[−][src]Struct hashicorp_vault::client::VaultClient
Vault client used to make API requests to the vault
Fields
host: UrlURL to vault instance
token: StringToken to access vault
data: Option<VaultResponse<T>>Data
Implementations
impl VaultClient<TokenData>[src]
pub fn new<U, T: Into<String>>(
host: U,
token: T
) -> Result<VaultClient<TokenData>> where
U: TryInto<Url, Err = Error>, [src]
host: U,
token: T
) -> Result<VaultClient<TokenData>> where
U: TryInto<Url, Err = Error>,
Construct a VaultClient from an existing vault token
impl VaultClient<()>[src]
pub fn new_app_id<U, S1: Into<String>, S2: Into<String>>(
host: U,
app_id: S1,
user_id: S2
) -> Result<VaultClient<()>> where
U: TryInto<Url, Err = Error>, [src]
host: U,
app_id: S1,
user_id: S2
) -> Result<VaultClient<()>> where
U: TryInto<Url, Err = Error>,
Construct a VaultClient via the App ID
auth backend
NOTE: This backend is now deprecated by vault.
pub fn new_app_role<U, R, S>(
host: U,
role_id: R,
secret_id: Option<S>
) -> Result<VaultClient<()>> where
U: TryInto<Url, Err = Error>,
R: Into<String>,
S: Into<String>, [src]
host: U,
role_id: R,
secret_id: Option<S>
) -> Result<VaultClient<()>> where
U: TryInto<Url, Err = Error>,
R: Into<String>,
S: Into<String>,
Construct a VaultClient via the AppRole
auth backend
pub fn new_no_lookup<U, S: Into<String>>(
host: U,
token: S
) -> Result<VaultClient<()>> where
U: TryInto<Url, Err = Error>, [src]
host: U,
token: S
) -> Result<VaultClient<()>> where
U: TryInto<Url, Err = Error>,
Construct a VaultClient where no lookup is done through vault since it is assumed that the
provided token is a single-use token.
A common use case for this method is when a wrapping_token has been received and you want
to query the sys/wrapping/unwrap endpoint.
impl<T> VaultClient<T> where
T: DeserializeOwned, [src]
T: DeserializeOwned,
pub fn renew(&mut self) -> Result<()>[src]
Renew lease for VaultClient's token and updates the
self.data.auth based upon the response. Corresponds to
/auth/token/renew-self.
let host = "http://127.0.0.1:8200"; let token = "test12345"; let mut client = Client::new(host, token).unwrap(); client.renew().unwrap();
pub fn renew_token<S: Into<String>>(
&self,
token: S,
increment: Option<u64>
) -> Result<Auth>[src]
&self,
token: S,
increment: Option<u64>
) -> Result<Auth>
Renew the lease for the specified token. Requires root
privileges. Corresponds to /auth/token/renew[/token].
let host = "http://127.0.0.1:8200"; let token = "test12345"; let client = Client::new(host, token).unwrap(); let token_to_renew = "test12345"; client.renew_token(token_to_renew, None).unwrap();
pub fn revoke(self) -> Result<()>[src]
Revoke VaultClient's token. This token can no longer be used.
Corresponds to /auth/token/revoke-self.
let host = "http://127.0.0.1:8200"; let token = "test12345"; let client = Client::new(host, token).unwrap(); // Create a temporary token, and use it to create a new client. let opts = client::TokenOptions::default() .ttl(client::VaultDuration::minutes(5)); let res = client.create_token(&opts).unwrap(); let mut new_client = Client::new(host, res.client_token).unwrap(); // Issue and use a bunch of temporary dynamic credentials. // Revoke all our dynamic credentials with a single command. new_client.revoke().unwrap();
Note that we consume our self parameter, so you cannot use the
client after revoking it.
pub fn renew_lease<S: Into<String>>(
&self,
lease_id: S,
increment: Option<u64>
) -> Result<VaultResponse<()>>[src]
&self,
lease_id: S,
increment: Option<u64>
) -> Result<VaultResponse<()>>
Renew a specific lease that your token controls. Corresponds to
/v1/sys/lease.
use serde::Deserialize; let host = "http://127.0.0.1:8200"; let token = "test12345"; let client = Client::new(host, token).unwrap(); #[derive(Deserialize)] struct PacketKey { api_key_token: String, } let res = client.get_secret_engine_creds::<PacketKey>("packet", "1h-read-only-user").unwrap(); client.renew_lease(res.lease_id.unwrap(), None).unwrap();
pub fn lookup(&self) -> Result<VaultResponse<TokenData>>[src]
Lookup token information for this client's token. Corresponds to
/auth/token/lookup-self.
