Module sat_groups

Expand description

SAT-entry → HSM group-name extractors.

Pure helpers that read the HSM-group names a single SAT images[] or session_templates[] entry references, so handlers can gate access at the boundary via crate::service::authorization::validate_user_group_vec_access before delegating to the backend.

The SAT schema lives in csm-rs and is carried as serde_json::Value end-to-end (see ARCHITECTURE.md). These functions accept the same Value shape the handler receives over the wire and read out a Vec<String> of group names; they make no mutation, do no I/O, and stay deliberately small so the wire schema can drift without breaking the helpers.

The shapes they read mirror the csm-rs read paths exactly:

Image entry → configuration_group_names: Vec<String> (csm-rs/src/commands/i_apply_sat_file/utils/images.rs — image_yaml.configuration_group_names).
Session-template entry → bos_parameters.boot_sets.<set>.node_groups: Vec<String> collected and deduped across every boot_set (csm-rs/src/commands/i_apply_sat_file/utils/session_templates.rs:54-65).

Functions§

extract_all_target_groups: Read every HSM group name referenced anywhere in a SAT file — across all images[] and session_templates[] entries — deduplicated.
extract_image_groups: Read configuration_group_names from a SAT images[] entry. Returns an empty Vec when the field is absent or not an array.
extract_session_template_groups: Read bos_parameters.boot_sets.*.node_groups from a SAT session_templates[] entry. Collects across every boot_set key (e.g. compute, uan) and deduplicates so a group named in multiple boot_sets is only validated once.