kanidm_cli/group/
account_policy.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
use crate::common::OpType;
use crate::{handle_client_error, GroupAccountPolicyOpt};

impl GroupAccountPolicyOpt {
    pub fn debug(&self) -> bool {
        match self {
            GroupAccountPolicyOpt::Enable { copt, .. }
            | GroupAccountPolicyOpt::AuthSessionExpiry { copt, .. }
            | GroupAccountPolicyOpt::CredentialTypeMinimum { copt, .. }
            | GroupAccountPolicyOpt::PasswordMinimumLength { copt, .. }
            | GroupAccountPolicyOpt::WebauthnAttestationCaList { copt, .. }
            | GroupAccountPolicyOpt::LimitSearchMaxResults { copt, .. }
            | GroupAccountPolicyOpt::LimitSearchMaxFilterTest { copt, .. }
            | GroupAccountPolicyOpt::AllowPrimaryCredFallback { copt, .. }
            | GroupAccountPolicyOpt::PrivilegedSessionExpiry { copt, .. } => copt.debug,
        }
    }

    pub async fn exec(&self) {
        match self {
            GroupAccountPolicyOpt::Enable { name, copt } => {
                let client = copt.to_client(OpType::Write).await;
                if let Err(e) = client.group_account_policy_enable(name).await {
                    handle_client_error(e, copt.output_mode);
                } else {
                    println!("Group enabled for account policy.");
                }
            }
            GroupAccountPolicyOpt::AuthSessionExpiry { name, expiry, copt } => {
                let client = copt.to_client(OpType::Write).await;
                if let Err(e) = client
                    .group_account_policy_authsession_expiry_set(name, *expiry)
                    .await
                {
                    handle_client_error(e, copt.output_mode);
                } else {
                    println!("Updated authsession expiry.");
                }
            }
            GroupAccountPolicyOpt::CredentialTypeMinimum { name, value, copt } => {
                let client = copt.to_client(OpType::Write).await;
                if let Err(e) = client
                    .group_account_policy_credential_type_minimum_set(name, value.as_str())
                    .await
                {
                    handle_client_error(e, copt.output_mode);
                } else {
                    println!("Updated credential type minimum.");
                }
            }
            GroupAccountPolicyOpt::PasswordMinimumLength { name, length, copt } => {
                let client = copt.to_client(OpType::Write).await;
                if let Err(e) = client
                    .group_account_policy_password_minimum_length_set(name, *length)
                    .await
                {
                    handle_client_error(e, copt.output_mode);
                } else {
                    println!("Updated password minimum length.");
                }
            }
            GroupAccountPolicyOpt::PrivilegedSessionExpiry { name, expiry, copt } => {
                let client = copt.to_client(OpType::Write).await;
                if let Err(e) = client
                    .group_account_policy_privilege_expiry_set(name, *expiry)
                    .await
                {
                    handle_client_error(e, copt.output_mode);
                } else {
                    println!("Updated privilege session expiry.");
                }
            }
            GroupAccountPolicyOpt::WebauthnAttestationCaList {
                name,
                attestation_ca_list_json,
                copt,
            } => {
                let client = copt.to_client(OpType::Write).await;
                if let Err(e) = client
                    .group_account_policy_webauthn_attestation_set(name, attestation_ca_list_json)
                    .await
                {
                    handle_client_error(e, copt.output_mode);
                } else {
                    println!("Updated webauthn attestation CA list.");
                }
            }
            GroupAccountPolicyOpt::LimitSearchMaxResults {
                name,
                maximum,
                copt,
            } => {
                let client = copt.to_client(OpType::Write).await;
                if let Err(e) = client
                    .group_account_policy_limit_search_max_results(name, *maximum)
                    .await
                {
                    handle_client_error(e, copt.output_mode);
                } else {
                    println!("Updated search maximum results limit.");
                }
            }
            GroupAccountPolicyOpt::LimitSearchMaxFilterTest {
                name,
                maximum,
                copt,
            } => {
                let client = copt.to_client(OpType::Write).await;
                if let Err(e) = client
                    .group_account_policy_limit_search_max_filter_test(name, *maximum)
                    .await
                {
                    handle_client_error(e, copt.output_mode);
                } else {
                    println!("Updated search maximum filter test limit.");
                }
            }
            GroupAccountPolicyOpt::AllowPrimaryCredFallback { name, allow, copt } => {
                let client = copt.to_client(OpType::Write).await;
                if let Err(e) = client
                    .group_account_policy_allow_primary_cred_fallback(name, *allow)
                    .await
                {
                    handle_client_error(e, copt.output_mode);
                } else {
                    println!("Updated primary credential fallback policy.");
                }
            }
        }
    }
}