let host = "http://127.0.0.1:8200"; let token = "test12345"; let client = Client::new(host, token).unwrap(); let res = client.lookup().unwrap(); assert!(res.data.unwrap().policies.len() >= 0);
pub fn create_token(&self, opts: &TokenOptions) -> Result<Auth>[src]
Create a new vault token using the specified options. Corresponds to
/auth/token/create.
let host = "http://127.0.0.1:8200"; let token = "test12345"; let client = Client::new(host, token).unwrap(); let opts = client::TokenOptions::default() .display_name("test_token") .policies(vec!("root")) .default_policy(false) .orphan(true) .renewable(false) .display_name("jdoe-temp") .number_of_uses(10) .ttl(client::VaultDuration::minutes(1)) .explicit_max_ttl(client::VaultDuration::minutes(3)); let res = client.create_token(&opts).unwrap();
pub fn set_secret<S1: Into<String>, S2: AsRef<str>>(
&self,
key: S1,
value: S2
) -> Result<()>[src]
&self,
key: S1,
value: S2
) -> Result<()>
Saves a secret
let host = "http://127.0.0.1:8200"; let token = "test12345"; let client = Client::new(host, token).unwrap(); let res = client.set_secret("hello_set", "world"); assert!(res.is_ok());
pub fn list_secrets<S: AsRef<str>>(&self, key: S) -> Result<Vec<String>>[src]
List secrets at specified path
let host = "http://127.0.0.1:8200"; let token = "test12345"; let client = Client::new(host, token).unwrap(); let res = client.set_secret("hello/fred", "world"); assert!(res.is_ok()); let res = client.set_secret("hello/bob", "world"); assert!(res.is_ok()); let res = client.list_secrets("hello/"); assert!(res.is_ok()); assert_eq!(res.unwrap(), ["bob", "fred"]);
pub fn get_secret<S: AsRef<str>>(&self, key: S) -> Result<String>[src]
Fetches a saved secret
let host = "http://127.0.0.1:8200"; let token = "test12345"; let client = Client::new(host, token).unwrap(); let res = client.set_secret("hello_get", "world"); assert!(res.is_ok()); let res = client.get_secret("hello_get"); assert!(res.is_ok()); assert_eq!(res.unwrap(), "world");
pub fn get_secret_wrapped<S1: AsRef<str>, S2: AsRef<str>>(
&self,
key: S1,
wrap_ttl: S2
) -> Result<VaultResponse<()>>[src]
&self,
key: S1,
wrap_ttl: S2
) -> Result<VaultResponse<()>>
Fetch a wrapped secret. Token (one-time use) to fetch secret will be in wrap_info.token
https://www.vaultproject.io/docs/secrets/cubbyhole/index.html
pub fn get_unwrapped_response(
&self
) -> Result<VaultResponse<HashMap<String, String>>>[src]
&self
) -> Result<VaultResponse<HashMap<String, String>>>
Using a vault client created from a wrapping token, fetch the unwrapped VaultResponse from
sys/wrapping/unwrap.
The data attribute of VaultResponse should contain the unwrapped information, which is
returned as a HashMap<String, String>.
pub fn get_app_role_properties<S: AsRef<str>>(
&self,
role_name: S
) -> Result<VaultResponse<AppRoleProperties>>[src]
&self,
role_name: S
) -> Result<VaultResponse<AppRoleProperties>>
Reads the properties of an existing AppRole.
pub fn transit_encrypt<S1: Into<String>, S2: AsRef<[u8]>>(
&self,
mountpoint: Option<String>,
key: S1,
plaintext: S2
) -> Result<Vec<u8>>[src]
&self,
mountpoint: Option<String>,
key: S1,
plaintext: S2
) -> Result<Vec<u8>>
Encrypt a plaintext via Transit secret backend.
Example
let host = "http://127.0.0.1:8200"; let token = "test12345"; let client = Client::new(host, token).unwrap(); let res = client.transit_encrypt(None, "keyname", b"plaintext");
pub fn transit_decrypt<S1: Into<String>, S2: AsRef<[u8]>>(
&self,
mountpoint: Option<String>,
key: S1,
ciphertext: S2
) -> Result<Vec<u8>>[src]
&self,
mountpoint: Option<String>,
key: S1,
ciphertext: S2
) -> Result<Vec<u8>>
Decrypt a ciphertext via Transit secret backend.
