vault_client_rs/api/auth/
azure.rs

1use reqwest::Method;
2use secrecy::{ExposeSecret, SecretString};
3
4use crate::VaultClient;
5use crate::api::traits::AzureAuthOperations;
6use crate::client::{encode_path, to_body};
7use crate::types::azure::{
8    AzureAuthConfig, AzureAuthConfigRequest, AzureAuthRoleInfo, AzureAuthRoleRequest,
9};
10use crate::types::error::VaultError;
11use crate::types::response::AuthInfo;
12
13#[derive(Debug)]
14pub struct AzureAuthHandler<'a> {
15    pub(crate) client: &'a VaultClient,
16    pub(crate) mount: String,
17}
18
19impl AzureAuthOperations for AzureAuthHandler<'_> {
20    async fn login(
21        &self,
22        role: &str,
23        jwt: &SecretString,
24        subscription_id: Option<&str>,
25        resource_group_name: Option<&str>,
26        vm_name: Option<&str>,
27        vmss_name: Option<&str>,
28    ) -> Result<AuthInfo, VaultError> {
29        let mut body = serde_json::json!({
30            "role": role,
31            "jwt": jwt.expose_secret(),
32        });
33        if let Some(sub) = subscription_id {
34            body["subscription_id"] = serde_json::Value::String(sub.to_owned());
35        }
36        if let Some(rg) = resource_group_name {
37            body["resource_group_name"] = serde_json::Value::String(rg.to_owned());
38        }
39        if let Some(vm) = vm_name {
40            body["vm_name"] = serde_json::Value::String(vm.to_owned());
41        }
42        if let Some(vmss) = vmss_name {
43            body["vmss_name"] = serde_json::Value::String(vmss.to_owned());
44        }
45        let resp = self
46            .client
47            .exec_with_auth::<serde_json::Value>(
48                Method::POST,
49                &format!("auth/{}/login", self.mount),
50                Some(&body),
51            )
52            .await?;
53        let auth = resp.auth.ok_or(VaultError::EmptyResponse)?;
54        self.client.update_token_from_auth(&auth)?;
55        Ok(auth)
56    }
57
58    async fn configure(&self, config: &AzureAuthConfigRequest) -> Result<(), VaultError> {
59        let body = to_body(config)?;
60        self.client
61            .exec_empty(
62                Method::POST,
63                &format!("auth/{}/config", self.mount),
64                Some(&body),
65            )
66            .await
67    }
68
69    async fn read_config(&self) -> Result<AzureAuthConfig, VaultError> {
70        self.client
71            .exec_with_data(Method::GET, &format!("auth/{}/config", self.mount), None)
72            .await
73    }
74
75    async fn create_role(
76        &self,
77        name: &str,
78        params: &AzureAuthRoleRequest,
79    ) -> Result<(), VaultError> {
80        let body = to_body(params)?;
81        self.client
82            .exec_empty(
83                Method::POST,
84                &format!("auth/{}/role/{}", self.mount, encode_path(name)),
85                Some(&body),
86            )
87            .await
88    }
89
90    async fn read_role(&self, name: &str) -> Result<AzureAuthRoleInfo, VaultError> {
91        self.client
92            .exec_with_data(
93                Method::GET,
94                &format!("auth/{}/role/{}", self.mount, encode_path(name)),
95                None,
96            )
97            .await
98    }
99
100    async fn delete_role(&self, name: &str) -> Result<(), VaultError> {
101        self.client
102            .exec_empty(
103                Method::DELETE,
104                &format!("auth/{}/role/{}", self.mount, encode_path(name)),
105                None,
106            )
107            .await
108    }
109
110    async fn list_roles(&self) -> Result<Vec<String>, VaultError> {
111        self.client
112            .exec_list(&format!("auth/{}/role", self.mount))
113            .await
114    }
115}
vault_client_rs/api/auth/azure.rs

vault_client_rs/api/auth/
azure.rs
