + delete: + tags: + - users + summary: Delete user + description: Delete user by ID + operationId: remove + parameters: + - name: user_id + in: path + required: true + schema: + type: string + responses: + '204': + description: Deleted + '404': + description: User not found + /v4/users/{user_id}/groups: + get: + tags: + - users + summary: List groups a user is member of + description: List groups a user is member of + operationId: groups + parameters: + - name: user_id + in: path + required: true + schema: + type: string + responses: + '200': + description: List of user groups + content: + application/json: + schema: + $ref: '#/components/schemas/GroupList' + '500': + description: Internal error + /v4/users/{user_id}/passkeys/register_finish: + post: + tags: + - users + - passkey + summary: Finish passkey registration for the user. + operationId: /user/passkey/register:finish + parameters: + - name: user_id + in: path + description: The ID of the user. + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserPasskeyRegistrationFinishRequest' + required: true + responses: + '201': + description: Passkey successfully registered + '500': + description: Internal error + /v4/users/{user_id}/passkeys/register_start: + post: + tags: + - users + - passkey + summary: Start passkey registration for the user. + description: |- + Generate a challenge that the user must sign with the passkey or security device. Signed + challenge must be sent to the `/v4/users/{user_id}/passkey/register_finish` endpoint. + operationId: /user/passkey/register:start + parameters: + - name: user_id + in: path + description: The ID of the user. + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UserPasskeyRegistrationStartRequest' + required: true + responses: + '201': + description: Passkey successfully registered + content: + application/json: + schema: + $ref: '#/components/schemas/UserPasskeyRegistrationStartResponse' + '500': + description: Internal error +components: + schemas: + AllowCredentials: + type: object + description: A descriptor of a credential that can be used. + required: + - type_ + - id + properties: + id: + $ref: '#/components/schemas/Base64UrlSafeData' + description: The id of the credential. + transports: + type: + - array + - 'null' + items: + $ref: '#/components/schemas/AuthenticatorTransport' + description: https://www.w3.org/TR/webauthn/#transport may be usb, nfc, ble, internal + type_: + type: string + description: The type of credential. + Assignment: + type: object + required: + - role + - scope + properties: + group: + oneOf: + - type: 'null' + - $ref: '#/components/schemas/Group' + role: + $ref: '#/components/schemas/Role' + description: Role ID + scope: + $ref: '#/components/schemas/Scope' + user: + oneOf: + - type: 'null' + - $ref: '#/components/schemas/User' + AssignmentList: + type: object + description: Assignments + required: + - role_assignments + properties: + role_assignments: + type: array + items: + $ref: '#/components/schemas/Assignment' + description: Collection of role assignment objects + AttestationConveyancePreference: + type: string + description: https://www.w3.org/TR/webauthn/#enumdef-attestationconveyancepreference + enum: + - None + - Indirect + - Direct + AttestationFormat: + type: string + description: |- + The type of attestation on the credential. + + https://www.iana.org/assignments/webauthn/webauthn.xhtml + enum: + - Packed + - Tpm + - AndroidKey + - AndroidSafetyNet + - FIDOU2F + - AppleAnonymous + - None + AuthCallbackParameters: + type: object + description: Authentication callback request the user is sending to complete the authentication request. + required: + - state + - code + properties: + code: + type: string + description: Authorization code. + state: + type: string + description: Authentication state. + AuthRequest: + type: object + description: An authentication request. + required: + - auth + properties: + auth: + $ref: '#/components/schemas/AuthRequestInner' + description: An identity object. + AuthRequestInner: + type: object + description: An authentication request. + required: + - identity + properties: + identity: + $ref: '#/components/schemas/Identity' + description: An identity object. + scope: + oneOf: + - type: 'null' + - $ref: '#/components/schemas/Scope' + description: |- + The authorization scope, including the system (Since v3.10), a project, or a domain (Since + v3.4). If multiple scopes are specified in the same request (e.g. project and domain or + domain and system) an HTTP 400 Bad Request will be returned, as a token cannot be + simultaneously scoped to multiple authorization targets. An ID is sufficient to uniquely + identify a project but if a project is specified by name, then the domain of the project + must also be specified in order to uniquely identify the project by name. A domain scope + may be specified by either the domain’s ID or name with equivalent results. + AuthenticatorAttachment: + type: string + description: |- + The authenticator attachment hint. This is NOT enforced, and is only used to help a user select + a relevant authenticator type. + + https://www.w3.org/TR/webauthn/#attachment + enum: + - Platform + - CrossPlatform + AuthenticatorAttestationResponseRaw: + type: object + description: https://w3c.github.io/webauthn/#authenticatorattestationresponse + required: + - attestation_object + - client_data_json + properties: + attestation_object: + type: string + format: binary + description: https://w3c.github.io/webauthn/#dom-authenticatorattestationresponse-attestationobject. + contentEncoding: base64 + client_data_json: + type: string + format: binary + description: https://w3c.github.io/webauthn/#dom-authenticatorresponse-clientdatajson. + contentEncoding: base64 + transports: + type: array + items: + $ref: '#/components/schemas/AuthenticatorTransport' + description: https://w3c.github.io/webauthn/#dom-authenticatorattestationresponse-gettransports. + AuthenticatorSelectionCriteria: + type: object + description: https://www.w3.org/TR/webauthn/#dictdef-authenticatorselectioncriteria + required: + - require_resident_key + - user_verification + properties: + authenticator_attachment: + $ref: '#/components/schemas/AuthenticatorAttachment' + description: |- + How the authenticator should be attached to the client machine. Note this is only a hint. + It is not enforced in anyway shape or form. https://www.w3.org/TR/webauthn/#attachment. + require_resident_key: + type: boolean + description: |- + Hint to the credential to create a resident key. Note this can not be enforced or + validated, so the authenticator may choose to ignore this parameter. + https://www.w3.org/TR/webauthn/#resident-credential. + resident_key: + $ref: '#/components/schemas/ResidentKeyRequirement' + description: |- + Hint to the credential to create a resident key. Note this value should be a member of + ResidentKeyRequirement, but client must ignore unknown values, treating an unknown value as + if the member does not exist. + https://www.w3.org/TR/webauthn-2/#dom-authenticatorselectioncriteria-residentkey. + user_verification: + $ref: '#/components/schemas/UserVerificationPolicy' + description: |- + The user verification level to request during registration. Depending on if this + authenticator provides verification may affect future interactions as this is associated to + the credential during registration. + AuthenticatorTransport: + type: string + description: https://www.w3.org/TR/webauthn/#enumdef-authenticatortransport + enum: + - Usb + - Nfc + - Ble + - Internal + - Hybrid + - Test + - Unknown + Base64UrlSafeData: + type: array + items: + type: integer + format: int32 + minimum: 0 + description: |- + Serde wrapper for Vec which always emits URL-safe, non-padded Base64, and accepts Base64 + and binary formats. + + Serialisation always emits URL-safe, non-padded Base64 (per RFC 4648 §5). + + Unlike HumanBinaryData, this happens regardless of whether the underlying serialisation + format is human readable. If you’re serialising to non-human-readable formats, you should + consider migrating to HumanBinaryData. + + Otherwise, this type should work as much like a Vec as possible. + Catalog: + type: array + items: + $ref: '#/components/schemas/CatalogService' + description: A catalog object + CatalogService: + type: object + description: A catalog object + required: + - id + - endpoints + properties: + endpoints: + type: array + items: + $ref: '#/components/schemas/Endpoint' + id: + type: string + name: + type: + - string + - 'null' + type: + type: + - string + - 'null' + CredProps: + type: object + description: https://www.w3.org/TR/webauthn-3/#sctn-authenticator-credential-properties-extension + required: + - rk + properties: + rk: + type: boolean + description: |- + A user agent supplied hint that this credential may have created a resident key. It is + returned from the user agent, not the authenticator meaning that this is an unreliable + signal. + + Note that this extension is UNSIGNED and may have been altered by page javascript. + CredProtect: + type: object + description: |- + The desired options for the client’s use of the credProtect extension + + https://fidoalliance.org/specs/fido-v2.1-rd-20210309/fido-client-to-authenticator-protocol-v2.1-rd-20210309.html#sctn-credProtect-extension + required: + - credential_protection_policy + properties: + credential_protection_policy: + $ref: '#/components/schemas/CredentialProtectionPolicy' + description: The credential policy to enact. + enforce_credential_protection_policy: + type: boolean + description: |- + Whether it is better for the authenticator to fail to create a credential rather than + ignore the protection policy If no value is provided, the client treats it as false. + CredentialProtectionPolicy: + type: string + description: Valid credential protection policies + enum: + - UserVerificationOptional + - UserVerificationOptionalWithCredentialIDList + - UserVerificationRequired + Domain: + type: object + description: Domain information + properties: + id: + type: + - string + - 'null' + description: Domain ID + name: + type: + - string + - 'null' + description: Domain Name + Endpoint: + type: object + description: A Catalog Endpoint + required: + - id + - url + - interface + properties: + id: + type: string + interface: + type: string + region: + type: + - string + - 'null' + region_id: + type: + - string + - 'null' + url: + type: string + Group: + allOf: + - {} + - type: object + required: + - id + - domain_id + - name + properties: + description: + type: + - string + - 'null' + description: Group description + domain_id: + type: string + description: Group domain ID + id: + type: string + description: Group ID + name: + type: string + description: Group name + GroupCreate: + allOf: + - {} + - type: object + required: + - domain_id + - name + properties: + description: + type: + - string + - 'null' + description: