kanidm_cli/group/
account_policy.rs
1use crate::common::OpType;
2use crate::{handle_client_error, handle_group_account_policy_error, GroupAccountPolicyOpt};
3
4impl GroupAccountPolicyOpt {
5 pub fn debug(&self) -> bool {
6 match self {
7 GroupAccountPolicyOpt::Enable { copt, .. }
8 | GroupAccountPolicyOpt::AuthSessionExpiry { copt, .. }
9 | GroupAccountPolicyOpt::CredentialTypeMinimum { copt, .. }
10 | GroupAccountPolicyOpt::PasswordMinimumLength { copt, .. }
11 | GroupAccountPolicyOpt::WebauthnAttestationCaList { copt, .. }
12 | GroupAccountPolicyOpt::LimitSearchMaxResults { copt, .. }
13 | GroupAccountPolicyOpt::LimitSearchMaxFilterTest { copt, .. }
14 | GroupAccountPolicyOpt::AllowPrimaryCredFallback { copt, .. }
15 | GroupAccountPolicyOpt::ResetWebauthnAttestationCaList { copt, .. }
16 | GroupAccountPolicyOpt::ResetAuthSessionExpiry { copt, .. }
17 | GroupAccountPolicyOpt::ResetPasswordMinimumLength { copt, .. }
18 | GroupAccountPolicyOpt::ResetPrivilegedSessionExpiry { copt, .. }
19 | GroupAccountPolicyOpt::ResetLimitSearchMaxResults { copt, .. }
20 | GroupAccountPolicyOpt::ResetLimitSearchMaxFilterTest { copt, .. }
21 | GroupAccountPolicyOpt::PrivilegedSessionExpiry { copt, .. } => copt.debug,
22 }
23 }
24
25 pub async fn exec(&self) {
26 match self {
27 GroupAccountPolicyOpt::Enable { name, copt } => {
28 let client = copt.to_client(OpType::Write).await;
29 if let Err(e) = client.group_account_policy_enable(name).await {
30 handle_client_error(e, copt.output_mode);
31 } else {
32 println!("Group enabled for account policy.");
33 }
34 }
35 GroupAccountPolicyOpt::AuthSessionExpiry { name, expiry, copt } => {
36 let client = copt.to_client(OpType::Write).await;
37 if let Err(e) = client
38 .group_account_policy_authsession_expiry_set(name, *expiry)
39 .await
40 {
41 handle_group_account_policy_error(e, copt.output_mode);
42 } else {
43 println!("Updated authsession expiry.");
44 }
45 }
46
47 GroupAccountPolicyOpt::ResetAuthSessionExpiry { name, copt } => {
48 let client = copt.to_client(OpType::Write).await;
49 if let Err(e) = client
50 .group_account_policy_authsession_expiry_reset(name)
51 .await
52 {
53 handle_group_account_policy_error(e, copt.output_mode);
54 } else {
55 println!("Successfully reset authsession expiry.");
56 }
57 }
58
59 GroupAccountPolicyOpt::CredentialTypeMinimum { name, value, copt } => {
60 let client = copt.to_client(OpType::Write).await;
61 if let Err(e) = client
62 .group_account_policy_credential_type_minimum_set(name, value.as_str())
63 .await
64 {
65 handle_group_account_policy_error(e, copt.output_mode);
66 } else {
67 println!("Updated credential type minimum.");
68 }
69 }
70 GroupAccountPolicyOpt::PasswordMinimumLength { name, length, copt } => {
71 let client = copt.to_client(OpType::Write).await;
72 if let Err(e) = client
73 .group_account_policy_password_minimum_length_set(name, *length)
74 .await
75 {
76 handle_group_account_policy_error(e, copt.output_mode);
77 } else {
78 println!("Updated password minimum length.");
79 }
80 }
81 GroupAccountPolicyOpt::ResetPasswordMinimumLength { name, copt } => {
82 let client = copt.to_client(OpType::Write).await;
83 if let Err(e) = client
84 .group_account_policy_password_minimum_length_reset(name)
85 .await
86 {
87 handle_group_account_policy_error(e, copt.output_mode);
88 } else {
89 println!("Successfully reset password minimum length.");
90 }
91 }
92 GroupAccountPolicyOpt::PrivilegedSessionExpiry { name, expiry, copt } => {
93 let client = copt.to_client(OpType::Write).await;
94 if let Err(e) = client
95 .group_account_policy_privilege_expiry_set(name, *expiry)
