vaultrs/api/auth/cert/
requests.rs

1use rustify_derive::Endpoint;
2
3use super::responses::{ListCaCertificateRoleResponse, ReadCaCertificateRoleResponse};
4
5/// ## Create/Update CA certificate role
6/// Create or update a CA certificate role.
7///
8/// * Path: /auth/{self.mount}/certs/{self.name}
9/// * Method: POST
10/// * Response: N/A
11/// * Reference: <https://developer.hashicorp.com/vault/api-docs/auth/cert#create-ca-certificate-role>
12#[derive(Builder, Debug, Default, Endpoint)]
13#[endpoint(
14    path = "/auth/{self.mount}/certs/{self.name}",
15    method = "POST",
16    builder = "true"
17)]
18#[builder(setter(into, strip_option), default)]
19pub struct CreateCaCertificateRoleRequest {
20    #[endpoint(skip)]
21    pub mount: String,
22    #[endpoint(skip)]
23    pub name: String,
24    pub certificate: String,
25    pub allowed_common_names: Option<Vec<String>>,
26    pub allowed_dns_sans: Option<Vec<String>>,
27    pub allowed_email_sans: Option<Vec<String>>,
28    pub allowed_uri_sans: Option<Vec<String>>,
29    pub allowed_organizational_units: Option<Vec<String>>,
30    pub required_extensions: Option<Vec<String>>,
31    pub allowed_metadata_extensions: Option<Vec<String>>,
32    pub ocsp_enabled: Option<bool>,
33    pub ocsp_ca_certificates: Option<String>,
34    pub ocsp_servers_override: Option<Vec<String>>,
35    pub ocsp_fail_open: Option<bool>,
36    pub ocsp_query_all_servers: Option<bool>,
37    pub display_name: Option<String>,
38    pub token_ttl: Option<String>,
39    pub token_max_ttl: Option<String>,
40    pub token_policies: Option<Vec<String>>,
41    pub token_bound_cidrs: Option<Vec<String>>,
42    pub token_explicit_max_ttl: Option<String>,
43    pub token_no_default_policy: Option<bool>,
44    pub token_num_uses: Option<u64>,
45    pub token_period: Option<String>,
46    pub token_type: Option<String>,
47}
48
49/// ## Read CA certificate role
50/// Reads the properties of an existing CA certificate role.
51///
52/// * Path: /auth/{self.mount}/certs/{self.name}
53/// * Method: GET
54/// * Response: [ReadCaCertificateRoleResponse]
55/// * Reference: <https://developer.hashicorp.com/vault/api-docs/auth/cert#read-ca-certificate-role>
56#[derive(Builder, Debug, Default, Endpoint)]
57#[endpoint(
58    path = "/auth/{self.mount}/certs/{self.name}",
59    response = "ReadCaCertificateRoleResponse",
60    builder = "true"
61)]
62#[builder(setter(into, strip_option), default)]
63pub struct ReadCaCertificateRoleRequest {
64    #[endpoint(skip)]
65    pub mount: String,
66    #[endpoint(skip)]
67    pub name: String,
68}
69
70/// ## Delete CA certificate role
71/// This endpoint deletes the CA certificate role.
72///
73/// * Path: /auth/{self.mount}/certs/{self.name}
74/// * Method: DELETE
75/// * Response: N/A
76/// * Reference: <https://developer.hashicorp.com/vault/api-docs/auth/cert#delete-certificate-role>
77#[derive(Builder, Debug, Default, Endpoint)]
78#[endpoint(
79    path = "/auth/{self.mount}/certs/{self.name}",
80    method = "DELETE",
81    builder = "true"
82)]
83#[builder(setter(into, strip_option), default)]
84pub struct DeleteCaCertificateRoleRequest {
85    #[endpoint(skip)]
86    pub mount: String,
87    #[endpoint(skip)]
88    pub name: String,
89}
90
91/// ## List CA certificate role
92/// List available CA certificate roles.
93///
94/// * Path: /auth/{self.mount}/certs
95/// * Method: LIST
96/// * Response: [ListCaCertificateRoleResponse]
97/// * Reference: <https://developer.hashicorp.com/vault/api-docs/auth/cert#list-certificate-roles>
98#[derive(Builder, Debug, Default, Endpoint)]
99#[endpoint(
100    path = "/auth/{self.mount}/certs",
101    method = "LIST",
102    response = "ListCaCertificateRoleResponse",
103    builder = "true"
104)]
105#[builder(setter(into, strip_option), default)]
106pub struct ListCaCertificateRoleRequest {
107    #[endpoint(skip)]
108    pub mount: String,
109}
110
111/// ## Configure TLS certificate method
112/// Configuration options for the method.
113///
114/// * Path: /auth/{self.mount}/config
115/// * Method: POST
116/// * Response: N/A
117/// * Reference: <https://developer.hashicorp.com/vault/api-docs/auth/cert#configure-tls-certificate-method>
118#[derive(Builder, Debug, Default, Endpoint)]
119#[endpoint(path = "/auth/{self.mount}/config", method = "POST", builder = "true")]
120#[builder(setter(into, strip_option), default)]
121pub struct ConfigureTlsCertificateMethod {
122    #[endpoint(skip)]
123    pub mount: String,
124    /// If set, during renewal, skips the matching of presented client identity with the client identity used during login.
125    disable_binding: Option<bool>,
126    /// If set, metadata of the certificate including the metadata corresponding to allowed_metadata_extensions will be stored in the alias.
127    enable_identity_alias_metadata: Option<bool>,
128    /// The size of the OCSP response LRU cache. Note that this cache is used for all configured certificates.
129    ocsp_cache_size: Option<u64>,
130    /// The size of the role cache. Use -1 to disable role caching.
131    role_cache_size: Option<u64>,
132}
133
134/// ## Login
135/// Login with the TLS certificate method and authenticate against only the named
136/// certificate role.
137///
138/// * Path: /auth/{self.mount}/login
139/// * Method: POST
140/// * Response: N/A
141/// * Reference: <https://developer.hashicorp.com/vault/api-docs/auth/cert#login-with-tls-certificate-method>
142#[derive(Builder, Debug, Default, Endpoint)]
143#[endpoint(path = "/auth/{self.mount}/login", method = "POST", builder = "true")]
144#[builder(setter(into, strip_option), default)]
145pub struct LoginRequest {
146    #[endpoint(skip)]
147    pub mount: String,
148    pub cert_name: String,
149}