Struct sdkms::SdkmsClient

source · [−]

pub struct SdkmsClient { /* private fields */ }

Expand description

A client session with SDKMS.

REST APIs are exposed as methods on this type. Communication with SDKMS API endpoint is protected with TLS and this type uses simple_hyper_client::blocking::Client along with tokio_native_tls::TlsConnector for HTTP/TLS.

When making crypto API calls using an API key, it is possible to pass the API key as an HTTP Basic Authorization header along with each request. This can be achieved by setting the API key using SdkmsClientBuilder::with_api_key(). Note that some features, e.g. transient keys, may not be available when using this authentication method. To be able to use such features, you can establish a session using any of the following methods:

authenticate_with_api_key()
authenticate_with_cert()
authenticate_app()

Note that certain non-cryptographic APIs require a user session, which can be established using authenticate_user(). This includes many APIs such as:

create_group()
create_app()
…

Also note that a user session is generally not permitted to call crypto APIs. In case your current authorization is not appropriate for a particular API call, you’ll get an error to that effect from SDKMS.

Certain APIs are “approvable”, i.e. they can be subject to an approval policy. In such cases there are two methods on SdkmsClient, e.g. encrypt() / request_approval_to_encrypt(). Whether or not you need to call request_approval_to_encrypt() depends on the approval policy that is applicable to the security object being used in your request. You can find out if a particular request is subject to an approval policy by first calling the regular API, e.g. encrypt() and checking if the response indicates that an approval request is needed at which point you can call request_approval_to_encrypt(). There is an example of how to do this in the repository.

Struct sdkms::SdkmsClient

Implementations

impl SdkmsClient

pub fn builder() -> SdkmsClientBuilder

pub fn authenticate_with_api_key(&self, api_key: &str) -> Result<Self>

pub fn authenticate_with_cert(&self, app_id: Option<&Uuid>) -> Result<Self>

pub fn authenticate_app(&self, app_id: &Uuid, app_secret: &str) -> Result<Self>

pub fn authenticate_user(&self, email: &str, password: &str) -> Result<Self>

pub fn api_endpoint(&self) -> &str

pub fn auth_response(&self) -> Option<&AuthResponse>

pub fn entity_id(&self) -> Option<Uuid>

pub fn has_session(&self) -> bool

impl SdkmsClient

pub fn terminate(&mut self) -> Result<()>

pub fn invoke_plugin_nice<I, O>(&self, id: &Uuid, req: &I) -> Result<O> where I: Serialize, O: for<'de> Deserialize<'de>,

pub fn execute<O: Operation>( &self, body: &O::Body, p: <O::PathParams as TupleRef<'_>>::Ref, q: Option<&O::QueryParams>) -> Result<O::Output>

pub fn request_approval<O: Operation>( &self, body: &O::Body, p: <O::PathParams as TupleRef<'_>>::Ref, q: Option<&O::QueryParams>, description: Option<String>) -> Result<PendingApproval<O>>

pub fn expires_in(&self) -> Option<u64>

impl SdkmsClient

pub fn list_accounts( &self, query_params: Option<&GetAccountParams>) -> Result<Vec<Account>>

impl SdkmsClient

pub fn get_account( &self, id: &Uuid, query_params: Option<&GetAccountParams>) -> Result<Account>

impl SdkmsClient

pub fn create_account(&self, req: &AccountRequest) -> Result<Account>

pub fn request_approval_to_create_account( &self, req: &AccountRequest, description: Option<String>) -> Result<PendingApproval<OperationCreateAccount>>

impl SdkmsClient

pub fn update_account(&self, id: &Uuid, req: &AccountRequest) -> Result<Account>

pub fn request_approval_to_update_account( &self, id: &Uuid, req: &AccountRequest, description: Option<String>) -> Result<PendingApproval<OperationUpdateAccount>>

impl SdkmsClient

pub fn delete_account(&self, id: &Uuid) -> Result<()>

impl SdkmsClient

pub fn account_usage( &self, id: &Uuid, query_params: Option<&CountParams>) -> Result<GetUsageResponse>

impl SdkmsClient

pub fn list_approval_requests( &self, query_params: Option<&ListApprovalRequestsParams>) -> Result<Vec<ApprovalRequest>>

impl SdkmsClient

pub fn get_approval_request(&self, id: &Uuid) -> Result<ApprovalRequest>

impl SdkmsClient

pub fn create_approval_request( &self, req: &ApprovalRequestRequest) -> Result<ApprovalRequest>