Group description + domain_id: + type: string + description: Group domain ID + name: + type: string + description: Group name + GroupCreateRequest: + type: object + required: + - group + properties: + group: + $ref: '#/components/schemas/GroupCreate' + description: Group object + GroupList: + type: object + description: Groups + required: + - groups + properties: + groups: + type: array + items: + $ref: '#/components/schemas/Group' + description: Collection of group objects + GroupResponse: + type: object + required: + - group + properties: + group: + $ref: '#/components/schemas/Group' + description: group object + HmacGetSecretInput: + type: object + description: |- + The inputs to the hmac secret if it was created during registration. + + https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#sctn-hmac-secret-extension + required: + - output1 + properties: + output1: + $ref: '#/components/schemas/Base64UrlSafeData' + description: Retrieve a symmetric secrets from the authenticator with this input. + output2: + oneOf: + - type: 'null' + - $ref: '#/components/schemas/Base64UrlSafeData' + description: Rotate the secret in the same operation. + Identity: + type: object + description: An identity object. + required: + - methods + properties: + methods: + type: array + items: + type: string + description: The authentication method. For password authentication, specify password. + password: + oneOf: + - type: 'null' + - $ref: '#/components/schemas/PasswordAuth' + description: The password object, contains the authentication information. + token: + oneOf: + - type: 'null' + - $ref: '#/components/schemas/TokenAuth' + description: The token object, contains the authentication information. + IdentityProvider: + type: object + description: Identity provider data + required: + - id + - name + properties: + bound_issuer: + type: + - string + - 'null' + description: The bound issuer that is verified when using the identity provider. + default_mapping_name: + type: + - string + - 'null' + description: |- + Default attribute mapping name which is automatically used when no mapping is explicitly + requested. The referred attribute mapping must exist. + domain_id: + type: + - string + - 'null' + description: |- + The ID of the domain this identity provider belongs to. Empty value identifies that the + identity provider can be used by other domains as well. + id: + type: string + description: The ID of the federated identity provider. + jwks_url: + type: + - string + - 'null' + description: |- + URL to fetch JsonWebKeySet. This must be set for "jwt" mapping when the provider does not + provide discovery endpoint or when it is not standard compliant. + jwt_validation_pubkeys: + type: + - array + - 'null' + items: + type: string + description: List of the jwt validation public keys. + name: + type: string + description: The Name of the federated identity provider. + oidc_client_id: + type: + - string + - 'null' + description: |- + The oidc `client_id` to use for the private client. The `client_secret` is never returned + and can be only overwritten. + oidc_discovery_url: + type: + - string + - 'null' + description: OIDC discovery endpoint for the identity provider. + oidc_response_mode: + type: + - string + - 'null' + description: The oidc response mode. + oidc_response_types: + type: + - array + - 'null' + items: + type: string + description: List of supported response types. + provider_config: + type: object + description: Additional provider configuration. + IdentityProviderAuthRequest: + type: object + description: Request for initializing the federated authentication. + required: + - redirect_uri + properties: + mapping_id: + type: + - string + - 'null' + description: IDP mapping id. + mapping_name: + type: + - string + - 'null' + description: IDP mapping name. + redirect_uri: + type: string + description: Redirect URI to include in the auth request. + scope: + oneOf: + - type: 'null' + - $ref: '#/components/schemas/Scope' + description: Authentication scope. + IdentityProviderAuthResponse: + type: object + description: Authentication initialization response. + required: + - auth_url + properties: + auth_url: + type: string + description: Url the client must open in the browser to continue the authentication. + IdentityProviderCreate: + type: object + description: Identity provider data. + required: + - name + properties: + bound_issuer: + type: string + description: The bound issuer that is verified when using the identity provider. + default_mapping_name: + type: string + description: |- + Default attribute mapping name which is automatically used when no mapping is explicitly + requested. The referred attribute mapping must exist. + domain_id: + type: string + description: |- + The ID of the domain this identity provider belongs to. Empty value identifies that the + identity provider can be used by other domains as well. + jwks_url: + type: string + description: |- + Optional URL to fetch JsonWebKeySet. Must be specified for JWT authentication when + discovery for the provider is not available or not standard compliant. + jwt_validation_pubkeys: + type: array + items: + type: string + description: List of the jwt validation public keys. + name: + type: string + description: Identity provider name. + oidc_client_id: + type: string + description: The oidc `client_id` to use for the private client. + oidc_client_secret: + type: string + description: The oidc `client_secret` to use for the private client. It is never returned back. + oidc_discovery_url: + type: string + description: OIDC discovery endpoint for the identity provider. + oidc_response_mode: + type: string + description: The oidc response mode. + oidc_response_types: + type: array + items: + type: string + description: List of supported response types. + provider_config: + type: object + description: Additional special provider specific configuration + IdentityProviderCreateRequest: + type: object + description: Identity provider create request + required: + - identity_provider + properties: + identity_provider: + $ref: '#/components/schemas/IdentityProviderCreate' + description: Identity provider object + IdentityProviderList: + type: object + description: List of Identity Providers. + required: + - identity_providers + properties: + identity_providers: + type: array + items: + $ref: '#/components/schemas/IdentityProvider' + description: Collection of identity provider objects. + IdentityProviderResponse: + type: object + description: Identity provider response. + required: + - identity_provider + properties: + identity_provider: + $ref: '#/components/schemas/IdentityProvider' + description: Identity provider object. + IdentityProviderUpdate: + type: object + description: New identity provider data. + required: + - provider_config + properties: + bound_issuer: + type: + - string + - 'null' + description: The new bound issuer that is verified when using the identity provider. + default_mapping_name: + type: + - string + - 'null' + description: |- + New default attribute mapping name which is automatically used when no mapping is explicitly + requested. The referred attribute mapping must exist. + jwks_url: + type: + - string + - 'null' + description: |- + New URL to fetch JsonWebKeySet. This must be set for "jwt" mapping when the provider does not + provide discovery endpoint or when it is not standard compliant. + jwt_validation_pubkeys: + type: + - array + - 'null' + items: + type: string + description: The list of the jwt validation public keys. + name: + type: + - string + - 'null' + description: The new name of the federated identity provider. + oidc_client_id: + type: + - string + - 'null' + description: The new oidc `client_id` to use for the private client. + oidc_client_secret: + type: + - string + - 'null' + description: The new oidc `client_secret` to use for the private client. + oidc_discovery_url: + type: + - string + - 'null' + description: The new OIDC discovery endpoint for the identity provider. + oidc_response_mode: + type: + - string + - 'null' + description: The new oidc response mode. + oidc_response_types: + type: + - array + - 'null' + items: + type: string + description: The new oidc response mode. + provider_config: + type: object + description: New additional provider configuration. + IdentityProviderUpdateRequest: + type: object + description: Identity provider update request + required: + - identity_provider + properties: + identity_provider: + $ref: '#/components/schemas/IdentityProviderUpdate' + description: Identity provider object + Link: + type: object + required: + - rel + - href + properties: + href: + type: string + rel: + type: string + Mapping: + type: object + description: OIDC/JWT mapping data. + required: + - id + - name + - idp_id + - type + - user_id_claim + - user_name_claim + properties: + allowed_redirect_uris: + type: + - array + - 'null' + items: + type: string + description: List of allowed redirect urls (only for `oidc` type). + bound_audiences: + type: + - array + - 'null' + items: + type: string + description: List of audiences that must be present in the token. + bound_claims: + description: Additional claims that must be present in the token. + bound_subject: + type: + - string + - 'null' + description: Token subject value that must be set in the token. + domain_id: + type: + - string + - 'null' + description: |- + `domain_id` owning the attribute mapping. + + Unset `domain_id` means the attribute mapping is shared and can be used by different + domains. This requires `domain_id_claim` to be present. Attribute mapping can be only + shared when the referred identity provider is also shared (does not set the `domain_id` + attribute). + domain_id_claim: + type: + - string + - 'null' + description: '`domain_id` claim name.' + groups_claim: + type: + - string + - 'null' + description: '`groups` claim name.' + id: + type: string + description: Attribute mapping ID for federated logins. + idp_id: + type: string + description: ID of the federated identity provider for which this attribute mapping can be used. + name: + type: string + description: Attribute mapping name for federated logins. + oidc_scopes: + type: + - array + - 'null' + items: + type: string + description: List of OIDC scopes. + token_project_id: + type: + - string + - 'null' + description: Fixed project_id for the token. + token_role_ids: + type: + - array + - 'null' + items: + type: string + description: List of fixed roles that would be included in the token. + token_user_id: + type: + - string + - 'null' + description: Fixed user_id for which the keystone token would be issued. + type: + $ref: '#/components/schemas/MappingType' + description: Attribute mapping type ([oidc, jwt]). + user_id_claim: + type: string + description: '`user_id` claim name.' + user_name_claim: + type: string + description: '`user_name` claim name.' + MappingCreate: + type: object + description: OIDC/JWT attribute mapping create data. + required: + - name + - idp_id + - user_id_claim + - user_name_claim + properties: + allowed_redirect_uris: + type: array + items: + type: string + description: List of allowed redirect urls (only for `oidc` type). + bound_audiences: + type: array + items: + type: string + description: List of audiences that must be present in the token. + bound_claims: + description: Additional claims that must be present in the token. + bound_subject: + type: string + description: Token subject value that must be set in the token. + domain_id: + type: string + description: |- + `domain_id` owning the attribute mapping. + + Unset `domain_id` means the attribute mapping is shared and can be used by different + domains. This requires `domain_id_claim` to be present. Attribute mapping can be only + shared when the referred identity provider is also shared (does not set the `domain_id` + attribute). + domain_id_claim: + type: string + description: '`domain_id` claim name.' + groups_claim: + type: string + description: '`groups` claim name.' + id: + type: + - string + - 'null' + description: Attribute mapping ID for federated logins. + idp_id: + type: string + description: ID of the federated identity provider for which this attribute mapping can be used. + name: + type: string + description: Attribute mapping name for federated logins. + oidc_scopes: + type: array + items: + type: string + description: List of OIDC scopes. + token_project_id: + type: string + description: Fixed project_id for the token. + token_role_ids: + type: array + items: + type: string + description: List of fixed roles that would be included in the token. + token_user_id: + type: string + description: Fixed user_id for which the keystone token would be issued. + type: + $ref: '#/components/schemas/MappingType' + description: Attribute mapping type ([oidc, jwt]). + user_id_claim: + type: string + description: '`user_id` claim name.' + user_name_claim: + type: string + description: '`user_name` claim name.' + MappingCreateRequest: + type: object + description: OIDC/JWT attribute mapping create request. + required: + - mapping + properties: + mapping: + $ref: '#/components/schemas/MappingCreate' + description: Mapping object + MappingList: + type: object + description: List of OIDC/JWT attribute mappings. + required: + - mappings + properties: + mappings: + type: array + items: + $ref: '#/components/schemas/Mapping' + description: Collection of identity provider objects + MappingResponse: + type: object + required: + - mapping + properties: + mapping: + $ref: '#/components/schemas/Mapping' + description: IDP object + MappingType: + type: string + description: Attribute mapping type. + enum: + - oidc + - jwt + MappingUpdate: + type: object + description: OIDC/JWT attribute mapping update data. + properties: + allowed_redirect_uris: + type: + - array + - 'null' + items: + type: string + description: List of allowed redirect urls (only for `oidc` type). + bound_audiences: + type: + - array + - 'null' + items: + type: string + description: List of audiences that must be present in the token. + bound_claims: + description: Additional claims that must be present in the token. + bound_subject: + type: + - string + - 'null' + description: Token subject value that must be set in the token. + domain_id: + type: + - string + - 'null' + description: |- + `domain_id` owning the attribute mapping. + + Unset `domain_id` means the attribute mapping is shared and can be used by different + domains. This requires `domain_id_claim` to be present. Attribute mapping can be only + shared when the referred identity provider is also shared (does not set the `domain_id` + attribute). + domain_id_claim: + type: + - string + - 'null' + groups_claim: + type: + - string + - 'null' + description: '`groups` claim name.' + idp_id: + type: + - string + - 'null' + description: ID of the federated identity provider for which this attribute mapping can be used. + name: + type: + - string + - 'null' + description: Attribute mapping name for federated logins. + oidc_scopes: + type: + - array + - 'null' + items: + type: string + description: List of OIDC scopes. + token_project_id: + type: + - string + - 'null' + description: Fixed project_id for the token. + token_role_ids: + type: + - array + - 'null' + items: + type: string + description: List of fixed roles that would be included in the token. + token_user_id: + type: + - string + - 'null' + description: Fixed user_id for which the keystone token would be issued. + type: + oneOf: + - type: 'null' + - $ref: '#/components/schemas/MappingType' + description: Attribute mapping type ([oidc, jwt]). + user_id_claim: + type: + - string + - 'null' + description: '`user_id` claim name.' + user_name_claim: + type: + - string + - 'null' + description: '`user_name` claim name.' + MappingUpdateRequest: + type: object + description: OIDC/JWT attribute mapping update request. + required: + - mapping + properties: + mapping: + $ref: '#/components/schemas/MappingUpdate' + description: Mapping object + MediaType: + type: object + required: + - base + - type + properties: + base: + type: string + type: + type: string + Mediation: + type: string + description: Request in residentkey workflows that conditional mediation should be used in the UI, or not. + enum: + - Conditional + PasskeyAuthenticationStartRequest: + type: object + required: + - user_id + properties: + user_id: + type: string + description: The ID of the user that is trying to authenticate + PasskeyAuthenticationStartResponse: + type: object + description: |- + Passkey Authorization challenge. + + This is an embedded version of the + [webauthn-rs::auth::PublickeyCredentialRequest](https://docs.rs/webauthn-rs-proto/0.5.2/webauthn_rs_proto/auth/struct.PublicKeyCredentialRequestOptions.html) + + A JSON serializable challenge which is issued to the user’s webbrowser for handling. This is + meant to be opaque, that is, you should not need to inspect or alter the content of the struct + - you should serialise it and transmit it to the client only. + required: + - public_key + properties: + mediation: + oneOf: + - type: 'null' + - $ref: '#/components/schemas/Mediation' + description: The mediation requested. + public_key: + $ref: '#/components/schemas/PublicKeyCredentialRequestOptions' + description: The options. + PasswordAuth: + type: object + description: The password object, contains the authentication information. + required: + - user + properties: + user: + $ref: '#/components/schemas/UserPassword' + description: A user object. + Project: + type: object + description: Project information + required: + - id + - name + - domain + properties: + domain: + $ref: '#/components/schemas/Domain' + description: project domain + id: + type: string + description: Project ID + name: + type: string + description: Project Name + ProjectScope: + type: object + description: Project scope information + properties: + domain: + oneOf: + - type: 'null' + - $ref: '#/components/schemas/Domain' + description: project domain + id: + type: + - string + - 'null' + description: Project ID + name: + type: + - string + - 'null' + description: Project Name + PubKeyCredParams: + type: object + description: Public key cryptographic parameters + required: + - alg + - type_ + properties: + alg: + type: integer + format: int64 + description: The algorithm in use defined by CASE. + type_: + type: string + description: The type of public-key credential. + PublicKeyCredentialCreationOptions: + type: object + description: The requested options for the authentication. + required: + - challenge + - pub_key_cred_params + - rp + - user + properties: + attestation: + $ref: '#/components/schemas/AttestationConveyancePreference' + description: The requested attestation level from the device. + attestation_formats: + type: array + items: + $ref: '#/components/schemas/AttestationFormat' + description: The list of attestation formats that the RP will accept. + authenticator_selection: + $ref: '#/components/schemas/AuthenticatorSelectionCriteria' + description: Criteria defining which authenticators may be used in this operation. + challenge: + type: string + format: binary + description: The challenge that should be signed by the authenticator. + contentEncoding: base64 + exclude_credentials: + type: array + items: + $ref: '#/components/schemas/PublicKeyCredentialDescriptor' + description: Credential ID’s that are excluded from being able to be registered. + extensions: + $ref: '#/components/schemas/RequestRegistrationExtensions' + description: extensions. + hints: + type: + - array + - 'null' + items: + $ref: '#/components/schemas/PublicKeyCredentialHints' + description: Hints defining which types credentials may be used in this operation. + pub_key_cred_params: + type: array + items: + $ref: '#/components/schemas/PubKeyCredParams' + description: The set of cryptographic types allowed by this server. + rp: + $ref: '#/components/schemas/RelyingParty' + description: The relying party + timeout: + type: integer + format: int32 + description: The timeout for the authenticator in case of no interaction. + minimum: 0 + user: + $ref: '#/components/schemas/User' + description: The user. + PublicKeyCredentialDescriptor: + type: object + description: https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialdescriptor + required: + - type_ + - id + properties: + id: + type: string + format: binary + description: The credential id. + contentEncoding: base64 + transports: + type: array + items: + $ref: '#/components/schemas/AuthenticatorTransport' + description: The allowed transports for this credential. Note this is a hint, and is NOT enforced. + type_: + type: string + description: The type of credential. + PublicKeyCredentialHints: + type: string + description: |- + A hint as to the class of device that is expected to fufil this operation. + + https://www.w3.org/TR/webauthn-3/#enumdef-publickeycredentialhints + enum: + - SecurityKey + - ClientDevice + - Hybrid + PublicKeyCredentialRequestOptions: + type: object + description: The requested options for the authentication. + required: + - challenge + - rp_id + - allow_credentials + - user_verification + properties: + allow_credentials: + type: array + items: + $ref: '#/components/schemas/AllowCredentials' + description: The set of credentials that are allowed to sign this challenge. + challenge: + $ref: '#/components/schemas/Base64UrlSafeData' + description: The challenge that should be signed by the authenticator. + extensions: + oneOf: + - type: 'null' + - $ref: '#/components/schemas/RequestAuthenticationExtensions' + description: extensions. + hints: + type: + - array + - 'null' + items: + $ref: '#/components/schemas/PublicKeyCredentialHints' + description: Hints defining which types credentials may be used in this operation. + rp_id: + type: string + description: The relying party ID. + timeout: + type: + - integer + - 'null' + format: int32 + description: The timeout for the authenticator in case of no interaction. + minimum: 0 + user_verification: + $ref: '#/components/schemas/UserVerificationPolicy' + description: The verification policy the browser will request. + RegistrationExtensionsClientOutputs: + type: object + description: |- + https://w3c.github.io/webauthn/#dictdef-authenticationextensionsclientoutputs The default + option here for Options are None, so it can be derived + properties: + appid: + type: boolean + description: Indicates whether the client used the provided appid extension. + cred_props: + $ref: '#/components/schemas/CredProps' + description: |- + Indicates if the client believes it created a resident key. This property is managed by the + webbrowser, and is NOT SIGNED and CAN NOT be trusted! + cred_protect: + $ref: '#/components/schemas/CredentialProtectionPolicy' + description: Indicates if the client successfully applied a credential protection policy. + hmac_secret: + type: boolean + description: Indicates if the client successfully applied a HMAC Secret. + min_pin_length: + type: integer + format: int32 + description: Indicates the current minimum PIN length. + minimum: 0 + RelyingParty: + type: object + description: Relying Party Entity. + required: + - id + - name + properties: + id: + type: string + description: The id of the relying party. + name: + type: string + description: The name of the relying party. + RequestAuthenticationExtensions: + type: object + description: |- + Extension option inputs for PublicKeyCredentialRequestOptions + + Implements [AuthenticatorExtensionsClientInputs] from the spec + properties: + appid: + type: + - string + - 'null' + description: The appid extension options. + hmac_get_secret: + oneOf: + - type: 'null' + - $ref: '#/components/schemas/HmacGetSecretInput' + description: |- + ⚠️ - Browsers do not support this! + https://bugs.chromium.org/p/chromium/issues/detail?id=1023225 Hmac get secret. + uvm: + type: + - boolean + - 'null' + description: ⚠️ - Browsers do not support this! Uvm. + RequestRegistrationExtensions: + type: object + description: |- + Extension option inputs for PublicKeyCredentialCreationOptions. + + Implements [AuthenticatorExtensionsClientInputs] from the spec. + properties: + cred_props: + type: boolean + description: |- + ⚠️ - This extension result is always unsigned, and only indicates if the browser requests a + residentKey to be created. It has no bearing on the true rk state of the credential. + cred_protect: + $ref: '#/components/schemas/CredProtect' + description: The credProtect extension options. + hmac_create_secret: + type: boolean + description: |- + ⚠️ - Browsers support the creation of the secret, but not the retrieval of it. CTAP2.1 + create hmac secret. + min_pin_length: + type: boolean + description: CTAP2.1 Minimum pin length. + uvm: + type: boolean + description: ⚠️ - Browsers do not support this! Uvm + ResidentKeyRequirement: + type: string + description: |- + The Relying Party’s requirements for client-side discoverable credentials. + + https://www.w3.org/TR/webauthn-2/#enumdef-residentkeyrequirement + enum: + - Discouraged + - Preferred + - Required + Role: + allOf: + - {} + - type: object + required: + - id + - name + properties: + description: + type: + - string + - 'null' + description: Role description + domain_id: + type: + - string + - 'null' + description: Role domain ID + id: + type: string + description: Role ID + name: + type: string + description: Role name + RoleList: + type: object + description: Roles + required: + - roles + properties: + roles: + type: array + items: + $ref: '#/components/schemas/Role' + description: Collection of role objects + RoleResponse: + type: object + required: + - role + properties: + role: + $ref: '#/components/schemas/Role' + description: Role object + Scope: + oneOf: + - type: object + description: Project scope + required: + - project + properties: + project: + $ref: '#/components/schemas/ProjectScope' + description: Project scope + - type: object + description: Domain scope + required: + - domain + properties: + domain: + $ref: '#/components/schemas/Domain' + description: Domain scope + - type: object + description: System scope + required: + - system + properties: + system: + $ref: '#/components/schemas/System' + description: System scope + description: |- + The authorization scope, including the system (Since v3.10), a project, or a domain (Since + v3.4). If multiple scopes are specified in the same request (e.g. project and domain or domain + and system) an HTTP 400 Bad Request will be returned, as a token cannot be simultaneously + scoped to multiple authorization targets. An ID is sufficient to uniquely identify a project + but if a project is specified by name, then the domain of the project must also be specified in + order to uniquely identify the project by name. A domain scope may be specified by either the + domain’s ID or name with equivalent results. + SingleVersion: + type: object + required: + - version + properties: + version: + $ref: '#/components/schemas/Version' + System: + type: object + description: System scope + properties: + all: + type: + - boolean + - 'null' + description: system scope + Token: + type: object + description: Authorization token + required: + - audit_ids + - methods + - expires_at + - user + properties: + audit_ids: + type: array + items: + type: string + description: |- + A list of one or two audit IDs. An audit ID is a unique, randomly generated, URL-safe + string that you can use to track a token. The first audit ID is the current audit ID for + the token. The second audit ID is present for only re-scoped tokens and is the audit ID + from the token before it was re-scoped. A re- scoped token is one that was exchanged for + another token of the same or different scope. You can use these audit IDs to track the use + of a token or chain of tokens across multiple requests and endpoints without exposing the + token ID to non-privileged users. + catalog: + oneOf: + - type: 'null' + - $ref: '#/components/schemas/Catalog' + description: A catalog object. + domain: + oneOf: + - type: 'null' + - $ref: '#/components/schemas/Domain' + description: |- + A domain object including the id and name representing the domain the token is scoped to. + This is only included in tokens that are scoped to a domain. + expires_at: + type: string + format: date-time + description: The date and time when the token expires. + methods: + type: array + items: + type: string + description: |- + The authentication methods, which are commonly password, token, or other methods. Indicates + the accumulated set of authentication methods that were used to obtain the token. For + example, if the token was obtained by password authentication, it contains password. Later, + if the token is exchanged by using the token authentication method one or more times, the + subsequently created tokens contain both password and token in their methods attribute. + Unlike multi-factor authentication, the methods attribute merely indicates the methods that + were used to authenticate the user in exchange for a token. The client is responsible for + determining the total number of authentication factors. + project: + oneOf: + - type: 'null' + - $ref: '#/components/schemas/Project' + description: |- + A project object including the id, name and domain object representing the project the + token is scoped to. This is only included in tokens that are scoped to a project. + roles: + type: + - array + - 'null' + items: + $ref: '#/components/schemas/Role' + description: A list of role objects + user: + $ref: '#/components/schemas/User' + description: A user object. + TokenAuth: + type: object + description: The token object, contains the authentication information. + required: + - id + properties: + id: + type: string + description: An authentication token. + TokenResponse: + type: object + required: + - token + properties: + token: + $ref: '#/components/schemas/Token' + description: Token + User: + type: object + description: User information + required: + - id + - domain + properties: + domain: + $ref: '#/components/schemas/Domain' + description: User domain + id: + type: string + description: User ID + name: + type: + - string + - 'null' + description: User Name + password_expires_at: + type: + - string + - 'null' + format: date-time + description: User password expiry date + UserCreate: + allOf: + - description: Additional user properties + - type: object + required: + - domain_id + - name + properties: + default_project_id: + type: + - string + - 'null' + description: |- + The ID of the default project for the user. A user’s default project must not be a domain. + Setting this attribute does not grant any actual authorization on the project, and is + merely provided for convenience. Therefore, the referenced project does not need to exist + within the user domain. (Since v3.1) If the user does not have authorization to their + default project, the default project is ignored at token creation. (Since v3.1) + Additionally, if your default project is not valid, a token is issued without an explicit + scope of authorization. + domain_id: + type: string + description: User domain ID + enabled: + type: + - boolean + - 'null' + description: If the user is enabled, this value is true. If the user is disabled, this value is false. + name: + type: string + description: The user name. Must be unique within the owning domain. + options: + oneOf: + - type: 'null' + - $ref: '#/components/schemas/UserOptions' + description: |- + The resource options for the user. Available resource options are + ignore_change_password_upon_first_use, ignore_password_expiry, + ignore_lockout_failure_attempts, lock_password, multi_factor_auth_enabled, and + multi_factor_auth_rules ignore_user_inactivity. + password: + type: + - string + - 'null' + description: The password for the user. + UserCreateRequest: + type: object + required: + - user + properties: + user: + $ref: '#/components/schemas/UserCreate' + description: User object + UserList: + type: object + description: Users + required: + - users + properties: + users: + type: array + items: + $ref: '#/components/schemas/User' + description: Collection of user objects + UserOptions: + type: object + properties: + ignore_change_password_upon_first_use: + type: + - boolean + - 'null' + ignore_lockout_failure_attempts: + type: + - boolean + - 'null' + ignore_password_expiry: + type: + - boolean + - 'null' + ignore_user_inactivity: + type: + - boolean + - 'null' + lock_password: + type: + - boolean + - 'null' + multi_factor_auth_enabled: + type: + - boolean + - 'null' + multi_factor_auth_rules: + type: + - array + - 'null' + items: + type: array + items: + type: string + UserPasskeyRegistrationFinishRequest: + type: object + description: |- + A client response to a registration challenge. This contains all required information to assess + and assert trust in a credential’s legitimacy, followed by registration to a user. + + You should not need to handle the inner content of this structure - you should provide this to + the correctly handling function of Webauthn only. + https://w3c.github.io/webauthn/#iface-pkcredential + required: + - id + - raw_id + - response + - type_ + - extensions + properties: + extensions: + $ref: '#/components/schemas/RegistrationExtensionsClientOutputs' + description: Unsigned Client processed extensions. + id: + type: string + description: |- + The id of the PublicKey credential, likely in base64. + + This is NEVER actually used in a real registration, because the true credential ID is taken + from the attestation data. + raw_id: + type: string + format: binary + description: |- + The id of the credential, as binary. + + This is NEVER actually used in a real registration, because the true credential ID is taken + from the attestation data. + contentEncoding: base64 + response: + $ref: '#/components/schemas/AuthenticatorAttestationResponseRaw' + description: https://w3c.github.io/webauthn/#dom-publickeycredential-response. + type_: + type: string + description: The type of credential. + UserPasskeyRegistrationStartRequest: + type: object + description: | + Passkey registration request. + properties: + description: + type: + - string + - 'null' + description: The description for the passkey (name). + UserPasskeyRegistrationStartResponse: + type: object + description: |- + Passkey challenge. + + This is the WebauthN challenge that need to be signed by the passkey/security device. + required: + - public_key + properties: + public_key: + $ref: '#/components/schemas/PublicKeyCredentialCreationOptions' + description: The options. + UserPassword: + type: object + description: User password information + required: + - password + properties: + domain: + oneOf: + - type: 'null' + - $ref: '#/components/schemas/Domain' + description: User domain + id: + type: + - string + - 'null' + description: User ID + name: + type: + - string + - 'null' + description: User Name + password: + type: string + description: User password expiry date + UserResponse: + type: object + required: + - user + properties: + user: + $ref: '#/components/schemas/User' + description: User object + UserVerificationPolicy: + type: string + description: | + Defines the User Authenticator Verification policy. This is documented https://w3c.github.io/webauthn/#enumdef-userverificationrequirement, and each variant lists it’s effects. + + To be clear, Verification means that the Authenticator perform extra or supplementary + interaction with the user to verify who they are. An example of this is Apple Touch Id required + a fingerprint to be verified, or a yubico device requiring a pin in addition to a touch event. + + An example of a non-verified interaction is a yubico device with no pin where touch is the only + interaction - we only verify a user is present, but we don’t have extra details to the + legitimacy of that user. + + As UserVerificationPolicy is only used in credential registration, this stores the verification + state of the credential in the persisted credential. These persisted credentials define which + UserVerificationPolicy is issued during authentications. + + IMPORTANT - Due to limitations of the webauthn specification, CTAP devices, and browser + implementations, the only secure choice as an RP is required. + + ⚠️ WARNING - discouraged is marked with a warning, as some authenticators will FORCE + verification during registration but NOT during authentication. This makes it impossible + for a relying party to consistently enforce user verification, which can confuse users and + lead them to distrust user verification is being enforced. + + ⚠️ WARNING - preferred can lead to authentication errors in some cases due to browser + peripheral exchange allowing authentication verification bypass. Webauthn RS is not + vulnerable to these bypasses due to our tracking of UV during registration through + authentication, however preferred can cause legitimate credentials to not prompt for UV + correctly due to browser perhipheral exchange leading Webauthn RS to deny them in what + should otherwise be legitimate operations. + enum: + - Required + - Preferred + Values: + type: object + required: + - values + properties: + values: + type: array + items: + $ref: '#/components/schemas/Version' + Version: + type: object + required: + - id + - status + properties: + id: + type: string + links: + type: + - array + - 'null' + items: + $ref: '#/components/schemas/Link' + media_types: + type: + - array + - 'null' + items: + $ref: '#/components/schemas/MediaType' + status: + $ref: '#/components/schemas/VersionStatus' + updated: + type: + - string + - 'null' + format: date-time + VersionStatus: + type: string + enum: + - stable + - experimental + Versions: + type: object + required: + - versions + properties: + versions: + $ref: '#/components/schemas/Values' + securitySchemes: + jwt: + type: http + scheme: bearer + bearerFormat: JWT + description: JWT (ID) Token issued by the federated IDP + oauth2: + type: oauth2 + flows: + authorizationCode: + authorizationUrl: https://localhost/authorization/token + tokenUrl: https://localhost/token/url + scopes: + openid: default scope + x-auth: + type: apiKey + in: header + name: x-auth-token +tags: +- name: identity_providers + description: | + Identity providers API. + + Identity provider resource allows to federate users from an external Identity Provider (i.e. + Keycloak, Azure AD, etc.). + + Using the Identity provider requires creation of the mapping, which describes how to map attributes + of the remote Idp to local users. + + Identity provider with an empty domain_id are considered globals and every domain may use it with + appropriate mapping. +- name: mappings + description: | + Federation mappings API. + + Mappings define how the user attributes on the remote IDP are mapped to the local user. + + Mappings with an empty domain_id are considered globals and every domain may use it. Such mappings + require the `domain_id_claim` attribute to be set to identify the domain_id for the respective + user. + diff --git a/openstack_types/src/identity.rs b/openstack_types/src/identity.rs index ad2360d28..6d3cb1162 100644 --- a/openstack_types/src/identity.rs +++ b/openstack_types/src/identity.rs @@ -15,6 +15,8 @@ //! Identity API types pub mod v3; +#[cfg(feature = "keystone_ng")] +pub mod v4; /// Get OpenAPI spec for the identity service used during the /// codegeneration. diff --git a/openstack_types/src/identity/v3/auth.rs b/openstack_types/src/identity/v3/auth.rs index 03994b0e5..bbcba9e84 100644 --- a/openstack_types/src/identity/v3/auth.rs +++ b/openstack_types/src/identity/v3/auth.rs @@ -15,7 +15,7 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod catalog; pub mod domain; pub mod os_federation; diff --git a/openstack_types/src/identity/v3/auth/os_federation.rs b/openstack_types/src/identity/v3/auth/os_federation.rs index 748742c09..ba0cf42f9 100644 --- a/openstack_types/src/identity/v3/auth/os_federation.rs +++ b/openstack_types/src/identity/v3/auth/os_federation.rs @@ -15,7 +15,7 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod identity_provider; pub mod saml2; pub mod websso; diff --git a/openstack_types/src/identity/v3/auth/os_federation/identity_provider.rs b/openstack_types/src/identity/v3/auth/os_federation/identity_provider.rs index 9e1d45188..05af55854 100644 --- a/openstack_types/src/identity/v3/auth/os_federation/identity_provider.rs +++ b/openstack_types/src/identity/v3/auth/os_federation/identity_provider.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/os_oauth1` REST operations of identity +//! `identity/v4/federation` REST operations of identity pub mod protocol; diff --git a/openstack_types/src/identity/v3/auth/os_federation/identity_provider/protocol.rs b/openstack_types/src/identity/v3/auth/os_federation/identity_provider/protocol.rs index 07beb9f21..6aa290b67 100644 --- a/openstack_types/src/identity/v3/auth/os_federation/identity_provider/protocol.rs +++ b/openstack_types/src/identity/v3/auth/os_federation/identity_provider/protocol.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod websso; diff --git a/openstack_types/src/identity/v3/auth/token/os_pki.rs b/openstack_types/src/identity/v3/auth/token/os_pki.rs index d8d987828..2e49731da 100644 --- a/openstack_types/src/identity/v3/auth/token/os_pki.rs +++ b/openstack_types/src/identity/v3/auth/token/os_pki.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod revoked; diff --git a/openstack_types/src/identity/v3/domain/group.rs b/openstack_types/src/identity/v3/domain/group.rs index e53ced251..0e742a035 100644 --- a/openstack_types/src/identity/v3/domain/group.rs +++ b/openstack_types/src/identity/v3/domain/group.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod role; diff --git a/openstack_types/src/identity/v3/domain/user.rs b/openstack_types/src/identity/v3/domain/user.rs index e53ced251..0e742a035 100644 --- a/openstack_types/src/identity/v3/domain/user.rs +++ b/openstack_types/src/identity/v3/domain/user.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod role; diff --git a/openstack_types/src/identity/v3/endpoint/os_endpoint_policy.rs b/openstack_types/src/identity/v3/endpoint/os_endpoint_policy.rs index 45a7c7049..57daaed6f 100644 --- a/openstack_types/src/identity/v3/endpoint/os_endpoint_policy.rs +++ b/openstack_types/src/identity/v3/endpoint/os_endpoint_policy.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod policy; diff --git a/openstack_types/src/identity/v3/os_ep_filter.rs b/openstack_types/src/identity/v3/os_ep_filter.rs index cf9daaeff..830f483ab 100644 --- a/openstack_types/src/identity/v3/os_ep_filter.rs +++ b/openstack_types/src/identity/v3/os_ep_filter.rs @@ -15,7 +15,7 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod endpoint; pub mod endpoint_group; pub mod project; diff --git a/openstack_types/src/identity/v3/os_ep_filter/endpoint.rs b/openstack_types/src/identity/v3/os_ep_filter/endpoint.rs index 8fa6c27f5..afee4042b 100644 --- a/openstack_types/src/identity/v3/os_ep_filter/endpoint.rs +++ b/openstack_types/src/identity/v3/os_ep_filter/endpoint.