feat: Implement password auth

src/api/common.rs

@@ -0,0 +1,134 @@
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: Apache-2.0
+//! Common API helpers
+//!
+use crate::api::error::KeystoneApiError;
+use crate::keystone::ServiceState;
+use crate::resource::{ResourceApi, types::Domain};
+
+pub async fn get_domain<I: AsRef<str>, N: AsRef<str>>(
+    state: &ServiceState,
+    id: Option<I>,
+    name: Option<N>,
+) -> Result<Domain, KeystoneApiError> {
+    let domain = if let Some(did) = &id {
+        state
+            .provider
+            .get_resource_provider()
+            .get_domain(&state.db, did.as_ref())
+            .await?
+            .ok_or_else(|| KeystoneApiError::NotFound {
+                resource: "domain".into(),
+                identifier: did.as_ref().to_string(),
+            })?
+    } else if let Some(name) = &name {
+        state
+            .provider
+            .get_resource_provider()
+            .find_domain_by_name(&state.db, name.as_ref())
+            .await?
+            .ok_or_else(|| KeystoneApiError::NotFound {
+                resource: "domain".into(),
+                identifier: name.as_ref().to_string(),
+            })?
+    } else {
+        return Err(KeystoneApiError::DomainIdOrName);
+    };
+    Ok(domain)
+}
+
+#[cfg(test)]
+mod tests {
+    use sea_orm::DatabaseConnection;
+    use std::sync::Arc;
+
+    use super::*;
+
+    use crate::assignment::MockAssignmentProvider;
+    use crate::config::Config;
+    use crate::identity::MockIdentityProvider;
+    use crate::keystone::Service;
+    use crate::provider::ProviderBuilder;
+    use crate::resource::{MockResourceProvider, types::Domain};
+    use crate::token::MockTokenProvider;
+
+    #[tokio::test]
+    async fn test_get_domain() {
+        let db = DatabaseConnection::Disconnected;
+        let config = Config::default();
+
+        let mut resource_mock = MockResourceProvider::default();
+        resource_mock
+            .expect_get_domain()
+            .withf(|_: &DatabaseConnection, id: &'_ str| id == "domain_id")
+            .returning(|_, _| {
+                Ok(Some(Domain {
+                    id: "domain_id".into(),
+                    name: "domain_name".into(),
+                    ..Default::default()
+                }))
+            });
+        resource_mock
+            .expect_find_domain_by_name()
+            .withf(|_: &DatabaseConnection, id: &'_ str| id == "domain_name")
+            .returning(|_, _| {
+                Ok(Some(Domain {
+                    id: "domain_id".into(),
+                    name: "domain_name".into(),
+                    ..Default::default()
+                }))
+            });
+        let identity_mock = MockIdentityProvider::default();
+        let token_mock = MockTokenProvider::default();
+        let assignment_mock = MockAssignmentProvider::default();
+        let provider = ProviderBuilder::default()
+            .config(config.clone())
+            .assignment(assignment_mock)
+            .identity(identity_mock)
+            .resource(resource_mock)
+            .token(token_mock)
+            .build()
+            .unwrap();
+
+        let state = Arc::new(Service::new(config, db, provider).unwrap());
+
+        assert_eq!(
+            "domain_id",
+            get_domain(&state, Some("domain_id"), None::<&str>)
+                .await
+                .unwrap()
+                .id
+        );
+        assert_eq!(
+            "domain_id",
+            get_domain(&state, None::<&str>, Some("domain_name"))
+                .await
+                .unwrap()
+                .id
+        );
+        assert_eq!(
+            "domain_id",
+            get_domain(&state, Some("domain_id"), Some("other_domain_name"))
+                .await
+                .unwrap()
+                .id
+        );
+        match get_domain(&state, None::<&str>, None::<&str>).await {
+            Err(KeystoneApiError::DomainIdOrName) => {}
+            _ => {
+                panic!("wrong result");
+            }
+        }
+    }
+}

src/api/error.rs

@@ -19,6 +19,7 @@ use axum::{
 };
 use serde_json::json;
 use thiserror::Error;
+use tracing::error;
 
 use crate::assignment::error::AssignmentProviderError;
 use crate::identity::error::IdentityProviderError;
@@ -38,7 +39,7 @@ pub enum KeystoneApiError {
     },
 