impl SdkmsClient

pub fn approve_request( &self, id: &Uuid, req: &ApproveRequest) -> Result<ApprovalRequest>

impl SdkmsClient

pub fn deny_request(&self, id: &Uuid) -> Result<ApprovalRequest>

impl SdkmsClient

pub fn get_approval_request_result(&self, id: &Uuid) -> Result<ApprovableResult>

impl SdkmsClient

pub fn delete_approval_request(&self, id: &Uuid) -> Result<()>

impl SdkmsClient

pub fn list_apps( &self, query_params: Option<&ListAppsParams>) -> Result<Vec<App>>

impl SdkmsClient

pub fn get_app( &self, id: &Uuid, query_params: Option<&GetAppParams>) -> Result<App>

impl SdkmsClient

pub fn create_app( &self, query_params: Option<&GetAppParams>, req: &AppRequest) -> Result<App>

impl SdkmsClient

pub fn update_app( &self, id: &Uuid, query_params: Option<&GetAppParams>, req: &AppRequest) -> Result<App>

impl SdkmsClient

pub fn delete_app(&self, id: &Uuid) -> Result<()>

impl SdkmsClient

pub fn reset_app_secret( &self, id: &Uuid, query_params: Option<&GetAppParams>, req: &AppResetSecretRequest) -> Result<App>

impl SdkmsClient

pub fn get_app_credential(&self, id: &Uuid) -> Result<AppCredentialResponse>

pub fn request_approval_to_get_app_credential( &self, id: &Uuid, description: Option<String>) -> Result<PendingApproval<OperationGetAppCredential>>

impl SdkmsClient

pub fn encrypt(&self, req: &EncryptRequest) -> Result<EncryptResponse>

pub fn request_approval_to_encrypt( &self, req: &EncryptRequest, description: Option<String>) -> Result<PendingApproval<OperationEncrypt>>

impl SdkmsClient

pub fn encrypt_init( &self, req: &EncryptInitRequest) -> Result<EncryptInitResponse>

impl SdkmsClient

pub fn encrypt_update( &self, req: &EncryptUpdateRequest) -> Result<EncryptUpdateResponse>

impl SdkmsClient

pub fn encrypt_final( &self, req: &EncryptFinalRequest) -> Result<EncryptFinalResponse>

impl SdkmsClient

pub fn decrypt(&self, req: &DecryptRequest) -> Result<DecryptResponse>

pub fn request_approval_to_decrypt( &self, req: &DecryptRequest, description: Option<String>) -> Result<PendingApproval<OperationDecrypt>>

impl SdkmsClient

pub fn decrypt_init( &self, req: &DecryptInitRequest) -> Result<DecryptInitResponse>

impl SdkmsClient

pub fn decrypt_update( &self, req: &DecryptUpdateRequest) -> Result<DecryptUpdateResponse>

impl SdkmsClient

pub fn decrypt_final( &self, req: &DecryptFinalRequest) -> Result<DecryptFinalResponse>

impl SdkmsClient

pub fn invoke_plugin_nice<I, O>(&self, id: &Uuid, req: &I) -> Result<O> where
I: Serialize,
O: for<'de> Deserialize<'de>,

pub fn execute<O: Operation>(
&self,
body: &O::Body,
p: <O::PathParams as TupleRef<'_>>::Ref,
q: Option<&O::QueryParams>
) -> Result<O::Output>

pub fn request_approval<O: Operation>(
&self,
body: &O::Body,
p: <O::PathParams as TupleRef<'_>>::Ref,
q: Option<&O::QueryParams>,
description: Option<String>
) -> Result<PendingApproval<O>>

pub fn list_accounts(
&self,
query_params: Option<&GetAccountParams>
) -> Result<Vec<Account>>

pub fn get_account(
&self,
id: &Uuid,
query_params: Option<&GetAccountParams>
) -> Result<Account>

pub fn request_approval_to_create_account(
&self,
req: &AccountRequest,
description: Option<String>
) -> Result<PendingApproval<OperationCreateAccount>>

pub fn request_approval_to_update_account(
&self,
id: &Uuid,
req: &AccountRequest,
description: Option<String>
) -> Result<PendingApproval<OperationUpdateAccount>>

pub fn account_usage(
&self,
id: &Uuid,
query_params: Option<&CountParams>
) -> Result<GetUsageResponse>

