vault_client_rs/api/auth/
ldap.rs1use reqwest::Method;
2use secrecy::{ExposeSecret, SecretString};
3
4use crate::VaultClient;
5use crate::api::traits::LdapAuthOperations;
6use crate::client::{encode_path, to_body};
7use crate::types::auth::{
8 LdapConfig, LdapConfigRequest, LdapGroup, LdapGroupRequest, LdapUser, LdapUserRequest,
9};
10use crate::types::error::VaultError;
11use crate::types::response::AuthInfo;
12
13#[derive(Debug)]
14pub struct LdapAuthHandler<'a> {
15 pub(crate) client: &'a VaultClient,
16 pub(crate) mount: String,
17}
18
19impl LdapAuthOperations for LdapAuthHandler<'_> {
20 async fn login(&self, username: &str, password: &SecretString) -> Result<AuthInfo, VaultError> {
21 let body = serde_json::json!({ "password": password.expose_secret() });
22 let resp = self
23 .client
24 .exec_with_auth::<serde_json::Value>(
25 Method::POST,
26 &format!("auth/{}/login/{}", self.mount, encode_path(username)),
27 Some(&body),
28 )
29 .await?;
30 let auth = resp.auth.ok_or(VaultError::EmptyResponse)?;
31 self.client.update_token_from_auth(&auth)?;
32 Ok(auth)
33 }
34
35 async fn configure(&self, config: &LdapConfigRequest) -> Result<(), VaultError> {
36 let body = to_body(config)?;
37 self.client
38 .exec_empty(
39 Method::POST,
40 &format!("auth/{}/config", self.mount),
41 Some(&body),
42 )
43 .await
44 }
45
46 async fn read_config(&self) -> Result<LdapConfig, VaultError> {
47 self.client
48 .exec_with_data(Method::GET, &format!("auth/{}/config", self.mount), None)
49 .await
50 }
51
52 async fn write_group(&self, name: &str, params: &LdapGroupRequest) -> Result<(), VaultError> {
53 let body = to_body(params)?;
54 self.client
55 .exec_empty(
56 Method::POST,
57 &format!("auth/{}/groups/{}", self.mount, encode_path(name)),
58 Some(&body),
59 )
60 .await
61 }
62
63 async fn read_group(&self, name: &str) -> Result<LdapGroup, VaultError> {
64 self.client
65 .exec_with_data(
66 Method::GET,
67 &format!("auth/{}/groups/{}", self.mount, encode_path(name)),
68 None,
69 )
70 .await
71 }
72
73 async fn delete_group(&self, name: &str) -> Result<(), VaultError> {
74 self.client
75 .exec_empty(
76 Method::DELETE,
77 &format!("auth/{}/groups/{}", self.mount, encode_path(name)),
78 None,
79 )
80 .await
81 }
82
83 async fn list_groups(&self) -> Result<Vec<String>, VaultError> {
84 self.client
85 .exec_list(&format!("auth/{}/groups", self.mount))
86 .await
87 }
88
89 async fn write_user(&self, name: &str, params: &LdapUserRequest) -> Result<(), VaultError> {
90 let body = to_body(params)?;
91 self.client
92 .exec_empty(
93 Method::POST,
94 &format!("auth/{}/users/{}", self.mount, encode_path(name)),
95 Some(&body),
96 )
97 .await
98 }
99
100 async fn read_user(&self, name: &str) -> Result<LdapUser, VaultError> {
101 self.client
102 .exec_with_data(
103 Method::GET,
104 &format!("auth/{}/users/{}", self.mount, encode_path(name)),
105 None,
106 )
107 .await
108 }
109
110 async fn delete_user(&self, name: &str) -> Result<(), VaultError> {
111 self.client
112 .exec_empty(
113 Method::DELETE,
114 &format!("auth/{}/users/{}", self.mount, encode_path(name)),
115 None,
116 )
117 .await
118 }
119
120 async fn list_users(&self) -> Result<Vec<String>, VaultError> {
121 self.client
122 .exec_list(&format!("auth/{}/users", self.mount))
123 .await
124 }
125}