Skip to main content

MappingAuthorizedKeyEntry

signstar_config::config::traits

Trait MappingAuthorizedKeyEntry 

Source 
pub trait MappingAuthorizedKeyEntry: MappingSystemUserId {
    // Required method
    fn authorized_key_entry(&self) -> Option<&AuthorizedKeyEntry>;

    // Provided method
    fn write_authorized_key_entry(&self) -> Result<bool, Error> { ... }
}
Expand description

An interface for returning an optional SSH authorized_keys entry.

§Example

use signstar_config::config::{
    AuthorizedKeyEntry,
    MappingAuthorizedKeyEntry,
    MappingSystemUserId,
    SystemUserId,
};
use signstar_crypto::{passphrase::Passphrase, traits::UserWithPassphrase};

#[derive(Debug)]
enum ExampleUserMapping {
    Admin {
        backend_id: u8,
    },
    Backup {
        backend_id: u8,
        ssh_authorized_key: AuthorizedKeyEntry,
        system_user: SystemUserId,
    },
    Metrics {
        backend_id: u8,
        ssh_authorized_key: AuthorizedKeyEntry,
        system_user: SystemUserId,
    },
    Signer {
        backend_id: u8,
        ssh_authorized_key: AuthorizedKeyEntry,
        system_user: SystemUserId,
    },
}

impl MappingSystemUserId for ExampleUserMapping {
    fn system_user_id(&self) -> Option<&SystemUserId> {
        match self {
            Self::Admin { .. } => None,
            Self::Backup { system_user, .. }
            | Self::Metrics { system_user, .. }
            | Self::Signer { system_user, .. } => Some(system_user),
        }
    }
}

impl MappingAuthorizedKeyEntry for ExampleUserMapping {
    fn authorized_key_entry(&self) -> Option<&AuthorizedKeyEntry> {
        match self {
            Self::Admin { .. } => None,
            Self::Backup {
                ssh_authorized_key, ..
            }
            | Self::Metrics {
                ssh_authorized_key, ..
            }
            | Self::Signer {
                ssh_authorized_key, ..
            } => Some(ssh_authorized_key),
        }
    }
}

let ssh_authorized_key: AuthorizedKeyEntry = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOh96uFTnvX6P1ebbLxXFvy6sK7qFqlMHDOuJ0TmuXQQ user@host".parse()?;
let mapping = ExampleUserMapping::Backup{
    backend_id: 1,
    ssh_authorized_key: ssh_authorized_key.clone(),
    system_user: "backup".parse()?,
};
assert!(mapping.authorized_key_entry().is_some_and(|key| key == &ssh_authorized_key));

Required Methods§

Source

fn authorized_key_entry(&self) -> Option<&AuthorizedKeyEntry>

Returns an optional SSH authorized_keys entry.

Implementations must return None if the specific mapping does not provide any AuthorizedKeyEntry.

Provided Methods§

Source

fn write_authorized_key_entry(&self) -> Result<bool, Error>

Writes an optional SSH authorized_keys entry to the location configured by Signstar.

§Note

Returns Ok(true), if the SSH authorized keys file has been written successfully. Returns Ok(false), if either the mapping implementation does not track an SSH authorized key, or does not track a system user.

§Errors

Returns an error if

  • the system user of the mapping does not exist
  • the currently calling user is not root
  • the SSH authorized key cannot be written to file

Implementors§