vault_client_rs/api/auth/
approle.rs

1use reqwest::Method;
2use secrecy::{ExposeSecret, SecretString};
3
4use crate::VaultClient;
5use crate::api::traits::AppRoleAuthOperations;
6use crate::client::{encode_path, to_body};
7use crate::types::auth::{
8    AppRoleCreateRequest, AppRoleInfo, AppRoleRoleIdResponse, AppRoleSecretIdResponse,
9};
10use crate::types::error::VaultError;
11use crate::types::response::AuthInfo;
12
13#[derive(Debug)]
14pub struct AppRoleAuthHandler<'a> {
15    pub(crate) client: &'a VaultClient,
16    pub(crate) mount: String,
17}
18
19impl AppRoleAuthOperations for AppRoleAuthHandler<'_> {
20    async fn login(&self, role_id: &str, secret_id: &SecretString) -> Result<AuthInfo, VaultError> {
21        let body = serde_json::json!({
22            "role_id": role_id,
23            "secret_id": secret_id.expose_secret(),
24        });
25        let resp = self
26            .client
27            .exec_with_auth::<serde_json::Value>(
28                Method::POST,
29                &format!("auth/{}/login", self.mount),
30                Some(&body),
31            )
32            .await?;
33        let auth = resp.auth.ok_or(VaultError::EmptyResponse)?;
34        self.client.update_token_from_auth(&auth)?;
35        Ok(auth)
36    }
37
38    async fn create_role(
39        &self,
40        name: &str,
41        params: &AppRoleCreateRequest,
42    ) -> Result<(), VaultError> {
43        let body = to_body(params)?;
44        self.client
45            .exec_empty(
46                Method::POST,
47                &format!("auth/{}/role/{}", self.mount, encode_path(name)),
48                Some(&body),
49            )
50            .await
51    }
52
53    async fn read_role(&self, name: &str) -> Result<AppRoleInfo, VaultError> {
54        self.client
55            .exec_with_data(
56                Method::GET,
57                &format!("auth/{}/role/{}", self.mount, encode_path(name)),
58                None,
59            )
60            .await
61    }
62
63    async fn delete_role(&self, name: &str) -> Result<(), VaultError> {
64        self.client
65            .exec_empty(
66                Method::DELETE,
67                &format!("auth/{}/role/{}", self.mount, encode_path(name)),
68                None,
69            )
70            .await
71    }
72
73    async fn list_roles(&self) -> Result<Vec<String>, VaultError> {
74        self.client
75            .exec_list(&format!("auth/{}/role", self.mount))
76            .await
77    }
78
79    async fn read_role_id(&self, name: &str) -> Result<String, VaultError> {
80        let resp: AppRoleRoleIdResponse = self
81            .client
82            .exec_with_data(
83                Method::GET,
84                &format!("auth/{}/role/{}/role-id", self.mount, encode_path(name)),
85                None,
86            )
87            .await?;
88        Ok(resp.role_id)
89    }
90
91    async fn generate_secret_id(&self, name: &str) -> Result<AppRoleSecretIdResponse, VaultError> {
92        self.client
93            .exec_with_data(
94                Method::POST,
95                &format!("auth/{}/role/{}/secret-id", self.mount, encode_path(name)),
96                None,
97            )
98            .await
99    }
100
101    async fn destroy_secret_id(
102        &self,
103        name: &str,
104        secret_id: &SecretString,
105    ) -> Result<(), VaultError> {
106        let body = serde_json::json!({ "secret_id": secret_id.expose_secret() });
107        self.client
108            .exec_empty(
109                Method::POST,
110                &format!(
111                    "auth/{}/role/{}/secret-id/destroy",
112                    self.mount,
113                    encode_path(name)
114                ),
115                Some(&body),
116            )
117            .await
118    }
119}
vault_client_rs/api/auth/approle.rs

vault_client_rs/api/auth/
approle.rs