pub fn list_approval_requests(
&self,
query_params: Option<&ListApprovalRequestsParams>
) -> Result<Vec<ApprovalRequest>>

pub fn create_approval_request(
&self,
req: &ApprovalRequestRequest
) -> Result<ApprovalRequest>

pub fn approve_request(
&self,
id: &Uuid,
req: &ApproveRequest
) -> Result<ApprovalRequest>

pub fn list_apps(
&self,
query_params: Option<&ListAppsParams>
) -> Result<Vec<App>>

pub fn get_app(
&self,
id: &Uuid,
query_params: Option<&GetAppParams>
) -> Result<App>

pub fn create_app(
&self,
query_params: Option<&GetAppParams>,
req: &AppRequest
) -> Result<App>

pub fn update_app(
&self,
id: &Uuid,
query_params: Option<&GetAppParams>,
req: &AppRequest
) -> Result<App>

pub fn reset_app_secret(
&self,
id: &Uuid,
query_params: Option<&GetAppParams>,
req: &AppResetSecretRequest
) -> Result<App>

pub fn request_approval_to_get_app_credential(
&self,
id: &Uuid,
description: Option<String>
) -> Result<PendingApproval<OperationGetAppCredential>>

pub fn request_approval_to_encrypt(
&self,
req: &EncryptRequest,
description: Option<String>
) -> Result<PendingApproval<OperationEncrypt>>

pub fn encrypt_init(
&self,
req: &EncryptInitRequest
) -> Result<EncryptInitResponse>

pub fn encrypt_update(
&self,
req: &EncryptUpdateRequest
) -> Result<EncryptUpdateResponse>

pub fn encrypt_final(
&self,
req: &EncryptFinalRequest
) -> Result<EncryptFinalResponse>

pub fn request_approval_to_decrypt(
&self,
req: &DecryptRequest,
description: Option<String>
) -> Result<PendingApproval<OperationDecrypt>>

pub fn decrypt_init(
&self,
req: &DecryptInitRequest
) -> Result<DecryptInitResponse>

pub fn decrypt_update(
&self,
req: &DecryptUpdateRequest
) -> Result<DecryptUpdateResponse>

pub fn decrypt_final(
&self,
req: &DecryptFinalRequest
) -> Result<DecryptFinalResponse>

pub fn request_approval_to_sign(
&self,
req: &SignRequest,
description: Option<String>
) -> Result<PendingApproval<OperationSign>>

pub fn request_approval_to_wrap(
&self,
req: &WrapKeyRequest,
description: Option<String>
) -> Result<PendingApproval<OperationWrap>>

pub fn request_approval_to_unwrap(
&self,
req: &UnwrapKeyRequest,
description: Option<String>
) -> Result<PendingApproval<OperationUnwrap>>

pub fn request_approval_to_mac(
&self,
req: &MacRequest,
description: Option<String>
) -> Result<PendingApproval<OperationMac>>

pub fn request_approval_to_derive(
&self,
req: &DeriveKeyRequest,
description: Option<String>
) -> Result<PendingApproval<OperationDerive>>

pub fn request_approval_to_agree(
&self,
req: &AgreeKeyRequest,
description: Option<String>
) -> Result<PendingApproval<OperationAgree>>

pub fn list_external_roles(
&self,
query_params: Option<&ListExternalRolesParams>
) -> Result<Vec<ExternalRole>>

pub fn create_external_role(
&self,
req: &ExternalRoleRequest
) -> Result<ExternalRole>

pub fn update_external_role(
&self,
id: &Uuid,
req: &ExternalRoleRequest
) -> Result<ExternalRole>

pub fn request_approval_to_update_group(
&self,
id: &Uuid,
req: &GroupRequest,
description: Option<String>
) -> Result<PendingApproval<OperationUpdateGroup>>

pub fn request_approval_to_update_sobject(
&self,
id: &Uuid,
req: &SobjectRequest,
description: Option<String>
) -> Result<PendingApproval<OperationUpdateSobject>>

pub fn request_approval_to_delete_sobject(
&self,
id: &Uuid,
description: Option<String>
) -> Result<PendingApproval<OperationDeleteSobject>>

pub fn list_sobjects(
&self,
query_params: Option<&ListSobjectsParams>
) -> Result<Vec<Sobject>>

pub fn get_sobject(
&self,
query_params: Option<&GetSobjectParams>,
req: &SobjectDescriptor
) -> Result<Sobject>