Crate paranoid_ops¶
- crate paranoid_ops¶
Re-exports
Variables
- const FEDERAL_RECOVERY_DISPOSITION_SCHEMA_VERSION: u16¶
- const FEDERAL_STARTUP_EVIDENCE_SCHEMA_VERSION: u16¶
- const OPS_SCHEMA_VERSION: u16¶
- const OPS_TRANSPORT_EVIDENCE_SCHEMA_VERSION: u16¶
Functions
- fn collect_federal_startup_evidence(profile: OpsProfile, audit_sink_available: bool, build_commit: impl Into<String>, build_date: impl Into<String>) -> FederalStartupEvidence¶
- fn collect_federal_startup_evidence_from_input(input: FederalStartupEvidenceInput) -> FederalStartupEvidence¶
- fn collect_federal_startup_evidence_with_audit_sink(profile: OpsProfile, audit_sink: AuditSinkHealth, build_commit: impl Into<String>, build_date: impl Into<String>) -> FederalStartupEvidence¶
- fn evaluate_ops_command(surface: AuditSurface, command: OpsCommand, context: &OpsPolicyContext) -> OpsCommandEvaluation¶
- fn evaluate_ops_command_envelope(envelope: OpsCommandEnvelope, context: &OpsPolicyContext) -> OpsCommandEvaluation¶
- fn evaluate_policy(envelope: &OpsCommandEnvelope, context: &OpsPolicyContext) -> OpsPolicyDecision¶
- fn evaluate_vault_operation(surface: AuditSurface, name: impl Into<String>, access: VaultOperationAccess, context: &OpsPolicyContext) -> OpsCommandEvaluation¶
- fn new_local_operation_id() -> String¶
- fn record_ops_request<'a>(trail: &'a mut AuditTrail, envelope: &OpsCommandEnvelope) -> &'a mut AuditEvent¶
- fn record_ops_response<'a>(trail: &'a mut AuditTrail, envelope: &OpsCommandEnvelope, decision: &OpsPolicyDecision) -> &'a mut AuditEvent¶
- fn run_generate_password_operation(operation: GeneratePasswordOperation) -> Result<GeneratePasswordOutcome, GeneratePasswordError>¶
Enums
- enum OpsCommand¶
- GeneratePassword¶
- VaultUnlock¶
- method: VaultUnlockMethod¶
- VaultOperation¶
- name: String¶
- access: VaultOperationAccess¶
- FederalEvidence¶
Implementations
- impl OpsCommand¶
Functions
- fn name(&self) -> &'static str¶
- fn subject(&self) -> AuditSubject¶
- enum OpsPolicyDecision¶
Implementations
- impl OpsPolicyDecision¶
Functions
- fn is_allowed(&self) -> bool¶
- fn status(&self) -> &'static str¶
- enum OpsProfile¶
- Default¶
- FederalReady¶
Implementations
- impl OpsProfile¶
Functions
- fn as_str(self) -> &'static str¶
- enum OpsTransport¶
- InProcess¶
- LocalTty¶
- Mtls¶
Implementations
- impl OpsTransport¶
Functions
- fn as_str(self) -> &'static str¶
- enum VaultOperationAccess¶
- Metadata¶
- Decrypt¶
- Mutate¶
- Export¶
- Import¶
- Keyslot¶
Implementations
- impl VaultOperationAccess¶
Functions
- fn as_str(self) -> &'static str¶
- enum VaultUnlockMethod¶
- PasswordRecovery¶
- MnemonicRecovery¶
- DeviceBound¶
- CertificateWrapped¶
Implementations
- impl VaultUnlockMethod¶
Functions
- fn as_str(self) -> &'static str¶
Structs and Unions
- struct FederalCryptoProviderEvidence¶
- provider_name: String¶
- provider_version: String¶
- provider_platform: String¶
- approved_mode: FederalApprovedMode¶
- certificate_reference: Option<String>¶
- evidence_source: String¶
Implementations
- impl FederalCryptoProviderEvidence¶
Functions
- fn collect_from_environment() -> Self¶
- fn confirmed_for_tests(certificate_reference: impl Into<String>) -> Self¶
- struct FederalRecoveryDisposition¶
- schema_version: u16¶
- policy: String¶
- customer_boundary: String¶
- methods: Vec<FederalRecoveryMethodDisposition>¶
Implementations
- impl FederalRecoveryDisposition¶
Functions
- fn current_policy() -> Self¶
- struct FederalRecoveryMethodDisposition¶
- method: VaultUnlockMethod¶
- construction: String¶
- default_profile: FederalRecoveryProfileDisposition¶
- federal_ready_profile: FederalRecoveryProfileDisposition¶
- federal_ready_policy_control: Option<String>¶
- required_controls: Vec<String>¶
- assessor_note: String¶
- struct FederalStartupEvidence¶
- schema_version: u16¶
- profile: OpsProfile¶
- product_version: String¶
- build_commit: String¶
- build_date: String¶
- operating_system: String¶
- architecture: String¶
- audit_schema_version: u16¶
- audit_sink: AuditSinkHealth¶
- external_audit_device: AuditSinkHealth¶
- crypto_provider: FederalCryptoProviderEvidence¶
