feat: Add federation tokens support

Cargo.toml

@@ -48,7 +48,7 @@ url = { version = "2.5", features = ["serde"] }
 utoipa = { version = "5.3", features = ["axum_extras", "chrono"] }
 utoipa-axum = { version = "0.2" }
 utoipa-swagger-ui = { version = "9.0", features = ["axum", "vendored"], default-features = false }
-uuid = { version = "1.16", features = ["v4"] }
+uuid = { version = "1.17", features = ["v4"] }
 webauthn-rs = { version = "0.5", features = ["danger-allow-state-serialisation"] }
 
 [dev-dependencies]

benches/fernet_token.rs

@@ -21,7 +21,7 @@ fn bench_decrypt_token(c: &mut Criterion) {
 
     let mut backend = FernetTokenProvider::default();
     let mut config = Config::new(PathBuf::new()).unwrap();
-    config.fernet_tokens.key_repository = tmp_dir.into_path();
+    config.fernet_tokens.key_repository = tmp_dir.keep();
     backend.set_config(config);
     backend.load_keys().unwrap();
 

src/api/v3/auth/token/common.rs

@@ -86,6 +86,9 @@ impl Token {
             ProviderToken::ApplicationCredential(_token) => {
                 todo!();
             }
+            _ => {
+                todo!();
+            }
         }
         Ok(response.build().map_err(TokenError::from)?)
     }
@@ -168,6 +171,9 @@ impl Token {
             ProviderToken::ApplicationCredential(_token) => {
                 todo!();
             }
+            _ => {
+                todo!();
+            }
         }
         Ok(response.build().map_err(TokenError::from)?)
     }
@@ -194,7 +200,7 @@ mod tests {
         types::{Domain, Project},
     };
     use crate::token::{
-        DomainScopeToken, ProjectScopeToken, Token as ProviderToken, UnscopedToken,
+        DomainScopePayload, ProjectScopePayload, Token as ProviderToken, UnscopedPayload,
     };
 
     #[tokio::test]
@@ -238,7 +244,7 @@ mod tests {
 
         let api_token = Token::from_provider_token(
             &state,
-            &ProviderToken::Unscoped(UnscopedToken {
+            &ProviderToken::Unscoped(UnscopedPayload {
                 user_id: "bar".into(),
                 ..Default::default()
             }),
@@ -291,7 +297,7 @@ mod tests {
 
         let api_token = Token::from_provider_token(
             &state,
-            &ProviderToken::DomainScope(DomainScopeToken {
+            &ProviderToken::DomainScope(DomainScopePayload {
                 user_id: "bar".into(),
                 domain_id: "domain_id".into(),
                 ..Default::default()
@@ -372,7 +378,7 @@ mod tests {
 
         let api_token = Token::from_provider_token(
             &state,
-            &ProviderToken::ProjectScope(ProjectScopeToken {
+            &ProviderToken::ProjectScope(ProjectScopePayload {
                 user_id: "bar".into(),
                 project_id: "project_id".into(),
                 roles: vec![ProviderRole {

src/api/v3/auth/token/mod.rs

@@ -304,7 +304,7 @@ mod tests {
             });
         let mut token_mock = MockTokenProvider::default();
         token_mock.expect_validate_token().returning(|_, _, _| {
-            Ok(Token::Unscoped(UnscopedToken {
+            Ok(Token::Unscoped(UnscopedPayload {
                 user_id: "bar".into(),
                 ..Default::default()
             }))
@@ -398,7 +398,7 @@ mod tests {
             .expect_validate_token()
             .withf(|token: &'_ str, _, _| token == "foo")
             .returning(|_, _, _| {
-                Ok(Token::Unscoped(UnscopedToken {
+                Ok(Token::Unscoped(UnscopedPayload {
                     user_id: "bar".into(),
                     ..Default::default()
                 }))
@@ -409,7 +409,7 @@ mod tests {
                 token == "bar" && *allow_expired == Some(true)
             })
             .returning(|_, _, _| {
-                Ok(Token::Unscoped(UnscopedToken {
+                Ok(Token::Unscoped(UnscopedPayload {
                     user_id: "bar".into(),
                     ..Default::default()
                 }))
@@ -467,7 +467,7 @@ mod tests {
             .expect_validate_token()
             .withf(|token: &'_ str, _, _| token == "foo")
             .returning(|_, _, _| {
-                Ok(Token::Unscoped(UnscopedToken {
+                Ok(Token::Unscoped(UnscopedPayload {
                     user_id: "bar".into(),
                     ..Default::default()
                 }))
@@ -582,7 +582,7 @@ mod tests {
             });
         let mut token_mock = MockTokenProvider::default();
         token_mock.expect_issue_token().returning(|_, _, _, _, _| {
-            Ok(Token::ProjectScope(ProjectScopeToken {
+            Ok(Token::ProjectScope(ProjectScopePayload {
                 user_id: "bar".into(),
                 methods: Vec::from(["password".to_string()]),
                 ..Default::default()

