vault_client_rs/api/auth/
oidc.rs

1use reqwest::Method;
2use secrecy::{ExposeSecret, SecretString};
3
4use crate::VaultClient;
5use crate::api::traits::OidcAuthOperations;
6use crate::client::{encode_path, to_body};
7use crate::types::auth::{OidcConfig, OidcConfigRequest, OidcRoleInfo, OidcRoleRequest};
8use crate::types::error::VaultError;
9use crate::types::response::AuthInfo;
10
11#[derive(Debug)]
12pub struct OidcAuthHandler<'a> {
13    pub(crate) client: &'a VaultClient,
14    pub(crate) mount: String,
15}
16
17impl OidcAuthOperations for OidcAuthHandler<'_> {
18    async fn login_jwt(&self, role: &str, jwt: &SecretString) -> Result<AuthInfo, VaultError> {
19        let body = serde_json::json!({
20            "role": role,
21            "jwt": jwt.expose_secret(),
22        });
23        let resp = self
24            .client
25            .exec_with_auth::<serde_json::Value>(
26                Method::POST,
27                &format!("auth/{}/login", self.mount),
28                Some(&body),
29            )
30            .await?;
31        let auth = resp.auth.ok_or(VaultError::EmptyResponse)?;
32        self.client.update_token_from_auth(&auth)?;
33        Ok(auth)
34    }
35
36    async fn configure(&self, config: &OidcConfigRequest) -> Result<(), VaultError> {
37        let body = to_body(config)?;
38        self.client
39            .exec_empty(
40                Method::POST,
41                &format!("auth/{}/config", self.mount),
42                Some(&body),
43            )
44            .await
45    }
46
47    async fn read_config(&self) -> Result<OidcConfig, VaultError> {
48        self.client
49            .exec_with_data(Method::GET, &format!("auth/{}/config", self.mount), None)
50            .await
51    }
52
53    async fn create_role(&self, name: &str, params: &OidcRoleRequest) -> Result<(), VaultError> {
54        let body = to_body(params)?;
55        self.client
56            .exec_empty(
57                Method::POST,
58                &format!("auth/{}/role/{}", self.mount, encode_path(name)),
59                Some(&body),
60            )
61            .await
62    }
63
64    async fn read_role(&self, name: &str) -> Result<OidcRoleInfo, VaultError> {
65        self.client
66            .exec_with_data(
67                Method::GET,
68                &format!("auth/{}/role/{}", self.mount, encode_path(name)),
69                None,
70            )
71            .await
72    }
73
74    async fn delete_role(&self, name: &str) -> Result<(), VaultError> {
75        self.client
76            .exec_empty(
77                Method::DELETE,
78                &format!("auth/{}/role/{}", self.mount, encode_path(name)),
79                None,
80            )
81            .await
82    }
83
84    async fn list_roles(&self) -> Result<Vec<String>, VaultError> {
85        self.client
86            .exec_list(&format!("auth/{}/role", self.mount))
87            .await
88    }
89}
vault_client_rs/api/auth/oidc.rs

vault_client_rs/api/auth/
oidc.rs
