Enum fidl_fuchsia_identity_account::AccountManagerRequest

pub enum AccountManagerRequest {
    GetAccountIds {
        responder: AccountManagerGetAccountIdsResponder,
    },
    GetAccountMetadata {
        id: u64,
        responder: AccountManagerGetAccountMetadataResponder,
    },
    GetAccount {
        payload: AccountManagerGetAccountRequest,
        responder: AccountManagerGetAccountResponder,
    },
    DeprecatedGetAccount {
        id: u64,
        password: String,
        account: ServerEnd<AccountMarker>,
        responder: AccountManagerDeprecatedGetAccountResponder,
    },
    RegisterAccountListener {
        payload: AccountManagerRegisterAccountListenerRequest,
        responder: AccountManagerRegisterAccountListenerResponder,
    },
    RemoveAccount {
        id: u64,
        responder: AccountManagerRemoveAccountResponder,
    },
    ProvisionNewAccount {
        payload: AccountManagerProvisionNewAccountRequest,
        responder: AccountManagerProvisionNewAccountResponder,
    },
    DeprecatedProvisionNewAccount {
        password: String,
        metadata: AccountMetadata,
        account: ServerEnd<AccountMarker>,
        responder: AccountManagerDeprecatedProvisionNewAccountResponder,
    },
}

AccountManager manages the overall state of system accounts and personae on a Fuchsia device. The AccountManager is the most powerful protocol in the account system and is intended only for use by the most trusted parts of the system.

Variants

GetAccountIds

Fields

responder: AccountManagerGetAccountIdsResponder

Returns a vector of all accounts provisioned on the device.

GetAccountMetadata

Fields

id: u64

responder: AccountManagerGetAccountMetadataResponder

Returns the metadata for a single account.

id The account’s identifier as returned by GetAccountIds()

GetAccount

Fields

payload: AccountManagerGetAccountRequest

responder: AccountManagerGetAccountResponder

Connects a channel to read properties of and perform operations on one account. If the account is locked, an interactive authentication attempt will be invoked as part of this call.

id [required] The account’s identifier as returned by GetAccountIds() interaction An Interaction channel enabling the user to complete authentication challenges if these are necessary. account [required] The server end of an Account channel

Fails with:

• INVALID_REQUEST if the id does not exist.
• FAILED_PRECONDITION if the account is locked but no interaction channel was supplied to perform authentication.
• ABORTED if the client closes the interaction channel.

DeprecatedGetAccount

Fields

id: u64

password: String

account: ServerEnd<AccountMarker>

responder: AccountManagerDeprecatedGetAccountResponder

Connects a channel to read properties of and perform operations on one account. If the account is locked, the supplied password will be used to attempt authentication.

This is a temporary method used for an initial prototype of password-based encryption. Its usage will be replaced by the GetAccount method where the hardcoded authentication=password assumption is replaced by a channel that can support different authentication mechanisms.

id The account’s identifier as returned by GetAccountIds() password The account’s password account The server end of an Account channel

Fails with FAILED_AUTHENTICATION if the password was not correct.

RegisterAccountListener

Fields

payload: AccountManagerRegisterAccountListenerRequest

responder: AccountManagerRegisterAccountListenerResponder

Connects a channel that will receive changes in the provisioned accounts and their authentication state. Optionally this channel will also receive the initial set of accounts and authentication states onto which changes may be applied.

listener [required] The client end of an AccountListener channel initial_state If true, the listener will receive an event containing the initial state for all accounts. add_account If true, the listener will receive events when a new account is added to the device. remove_account If true, the listener will receive events when an account is removed from the device. granularity An AuthChangeGranularity expressing the magnitude of change in authentication state that will lead to AuthStateChange events. If absent, AuthStateChange events will not be sent.

RemoveAccount

Fields

id: u64

responder: AccountManagerRemoveAccountResponder

Removes an account from the device.

id The account’s identifier as returned by GetAccountIds()

ProvisionNewAccount

Fields

payload: AccountManagerProvisionNewAccountRequest

responder: AccountManagerProvisionNewAccountResponder

Adds a new account to the device. If this operation if successful the newly created account will be unlocked and may be accessed using GetAccount without further authentication.

lifetime [required] The lifetime of the account metadata [required] Metadata for the new account interaction An Interaction channel enabling the user to select and enroll authentication mechanisms for the new account.

Returns: account_id The identifier of the newly added account

Fails with:

• INVALID_REQUEST if policy requires authentication factors for the new account but no interaction channel was supplied.
• ABORTED if the client closes the interaction channel.

DeprecatedProvisionNewAccount

Fields

password: String

metadata: AccountMetadata

account: ServerEnd<AccountMarker>

responder: AccountManagerDeprecatedProvisionNewAccountResponder

Adds a new system account to the device using the supplied password as the only authentication mechanism. The account is automatically unlocked and the supplied channel is connected to read properties of and perform operations on the account.

This is a temporary method used for an initial prototype of password-based encryption. Its usage will be replaced by the ProvisionNewAccount method where the hardcoded authentication=password assumption is replaced by a channel that can support different authentication mechanisms.

password The password to be used for the new account metadata Metadata for the new account account The server end of an Account channel

Fails with INVALID_REQUEST if the password does not meet minimum strength requirements.

Implementations

impl AccountManagerRequest

pub fn into_get_account_ids( self ) -> Option<AccountManagerGetAccountIdsResponder>

pub fn into_get_account_metadata( self ) -> Option<(u64, AccountManagerGetAccountMetadataResponder)>

pub fn into_get_account( self ) -> Option<(AccountManagerGetAccountRequest, AccountManagerGetAccountResponder)>

pub fn into_deprecated_get_account( self ) -> Option<(u64, String, ServerEnd<AccountMarker>, AccountManagerDeprecatedGetAccountResponder)>

pub fn into_register_account_listener( self ) -> Option<(AccountManagerRegisterAccountListenerRequest, AccountManagerRegisterAccountListenerResponder)>

pub fn into_remove_account( self ) -> Option<(u64, AccountManagerRemoveAccountResponder)>

pub fn into_provision_new_account( self ) -> Option<(AccountManagerProvisionNewAccountRequest, AccountManagerProvisionNewAccountResponder)>

pub fn into_deprecated_provision_new_account( self ) -> Option<(String, AccountMetadata, ServerEnd<AccountMarker>, AccountManagerDeprecatedProvisionNewAccountResponder)>

pub fn method_name(&self) -> &'static str

Name of the method defined in FIDL

Trait Implementations

impl Debug for AccountManagerRequest

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.