src/api/v3/federation/identity_provider.rs

@@ -199,12 +199,12 @@ mod tests {
     };
     use crate::keystone::{Service, ServiceState};
     use crate::provider::Provider;
-    use crate::token::{MockTokenProvider, Token, UnscopedToken};
+    use crate::token::{MockTokenProvider, Token, UnscopedPayload};
 
     fn get_mocked_state(federation_mock: MockFederationProvider) -> ServiceState {
         let mut token_mock = MockTokenProvider::default();
         token_mock.expect_validate_token().returning(|_, _, _| {
-            Ok(Token::Unscoped(UnscopedToken {
+            Ok(Token::Unscoped(UnscopedPayload {
                 user_id: "bar".into(),
                 ..Default::default()
             }))

src/api/v3/federation/mapping.rs

@@ -194,12 +194,12 @@ mod tests {
     };
     use crate::keystone::{Service, ServiceState};
     use crate::provider::Provider;
-    use crate::token::{MockTokenProvider, Token, UnscopedToken};
+    use crate::token::{MockTokenProvider, Token, UnscopedPayload};
 
     fn get_mocked_state(federation_mock: MockFederationProvider) -> ServiceState {
         let mut token_mock = MockTokenProvider::default();
         token_mock.expect_validate_token().returning(|_, _, _| {
-            Ok(Token::Unscoped(UnscopedToken {
+            Ok(Token::Unscoped(UnscopedPayload {
                 user_id: "bar".into(),
                 ..Default::default()
             }))

src/api/v3/role/mod.rs

@@ -122,14 +122,14 @@ mod tests {
     use crate::keystone::{Service, ServiceState};
     use crate::provider::Provider;
 
-    use crate::token::{MockTokenProvider, Token, UnscopedToken};
+    use crate::token::{MockTokenProvider, Token, UnscopedPayload};
 
     use crate::tests::api::get_mocked_state_unauthed;
 
     fn get_mocked_state(assignment_mock: MockAssignmentProvider) -> ServiceState {
         let mut token_mock = MockTokenProvider::default();
         token_mock.expect_validate_token().returning(|_, _, _| {
-            Ok(Token::Unscoped(UnscopedToken {
+            Ok(Token::Unscoped(UnscopedPayload {
                 user_id: "bar".into(),
                 ..Default::default()
             }))

src/api/v3/role_assignment/mod.rs

@@ -94,12 +94,12 @@ mod tests {
     use crate::keystone::{Service, ServiceState};
     use crate::provider::Provider;
 
-    use crate::token::{MockTokenProvider, Token, UnscopedToken};
+    use crate::token::{MockTokenProvider, Token, UnscopedPayload};
 
     fn get_mocked_state(assignment_mock: MockAssignmentProvider) -> ServiceState {
         let mut token_mock = MockTokenProvider::default();
         token_mock.expect_validate_token().returning(|_, _, _| {
-            Ok(Token::Unscoped(UnscopedToken {
+            Ok(Token::Unscoped(UnscopedPayload {
                 user_id: "bar".into(),
                 ..Default::default()
             }))

src/tests/api.rs

@@ -19,7 +19,7 @@ use crate::config::Config;
 use crate::identity::MockIdentityProvider;
 use crate::keystone::{Service, ServiceState};
 use crate::provider::Provider;
-use crate::token::{MockTokenProvider, Token, TokenProviderError, UnscopedToken};
+use crate::token::{MockTokenProvider, Token, TokenProviderError, UnscopedPayload};
 
 pub(crate) fn get_mocked_state_unauthed() -> ServiceState {
     let mut token_mock = MockTokenProvider::default();
@@ -45,7 +45,7 @@ pub(crate) fn get_mocked_state_unauthed() -> ServiceState {
 pub(crate) fn get_mocked_state(identity_mock: MockIdentityProvider) -> ServiceState {
     let mut token_mock = MockTokenProvider::default();
     token_mock.expect_validate_token().returning(|_, _, _| {
-        Ok(Token::Unscoped(UnscopedToken {
+        Ok(Token::Unscoped(UnscopedPayload {
             user_id: "bar".into(),
             ..Default::default()
         }))

src/tests/token.rs

@@ -26,7 +26,7 @@ pub fn setup_config() -> Config {
     let mut tmp_file = File::create(file_path).unwrap();
     write!(tmp_file, "BFTs1CIVIBLTP4GOrQ26VETrJ7Zwz1O4wbEcCQ966eM=").unwrap();
     let mut config = Config::new(PathBuf::new()).unwrap();
-    config.fernet_tokens.key_repository = keys_dir.into_path();
+    config.fernet_tokens.key_repository = keys_dir.keep();
     config.auth.methods = vec![
         "password".into(),
         "token".into(),

src/token/application_credential.rs

@@ -28,7 +28,7 @@ use crate::token::{
 };
 
