|             Line data    Source code 
       1              : //! Structs representing the JSON formats used in the compute_ctl's HTTP API.
       2              : use std::str::FromStr;
       3              : 
       4              : use serde::{Deserialize, Serialize};
       5              : 
       6              : use crate::privilege::Privilege;
       7              : use crate::responses::ComputeCtlConfig;
       8              : use crate::spec::{ComputeSpec, ExtVersion, PgIdent};
       9              : 
      10              : /// The value to place in the [`ComputeClaims::audience`] claim.
      11              : pub static COMPUTE_AUDIENCE: &str = "compute";
      12              : 
      13              : /// Available scopes for a compute's JWT.
      14            0 : #[derive(Copy, Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
      15              : #[serde(rename_all = "snake_case")]
      16              : pub enum ComputeClaimsScope {
      17              :     /// An admin-scoped token allows access to all of `compute_ctl`'s authorized
      18              :     /// facilities.
      19              :     #[serde(rename = "compute_ctl:admin")]
      20              :     Admin,
      21              : }
      22              : 
      23              : impl FromStr for ComputeClaimsScope {
      24              :     type Err = anyhow::Error;
      25              : 
      26            1 :     fn from_str(s: &str) -> Result<Self, Self::Err> {
      27            1 :         match s {
      28            1 :             "compute_ctl:admin" => Ok(ComputeClaimsScope::Admin),
      29            0 :             _ => Err(anyhow::anyhow!("invalid compute claims scope \"{s}\"")),
      30              :         }
      31            1 :     }
      32              : }
      33              : 
      34              : /// When making requests to the `compute_ctl` external HTTP server, the client
      35              : /// must specify a set of claims in `Authorization` header JWTs such that
      36              : /// `compute_ctl` can authorize the request.
      37            0 : #[derive(Clone, Debug, Deserialize, Serialize)]
      38              : #[serde(rename = "snake_case")]
      39              : pub struct ComputeClaims {
      40              :     /// The compute ID that will validate the token. The only case in which this
      41              :     /// can be [`None`] is if [`Self::scope`] is
      42              :     /// [`ComputeClaimsScope::Admin`].
      43              :     pub compute_id: Option<String>,
      44              : 
      45              :     /// The scope of what the token authorizes.
      46              :     pub scope: Option<ComputeClaimsScope>,
      47              : 
      48              :     /// The recipient the token is intended for.
      49              :     ///
      50              :     /// See [RFC 7519](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3) for
      51              :     /// more information.
      52              :     ///
      53              :     /// TODO: Remove the [`Option`] wrapper when control plane learns to send
      54              :     /// the claim.
      55              :     #[serde(rename = "aud")]
      56              :     pub audience: Option<Vec<String>>,
      57              : }
      58              : 
      59              : /// Request of the /configure API
      60              : ///
      61              : /// We now pass only `spec` in the configuration request, but later we can
      62              : /// extend it and something like `restart: bool` or something else. So put
      63              : /// `spec` into a struct initially to be more flexible in the future.
      64            0 : #[derive(Debug, Deserialize, Serialize)]
      65              : pub struct ConfigurationRequest {
      66              :     pub spec: ComputeSpec,
      67              :     pub compute_ctl_config: ComputeCtlConfig,
      68              : }
      69              : 
      70            0 : #[derive(Deserialize, Debug)]
      71              : pub struct ExtensionInstallRequest {
      72              :     pub extension: PgIdent,
      73              :     pub database: PgIdent,
      74              :     pub version: ExtVersion,
      75              : }
      76              : 
      77            0 : #[derive(Deserialize, Debug)]
      78              : pub struct SetRoleGrantsRequest {
      79              :     pub database: PgIdent,
      80              :     pub schema: PgIdent,
      81              :     pub privileges: Vec<Privilege>,
      82              :     pub role: PgIdent,
      83              : }
      84              : 
      85              : #[cfg(test)]
      86              : mod test {
      87              :     use std::str::FromStr;
      88              : 
      89              :     use crate::requests::ComputeClaimsScope;
      90              : 
      91              :     /// Confirm that whether we parse the scope by string or through serde, the
      92              :     /// same values parse to the same enum variant.
      93              :     #[test]
      94            1 :     fn compute_request_scopes() {
      95              :         const ADMIN_SCOPE: &str = "compute_ctl:admin";
      96              : 
      97            1 :         let from_serde: ComputeClaimsScope =
      98            1 :             serde_json::from_str(&format!("\"{ADMIN_SCOPE}\"")).unwrap();
      99            1 :         let from_str = ComputeClaimsScope::from_str(ADMIN_SCOPE).unwrap();
     100              : 
     101            1 :         assert_eq!(from_serde, from_str);
     102            1 :     }
     103              : }
         |