kanidm_cli/group/
account_policy.rs1use crate::{
2 handle_client_error, handle_group_account_policy_error, GroupAccountPolicyOpt,
3 KanidmClientParser,
4};
5use kanidm_proto::cli::OpType;
6
7impl GroupAccountPolicyOpt {
8 pub async fn exec(&self, opt: KanidmClientParser) {
9 match self {
10 GroupAccountPolicyOpt::Enable { name } => {
11 let client = opt.to_client(OpType::Write).await;
12 if let Err(e) = client.group_account_policy_enable(name).await {
13 handle_client_error(e, opt.output_mode);
14 } else {
15 opt.output_mode
16 .print_message("Group enabled for account policy.");
17 }
18 }
19 GroupAccountPolicyOpt::AuthSessionExpiry { name, expiry } => {
20 let client = opt.to_client(OpType::Write).await;
21 if let Err(e) = client
22 .group_account_policy_authsession_expiry_set(name, *expiry)
23 .await
24 {
25 handle_group_account_policy_error(e, opt.output_mode);
26 } else {
27 opt.output_mode.print_message("Updated authsession expiry.");
28 }
29 }
30
31 GroupAccountPolicyOpt::ResetAuthSessionExpiry { name } => {
32 let client = opt.to_client(OpType::Write).await;
33 if let Err(e) = client
34 .group_account_policy_authsession_expiry_reset(name)
35 .await
36 {
37 handle_group_account_policy_error(e, opt.output_mode);
38 } else {
39 opt.output_mode
40 .print_message("Successfully reset authsession expiry.");
41 }
42 }
43
44 GroupAccountPolicyOpt::CredentialTypeMinimum { name, value } => {
45 let client = opt.to_client(OpType::Write).await;
46 if let Err(e) = client
47 .group_account_policy_credential_type_minimum_set(name, value.as_str())
48 .await
49 {
50 handle_group_account_policy_error(e, opt.output_mode);
51 } else {
52 opt.output_mode
53 .print_message("Updated credential type minimum.");
54 }
55 }
56 GroupAccountPolicyOpt::PasswordMinimumLength { name, length } => {
57 let client = opt.to_client(OpType::Write).await;
58 if let Err(e) = client
59 .group_account_policy_password_minimum_length_set(name, *length)
60 .await
61 {
62 handle_group_account_policy_error(e, opt.output_mode);
63 } else {
64 opt.output_mode
65 .print_message("Updated password minimum length.");
66 }
67 }
68 GroupAccountPolicyOpt::ResetPasswordMinimumLength { name } => {
69 let client = opt.to_client(OpType::Write).await;
70 if let Err(e) = client
71 .group_account_policy_password_minimum_length_reset(name)
72 .await
73 {
74 handle_group_account_policy_error(e, opt.output_mode);
75 } else {
76 opt.output_mode
77 .print_message("Successfully reset password minimum length.");
78 }
79 }
80 GroupAccountPolicyOpt::PrivilegedSessionExpiry { name, expiry } => {
81 let client = opt.to_client(OpType::Write).await;
82 if let Err(e) = client
83 .group_account_policy_privilege_expiry_set(name, *expiry)
84 .await
85 {
86 handle_group_account_policy_error(e, opt.output_mode);
87 } else {
88 opt.output_mode
89 .print_message("Updated privilege session expiry.");
90 }
91 }
92 GroupAccountPolicyOpt::ResetPrivilegedSessionExpiry { name } => {
93 let client = opt.to_client(OpType::Write).await;
94 if let Err(e) = client
95 .group_account_policy_privilege_expiry_reset(name)
96 .await
97 {
98 handle_group_account_policy_error(e, opt.output_mode);
99 } else {
100 opt.output_mode
101 .print_message("Successfully reset privilege session expiry.");
102 }
103 }
104 GroupAccountPolicyOpt::WebauthnAttestationCaList {
105 name,
106 attestation_ca_list_json_file,
107 } => {
108 let client = opt.to_client(OpType::Write).await;
109 let json = std::fs::read_to_string(attestation_ca_list_json_file).unwrap_or_else(|e| {
110 error!("Could not read attestation CA list JSON file {attestation_ca_list_json_file:?}: {e:?}");
111 std::process::exit(1);
112 });
113
114 if let Err(e) = client
115 .group_account_policy_webauthn_attestation_set(name, &json)
116 .await
117 {
118 handle_group_account_policy_error(e, opt.output_mode);
119 } else {
120 opt.output_mode
121 .print_message("Updated webauthn attestation CA list.");
122 }
123 }
124
125 GroupAccountPolicyOpt::ResetWebauthnAttestationCaList { name } => {
126 let client = opt.to_client(OpType::Write).await;
127 if let Err(e) = client
128 .group_account_policy_webauthn_attestation_reset(name)
129 .await
130 {
131 handle_group_account_policy_error(e, opt.output_mode);
132 } else {
133 opt.output_mode
134 .print_message("Successfully reset webauthn attestation CA list.");
135 }
136 }
137
138 GroupAccountPolicyOpt::LimitSearchMaxResults { name, maximum } => {
139 let client = opt.to_client(OpType::Write).await;
140 if let Err(e) = client
141 .group_account_policy_limit_search_max_results(name, *maximum)
142 .await
143 {
144 handle_group_account_policy_error(e, opt.output_mode);
145 } else {
146 opt.output_mode
147 .print_message("Updated search maximum results limit.");
148 }
149 }
150 GroupAccountPolicyOpt::ResetLimitSearchMaxResults { name } => {
151 let client = opt.to_client(OpType::Write).await;
152 if let Err(e) = client
153 .group_account_policy_limit_search_max_results_reset(name)
154 .await
155 {
156 handle_group_account_policy_error(e, opt.output_mode);
157 } else {
158 opt.output_mode.print_message(
159 "Successfully reset search maximum results limit to default.",
160 );
161 }
162 }
163 GroupAccountPolicyOpt::LimitSearchMaxFilterTest { name, maximum } => {
164 let client = opt.to_client(OpType::Write).await;
165 if let Err(e) = client
166 .group_account_policy_limit_search_max_filter_test(name, *maximum)
167 .await
168 {
169 handle_group_account_policy_error(e, opt.output_mode);
170 } else {
171 opt.output_mode
172 .print_message("Updated search maximum filter test limit.");
173 }
174 }
175 GroupAccountPolicyOpt::ResetLimitSearchMaxFilterTest { name } => {
176 let client = opt.to_client(OpType::Write).await;
177 if let Err(e) = client
178 .group_account_policy_limit_search_max_filter_test_reset(name)
179 .await
180 {
181 handle_group_account_policy_error(e, opt.output_mode);
182 } else {
183 opt.output_mode
184 .print_message("Successfully reset search maximum filter test limit.");
185 }
186 }
187 GroupAccountPolicyOpt::AllowPrimaryCredFallback { name, allow } => {
188 let client = opt.to_client(OpType::Write).await;
189 if let Err(e) = client
190 .group_account_policy_allow_primary_cred_fallback(name, *allow)
191 .await
192 {
193 handle_group_account_policy_error(e, opt.output_mode);
194 } else {
195 opt.output_mode
196 .print_message("Updated primary credential fallback policy.");
197 }
198 }
199 }
200 }
201}