96 .await
97 {
98 handle_group_account_policy_error(e, copt.output_mode);
99 } else {
100 println!("Updated privilege session expiry.");
101 }
102 }
103 GroupAccountPolicyOpt::ResetPrivilegedSessionExpiry { name, copt } => {
104 let client = copt.to_client(OpType::Write).await;
105 if let Err(e) = client
106 .group_account_policy_privilege_expiry_reset(name)
107 .await
108 {
109 handle_group_account_policy_error(e, copt.output_mode);
110 } else {
111 println!("Successfully reset privilege session expiry.");
112 }
113 }
114 GroupAccountPolicyOpt::WebauthnAttestationCaList {
115 name,
116 attestation_ca_list_json_file,
117 copt,
118 } => {
119 let client = copt.to_client(OpType::Write).await;
120 let json = std::fs::read_to_string(attestation_ca_list_json_file).unwrap_or_else(|e| {
121 error!("Could not read attestation CA list JSON file {attestation_ca_list_json_file:?}: {e:?}");
122 std::process::exit(1);
123 });
124
125 if let Err(e) = client
126 .group_account_policy_webauthn_attestation_set(name, &json)
127 .await
128 {
129 handle_group_account_policy_error(e, copt.output_mode);
130 } else {
131 println!("Updated webauthn attestation CA list.");
132 }
133 }
134
135 GroupAccountPolicyOpt::ResetWebauthnAttestationCaList { name, copt } => {
136 let client = copt.to_client(OpType::Write).await;
137 if let Err(e) = client
138 .group_account_policy_webauthn_attestation_reset(name)
139 .await
140 {
141 handle_group_account_policy_error(e, copt.output_mode);
142 } else {
143 println!("Successfully reset webauthn attestation CA list.");
144 }
145 }
146
147 GroupAccountPolicyOpt::LimitSearchMaxResults {
148 name,
149 maximum,
150 copt,
151 } => {
152 let client = copt.to_client(OpType::Write).await;
153 if let Err(e) = client
154 .group_account_policy_limit_search_max_results(name, *maximum)
155 .await
156 {
157 handle_group_account_policy_error(e, copt.output_mode);
158 } else {
159 println!("Updated search maximum results limit.");
160 }
161 }
162 GroupAccountPolicyOpt::ResetLimitSearchMaxResults { name, copt } => {
163 let client = copt.to_client(OpType::Write).await;
164 if let Err(e) = client
165 .group_account_policy_limit_search_max_results_reset(name)
166 .await
167 {
168 handle_group_account_policy_error(e, copt.output_mode);
169 } else {
170 println!("Successfully reset search maximum results limit to default.");
171 }
172 }
173 GroupAccountPolicyOpt::LimitSearchMaxFilterTest {
174 name,
175 maximum,
176 copt,
177 } => {
178 let client = copt.to_client(OpType::Write).await;
179 if let Err(e) = client
180 .group_account_policy_limit_search_max_filter_test(name, *maximum)
181 .await
182 {
183 handle_group_account_policy_error(e, copt.output_mode);
184 } else {
185 println!("Updated search maximum filter test limit.");
186 }
187 }
188 GroupAccountPolicyOpt::ResetLimitSearchMaxFilterTest { name, copt } => {
189 let client = copt.to_client(OpType::Write).await;
190 if let Err(e) = client
191 .group_account_policy_limit_search_max_filter_test_reset(name)
192 .await
193 {
194 handle_group_account_policy_error(e, copt.output_mode);
195 } else {
196 println!("Successfully reset search maximum filter test limit.");
197 }
198 }
199 GroupAccountPolicyOpt::AllowPrimaryCredFallback { name, allow, copt } => {
200 let client = copt.to_client(OpType::Write).await;
201 if let Err(e) = client
202 .group_account_policy_allow_primary_cred_fallback(name, *allow)
203 .await
204 {
205 handle_group_account_policy_error(e, copt.output_mode);
206 } else {
207 println!("Updated primary credential fallback policy.");
208 }
209 }
210 }
211 }
212}