 #[derive(Builder, Clone, Debug, Default, PartialEq)]
-pub struct ApplicationCredentialToken {
+pub struct ApplicationCredentialPayload {
     pub user_id: String,
     #[builder(default, setter(name = _methods))]
     pub methods: Vec<String>,
@@ -44,7 +44,7 @@ pub struct ApplicationCredentialToken {
     pub project: Option<Project>,
 }
 
-impl ApplicationCredentialTokenBuilder {
+impl ApplicationCredentialPayloadBuilder {
     pub fn methods<I, V>(&mut self, iter: I) -> &mut Self
     where
         I: Iterator<Item = V>,
@@ -68,14 +68,14 @@ impl ApplicationCredentialTokenBuilder {
     }
 }
 
-impl From<ApplicationCredentialToken> for Token {
-    fn from(value: ApplicationCredentialToken) -> Self {
+impl From<ApplicationCredentialPayload> for Token {
+    fn from(value: ApplicationCredentialPayload) -> Self {
         Token::ApplicationCredential(value)
     }
 }
 
-impl MsgPackToken for ApplicationCredentialToken {
-    type Token = ApplicationCredentialToken;
+impl MsgPackToken for ApplicationCredentialPayload {
+    type Token = ApplicationCredentialPayload;
 
     fn assemble<W: Write>(
         &self,
@@ -131,7 +131,7 @@ mod tests {
 
     #[test]
     fn test_roundtrip() {
-        let token = ApplicationCredentialToken {
+        let token = ApplicationCredentialPayload {
             user_id: Uuid::new_v4().simple().to_string(),
             methods: vec!["password".into()],
             project_id: Uuid::new_v4().simple().to_string(),
@@ -145,7 +145,7 @@ mod tests {
         token.assemble(&mut buf, &auth_map).unwrap();
         let encoded_buf = buf.clone();
         let decoded =
-            ApplicationCredentialToken::disassemble(&mut encoded_buf.as_slice(), &auth_map)
+            ApplicationCredentialPayload::disassemble(&mut encoded_buf.as_slice(), &auth_map)
                 .unwrap();
         assert_eq!(token, decoded);
     }

src/token/domain_scoped.rs

@@ -29,7 +29,7 @@ use crate::token::{
 
 #[derive(Builder, Clone, Debug, Default, PartialEq)]
 #[builder(setter(strip_option, into))]
-pub struct DomainScopeToken {
+pub struct DomainScopePayload {
     pub user_id: String,
     #[builder(default, setter(name = _methods))]
     pub methods: Vec<String>,
@@ -44,7 +44,7 @@ pub struct DomainScopeToken {
     pub domain: Option<Domain>,
 }
 
-impl DomainScopeTokenBuilder {
+impl DomainScopePayloadBuilder {
     pub fn methods<I, V>(&mut self, iter: I) -> &mut Self
     where
         I: Iterator<Item = V>,
@@ -68,14 +68,14 @@ impl DomainScopeTokenBuilder {
     }
 }
 
-impl From<DomainScopeToken> for Token {
-    fn from(value: DomainScopeToken) -> Self {
+impl From<DomainScopePayload> for Token {
+    fn from(value: DomainScopePayload) -> Self {
         Token::DomainScope(value)
     }
 }
 
-impl MsgPackToken for DomainScopeToken {
-    type Token = DomainScopeToken;
+impl MsgPackToken for DomainScopePayload {
+    type Token = DomainScopePayload;
 
     fn assemble<W: Write>(
         &self,
@@ -127,7 +127,7 @@ mod tests {
 
     #[test]
     fn test_roundtrip() {
-        let token = DomainScopeToken {
+        let token = DomainScopePayload {
             user_id: Uuid::new_v4().simple().to_string(),
             methods: vec!["password".into()],
             domain_id: Uuid::new_v4().simple().to_string(),
@@ -140,7 +140,7 @@ mod tests {
         token.assemble(&mut buf, &auth_map).unwrap();
         let encoded_buf = buf.clone();
         let decoded =
-            DomainScopeToken::disassemble(&mut encoded_buf.as_slice(), &auth_map).unwrap();
+            DomainScopePayload::disassemble(&mut encoded_buf.as_slice(), &auth_map).unwrap();
         assert_eq!(token, decoded);
     }
 }

src/token/error.rs

@@ -99,21 +99,21 @@ pub enum TokenProviderError {
     UnscopedBuilder {
         /// The source of the error.
         #[from]
-        source: crate::token::unscoped::UnscopedTokenBuilderError,
+        source: crate::token::unscoped::UnscopedPayloadBuilderError,
     },
 
     #[error(transparent)]
     ProjectScopeBuilder {
         /// The source of the error.
         #[from]
-        source: crate::token::project_scoped::ProjectScopeTokenBuilderError,
+        source: crate::token::project_scoped::ProjectScopePayloadBuilderError,
     },
 
     #[error(transparent)]
     DomainScopeBuilder {
         /// The source of the error.
         #[from]
-        source: crate::token::domain_scoped::DomainScopeTokenBuilderError,
+        source: crate::token::domain_scoped::DomainScopePayloadBuilderError,
     },
 
     #[error(transparent)]