Skip to main content

vault_client_rs/types/
azure.rs

1use std::fmt;
2
3use secrecy::{ExposeSecret, SecretString};
4use serde::{Deserialize, Serialize};
5use zeroize::{Zeroize, ZeroizeOnDrop};
6
7use super::redaction::redact;
8
9#[derive(Debug, Serialize, Default, Zeroize, ZeroizeOnDrop)]
10pub struct AzureConfigRequest {
11    #[serde(skip_serializing_if = "Option::is_none")]
12    pub subscription_id: Option<String>,
13    #[serde(skip_serializing_if = "Option::is_none")]
14    pub tenant_id: Option<String>,
15    #[serde(skip_serializing_if = "Option::is_none")]
16    pub client_id: Option<String>,
17    #[serde(
18        serialize_with = "super::serde_secret::serialize_option",
19        skip_serializing_if = "Option::is_none"
20    )]
21    pub client_secret: Option<SecretString>,
22    #[serde(skip_serializing_if = "Option::is_none")]
23    pub environment: Option<String>,
24}
25
26impl Clone for AzureConfigRequest {
27    fn clone(&self) -> Self {
28        Self {
29            subscription_id: self.subscription_id.clone(),
30            tenant_id: self.tenant_id.clone(),
31            client_id: self.client_id.clone(),
32            client_secret: self.client_secret.clone(),
33            environment: self.environment.clone(),
34        }
35    }
36}
37
38#[derive(Debug, Deserialize, Clone)]
39#[non_exhaustive]
40pub struct AzureConfig {
41    #[serde(default)]
42    pub subscription_id: String,
43    #[serde(default)]
44    pub tenant_id: String,
45    #[serde(default)]
46    pub client_id: String,
47    #[serde(default)]
48    pub environment: String,
49}
50
51#[derive(Debug, Serialize, Default, Clone)]
52pub struct AzureRoleRequest {
53    #[serde(skip_serializing_if = "Option::is_none")]
54    pub azure_roles: Option<serde_json::Value>,
55    #[serde(skip_serializing_if = "Option::is_none")]
56    pub azure_groups: Option<serde_json::Value>,
57    #[serde(skip_serializing_if = "Option::is_none")]
58    pub application_object_id: Option<String>,
59    #[serde(skip_serializing_if = "Option::is_none")]
60    pub ttl: Option<String>,
61    #[serde(skip_serializing_if = "Option::is_none")]
62    pub max_ttl: Option<String>,
63}
64
65#[derive(Debug, Deserialize, Clone)]
66#[non_exhaustive]
67pub struct AzureRole {
68    #[serde(default)]
69    pub azure_roles: serde_json::Value,
70    #[serde(default)]
71    pub azure_groups: serde_json::Value,
72    #[serde(default)]
73    pub application_object_id: String,
74    #[serde(default)]
75    pub ttl: u64,
76    #[serde(default)]
77    pub max_ttl: u64,
78}
79
80#[derive(Deserialize, Zeroize, ZeroizeOnDrop)]
81#[non_exhaustive]
82pub struct AzureCredentials {
83    pub client_id: String,
84    pub client_secret: SecretString,
85}
86
87impl Clone for AzureCredentials {
88    fn clone(&self) -> Self {
89        Self {
90            client_id: self.client_id.clone(),
91            client_secret: self.client_secret.clone(),
92        }
93    }
94}
95
96impl From<(String, SecretString)> for AzureCredentials {
97    fn from((client_id, client_secret): (String, SecretString)) -> Self {
98        Self {
99            client_id,
100            client_secret,
101        }
102    }
103}
104
105impl From<(&str, &str)> for AzureCredentials {
106    fn from((client_id, client_secret): (&str, &str)) -> Self {
107        Self {
108            client_id: client_id.to_owned(),
109            client_secret: SecretString::from(client_secret.to_owned()),
110        }
111    }
112}
113
114impl fmt::Debug for AzureCredentials {
115    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
116        f.debug_struct("AzureCredentials")
117            .field("client_id", &self.client_id)
118            .field("client_secret", &redact(self.client_secret.expose_secret()))
119            .finish()
120    }
121}
122
123// Azure Auth types
124#[derive(Debug, Serialize, Default, Zeroize, ZeroizeOnDrop)]
125pub struct AzureAuthConfigRequest {
126    #[serde(skip_serializing_if = "Option::is_none")]
