rusty_vault 0.2.1

RustyVault is a powerful identity-based secrets management software, providing features such as cryptographic key management, encryption as a service, public key cryptography, certificates management, identity credentials management and so forth. RustyVault's RESTful API is designed to be fully compatible with Hashicorp Vault.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

use std::{sync::Arc, time::Duration};

use derive_more::{Deref, DerefMut};
use serde::{Deserialize, Serialize};
use serde_json::{Map, Value};

use super::{lease::Lease, Backend, Request, Response};
use crate::errors::RvError;

type SecretOperationHandler = dyn Fn(&dyn Backend, &mut Request) -> Result<Option<Response>, RvError> + Send + Sync;

#[derive(Debug, Clone, Serialize, Deserialize, Deref, DerefMut)]
pub struct SecretData {
    #[deref]
    #[deref_mut]
    #[serde(flatten)]
    pub lease: Lease,
    pub lease_id: String,
    #[serde(skip)]
    pub internal_data: Map<String, Value>,
}

pub struct Secret {
    pub secret_type: String,
    pub default_duration: Duration,
    pub renew_handler: Option<Arc<SecretOperationHandler>>,
    pub revoke_handler: Option<Arc<SecretOperationHandler>>,
}

impl Secret {
    pub fn renewable(&self) -> bool {
        self.renew_handler.is_some()
    }

    pub fn response(&self, data: Option<Map<String, Value>>, internal: Option<Map<String, Value>>) -> Response {
        let mut lease = Lease::default();
        lease.ttl = self.default_duration;
        lease.renewable = self.renewable();

        let mut secret = SecretData { lease, lease_id: String::new(), internal_data: Map::new() };

        if internal.is_some() {
            secret.internal_data = internal.as_ref().unwrap().clone();
        }

        secret.internal_data.insert("secret_type".to_owned(), Value::String(self.secret_type.clone()));

        let mut resp = Response::default();
        resp.data = data;
        resp.secret = Some(secret);
        resp
    }

    pub fn renew(&self, backend: &dyn Backend, req: &mut Request) -> Result<Option<Response>, RvError> {
        if !self.renewable() || self.renew_handler.is_none() {
            return Err(RvError::ErrLogicalOperationUnsupported);
        }

        (self.renew_handler.as_ref().unwrap())(backend, req)
    }

    pub fn revoke(&self, backend: &dyn Backend, req: &mut Request) -> Result<Option<Response>, RvError> {
        if self.revoke_handler.is_none() {
            return Err(RvError::ErrLogicalOperationUnsupported);
        }

        (self.revoke_handler.as_ref().unwrap())(backend, req)
    }
}

#[macro_export]
macro_rules! new_secret {
    ($($tt:tt)*) => {
        new_secret_internal!($($tt)*)
    };
}

#[macro_export]
#[doc(hidden)]
macro_rules! new_secret_internal {
    (@object $object:ident () {}) => {
    };
    (@object $object:ident () {secret_type: $secret_type:expr, $($rest:tt)*}) => {
        $object.secret_type = $secret_type.to_string();
        new_secret_internal!(@object $object () {$($rest)*});
    };
    (@object $object:ident () {default_duration: $duration:expr, $($rest:tt)*}) => {
        $object.default_duration = Duration::new($duration, 0);
        new_secret_internal!(@object $object () {$($rest)*});
    };
    (@object $object:ident () {renew_handler: $handler_obj:ident$(.$handler_method:ident)*, $($rest:tt)*}) => {
        $object.renew_handler = Some(Arc::new(move |backend: &dyn Backend, req: &mut Request| -> Result<Option<Response>, RvError> {
            $handler_obj$(.$handler_method)*(backend, req)
        }));
        new_secret_internal!(@object $object () {$($rest)*});
    };
    (@object $object:ident () {revoke_handler: $handler_obj:ident$(.$handler_method:ident)*, $($rest:tt)*}) => {
        $object.revoke_handler = Some(Arc::new(move |backend: &dyn Backend, req: &mut Request| -> Result<Option<Response>, RvError> {
            $handler_obj$(.$handler_method)*(backend, req)
        }));
        new_secret_internal!(@object $object () {$($rest)*});
    };
    ({ $($tt:tt)+ }) => {
        {
            let mut secret = Secret {
                secret_type: String::new(),
                default_duration: Duration::new(0, 0),
                renew_handler: None,
                revoke_handler: None,
            };
            new_secret_internal!(@object secret () {$($tt)+});
            secret
        }
    };
}

#[cfg(test)]
mod test {
    use super::*;

    struct MyTest;

    impl MyTest {
        pub fn new() -> Self {
            MyTest
        }

        pub fn noop(&self, _backend: &dyn Backend, _req: &mut Request) -> Result<Option<Response>, RvError> {
            Ok(None)
        }
    }

    pub fn noop(_backend: &dyn Backend, _req: &mut Request) -> Result<Option<Response>, RvError> {
        Ok(None)
    }

    #[test]
    fn test_logical_secret() {
        let t = MyTest::new();

        let secret: Secret = new_secret!({
            secret_type: "kv",
            default_duration: 60,
            renew_handler: t.noop,
            revoke_handler: noop,
        });

        assert_eq!(&secret.secret_type, "kv");
        assert_eq!(secret.default_duration, Duration::new(60, 0));
        assert!(secret.renew_handler.is_some());
        assert!(secret.revoke_handler.is_some());
    }
}