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod project; diff --git a/openstack_types/src/identity/v3/os_ep_filter/project.rs b/openstack_types/src/identity/v3/os_ep_filter/project.rs index 574abfe3b..448514f6e 100644 --- a/openstack_types/src/identity/v3/os_ep_filter/project.rs +++ b/openstack_types/src/identity/v3/os_ep_filter/project.rs @@ -15,6 +15,6 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod endpoint; pub mod endpoint_group; diff --git a/openstack_types/src/identity/v3/os_federation.rs b/openstack_types/src/identity/v3/os_federation.rs index e02bd0381..95831ebfc 100644 --- a/openstack_types/src/identity/v3/os_federation.rs +++ b/openstack_types/src/identity/v3/os_federation.rs @@ -15,7 +15,7 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod domain; pub mod identity_provider; pub mod mapping; diff --git a/openstack_types/src/identity/v3/os_federation/saml2.rs b/openstack_types/src/identity/v3/os_federation/saml2.rs index 9fcf6802b..6cef5fd66 100644 --- a/openstack_types/src/identity/v3/os_federation/saml2.rs +++ b/openstack_types/src/identity/v3/os_federation/saml2.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod metadata; diff --git a/openstack_types/src/identity/v3/os_inherit/domain.rs b/openstack_types/src/identity/v3/os_inherit/domain.rs index 42a4b9b94..a457d92e3 100644 --- a/openstack_types/src/identity/v3/os_inherit/domain.rs +++ b/openstack_types/src/identity/v3/os_inherit/domain.rs @@ -15,6 +15,6 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/system` REST operations of identity +//! `identity/v4` REST operations of identity pub mod group; pub mod user; diff --git a/openstack_types/src/identity/v3/os_inherit/domain/group.rs b/openstack_types/src/identity/v3/os_inherit/domain/group.rs index 878ffb142..32a75aeff 100644 --- a/openstack_types/src/identity/v3/os_inherit/domain/group.rs +++ b/openstack_types/src/identity/v3/os_inherit/domain/group.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/os_oauth1` REST operations of identity +//! `identity/v4/federation` REST operations of identity pub mod role; diff --git a/openstack_types/src/identity/v3/os_inherit/domain/group/role.rs b/openstack_types/src/identity/v3/os_inherit/domain/group/role.rs index 0b360226c..6790aab8e 100644 --- a/openstack_types/src/identity/v3/os_inherit/domain/group/role.rs +++ b/openstack_types/src/identity/v3/os_inherit/domain/group/role.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod inherited_to_project; diff --git a/openstack_types/src/identity/v3/os_inherit/domain/user.rs b/openstack_types/src/identity/v3/os_inherit/domain/user.rs index 878ffb142..32a75aeff 100644 --- a/openstack_types/src/identity/v3/os_inherit/domain/user.rs +++ b/openstack_types/src/identity/v3/os_inherit/domain/user.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/os_oauth1` REST operations of identity +//! `identity/v4/federation` REST operations of identity pub mod role; diff --git a/openstack_types/src/identity/v3/os_inherit/domain/user/role.rs b/openstack_types/src/identity/v3/os_inherit/domain/user/role.rs index 0b360226c..6790aab8e 100644 --- a/openstack_types/src/identity/v3/os_inherit/domain/user/role.rs +++ b/openstack_types/src/identity/v3/os_inherit/domain/user/role.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod inherited_to_project; diff --git a/openstack_types/src/identity/v3/os_inherit/project.rs b/openstack_types/src/identity/v3/os_inherit/project.rs index 42a4b9b94..a457d92e3 100644 --- a/openstack_types/src/identity/v3/os_inherit/project.rs +++ b/openstack_types/src/identity/v3/os_inherit/project.rs @@ -15,6 +15,6 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/system` REST operations of identity +//! `identity/v4` REST operations of identity pub mod group; pub mod user; diff --git a/openstack_types/src/identity/v3/os_inherit/project/group.rs b/openstack_types/src/identity/v3/os_inherit/project/group.rs index 878ffb142..32a75aeff 100644 --- a/openstack_types/src/identity/v3/os_inherit/project/group.rs +++ b/openstack_types/src/identity/v3/os_inherit/project/group.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/os_oauth1` REST operations of identity +//! `identity/v4/federation` REST operations of identity pub mod role; diff --git a/openstack_types/src/identity/v3/os_inherit/project/group/role.rs b/openstack_types/src/identity/v3/os_inherit/project/group/role.rs index 0b360226c..6790aab8e 100644 --- a/openstack_types/src/identity/v3/os_inherit/project/group/role.rs +++ b/openstack_types/src/identity/v3/os_inherit/project/group/role.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod inherited_to_project; diff --git a/openstack_types/src/identity/v3/os_inherit/project/user.rs b/openstack_types/src/identity/v3/os_inherit/project/user.rs index 878ffb142..32a75aeff 100644 --- a/openstack_types/src/identity/v3/os_inherit/project/user.rs +++ b/openstack_types/src/identity/v3/os_inherit/project/user.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/os_oauth1` REST operations of identity +//! `identity/v4/federation` REST operations of identity pub mod role; diff --git a/openstack_types/src/identity/v3/os_inherit/project/user/role.rs b/openstack_types/src/identity/v3/os_inherit/project/user/role.rs index 0b360226c..6790aab8e 100644 --- a/openstack_types/src/identity/v3/os_inherit/project/user/role.rs +++ b/openstack_types/src/identity/v3/os_inherit/project/user/role.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod inherited_to_project; diff --git a/openstack_types/src/identity/v3/os_oauth1.rs b/openstack_types/src/identity/v3/os_oauth1.rs index 0411b7de1..8dc26e967 100644 --- a/openstack_types/src/identity/v3/os_oauth1.rs +++ b/openstack_types/src/identity/v3/os_oauth1.rs @@ -15,7 +15,7 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod access_token; pub mod authorize; pub mod consumer; diff --git a/openstack_types/src/identity/v3/os_oauth2.rs b/openstack_types/src/identity/v3/os_oauth2.rs index 7eb9548b1..b37c50bb4 100644 --- a/openstack_types/src/identity/v3/os_oauth2.rs +++ b/openstack_types/src/identity/v3/os_oauth2.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod token; diff --git a/openstack_types/src/identity/v3/os_revoke.rs b/openstack_types/src/identity/v3/os_revoke.rs index 6e5b7ec04..202949d38 100644 --- a/openstack_types/src/identity/v3/os_revoke.rs +++ b/openstack_types/src/identity/v3/os_revoke.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod event; diff --git a/openstack_types/src/identity/v3/os_simple_cert.rs b/openstack_types/src/identity/v3/os_simple_cert.rs index 0eef01c7e..a9d16bb7a 100644 --- a/openstack_types/src/identity/v3/os_simple_cert.rs +++ b/openstack_types/src/identity/v3/os_simple_cert.rs @@ -15,6 +15,6 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod ca; pub mod certificate; diff --git a/openstack_types/src/identity/v3/os_trust.rs b/openstack_types/src/identity/v3/os_trust.rs index 9bc1255bd..b0930f407 100644 --- a/openstack_types/src/identity/v3/os_trust.rs +++ b/openstack_types/src/identity/v3/os_trust.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod trust; diff --git a/openstack_types/src/identity/v3/policy/os_endpoint_policy.rs b/openstack_types/src/identity/v3/policy/os_endpoint_policy.rs index 9f595b3f5..86031cd30 100644 --- a/openstack_types/src/identity/v3/policy/os_endpoint_policy.rs +++ b/openstack_types/src/identity/v3/policy/os_endpoint_policy.rs @@ -15,6 +15,6 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod endpoint; pub mod service; diff --git a/openstack_types/src/identity/v3/project/group.rs b/openstack_types/src/identity/v3/project/group.rs index e53ced251..0e742a035 100644 --- a/openstack_types/src/identity/v3/project/group.rs +++ b/openstack_types/src/identity/v3/project/group.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod role; diff --git a/openstack_types/src/identity/v3/project/user.rs b/openstack_types/src/identity/v3/project/user.rs index e53ced251..0e742a035 100644 --- a/openstack_types/src/identity/v3/project/user.rs +++ b/openstack_types/src/identity/v3/project/user.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod role; diff --git a/openstack_types/src/identity/v3/system.rs b/openstack_types/src/identity/v3/system.rs index d4a87af42..594b351b5 100644 --- a/openstack_types/src/identity/v3/system.rs +++ b/openstack_types/src/identity/v3/system.rs @@ -15,6 +15,6 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/os_oauth1` REST operations of identity +//! `identity/v4/federation` REST operations of identity pub mod group; pub mod user; diff --git a/openstack_types/src/identity/v3/system/group.rs b/openstack_types/src/identity/v3/system/group.rs index e53ced251..0e742a035 100644 --- a/openstack_types/src/identity/v3/system/group.rs +++ b/openstack_types/src/identity/v3/system/group.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod role; diff --git a/openstack_types/src/identity/v3/system/user.rs b/openstack_types/src/identity/v3/system/user.rs index e53ced251..0e742a035 100644 --- a/openstack_types/src/identity/v3/system/user.rs +++ b/openstack_types/src/identity/v3/system/user.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod role; diff --git a/openstack_types/src/identity/v3/user/credential.rs b/openstack_types/src/identity/v3/user/credential.rs index 08211e3df..4d7eef685 100644 --- a/openstack_types/src/identity/v3/user/credential.rs +++ b/openstack_types/src/identity/v3/user/credential.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod os_ec2; diff --git a/openstack_types/src/identity/v3/user/os_oauth1.rs b/openstack_types/src/identity/v3/user/os_oauth1.rs index 31a6af3ad..cdc80eac2 100644 --- a/openstack_types/src/identity/v3/user/os_oauth1.rs +++ b/openstack_types/src/identity/v3/user/os_oauth1.rs @@ -15,5 +15,5 @@ // WARNING: This file is automatically generated from OpenAPI schema using // `openstack-codegenerator`. -//! `identity/v3/user/access_rule` REST operations of identity +//! `identity/v4/federation/identity_provider` REST operations of identity pub mod access_token; diff --git a/openstack_types/src/identity/v4.rs b/openstack_types/src/identity/v4.rs new file mode 100644 index 000000000..4184f371c --- /dev/null +++ b/openstack_types/src/identity/v4.rs @@ -0,0 +1,20 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! `Identity` Service bindings +pub mod federation; +pub mod user; diff --git a/openstack_types/src/identity/v4/federation.rs b/openstack_types/src/identity/v4/federation.rs new file mode 100644 index 000000000..58204622c --- /dev/null +++ b/openstack_types/src/identity/v4/federation.rs @@ -0,0 +1,19 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! `identity/v4/federation/identity_provider` REST operations of identity +pub mod identity_provider; diff --git a/openstack_types/src/identity/v4/federation/identity_provider.rs b/openstack_types/src/identity/v4/federation/identity_provider.rs new file mode 100644 index 000000000..4c08ee417 --- /dev/null +++ b/openstack_types/src/identity/v4/federation/identity_provider.rs @@ -0,0 +1,19 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! `response` REST operations of identity +pub mod response; diff --git a/openstack_types/src/identity/v4/federation/identity_provider/response.rs b/openstack_types/src/identity/v4/federation/identity_provider/response.rs new file mode 100644 index 000000000..47be25f13 --- /dev/null +++ b/openstack_types/src/identity/v4/federation/identity_provider/response.rs @@ -0,0 +1,22 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! `response` REST operations of identity +pub mod create; +pub mod get; +pub mod list; +pub mod set; diff --git a/openstack_types/src/identity/v4/federation/identity_provider/response/create.rs b/openstack_types/src/identity/v4/federation/identity_provider/response/create.rs new file mode 100644 index 000000000..d6da25f4e --- /dev/null +++ b/openstack_types/src/identity/v4/federation/identity_provider/response/create.rs @@ -0,0 +1,91 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. +//! Response type for the POST `federation/identity_providers` operation + +use serde::{Deserialize, Serialize}; +use serde_json::Value; +use std::collections::BTreeMap; +use structable::{StructTable, StructTableOptions}; + +/// IdentityProvider response representation +#[derive(Clone, Deserialize, Serialize, StructTable)] +pub struct IdentityProviderResponse { + /// The bound issuer that is verified when using the identity provider. + #[serde(default)] + #[structable(optional)] + pub bound_issuer: Option, + + /// Default attribute mapping name which is automatically used when no + /// mapping is explicitly requested. The referred attribute mapping must + /// exist. + #[serde(default)] + #[structable(optional)] + pub default_mapping_name: Option, + + /// The ID of the domain this identity provider belongs to. Empty value + /// identifies that the identity provider can be used by other domains as + /// well. + #[serde(default)] + #[structable(optional)] + pub domain_id: Option, + + /// The ID of the federated identity provider. + #[structable()] + pub id: String, + + /// URL to fetch JsonWebKeySet. This must be set for "jwt" mapping when the + /// provider does not provide discovery endpoint or when it is not standard + /// compliant. + #[serde(default)] + #[structable(optional)] + pub jwks_url: Option, + + /// List of the jwt validation public keys. + #[serde(default)] + #[structable(optional, serialize)] + pub jwt_validation_pubkeys: Option>, + + /// The Name of the federated identity provider. + #[structable()] + pub name: String, + + /// The oidc `client_id` to use for the private client. The `client_secret` + /// is never returned and can be only overwritten. + #[serde(default)] + #[structable(optional)] + pub oidc_client_id: Option, + + /// OIDC discovery endpoint for the identity provider. + #[serde(default)] + #[structable(optional)] + pub oidc_discovery_url: Option, + + /// The oidc response mode. + #[serde(default)] + #[structable(optional)] + pub oidc_response_mode: Option, + + /// List of supported response types. + #[serde(default)] + #[structable(optional, serialize)] + pub oidc_response_types: Option>, + + /// Additional provider configuration. + #[serde(default)] + #[structable(optional, serialize)] + pub provider_config: Option>, +} diff --git a/openstack_types/src/identity/v4/federation/identity_provider/response/get.rs b/openstack_types/src/identity/v4/federation/identity_provider/response/get.rs new file mode 100644 index 000000000..4e2abd77c --- /dev/null +++ b/openstack_types/src/identity/v4/federation/identity_provider/response/get.rs @@ -0,0 +1,91 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. +//! Response type for the GET `federation/identity_providers/{idp_id}` operation + +use serde::{Deserialize, Serialize}; +use serde_json::Value; +use std::collections::BTreeMap; +use structable::{StructTable, StructTableOptions}; + +/// IdentityProvider response representation +#[derive(Clone, Deserialize, Serialize, StructTable)] +pub struct IdentityProviderResponse { + /// The bound issuer that is verified when using the identity provider. + #[serde(default)] + #[structable(optional)] + pub bound_issuer: Option, + + /// Default attribute mapping name which is automatically used when no + /// mapping is explicitly requested. The referred attribute mapping must + /// exist. + #[serde(default)] + #[structable(optional)] + pub default_mapping_name: Option, + + /// The ID of the domain this identity provider belongs to. Empty value + /// identifies that the identity provider can be used by other domains as + /// well. + #[serde(default)] + #[structable(optional)] + pub domain_id: Option, + + /// The ID of the federated identity provider. + #[structable()] + pub id: String, + + /// URL to fetch JsonWebKeySet. This must be set for "jwt" mapping when the + /// provider does not provide discovery endpoint or when it is not standard + /// compliant. + #[serde(default)] + #[structable(optional)] + pub jwks_url: Option, + + /// List of the jwt validation public keys. + #[serde(default)] + #[structable(optional, serialize)] + pub jwt_validation_pubkeys: Option>, + + /// The Name of the federated identity provider. + #[structable()] + pub name: String, + + /// The oidc `client_id` to use for the private client. The `client_secret` + /// is never returned and can be only overwritten. + #[serde(default)] + #[structable(optional)] + pub oidc_client_id: Option, + + /// OIDC discovery endpoint for the identity provider. + #[serde(default)] + #[structable(optional)] + pub oidc_discovery_url: Option, + + /// The oidc response mode. + #[serde(default)] + #[structable(optional)] + pub oidc_response_mode: Option, + + /// List of supported response types. + #[serde(default)] + #[structable(optional, serialize)] + pub oidc_response_types: Option>, + + /// Additional provider configuration. + #[serde(default)] + #[structable(optional, serialize)] + pub provider_config: Option>, +} diff --git a/openstack_types/src/identity/v4/federation/identity_provider/response/list.rs b/openstack_types/src/identity/v4/federation/identity_provider/response/list.rs new file mode 100644 index 000000000..628b8e1e4 --- /dev/null +++ b/openstack_types/src/identity/v4/federation/identity_provider/response/list.rs @@ -0,0 +1,91 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. +//! Response type for the GET `federation/identity_providers` operation + +use serde::{Deserialize, Serialize}; +use serde_json::Value; +use std::collections::BTreeMap; +use structable::{StructTable, StructTableOptions}; + +/// IdentityProvider response representation +#[derive(Clone, Deserialize, Serialize, StructTable)] +pub struct IdentityProviderResponse { + /// The bound issuer that is verified when using the identity provider. + #[serde(default)] + #[structable(optional, wide)] + pub bound_issuer: Option, + + /// Default attribute mapping name which is automatically used when no + /// mapping is explicitly requested. The referred attribute mapping must + /// exist. + #[serde(default)] + #[structable(optional, wide)] + pub default_mapping_name: Option, + + /// The ID of the domain this identity provider belongs to. Empty value + /// identifies that the identity provider can be used by other domains as + /// well. + #[serde(default)] + #[structable(optional, wide)] + pub domain_id: Option, + + /// The ID of the federated identity provider. + #[structable()] + pub id: String, + + /// URL to fetch JsonWebKeySet. This must be set for "jwt" mapping when the + /// provider does not provide discovery endpoint or when it is not standard + /// compliant. + #[serde(default)] + #[structable(optional, wide)] + pub jwks_url: Option, + + /// List of the jwt validation public keys. + #[serde(default)] + #[structable(optional, serialize, wide)] + pub jwt_validation_pubkeys: Option>, + + /// The Name of the federated identity provider. + #[structable()] + pub name: String, + + /// The oidc `client_id` to use for the private client. The `client_secret` + /// is never returned and can be only overwritten. + #[serde(default)] + #[structable(optional, wide)] + pub oidc_client_id: Option, + + /// OIDC discovery endpoint for the identity provider. + #[serde(default)] + #[structable(optional, wide)] + pub oidc_discovery_url: Option, + + /// The oidc response mode. + #[serde(default)] + #[structable(optional, wide)] + pub oidc_response_mode: Option, + + /// List of supported response types. + #[serde(default)] + #[structable(optional, serialize, wide)] + pub oidc_response_types: Option>, + + /// Additional provider configuration. + #[serde(default)] + #[structable(optional, serialize, wide)] + pub provider_config: Option>, +} diff --git a/openstack_types/src/identity/v4/federation/identity_provider/response/set.rs b/openstack_types/src/identity/v4/federation/identity_provider/response/set.rs new file mode 100644 index 000000000..0a7acf4f6 --- /dev/null +++ b/openstack_types/src/identity/v4/federation/identity_provider/response/set.rs @@ -0,0 +1,91 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. +//! Response type for the PUT `federation/identity_providers/{idp_id}` operation + +use serde::{Deserialize, Serialize}; +use serde_json::Value; +use std::collections::BTreeMap; +use structable::{StructTable, StructTableOptions}; + +/// IdentityProvider response representation +#[derive(Clone, Deserialize, Serialize, StructTable)] +pub struct IdentityProviderResponse { + /// The bound issuer that is verified when using the identity provider. + #[serde(default)] + #[structable(optional)] + pub bound_issuer: Option, + + /// Default attribute mapping name which is automatically used when no + /// mapping is explicitly requested. The referred attribute mapping must + /// exist. + #[serde(default)] + #[structable(optional)] + pub default_mapping_name: Option, + + /// The ID of the domain this identity provider belongs to. Empty value + /// identifies that the identity provider can be used by other domains as + /// well. + #[serde(default)] + #[structable(optional)] + pub domain_id: Option, + + /// The ID of the federated identity provider. + #[structable()] + pub id: String, + + /// URL to fetch JsonWebKeySet. This must be set for "jwt" mapping when the + /// provider does not provide discovery endpoint or when it is not standard + /// compliant. + #[serde(default)] + #[structable(optional)] + pub jwks_url: Option, + + /// List of the jwt validation public keys. + #[serde(default)] + #[structable(optional, serialize)] + pub jwt_validation_pubkeys: Option>, + + /// The Name of the federated identity provider. + #[structable()] + pub name: String, + + /// The oidc `client_id` to use for the private client. The `client_secret` + /// is never returned and can be only overwritten. + #[serde(default)] + #[structable(optional)] + pub oidc_client_id: Option, + + /// OIDC discovery endpoint for the identity provider. + #[serde(default)] + #[structable(optional)] + pub oidc_discovery_url: Option, + + /// The oidc response mode. + #[serde(default)] + #[structable(optional)] + pub oidc_response_mode: Option, + + /// List of supported response types. + #[serde(default)] + #[structable(optional, serialize)] + pub oidc_response_types: Option>, + + /// Additional provider configuration. + #[serde(default)] + #[structable(optional, serialize)] + pub