vault_client_rs/api/auth/
token.rs

1use reqwest::Method;
2use secrecy::{ExposeSecret, SecretString};
3
4use crate::VaultClient;
5use crate::api::traits::TokenAuthOperations;
6use crate::client::to_body;
7use crate::types::auth::{TokenCreateRequest, TokenLookupResponse};
8use crate::types::error::VaultError;
9use crate::types::response::AuthInfo;
10
11#[derive(Debug)]
12pub struct TokenAuthHandler<'a> {
13    pub(crate) client: &'a VaultClient,
14}
15
16impl TokenAuthOperations for TokenAuthHandler<'_> {
17    async fn lookup_self(&self) -> Result<TokenLookupResponse, VaultError> {
18        self.client
19            .exec_with_data(Method::GET, "auth/token/lookup-self", None)
20            .await
21    }
22
23    async fn lookup(&self, token: &SecretString) -> Result<TokenLookupResponse, VaultError> {
24        let body = serde_json::json!({ "token": token.expose_secret() });
25        self.client
26            .exec_with_data(Method::POST, "auth/token/lookup", Some(&body))
27            .await
28    }
29
30    async fn renew_self(&self, increment: Option<&str>) -> Result<AuthInfo, VaultError> {
31        let body = increment.map(|i| serde_json::json!({ "increment": i }));
32        let resp = self
33            .client
34            .exec_with_auth::<serde_json::Value>(
35                Method::POST,
36                "auth/token/renew-self",
37                body.as_ref(),
38            )
39            .await?;
40        let auth = resp.auth.ok_or(VaultError::EmptyResponse)?;
41        self.client.update_token_from_auth(&auth)?;
42        Ok(auth)
43    }
44
45    async fn create(&self, params: &TokenCreateRequest) -> Result<AuthInfo, VaultError> {
46        let body = to_body(params)?;
47        let resp = self
48            .client
49            .exec_with_auth::<serde_json::Value>(Method::POST, "auth/token/create", Some(&body))
50            .await?;
51        resp.auth.ok_or(VaultError::EmptyResponse)
52    }
53
54    async fn create_orphan(&self, params: &TokenCreateRequest) -> Result<AuthInfo, VaultError> {
55        let body = to_body(params)?;
56        let resp = self
57            .client
58            .exec_with_auth::<serde_json::Value>(
59                Method::POST,
60                "auth/token/create-orphan",
61                Some(&body),
62            )
63            .await?;
64        resp.auth.ok_or(VaultError::EmptyResponse)
65    }
66
67    async fn revoke(&self, token: &SecretString) -> Result<(), VaultError> {
68        let body = serde_json::json!({ "token": token.expose_secret() });
69        self.client
70            .exec_empty(Method::POST, "auth/token/revoke", Some(&body))
71            .await
72    }
73
74    async fn revoke_self(&self) -> Result<(), VaultError> {
75        self.client
76            .exec_empty(Method::POST, "auth/token/revoke-self", None)
77            .await
78    }
79
80    async fn revoke_accessor(&self, accessor: &str) -> Result<(), VaultError> {
81        let body = serde_json::json!({ "accessor": accessor });
82        self.client
83            .exec_empty(Method::POST, "auth/token/revoke-accessor", Some(&body))
84            .await
85    }
86
87    async fn list_accessors(&self) -> Result<Vec<String>, VaultError> {
88        self.client.exec_list("auth/token/accessors").await
89    }
90}
vault_client_rs/api/auth/token.rs

vault_client_rs/api/auth/
token.rs
