diff --git a/Cargo.lock b/Cargo.lock index cfa63cbb8f..cc1ed3299e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4917,6 +4917,7 @@ dependencies = [ "http 0.2.12", "hyper 0.14.30", "newtype_derive", + "nexus-auth-types", "nexus-db-fixed-data", "nexus-db-model", "nexus-types", @@ -4939,6 +4940,19 @@ dependencies = [ "uuid", ] +[[package]] +name = "nexus-auth-types" +version = "0.1.0" +dependencies = [ + "anyhow", + "async-trait", + "cookie 0.18.1", + "dropshot", + "http 0.2.12", + "newtype_derive", + "omicron-workspace-hack", +] + [[package]] name = "nexus-client" version = "0.1.0" @@ -6039,6 +6053,7 @@ dependencies = [ "macaddr", "mg-admin-client", "nexus-auth", + "nexus-auth-types", "nexus-client", "nexus-config", "nexus-db-model", diff --git a/Cargo.toml b/Cargo.toml index cf3165bd26..e1c8539a2d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -56,6 +56,7 @@ members = [ "nexus-sled-agent-shared", "nexus/authz-macros", "nexus/auth", + "nexus/auth-types", "nexus/db-fixed-data", "nexus/db-macros", "nexus/db-model", @@ -173,6 +174,7 @@ default-members = [ "nexus-sled-agent-shared", "nexus/authz-macros", "nexus/auth", + "nexus/auth-types", "nexus/db-fixed-data", "nexus/db-macros", "nexus/db-model", @@ -410,6 +412,7 @@ mg-admin-client = { git = "https://github.com/oxidecomputer/maghemite", rev = "2 ddm-admin-client = { git = "https://github.com/oxidecomputer/maghemite", rev = "220dd026e83142b83bd93123f465a64dd4600201" } multimap = "0.10.0" nexus-auth = { path = "nexus/auth" } +nexus-auth-types = { path = "nexus/auth-types" } nexus-client = { path = "clients/nexus-client" } nexus-config = { path = "nexus-config" } nexus-db-fixed-data = { path = "nexus/db-fixed-data" } diff --git a/nexus/Cargo.toml b/nexus/Cargo.toml index 5b181c7fa0..411aebaced 100644 --- a/nexus/Cargo.toml +++ b/nexus/Cargo.toml @@ -92,6 +92,7 @@ tough.workspace = true uuid.workspace = true nexus-auth.workspace = true +nexus-auth-types.workspace = true nexus-defaults.workspace = true nexus-db-model.workspace = true nexus-db-queries.workspace = true diff --git a/nexus/auth-types/Cargo.toml b/nexus/auth-types/Cargo.toml new file mode 100644 index 0000000000..e375c4954d --- /dev/null +++ b/nexus/auth-types/Cargo.toml @@ -0,0 +1,17 @@ +[package] +name = "nexus-auth-types" +version = "0.1.0" +edition = "2021" +license = "MPL-2.0" + +[lints] +workspace = true + +[dependencies] +anyhow.workspace = true +async-trait.workspace = true +cookie.workspace = true +dropshot.workspace = true +http.workspace = true +newtype_derive.workspace = true +omicron-workspace-hack.workspace = true diff --git a/nexus/auth/src/authn/external/cookies.rs b/nexus/auth-types/src/authn/cookies.rs similarity index 100% rename from nexus/auth/src/authn/external/cookies.rs rename to nexus/auth-types/src/authn/cookies.rs diff --git a/nexus/auth-types/src/authn/mod.rs b/nexus/auth-types/src/authn/mod.rs new file mode 100644 index 0000000000..f87935428e --- /dev/null +++ b/nexus/auth-types/src/authn/mod.rs @@ -0,0 +1,7 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +//! Authentication types for the Nexus API. + +pub mod cookies; diff --git a/nexus/auth-types/src/lib.rs b/nexus/auth-types/src/lib.rs new file mode 100644 index 0000000000..4ac0f66367 --- /dev/null +++ b/nexus/auth-types/src/lib.rs @@ -0,0 +1,7 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +//! Authentication and authorization types for the Nexus API. + +pub mod authn; diff --git a/nexus/auth/Cargo.toml b/nexus/auth/Cargo.toml index 1a926f1789..0bb2eb2c84 100644 --- a/nexus/auth/Cargo.toml +++ b/nexus/auth/Cargo.toml @@ -37,6 +37,7 @@ tokio = { workspace = true, features = ["full"] } uuid.workspace = true authz-macros.workspace = true +nexus-auth-types.workspace = true nexus-db-fixed-data.workspace = true nexus-db-model.workspace = true nexus-types.workspace = true diff --git a/nexus/auth/src/authn/external/mod.rs b/nexus/auth/src/authn/external/mod.rs index ccb7218285..5c7fc7af05 100644 --- a/nexus/auth/src/authn/external/mod.rs +++ b/nexus/auth/src/authn/external/mod.rs @@ -13,7 +13,6 @@ use slog::trace; use std::borrow::Borrow; use uuid::Uuid; -pub mod cookies; pub mod session_cookie; pub mod spoof; pub mod token; diff --git a/nexus/auth/src/authn/external/session_cookie.rs b/nexus/auth/src/authn/external/session_cookie.rs index 7811bf2826..d4c7792069 100644 --- a/nexus/auth/src/authn/external/session_cookie.rs +++ b/nexus/auth/src/authn/external/session_cookie.rs @@ -4,7 +4,6 @@ //! authn scheme for console that looks up cookie values in a session table -use super::cookies::parse_cookies; use super::{HttpAuthnScheme, Reason, SchemeResult}; use crate::authn; use crate::authn::{Actor, Details}; @@ -13,6 +12,7 @@ use async_trait::async_trait; use chrono::{DateTime, Duration, Utc}; use dropshot::HttpError; use http::HeaderValue; +use nexus_auth_types::authn::cookies::parse_cookies; use slog::debug; use uuid::Uuid; diff --git a/nexus/src/external_api/console_api.rs b/nexus/src/external_api/console_api.rs index fb0a47bbea..5cc84db8ff 100644 --- a/nexus/src/external_api/console_api.rs +++ b/nexus/src/external_api/console_api.rs @@ -31,16 +31,14 @@ use dropshot::{ }; use http::{header, HeaderName, HeaderValue, Response, StatusCode, Uri}; use hyper::Body; +use nexus_auth_types::authn::cookies::Cookies; use nexus_db_model::AuthenticationMode; use nexus_db_queries::authn::silos::IdentityProviderType; use nexus_db_queries::context::OpContext; use nexus_db_queries::{ - authn::external::{ - cookies::Cookies, - session_cookie::{ - clear_session_cookie_header_value, session_cookie_header_value, - SessionStore, SESSION_COOKIE_COOKIE_NAME, - }, + authn::external::session_cookie::{ + clear_session_cookie_header_value, session_cookie_header_value, + SessionStore, SESSION_COOKIE_COOKIE_NAME, }, db::identity::Asset, };