Example
let host = "http://127.0.0.1:8200"; let token = "test12345"; let client = Client::new(host, token).unwrap(); let res = client.transit_decrypt(None, "keyname", b"\x02af\x61bcb\x55d");
pub fn call_endpoint<D: DeserializeOwned>(
&self,
http_verb: HttpVerb,
endpoint: &str,
wrap_ttl: Option<&str>,
body: Option<&str>
) -> Result<EndpointResponse<D>>[src]
&self,
http_verb: HttpVerb,
endpoint: &str,
wrap_ttl: Option<&str>,
body: Option<&str>
) -> Result<EndpointResponse<D>>
This function is an "escape hatch" of sorts to call any other vault api methods that aren't directly supported in this library.
Select the http verb you want, along with the endpoint, e.g. auth/token/create, along
with any wrapping or associated body text and the request will be sent.
See it_can_perform_approle_workflow test case for examples.
pub fn get_wrapping_token_for_endpoint(
&self,
http_verb: HttpVerb,
endpoint: &str,
wrap_ttl: &str,
body: Option<&str>
) -> Result<String>[src]
&self,
http_verb: HttpVerb,
endpoint: &str,
wrap_ttl: &str,
body: Option<&str>
) -> Result<String>
Accesses a given endpoint using the provided wrap_ttl and returns a single-use
wrapping_token to access the response provided by the endpoint.
pub fn delete_secret(&self, key: &str) -> Result<()>[src]
Deletes a saved secret
let host = "http://127.0.0.1:8200"; let token = "test12345"; let client = Client::new(host, token).unwrap(); let res = client.set_secret("hello_delete", "world"); assert!(res.is_ok()); let res = client.delete_secret("hello_delete"); assert!(res.is_ok());
pub fn get_postgresql_backend(
&self,
name: &str
) -> Result<VaultResponse<PostgresqlLogin>>[src]
&self,
name: &str
) -> Result<VaultResponse<PostgresqlLogin>>
Get postgresql secret backend https://www.vaultproject.io/docs/secrets/postgresql/index.html
pub fn get_secret_engine_creds<K>(
&self,
backend: &str,
name: &str
) -> Result<VaultResponse<K>> where
K: DeserializeOwned, [src]
&self,
backend: &str,
name: &str
) -> Result<VaultResponse<K>> where
K: DeserializeOwned,
Get creds from an arbitrary backend
use serde::Deserialize; let host = "http://127.0.0.1:8200"; let token = "test12345"; let client = Client::new(host, token).unwrap(); #[derive(Deserialize)] struct PacketKey { api_key_token: String, } let res = client.get_secret_engine_creds::<PacketKey>("packet", "1h-read-only-user").unwrap(); let api_token = res.data.unwrap().api_key_token;
pub fn policies(&self) -> Result<Vec<String>>[src]
Get a list of policy names defined by this vault. This requires
root privileges. Corresponds to /sys/policy.
let host = "http://127.0.0.1:8200"; let token = "test12345"; let client = Client::new(host, token).unwrap(); let res = client.policies().unwrap(); assert!(res.contains(&"root".to_owned()));
Trait Implementations
Auto Trait Implementations
impl<T> !RefUnwindSafe for VaultClient<T>
impl<T> Send for VaultClient<T> where
T: Send,
T: Send,
impl<T> Sync for VaultClient<T> where
T: Sync,
T: Sync,
impl<T> Unpin for VaultClient<T> where
T: Unpin,
T: Unpin,
impl<T> !UnwindSafe for VaultClient<T>
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized, [src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized, [src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized, [src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T[src]
impl<T> From<T> for T[src]
impl<T, U> Into<U> for T where
U: From<T>, [src]
U: From<T>,
impl<T, U> TryFrom<U> for T where
U: Into<T>, [src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>, [src]
U: TryFrom<T>,
type Err = <U as TryFrom<T>>::Err
The type returned in the event of a conversion error.
fn try_into(Self) -> Result<U, <U as TryFrom<T>>::Err>[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>, [src]
U: TryFrom<T>,
type Error = <U as TryFrom<T>>::Error
The type returned in the event of a conversion error.
fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
U: TryFrom<T>,