- recovery_disposition: FederalRecoveryDisposition¶
- policy_decision: OpsPolicyDecision¶
- struct FederalStartupEvidenceInput¶
- profile: OpsProfile¶
- product_version: String¶
- build_commit: String¶
- build_date: String¶
- operating_system: String¶
- architecture: String¶
- audit_sink: AuditSinkHealth¶
- external_audit_device: AuditSinkHealth¶
- crypto_provider: FederalCryptoProviderEvidence¶
Implementations
- impl FederalStartupEvidenceInput¶
Functions
- fn runtime(profile: OpsProfile, audit_sink: AuditSinkHealth, build_commit: impl Into<String>, build_date: impl Into<String>) -> Self¶
- struct GeneratePasswordAutomationReport<'a>¶
- schema_version: u16¶
- operation: &'static str¶
- operation_id: &'a str¶
- status: &'static str¶
- report: &'a GenerationReport¶
- audit_events: &'a [AuditEvent]¶
- struct GeneratePasswordError¶
Implementations
- impl GeneratePasswordError¶
Functions
- fn audit_events(&self) -> &[AuditEvent]¶
- fn failure_report(&self) -> GeneratePasswordFailureReport<'_>¶
- fn operation_id(&self) -> &str¶
- fn source(&self) -> &ParanoidError¶
- struct GeneratePasswordFailureReport<'a>¶
- schema_version: u16¶
- operation: &'static str¶
- operation_id: &'a str¶
- status: &'static str¶
- error_kind: &'static str¶
- error_message: String¶
- audit_events: &'a [AuditEvent]¶
- struct GeneratePasswordOperation¶
- operation_id: String¶
- request: ParanoidRequest¶
- audit: bool¶
Implementations
- impl GeneratePasswordOperation¶
Functions
- fn new(request: ParanoidRequest, audit: bool) -> Self¶
- struct GeneratePasswordOutcome¶
- operation_id: String¶
- report: GenerationReport¶
- audit_events: Vec<AuditEvent>¶
Implementations
- impl GeneratePasswordOutcome¶
Functions
- fn automation_report(&self) -> GeneratePasswordAutomationReport<'_>¶
- struct OpsActor¶
- actor_id: String¶
- kind: OpsActorKind¶
Traits implemented
- struct OpsCommandEnvelope¶
- schema_version: u16¶
- request_id: String¶
- operation_id: String¶
- profile: OpsProfile¶
- session: OpsSession¶
- command: OpsCommand¶
Implementations
- impl OpsCommandEnvelope¶
Functions
- fn local(surface: AuditSurface, profile: OpsProfile, command: OpsCommand) -> Self¶
- struct OpsCommandEvaluation¶
- envelope: OpsCommandEnvelope¶
- decision: OpsPolicyDecision¶
- audit_events: Vec<AuditEvent>¶
Implementations
- impl OpsCommandEvaluation¶
Functions
- fn into_trace(self) -> OpsCommandTrace¶
- fn is_allowed(&self) -> bool¶
- fn trace(&self) -> OpsCommandTrace¶
- struct OpsCommandTrace¶
- schema_version: u16¶
- envelope: OpsCommandEnvelope¶
- decision: OpsPolicyDecision¶
- audit_events: Vec<AuditEvent>¶
- struct OpsPolicyContext¶
- profile: OpsProfile¶
- audit_sink_required: bool¶
- audit_sink_available: bool¶
- crypto_provider: FederalCryptoProviderEvidence¶
- seal_posture: Option<VaultSealPosture>¶
Implementations
- impl OpsPolicyContext¶
Functions
- fn default_local() -> Self¶
- fn federal_ready(audit_sink_available: bool) -> Self¶
- fn with_seal_posture(mut self, seal_posture: VaultSealPosture) -> Self¶
- struct OpsSession¶
- session_id: String¶
- surface: AuditSurface¶
- transport: OpsTransport¶
- transport_evidence: Option<OpsTransportEvidence>¶
Implementations
- impl OpsSession¶
Functions
- fn local(surface: AuditSurface) -> Self¶
- fn mtls(surface: AuditSurface, session_id: impl Into<String>, transport_evidence: OpsTransportEvidence) -> Self¶
- struct OpsTransportEvidence¶
- schema_version: u16¶
- transport: OpsTransport¶
- authenticated: bool¶
- peer_identity: String¶
- certificate_fingerprint_sha256: Option<String>¶
- channel_binding_sha256: Option<String>¶
- evidence_source: String¶
- warnings: Vec<String>¶
Implementations
- impl OpsTransportEvidence¶
Functions
- fn authenticated_mtls(peer_identity: impl Into<String>, certificate_fingerprint_sha256: impl Into<String>, evidence_source: impl Into<String>) -> Self¶
- fn unauthenticated_mtls(peer_identity: impl Into<String>, evidence_source: impl Into<String>, warning: impl Into<String>) -> Self¶
- fn with_channel_binding_sha256(mut self, channel_binding_sha256: impl Into<String>) -> Self¶