127    pub tenant_id: Option<String>,
128    #[serde(skip_serializing_if = "Option::is_none")]
129    pub resource: Option<String>,
130    #[serde(skip_serializing_if = "Option::is_none")]
131    pub environment: Option<String>,
132    #[serde(skip_serializing_if = "Option::is_none")]
133    pub client_id: Option<String>,
134    #[serde(
135        serialize_with = "super::serde_secret::serialize_option",
136        skip_serializing_if = "Option::is_none"
137    )]
138    pub client_secret: Option<SecretString>,
139}
140
141impl Clone for AzureAuthConfigRequest {
142    fn clone(&self) -> Self {
143        Self {
144            tenant_id: self.tenant_id.clone(),
145            resource: self.resource.clone(),
146            environment: self.environment.clone(),
147            client_id: self.client_id.clone(),
148            client_secret: self.client_secret.clone(),
149        }
150    }
151}
152
153#[derive(Debug, Deserialize, Clone)]
154#[non_exhaustive]
155pub struct AzureAuthConfig {
156    #[serde(default)]
157    pub tenant_id: String,
158    #[serde(default)]
159    pub resource: String,
160    #[serde(default)]
161    pub environment: String,
162    #[serde(default)]
163    pub client_id: String,
164}
165
166#[derive(Debug, Serialize, Default, Clone)]
167pub struct AzureAuthRoleRequest {
168    #[serde(skip_serializing_if = "Option::is_none")]
169    pub bound_service_principal_ids: Option<Vec<String>>,
170    #[serde(skip_serializing_if = "Option::is_none")]
171    pub bound_group_ids: Option<Vec<String>>,
172    #[serde(skip_serializing_if = "Option::is_none")]
173    pub bound_locations: Option<Vec<String>>,
174    #[serde(skip_serializing_if = "Option::is_none")]
175    pub bound_subscription_ids: Option<Vec<String>>,
176    #[serde(skip_serializing_if = "Option::is_none")]
177    pub bound_resource_groups: Option<Vec<String>>,
178    #[serde(skip_serializing_if = "Option::is_none")]
179    pub bound_scale_sets: Option<Vec<String>>,
180    #[serde(skip_serializing_if = "Option::is_none")]
181    pub token_ttl: Option<String>,
182    #[serde(skip_serializing_if = "Option::is_none")]
183    pub token_max_ttl: Option<String>,
184    #[serde(skip_serializing_if = "Option::is_none")]
185    pub token_policies: Option<Vec<String>>,
186}
187
188#[derive(Debug, Deserialize, Clone)]
189#[non_exhaustive]
190pub struct AzureAuthRoleInfo {
191    #[serde(default)]
192    pub bound_service_principal_ids: Vec<String>,
193    #[serde(default)]
194    pub bound_group_ids: Vec<String>,
195    #[serde(default)]
196    pub bound_locations: Vec<String>,
197    #[serde(default)]
198    pub bound_subscription_ids: Vec<String>,
199    #[serde(default)]
200    pub bound_resource_groups: Vec<String>,
201    #[serde(default)]
202    pub token_ttl: u64,
203    #[serde(default)]
204    pub token_max_ttl: u64,
205    #[serde(default)]
206    pub token_policies: Vec<String>,
207}
208
209// Azure auth login request
210#[derive(Debug, Serialize, Zeroize, ZeroizeOnDrop)]
211pub struct AzureAuthLoginRequest {
212    pub role: String,
213    #[serde(serialize_with = "super::serde_secret::serialize")]
214    pub jwt: SecretString,
215    #[serde(skip_serializing_if = "Option::is_none")]
216    pub subscription_id: Option<String>,
217    #[serde(skip_serializing_if = "Option::is_none")]
218    pub resource_group_name: Option<String>,
219    #[serde(skip_serializing_if = "Option::is_none")]
220    pub vm_name: Option<String>,
221    #[serde(skip_serializing_if = "Option::is_none")]
222    pub vmss_name: Option<String>,
223}
224
225impl Clone for AzureAuthLoginRequest {
226    fn clone(&self) -> Self {
227        Self {
228            role: self.role.clone(),
229            jwt: self.jwt.clone(),
230            subscription_id: self.subscription_id.clone(),
231            resource_group_name: self.resource_group_name.clone(),
232            vm_name: self.vm_name.clone(),
233            vmss_name: self.vmss_name.clone(),
234        }
235    }
236}