vault_client_rs/api/auth/
kubernetes.rs

1use reqwest::Method;
2use secrecy::{ExposeSecret, SecretString};
3
4use crate::VaultClient;
5use crate::api::traits::K8sAuthOperations;
6use crate::client::{encode_path, to_body};
7use crate::types::auth::{K8sAuthConfigRequest, K8sAuthRoleInfo, K8sAuthRoleRequest};
8use crate::types::error::VaultError;
9use crate::types::response::AuthInfo;
10
11#[derive(Debug)]
12pub struct K8sAuthHandler<'a> {
13    pub(crate) client: &'a VaultClient,
14    pub(crate) mount: String,
15}
16
17impl K8sAuthOperations for K8sAuthHandler<'_> {
18    async fn login(&self, role: &str, jwt: &SecretString) -> Result<AuthInfo, VaultError> {
19        let body = serde_json::json!({
20            "role": role,
21            "jwt": jwt.expose_secret(),
22        });
23        let resp = self
24            .client
25            .exec_with_auth::<serde_json::Value>(
26                Method::POST,
27                &format!("auth/{}/login", self.mount),
28                Some(&body),
29            )
30            .await?;
31        let auth = resp.auth.ok_or(VaultError::EmptyResponse)?;
32        self.client.update_token_from_auth(&auth)?;
33        Ok(auth)
34    }
35
36    async fn configure(&self, config: &K8sAuthConfigRequest) -> Result<(), VaultError> {
37        let body = to_body(config)?;
38        self.client
39            .exec_empty(
40                Method::POST,
41                &format!("auth/{}/config", self.mount),
42                Some(&body),
43            )
44            .await
45    }
46
47    async fn create_role(&self, name: &str, params: &K8sAuthRoleRequest) -> Result<(), VaultError> {
48        let body = to_body(params)?;
49        self.client
50            .exec_empty(
51                Method::POST,
52                &format!("auth/{}/role/{}", self.mount, encode_path(name)),
53                Some(&body),
54            )
55            .await
56    }
57
58    async fn read_role(&self, name: &str) -> Result<K8sAuthRoleInfo, VaultError> {
59        self.client
60            .exec_with_data(
61                Method::GET,
62                &format!("auth/{}/role/{}", self.mount, encode_path(name)),
63                None,
64            )
65            .await
66    }
67
68    async fn delete_role(&self, name: &str) -> Result<(), VaultError> {
69        self.client
70            .exec_empty(
71                Method::DELETE,
72                &format!("auth/{}/role/{}", self.mount, encode_path(name)),
73                None,
74            )
75            .await
76    }
77
78    async fn list_roles(&self) -> Result<Vec<String>, VaultError> {
79        self.client
80            .exec_list(&format!("auth/{}/role", self.mount))
81            .await
82    }
83}
vault_client_rs/api/auth/kubernetes.rs

vault_client_rs/api/auth/
kubernetes.rs
