kanidm_cli/group/
account_policy.rs

1use crate::{
2    handle_client_error, handle_group_account_policy_error, GroupAccountPolicyOpt,
3    KanidmClientParser,
4};
5use kanidm_proto::cli::OpType;
6
7impl GroupAccountPolicyOpt {
8    pub async fn exec(&self, opt: KanidmClientParser) {
9        match self {
10            GroupAccountPolicyOpt::Enable { name } => {
11                let client = opt.to_client(OpType::Write).await;
12                if let Err(e) = client.group_account_policy_enable(name).await {
13                    handle_client_error(e, opt.output_mode);
14                } else {
15                    opt.output_mode
16                        .print_message("Group enabled for account policy.");
17                }
18            }
19            GroupAccountPolicyOpt::AuthSessionExpiry { name, expiry } => {
20                let client = opt.to_client(OpType::Write).await;
21                if let Err(e) = client
22                    .group_account_policy_authsession_expiry_set(name, *expiry)
23                    .await
24                {
25                    handle_group_account_policy_error(e, opt.output_mode);
26                } else {
27                    opt.output_mode.print_message("Updated authsession expiry.");
28                }
29            }
30
31            GroupAccountPolicyOpt::ResetAuthSessionExpiry { name } => {
32                let client = opt.to_client(OpType::Write).await;
33                if let Err(e) = client
34                    .group_account_policy_authsession_expiry_reset(name)
35                    .await
36                {
37                    handle_group_account_policy_error(e, opt.output_mode);
38                } else {
39                    opt.output_mode
40                        .print_message("Successfully reset authsession expiry.");
41                }
42            }
43
44            GroupAccountPolicyOpt::CredentialTypeMinimum { name, value } => {
45                let client = opt.to_client(OpType::Write).await;
46                if let Err(e) = client
47                    .group_account_policy_credential_type_minimum_set(name, value.as_str())
48                    .await
49                {
50                    handle_group_account_policy_error(e, opt.output_mode);
51                } else {
52                    opt.output_mode
53                        .print_message("Updated credential type minimum.");
54                }
55            }
56            GroupAccountPolicyOpt::PasswordMinimumLength { name, length } => {
57                let client = opt.to_client(OpType::Write).await;
58                if let Err(e) = client
59                    .group_account_policy_password_minimum_length_set(name, *length)
60                    .await
61                {
62                    handle_group_account_policy_error(e, opt.output_mode);
63                } else {
64                    opt.output_mode
65                        .print_message("Updated password minimum length.");
66                }
67            }
68            GroupAccountPolicyOpt::ResetPasswordMinimumLength { name } => {
69                let client = opt.to_client(OpType::Write).await;
70                if let Err(e) = client
71                    .group_account_policy_password_minimum_length_reset(name)
72                    .await
73                {
74                    handle_group_account_policy_error(e, opt.output_mode);
75                } else {
76                    opt.output_mode
77                        .print_message("Successfully reset password minimum length.");
78                }
79            }
80            GroupAccountPolicyOpt::PrivilegedSessionExpiry { name, expiry } => {
81                let client = opt.to_client(OpType::Write).await;
82                if let Err(e) = client
83                    .group_account_policy_privilege_expiry_set(name, *expiry)
84                    .await
85                {
86                    handle_group_account_policy_error(e, opt.output_mode);
87                } else {
88                    opt.output_mode
89                        .print_message("Updated privilege session expiry.");
90                }
91            }
92            GroupAccountPolicyOpt::ResetPrivilegedSessionExpiry { name } => {
93                let client = opt.to_client(OpType::Write).await;
94                if let Err(e) = client
95                    .group_account_policy_privilege_expiry_reset(name)
96                    .await
97                {
98                    handle_group_account_policy_error(e, opt.output_mode);
99                } else {
100                    opt.output_mode
101                        .print_message("Successfully reset privilege session expiry.");
102                }
103            }
104            GroupAccountPolicyOpt::WebauthnAttestationCaList {
105                name,
106                attestation_ca_list_json_file,
107            } => {
108                let client = opt.to_client(OpType::Write).await;
109                let json = std::fs::read_to_string(attestation_ca_list_json_file).unwrap_or_else(|e| {
110                    error!("Could not read attestation CA list JSON file {attestation_ca_list_json_file:?}: {e:?}");
111                    std::process::exit(1);
112                });
113
114                if let Err(e) = client
115                    .group_account_policy_webauthn_attestation_set(name, &json)
116                    .await
117                {
118                    handle_group_account_policy_error(e, opt.output_mode);
119                } else {
120                    opt.output_mode
121                        .print_message("Updated webauthn attestation CA list.");
122                }
123            }
124
125            GroupAccountPolicyOpt::ResetWebauthnAttestationCaList { name } => {
126                let client = opt.to_client(OpType::Write).await;
127                if let Err(e) = client
128                    .group_account_policy_webauthn_attestation_reset(name)
129                    .await
130                {
131                    handle_group_account_policy_error(e, opt.output_mode);
132                } else {
133                    opt.output_mode
134                        .print_message("Successfully reset webauthn attestation CA list.");
135                }
136            }
137
138            GroupAccountPolicyOpt::LimitSearchMaxResults { name, maximum } => {
139                let client = opt.to_client(OpType::Write).await;
140                if let Err(e) = client
141                    .group_account_policy_limit_search_max_results(name, *maximum)
142                    .await
143                {
144                    handle_group_account_policy_error(e, opt.output_mode);
145                } else {
146                    opt.output_mode
147                        .print_message("Updated search maximum results limit.");
148                }
149            }
150            GroupAccountPolicyOpt::ResetLimitSearchMaxResults { name } => {
151                let client = opt.to_client(OpType::Write).await;
152                if let Err(e) = client
153                    .group_account_policy_limit_search_max_results_reset(name)
154                    .await
155                {
156                    handle_group_account_policy_error(e, opt.output_mode);
157                } else {
158                    opt.output_mode.print_message(
159                        "Successfully reset search maximum results limit to default.",
160                    );
161                }
162            }
163            GroupAccountPolicyOpt::LimitSearchMaxFilterTest { name, maximum } => {
164                let client = opt.to_client(OpType::Write).await;
165                if let Err(e) = client
166                    .group_account_policy_limit_search_max_filter_test(name, *maximum)
167                    .await
168                {
169                    handle_group_account_policy_error(e, opt.output_mode);
170                } else {
171                    opt.output_mode
172                        .print_message("Updated search maximum filter test limit.");
173                }
174            }
175            GroupAccountPolicyOpt::ResetLimitSearchMaxFilterTest { name } => {
176                let client = opt.to_client(OpType::Write).await;
177                if let Err(e) = client
178                    .group_account_policy_limit_search_max_filter_test_reset(name)
179                    .await
180                {
181                    handle_group_account_policy_error(e, opt.output_mode);
182                } else {
183                    opt.output_mode
184                        .print_message("Successfully reset search maximum filter test limit.");
185                }
186            }
187            GroupAccountPolicyOpt::AllowPrimaryCredFallback { name, allow } => {
188                let client = opt.to_client(OpType::Write).await;
189                if let Err(e) = client
190                    .group_account_policy_allow_primary_cred_fallback(name, *allow)
191                    .await
192                {
193                    handle_group_account_policy_error(e, opt.output_mode);
194                } else {
195                    opt.output_mode
196                        .print_message("Updated primary credential fallback policy.");
197                }
198            }
199        }
200    }
201}