Line data Source code
1 : //! Structs representing the JSON formats used in the compute_ctl's HTTP API.
2 : use std::str::FromStr;
3 :
4 : use serde::{Deserialize, Serialize};
5 :
6 : use crate::privilege::Privilege;
7 : use crate::responses::ComputeCtlConfig;
8 : use crate::spec::{ComputeSpec, ExtVersion, PgIdent};
9 :
10 : /// The value to place in the [`ComputeClaims::audience`] claim.
11 : pub static COMPUTE_AUDIENCE: &str = "compute";
12 :
13 : /// Available scopes for a compute's JWT.
14 0 : #[derive(Copy, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
15 : #[serde(rename_all = "snake_case")]
16 : pub enum ComputeClaimsScope {
17 : /// An admin-scoped token allows access to all of `compute_ctl`'s authorized
18 : /// facilities.
19 : Admin,
20 : }
21 :
22 : impl FromStr for ComputeClaimsScope {
23 : type Err = anyhow::Error;
24 :
25 0 : fn from_str(s: &str) -> Result<Self, Self::Err> {
26 0 : match s {
27 0 : "admin" => Ok(ComputeClaimsScope::Admin),
28 0 : _ => Err(anyhow::anyhow!("invalid compute claims scope \"{s}\"")),
29 : }
30 0 : }
31 : }
32 :
33 : /// When making requests to the `compute_ctl` external HTTP server, the client
34 : /// must specify a set of claims in `Authorization` header JWTs such that
35 : /// `compute_ctl` can authorize the request.
36 0 : #[derive(Clone, Debug, Deserialize, Serialize)]
37 : #[serde(rename = "snake_case")]
38 : pub struct ComputeClaims {
39 : /// The compute ID that will validate the token. The only case in which this
40 : /// can be [`None`] is if [`Self::scope`] is
41 : /// [`ComputeClaimsScope::Admin`].
42 : pub compute_id: Option<String>,
43 :
44 : /// The scope of what the token authorizes.
45 : pub scope: Option<ComputeClaimsScope>,
46 :
47 : /// The recipient the token is intended for.
48 : ///
49 : /// See [RFC 7519](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3) for
50 : /// more information.
51 : ///
52 : /// TODO: Remove the [`Option`] wrapper when control plane learns to send
53 : /// the claim.
54 : #[serde(rename = "aud")]
55 : pub audience: Option<Vec<String>>,
56 : }
57 :
58 : /// Request of the /configure API
59 : ///
60 : /// We now pass only `spec` in the configuration request, but later we can
61 : /// extend it and something like `restart: bool` or something else. So put
62 : /// `spec` into a struct initially to be more flexible in the future.
63 0 : #[derive(Debug, Deserialize, Serialize)]
64 : pub struct ConfigurationRequest {
65 : pub spec: ComputeSpec,
66 : pub compute_ctl_config: ComputeCtlConfig,
67 : }
68 :
69 0 : #[derive(Deserialize, Debug)]
70 : pub struct ExtensionInstallRequest {
71 : pub extension: PgIdent,
72 : pub database: PgIdent,
73 : pub version: ExtVersion,
74 : }
75 :
76 0 : #[derive(Deserialize, Debug)]
77 : pub struct SetRoleGrantsRequest {
78 : pub database: PgIdent,
79 : pub schema: PgIdent,
80 : pub privileges: Vec<Privilege>,
81 : pub role: PgIdent,
82 : }
|
