use reqwest::Method;
use secrecy::{ExposeSecret, SecretString};
use crate::VaultClient;
use crate::api::traits::K8sAuthOperations;
use crate::client::{encode_path, to_body};
use crate::types::auth::{K8sAuthConfigRequest, K8sAuthRoleInfo, K8sAuthRoleRequest};
use crate::types::error::VaultError;
use crate::types::response::AuthInfo;
#[derive(Debug)]
pub struct K8sAuthHandler<'a> {
pub(crate) client: &'a VaultClient,
pub(crate) mount: String,
}
impl K8sAuthOperations for K8sAuthHandler<'_> {
async fn login(&self, role: &str, jwt: &SecretString) -> Result<AuthInfo, VaultError> {
let body = serde_json::json!({
"role": role,
"jwt": jwt.expose_secret(),
});
let resp = self
.client
.exec_with_auth::<serde_json::Value>(
Method::POST,
&format!("auth/{}/login", self.mount),
Some(&body),
)
.await?;
let auth = resp.auth.ok_or(VaultError::EmptyResponse)?;
self.client.update_token_from_auth(&auth)?;
Ok(auth)
}
async fn configure(&self, config: &K8sAuthConfigRequest) -> Result<(), VaultError> {
let body = to_body(config)?;
self.client
.exec_empty(
Method::POST,
&format!("auth/{}/config", self.mount),
Some(&body),
)
.await
}
async fn create_role(&self, name: &str, params: &K8sAuthRoleRequest) -> Result<(), VaultError> {
let body = to_body(params)?;
self.client
.exec_empty(
Method::POST,
&format!("auth/{}/role/{}", self.mount, encode_path(name)),
Some(&body),
)
.await
}
async fn read_role(&self, name: &str) -> Result<K8sAuthRoleInfo, VaultError> {
self.client
.exec_with_data(
Method::GET,
&format!("auth/{}/role/{}", self.mount, encode_path(name)),
None,
)
.await
}
async fn delete_role(&self, name: &str) -> Result<(), VaultError> {
self.client
.exec_empty(
Method::DELETE,
&format!("auth/{}/role/{}", self.mount, encode_path(name)),
None,
)
.await
}
async fn list_roles(&self) -> Result<Vec<String>, VaultError> {
self.client
.exec_list(&format!("auth/{}/role", self.mount))
.await
}
}