vault_client_rs/types/
ssh.rs

1use std::fmt;
2
3use secrecy::{ExposeSecret, SecretString};
4use serde::{Deserialize, Serialize};
5use zeroize::{Zeroize, ZeroizeOnDrop};
6
7use super::redaction::redact;
8
9#[derive(Debug, Serialize, Default, Clone)]
10pub struct SshRoleRequest {
11    pub key_type: String,
12    #[serde(skip_serializing_if = "Option::is_none")]
13    pub default_user: Option<String>,
14    #[serde(skip_serializing_if = "Option::is_none")]
15    pub allowed_users: Option<String>,
16    #[serde(skip_serializing_if = "Option::is_none")]
17    pub allowed_domains: Option<String>,
18    #[serde(skip_serializing_if = "Option::is_none")]
19    pub ttl: Option<String>,
20    #[serde(skip_serializing_if = "Option::is_none")]
21    pub max_ttl: Option<String>,
22    #[serde(skip_serializing_if = "Option::is_none")]
23    pub allowed_critical_options: Option<String>,
24    #[serde(skip_serializing_if = "Option::is_none")]
25    pub allowed_extensions: Option<String>,
26    #[serde(skip_serializing_if = "Option::is_none")]
27    pub default_extensions: Option<serde_json::Value>,
28    #[serde(skip_serializing_if = "Option::is_none")]
29    pub allow_user_certificates: Option<bool>,
30    #[serde(skip_serializing_if = "Option::is_none")]
31    pub allow_host_certificates: Option<bool>,
32    #[serde(skip_serializing_if = "Option::is_none")]
33    pub allow_bare_domains: Option<bool>,
34    #[serde(skip_serializing_if = "Option::is_none")]
35    pub allow_subdomains: Option<bool>,
36    #[serde(skip_serializing_if = "Option::is_none")]
37    pub algorithm_signer: Option<String>,
38}
39
40#[derive(Debug, Deserialize, Clone)]
41#[non_exhaustive]
42pub struct SshRole {
43    pub key_type: String,
44    pub default_user: String,
45    pub allowed_users: String,
46    pub ttl: String,
47    pub max_ttl: String,
48    pub allowed_critical_options: String,
49    pub allowed_extensions: String,
50    pub allow_user_certificates: bool,
51    pub allow_host_certificates: bool,
52}
53
54#[derive(Debug, Serialize, Default, Clone)]
55pub struct SshSignRequest {
56    pub public_key: String,
57    #[serde(skip_serializing_if = "Option::is_none")]
58    pub valid_principals: Option<String>,
59    #[serde(skip_serializing_if = "Option::is_none")]
60    pub cert_type: Option<String>,
61    #[serde(skip_serializing_if = "Option::is_none")]
62    pub ttl: Option<String>,
63    #[serde(skip_serializing_if = "Option::is_none")]
64    pub critical_options: Option<serde_json::Value>,
65    #[serde(skip_serializing_if = "Option::is_none")]
66    pub extensions: Option<serde_json::Value>,
67}
68
69#[derive(Deserialize, Zeroize, ZeroizeOnDrop)]
70#[non_exhaustive]
71pub struct SshSignedKey {
72    pub serial_number: String,
73    pub signed_key: SecretString,
74}
75
76impl Clone for SshSignedKey {
77    fn clone(&self) -> Self {
78        Self {
79            serial_number: self.serial_number.clone(),
80            signed_key: self.signed_key.clone(),
81        }
82    }
83}
84
85impl fmt::Debug for SshSignedKey {
86    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
87        f.debug_struct("SshSignedKey")
88            .field("serial_number", &self.serial_number)
89            .field("signed_key", &redact(self.signed_key.expose_secret()))
90            .finish()
91    }
92}
93
94#[derive(Debug, Serialize, Default, Zeroize, ZeroizeOnDrop)]
95pub struct SshCaConfigRequest {
96    #[serde(skip_serializing_if = "Option::is_none")]
97    pub generate_signing_key: Option<bool>,
98    #[serde(
99        serialize_with = "super::serde_secret::serialize_option",
100        skip_serializing_if = "Option::is_none"
101    )]
102    pub private_key: Option<SecretString>,
103    #[serde(skip_serializing_if = "Option::is_none")]
104    pub public_key: Option<String>,
105    #[serde(skip_serializing_if = "Option::is_none")]
106    pub key_type: Option<String>,
107    #[serde(skip_serializing_if = "Option::is_none")]
108    pub key_bits: Option<u32>,
109}
110
111impl Clone for SshCaConfigRequest {
112    fn clone(&self) -> Self {
113        Self {
114            generate_signing_key: self.generate_signing_key,
115            private_key: self.private_key.clone(),
116            public_key: self.public_key.clone(),
117            key_type: self.key_type.clone(),
118            key_bits: self.key_bits,
119        }
120    }
121}
122
123#[derive(Debug, Deserialize, Clone)]
124#[non_exhaustive]
125pub struct SshCaPublicKey {
126    pub public_key: String,
127}
128
129#[derive(Debug, Serialize, Zeroize, ZeroizeOnDrop)]
130pub struct SshVerifyRequest {
131    #[serde(serialize_with = "super::serde_secret::serialize")]
132    pub otp: SecretString,
133}
134
135impl Clone for SshVerifyRequest {
136    fn clone(&self) -> Self {
137        Self {
138            otp: self.otp.clone(),
139        }
140    }
141}
142
143#[derive(Debug, Deserialize, Clone)]
144#[non_exhaustive]
145pub struct SshVerifyResponse {
146    pub ip: String,
147    pub username: String,
148}
vault_client_rs/types/ssh.rs

vault_client_rs/types/
ssh.rs