provider_config: Option>, +} diff --git a/openstack_types/src/identity/v4/user.rs b/openstack_types/src/identity/v4/user.rs new file mode 100644 index 000000000..b58cdfc04 --- /dev/null +++ b/openstack_types/src/identity/v4/user.rs @@ -0,0 +1,19 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! `identity/v4/federation/identity_provider` REST operations of identity +pub mod passkey; diff --git a/openstack_types/src/identity/v4/user/passkey.rs b/openstack_types/src/identity/v4/user/passkey.rs new file mode 100644 index 000000000..4c08ee417 --- /dev/null +++ b/openstack_types/src/identity/v4/user/passkey.rs @@ -0,0 +1,19 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! `response` REST operations of identity +pub mod response; diff --git a/openstack_types/src/identity/v4/user/passkey/response.rs b/openstack_types/src/identity/v4/user/passkey/response.rs new file mode 100644 index 000000000..4c30bf092 --- /dev/null +++ b/openstack_types/src/identity/v4/user/passkey/response.rs @@ -0,0 +1,19 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. + +//! `response` REST operations of identity +pub mod register_start; diff --git a/openstack_types/src/identity/v4/user/passkey/response/register_start.rs b/openstack_types/src/identity/v4/user/passkey/response/register_start.rs new file mode 100644 index 000000000..2d47a4d9f --- /dev/null +++ b/openstack_types/src/identity/v4/user/passkey/response/register_start.rs @@ -0,0 +1,414 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 +// +// WARNING: This file is automatically generated from OpenAPI schema using +// `openstack-codegenerator`. +//! Response type for the POST `users/{user_id}/passkeys/register_start` operation + +use serde::{Deserialize, Serialize}; +use structable::{StructTable, StructTableOptions}; + +/// RegisterStart response representation +#[derive(Clone, Deserialize, Serialize, StructTable)] +pub struct RegisterStartResponse { + /// https://www.w3.org/TR/webauthn/#enumdef-attestationconveyancepreference + #[serde(default)] + #[structable(optional, serialize)] + pub attestation: Option, + + /// The list of attestation formats that the RP will accept. + #[serde(default)] + #[structable(optional, serialize)] + pub attestation_formats: Option>, + + /// https://www.w3.org/TR/webauthn/#dictdef-authenticatorselectioncriteria + #[serde(default)] + #[structable(optional, serialize)] + pub authenticator_selection: Option, + + /// The challenge that should be signed by the authenticator. + #[structable()] + pub challenge: String, + + /// Credential ID’s that are excluded from being able to be registered. + #[serde(default)] + #[structable(optional, serialize)] + pub exclude_credentials: Option>, + + /// Extension option inputs for PublicKeyCredentialCreationOptions. + /// + /// Implements [AuthenticatorExtensionsClientInputs] from the spec. + #[serde(default)] + #[structable(optional, serialize)] + pub extensions: Option, + + /// Hints defining which types credentials may be used in this operation. + #[serde(default)] + #[structable(optional, serialize)] + pub hints: Option>, + + /// The set of cryptographic types allowed by this server. + #[structable(serialize)] + pub pub_key_cred_params: Vec, + + /// Relying Party Entity. + #[structable(serialize)] + pub rp: Rp, + + /// The timeout for the authenticator in case of no interaction. + #[serde(default)] + #[structable(optional)] + pub timeout: Option, + + /// User information + #[structable(serialize)] + pub user: User, +} + +#[derive(Debug, Deserialize, Clone, Serialize)] +pub enum Attestation { + // Direct + #[serde(rename = "Direct")] + Direct, + + // Indirect + #[serde(rename = "Indirect")] + Indirect, + + // None + #[serde(rename = "None")] + None, +} + +impl std::str::FromStr for Attestation { + type Err = (); + fn from_str(input: &str) -> Result { + match input { + "Direct" => Ok(Self::Direct), + "Indirect" => Ok(Self::Indirect), + "None" => Ok(Self::None), + _ => Err(()), + } + } +} + +#[derive(Debug, Deserialize, Clone, Serialize)] +pub enum AttestationFormats { + // Androidkey + #[serde(rename = "AndroidKey")] + Androidkey, + + // Androidsafetynet + #[serde(rename = "AndroidSafetyNet")] + Androidsafetynet, + + // Appleanonymous + #[serde(rename = "AppleAnonymous")] + Appleanonymous, + + // Fidou2f + #[serde(rename = "FIDOU2F")] + Fidou2f, + + // None + #[serde(rename = "None")] + None, + + // Packed + #[serde(rename = "Packed")] + Packed, + + // Tpm + #[serde(rename = "Tpm")] + Tpm, +} + +impl std::str::FromStr for AttestationFormats { + type Err = (); + fn from_str(input: &str) -> Result { + match input { + "AndroidKey" => Ok(Self::Androidkey), + "AndroidSafetyNet" => Ok(Self::Androidsafetynet), + "AppleAnonymous" => Ok(Self::Appleanonymous), + "FIDOU2F" => Ok(Self::Fidou2f), + "None" => Ok(Self::None), + "Packed" => Ok(Self::Packed), + "Tpm" => Ok(Self::Tpm), + _ => Err(()), + } + } +} + +#[derive(Debug, Deserialize, Clone, Serialize)] +pub enum AuthenticatorAttachment { + // Crossplatform + #[serde(rename = "CrossPlatform")] + Crossplatform, + + // Platform + #[serde(rename = "Platform")] + Platform, +} + +impl std::str::FromStr for AuthenticatorAttachment { + type Err = (); + fn from_str(input: &str) -> Result { + match input { + "CrossPlatform" => Ok(Self::Crossplatform), + "Platform" => Ok(Self::Platform), + _ => Err(()), + } + } +} + +#[derive(Debug, Deserialize, Clone, Serialize)] +pub enum ResidentKey { + // Discouraged + #[serde(rename = "Discouraged")] + Discouraged, + + // Preferred + #[serde(rename = "Preferred")] + Preferred, + + // Required + #[serde(rename = "Required")] + Required, +} + +impl std::str::FromStr for ResidentKey { + type Err = (); + fn from_str(input: &str) -> Result { + match input { + "Discouraged" => Ok(Self::Discouraged), + "Preferred" => Ok(Self::Preferred), + "Required" => Ok(Self::Required), + _ => Err(()), + } + } +} + +#[derive(Debug, Deserialize, Clone, Serialize)] +pub enum UserVerification { + // Preferred + #[serde(rename = "Preferred")] + Preferred, + + // Required + #[serde(rename = "Required")] + Required, +} + +impl std::str::FromStr for UserVerification { + type Err = (); + fn from_str(input: &str) -> Result { + match input { + "Preferred" => Ok(Self::Preferred), + "Required" => Ok(Self::Required), + _ => Err(()), + } + } +} + +/// https://www.w3.org/TR/webauthn/#dictdef-authenticatorselectioncriteria +/// `AuthenticatorSelection` type +#[derive(Clone, Debug, Deserialize, Serialize)] +pub struct AuthenticatorSelection { + #[serde(default)] + pub authenticator_attachment: Option, + pub require_resident_key: bool, + #[serde(default)] + pub resident_key: Option, + pub user_verification: UserVerification, +} + +#[derive(Debug, Deserialize, Clone, Serialize)] +pub enum Transports { + // Ble + #[serde(rename = "Ble")] + Ble, + + // Hybrid + #[serde(rename = "Hybrid")] + Hybrid, + + // Internal + #[serde(rename = "Internal")] + Internal, + + // Nfc + #[serde(rename = "Nfc")] + Nfc, + + // Test + #[serde(rename = "Test")] + Test, + + // Unknown + #[serde(rename = "Unknown")] + Unknown, + + // Usb + #[serde(rename = "Usb")] + Usb, +} + +impl std::str::FromStr for Transports { + type Err = (); + fn from_str(input: &str) -> Result { + match input { + "Ble" => Ok(Self::Ble), + "Hybrid" => Ok(Self::Hybrid), + "Internal" => Ok(Self::Internal), + "Nfc" => Ok(Self::Nfc), + "Test" => Ok(Self::Test), + "Unknown" => Ok(Self::Unknown), + "Usb" => Ok(Self::Usb), + _ => Err(()), + } + } +} + +/// https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialdescriptor +/// `ExcludeCredentials` type +#[derive(Clone, Debug, Deserialize, Serialize)] +pub struct ExcludeCredentials { + pub id: String, + #[serde(default)] + pub transports: Option>, + pub type_: String, +} + +#[derive(Debug, Deserialize, Clone, Serialize)] +pub enum CredentialProtectionPolicy { + // Userverificationoptional + #[serde(rename = "UserVerificationOptional")] + Userverificationoptional, + + // Userverificationoptionalwithcredentialidlist + #[serde(rename = "UserVerificationOptionalWithCredentialIDList")] + Userverificationoptionalwithcredentialidlist, + + // Userverificationrequired + #[serde(rename = "UserVerificationRequired")] + Userverificationrequired, +} + +impl std::str::FromStr for CredentialProtectionPolicy { + type Err = (); + fn from_str(input: &str) -> Result { + match input { + "UserVerificationOptional" => Ok(Self::Userverificationoptional), + "UserVerificationOptionalWithCredentialIDList" => { + Ok(Self::Userverificationoptionalwithcredentialidlist) + } + "UserVerificationRequired" => Ok(Self::Userverificationrequired), + _ => Err(()), + } + } +} + +/// The desired options for the client’s use of the credProtect extension +/// +/// https://fidoalliance.org/specs/fido-v2.1-rd-20210309/fido-client-to-authenticator-protocol-v2.1-rd-20210309.html#sctn-credProtect-extension +/// `CredProtect` type +#[derive(Clone, Debug, Deserialize, Serialize)] +pub struct CredProtect { + pub credential_protection_policy: CredentialProtectionPolicy, + #[serde(default)] + pub enforce_credential_protection_policy: Option, +} + +/// Extension option inputs for PublicKeyCredentialCreationOptions. +/// +/// Implements [AuthenticatorExtensionsClientInputs] from the spec. +/// `Extensions` type +#[derive(Clone, Debug, Deserialize, Serialize)] +pub struct Extensions { + #[serde(default)] + pub cred_props: Option, + #[serde(default)] + pub cred_protect: Option, + #[serde(default)] + pub hmac_create_secret: Option, + #[serde(default)] + pub min_pin_length: Option, + #[serde(default)] + pub uvm: Option, +} + +#[derive(Debug, Deserialize, Clone, Serialize)] +pub enum Hints { + // Clientdevice + #[serde(rename = "ClientDevice")] + Clientdevice, + + // Hybrid + #[serde(rename = "Hybrid")] + Hybrid, + + // Securitykey + #[serde(rename = "SecurityKey")] + Securitykey, +} + +impl std::str::FromStr for Hints { + type Err = (); + fn from_str(input: &str) -> Result { + match input { + "ClientDevice" => Ok(Self::Clientdevice), + "Hybrid" => Ok(Self::Hybrid), + "SecurityKey" => Ok(Self::Securitykey), + _ => Err(()), + } + } +} + +/// Public key cryptographic parameters +/// `PubKeyCredParams` type +#[derive(Clone, Debug, Deserialize, Serialize)] +pub struct PubKeyCredParams { + pub alg: i64, + pub type_: String, +} + +/// Relying Party Entity. +/// `Rp` type +#[derive(Clone, Debug, Deserialize, Serialize)] +pub struct Rp { + pub id: String, + pub name: String, +} + +/// Domain information +/// `Domain` type +#[derive(Clone, Debug, Deserialize, Serialize)] +pub struct Domain { + #[serde(default)] + pub id: Option, + #[serde(default)] + pub name: Option, +} + +/// User information +/// `User` type +#[derive(Clone, Debug, Deserialize, Serialize)] +pub struct User { + pub domain: Domain, + pub id: String, + #[serde(default)] + pub name: Option, + #[serde(default)] + pub password_expires_at: Option, +}