arclutevests 0.1.0

Retrieve secret data from a vault (Hashicorp) instance
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136

// Copyright (c) 2022 arclutevests developers
//
// Licensed under the Apache License, Version 2.0
// <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0> or the MIT
// license <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
// option. All files in the project carrying such notice may not be copied,
// modified, or distributed except according to those terms.

/// configuration models
use crate::model::vault::serde::to_uuid;
use getset::Getters;
use serde::{Deserialize, Serialize};
use typed_builder::TypedBuilder;
use uuid::Uuid;

/// Configuration for `arclutevests`
#[cfg(feature = "wrapped")]
#[derive(Clone, Debug, Deserialize, Getters, Serialize, TypedBuilder)]
#[getset(get = "pub(crate)")]
#[builder(builder_method_doc = "")]
pub struct Config {
    /// The vault base url
    #[builder(setter(into))]
    vault_base_url: String,
    /// The `approle` to request secrets for
    #[builder(setter(into))]
    app_role: String,
    /// The path to the secrets
    #[builder(setter(into))]
    secrets_path: String,
    /// The `role_id` associated with the `approle`
    /// *NOTE* - This should be kept a secret
    #[serde(deserialize_with = "to_uuid")]
    role_id: Uuid,
    /// The toad base url
    #[builder(setter(into))]
    toad_base_url: String,
}

/// Configuration for `arclutevests`
#[cfg(not(feature = "wrapped"))]
#[derive(Clone, Debug, Deserialize, Getters, Serialize, TypedBuilder)]
#[getset(get = "pub(crate)")]
#[builder(builder_method_doc = "")]
pub struct Config {
    /// The vault base url
    #[builder(setter(into))]
    vault_base_url: String,
    /// The `approle` to request secrets for
    #[builder(setter(into))]
    app_role: String,
    /// The path to the secrets
    #[builder(setter(into))]
    secrets_path: String,
    /// The `role_id` associated with the `approle`
    /// *NOTE* - This should be kept a secret
    #[serde(deserialize_with = "to_uuid")]
    role_id: Uuid,
    /// The wrapping token
    #[builder(setter(into))]
    wrapping_token: String,
}

impl Config {
    #[cfg(feature = "wrapped")]
    pub(crate) fn toad_approle_url(&self) -> String {
        format!("{}approle", self.toad_base_url)
    }

    #[cfg(feature = "check_approle")]
    pub(crate) fn toad_approles_url(&self) -> String {
        format!("{}approles", self.toad_base_url)
    }

    pub(crate) fn unwrap_url(&self) -> String {
        format!("{}sys/wrapping/unwrap", self.vault_base_url)
    }

    pub(crate) fn login_url(&self) -> String {
        format!("{}auth/approle/login", self.vault_base_url)
    }

    pub(crate) fn secrets_url(&self) -> String {
        format!(
            "{}{}",
            self.vault_base_url,
            self.secrets_path,
            // match self.app_role_kind {
            //     AppRoleKind::Att => "att/data/oad",
            //     AppRoleKind::Crus => "crus/data/config",
            //     AppRoleKind::Finnhub => "finnhub/data/config",
            //     AppRoleKind::MtvApi => "mtv-api/data/config",
            //     AppRoleKind::Muxm => "muxm/data/config",
            //     AppRoleKind::Muxw => "muxw/data/config",
            //     AppRoleKind::Reloader => "reloader/data/config",
            //     AppRoleKind::Test => "test/data/config",
            // }
        )
    }

    pub(crate) fn revoke_url(&self) -> String {
        format!("{}auth/token/revoke-self", self.vault_base_url)
    }
}

#[cfg(test)]
mod test {
    use super::Config;
    use uuid::Uuid;

    #[test]
    #[cfg(feature = "wrapped")]
    fn config_builds() {
        let config = Config::builder()
            .vault_base_url("")
            .app_role("finnhub")
            .secrets_path("finnhub/data/config")
            .role_id(Uuid::new_v4())
            .toad_base_url("")
            .build();
        assert_eq!(config.app_role(), "finnhub");
    }

    #[test]
    #[cfg(not(feature = "wrapped"))]
    fn config_builds() {
        let config = Config::builder()
            .vault_base_url("")
            .app_role("finnhub")
            .secrets_path("finnhub/data/config")
            .role_id(Uuid::new_v4())
            .wrapping_token("")
            .build();
        assert_eq!(config.app_role(), "finnhub");
    }
}