1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

use crate::Auth;
use crate::Client;
use crate::Error;

use std::time::Duration;

use serde::Deserialize;

#[derive(Deserialize)]
struct DBCreds {
    username: String,
    password: String,
}

#[allow(dead_code)]
#[derive(Deserialize)]
struct DBCredsResponse {
    lease_id: String,
    lease_duration: u64,
    renewable: bool,
    data: DBCreds,
}

/// This struct holds Database Credentials returned by vault
#[derive(Debug)]
pub struct DatabaseCreds {
    /// The username to use when logging in to the database
    pub username: String,
    /// The password to use when logging in to the database
    pub password: String,
    /// The duration for which these credentials are valid for
    pub duration: Duration,
}

impl PartialEq for DatabaseCreds {
    fn eq(&self, other: &Self) -> bool {
        self.username == other.username
            && self.password == other.password
            && self.duration == other.duration
    }
}

/// This function is used to actually load the Database credentials from vault
pub async fn get_credentials(
    client: &Client<impl Auth>,
    name: &str,
) -> Result<DatabaseCreds, Error> {
    let path = format!("database/creds/{}", name);
    let response = match client
        .vault_request::<String>(reqwest::Method::GET, &path, None)
        .await
    {
        Err(e) => return Err(e),
        Ok(res) => res,
    };

    let resp_body = match response.json::<DBCredsResponse>().await {
        Err(e) => return Err(Error::from(e)),
        Ok(body) => body,
    };

    Ok(DatabaseCreds {
        username: resp_body.data.username,
        password: resp_body.data.password,
        duration: Duration::from_secs(resp_body.lease_duration),
    })
}