prvng_core/nulib/lib_provisioning/plugins/auth.nu

41 lines
1.6 KiB
Text
Raw Normal View History

# Module: Authentication Plugin
# Purpose: Provides JWT authentication, MFA enrollment/verification, auth status checking, and permission validation.
# Dependencies: std log, path-utils, auth_impl
# Selective imports + re-exports (ADR-025 Phase 3 Layer 2).
# utils/path-utils star-import was dead — dropped.
use lib_provisioning/config/accessor/core.nu [config-get]
export use auth_impl.nu [
check-auth-for-destructive check-auth-for-production check-operation-auth
get-api-key-interactive get-auth-metadata get-authenticated-user
get-provider-credentials-interactive get-secret-config-interactive
is-authenticated is-check-mode is-destructive-operation is-mfa-verified
log-authenticated-operation login-interactive mfa-enroll-interactive
print-auth-status require-auth require-mfa run-typedialog-auth-form
should-enforce-auth-from-metadata should-require-auth
should-require-mfa-destructive should-require-mfa-prod
]
# Check if Auth plugin is available (registered with Nushell)
def is-plugin-available [] {
let installed = (version | get installed_plugins)
$installed | str contains "auth"
}
# Check if Auth plugin is enabled in config
def is-plugin-enabled [] {
config-get "plugins.auth_enabled" true
}
# Get Auth plugin status and configuration
export def plugin-auth-status [] {
let plugin_available = is-plugin-available
let plugin_enabled = is-plugin-enabled
{
plugin_available: $plugin_available
plugin_enabled: $plugin_enabled
mode: (if ($plugin_enabled and $plugin_available) { "plugin" } else { "disabled" })
}
}