     #[error("missing authorization")]
-    Unauthorized(String),
+    Unauthorized,
 
     #[error("missing x-subject-token header")]
     SubjectTokenMissing,
@@ -99,10 +100,20 @@ pub enum KeystoneApiError {
         #[from]
         source: serde_json::Error,
     },
+
+    #[error("domain id or name must be present")]
+    DomainIdOrName,
+
+    #[error("project id or name must be present")]
+    ProjectIdOrName,
+
+    #[error("project domain must be present")]
+    ProjectDomain,
 }
 
 impl IntoResponse for KeystoneApiError {
     fn into_response(self) -> Response {
+        error!("Error happened during request processing: {:?}", self);
         match self {
             KeystoneApiError::Conflict(_) => (
                 StatusCode::CONFLICT,
@@ -113,22 +124,18 @@ impl IntoResponse for KeystoneApiError {
                 Json(json!({"error": {"code": StatusCode::NOT_FOUND.as_u16(), "message": self.to_string()}})),
             )
                 .into_response(),
-            KeystoneApiError::Unauthorized(_) => {
+            KeystoneApiError::Unauthorized => {
                 (StatusCode::UNAUTHORIZED,
                 Json(json!({"error": {"code": StatusCode::UNAUTHORIZED.as_u16(), "message": self.to_string()}})),
                 ).into_response()
             }
-            KeystoneApiError::InternalError(_) => {
-                (StatusCode::INTERNAL_SERVER_ERROR,
-                Json(json!({"error": {"code": StatusCode::INTERNAL_SERVER_ERROR.as_u16(), "message": self.to_string()}})),
-                ).into_response()
-            }
-            KeystoneApiError::IdentityError { .. } | KeystoneApiError::ResourceError { .. } | KeystoneApiError::AssignmentError { .. } | KeystoneApiError::TokenError{..} => {
+            KeystoneApiError::InternalError(_) | KeystoneApiError::IdentityError { .. } | KeystoneApiError::ResourceError { .. } | KeystoneApiError::AssignmentError { .. } | KeystoneApiError::TokenError{..} => {
                 (StatusCode::INTERNAL_SERVER_ERROR,
                 Json(json!({"error": {"code": StatusCode::INTERNAL_SERVER_ERROR.as_u16(), "message": self.to_string()}})),
               ).into_response()
             }
-            KeystoneApiError::SubjectTokenMissing | KeystoneApiError::InvalidHeader | KeystoneApiError::InvalidToken | KeystoneApiError::Token{..} | KeystoneApiError::WebAuthN{..} | KeystoneApiError::Uuid {..} | KeystoneApiError::Serde {..} => {
+            _ =>  {
+            // KeystoneApiError::SubjectTokenMissing | KeystoneApiError::InvalidHeader | KeystoneApiError::InvalidToken | KeystoneApiError::Token{..} | KeystoneApiError::WebAuthN{..} | KeystoneApiError::Uuid {..} | KeystoneApiError::Serde {..} | KeystoneApiError::DomainIdOrName | KeystoneApiError::ProjectIdOrName | KeystoneApiError::ProjectDomain => 
                 (StatusCode::BAD_REQUEST,
                 Json(json!({"error": {"code": StatusCode::BAD_REQUEST.as_u16(), "message": self.to_string()}})),
               ).into_response()
@@ -184,11 +191,23 @@ pub enum TokenError {
         #[from]
         source: crate::api::v3::auth::token::types::UserBuilderError,
     },
+
     #[error("error building token user data: {}", source)]
     ProjectBuilder {
         #[from]
         source: crate::api::v3::auth::token::types::ProjectBuilderError,
     },
+
+    #[error(transparent)]
+    UserPasswordAuthBuilder {
+        #[from]
+        source: crate::identity::types::user::UserPasswordAuthRequestBuilderError,
+    },
+    #[error(transparent)]
+    DomainBuilder {
+        #[from]
+        source: crate::identity::types::user::DomainBuilderError,
+    },
 }
 
 #[derive(Error, Debug)]

src/api/mod.rs

@@ -13,7 +13,6 @@
 // SPDX-License-Identifier: Apache-2.0
 
 use axum::{
-    extract::OriginalUri,
     http::{HeaderMap, header},
     response::IntoResponse,
 };
@@ -24,6 +23,7 @@ use crate::api::error::KeystoneApiError;
 use crate::keystone::ServiceState;
 
 pub mod auth;
+pub(crate) mod common;
 pub mod error;
 pub mod types;
 pub mod v3;
@@ -50,10 +50,7 @@ pub fn openapi_router() -> OpenApiRouter<ServiceState> {
     ),
     tag = "version"
 )]
-async fn version(
-    headers: HeaderMap,
-    OriginalUri(uri): OriginalUri,
-) -> Result<impl IntoResponse, KeystoneApiError> {
+async fn version(headers: HeaderMap) -> Result<impl IntoResponse, KeystoneApiError> {
     let host = headers
         .get(header::HOST)
         .and_then(|header| header.to_str().ok())