vaultrs/api/auth/cert/
requests.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
use rustify_derive::Endpoint;

use super::responses::{ListCaCertificateRoleResponse, ReadCaCertificateRoleResponse};

/// ## Create/Update CA certificate role
/// Create or update a CA certificate role.
///
/// * Path: /auth/{self.mount}/certs/{self.name}
/// * Method: POST
/// * Response: N/A
/// * Reference: <https://developer.hashicorp.com/vault/api-docs/auth/cert#create-ca-certificate-role>
#[derive(Builder, Debug, Default, Endpoint)]
#[endpoint(
    path = "/auth/{self.mount}/certs/{self.name}",
    method = "POST",
    builder = "true"
)]
#[builder(setter(into, strip_option), default)]
pub struct CreateCaCertificateRoleRequest {
    #[endpoint(skip)]
    pub mount: String,
    #[endpoint(skip)]
    pub name: String,
    pub certificate: String,
    pub allowed_common_names: Option<Vec<String>>,
    pub allowed_dns_sans: Option<Vec<String>>,
    pub allowed_email_sans: Option<Vec<String>>,
    pub allowed_uri_sans: Option<Vec<String>>,
    pub allowed_organizational_units: Option<Vec<String>>,
    pub required_extensions: Option<Vec<String>>,
    pub allowed_metadata_extensions: Option<Vec<String>>,
    pub ocsp_enabled: Option<bool>,
    pub ocsp_ca_certificates: Option<String>,
    pub ocsp_servers_override: Option<Vec<String>>,
    pub ocsp_fail_open: Option<bool>,
    pub ocsp_query_all_servers: Option<bool>,
    pub display_name: Option<String>,
    pub token_ttl: Option<String>,
    pub token_max_ttl: Option<String>,
    pub token_policies: Option<Vec<String>>,
    pub token_bound_cidrs: Option<Vec<String>>,
    pub token_explicit_max_ttl: Option<String>,
    pub token_no_default_policy: Option<bool>,
    pub token_num_uses: Option<u64>,
    pub token_period: Option<String>,
    pub token_type: Option<String>,
}

/// ## Read CA certificate role
/// Reads the properties of an existing CA certificate role.
///
/// * Path: /auth/{self.mount}/certs/{self.name}
/// * Method: GET
/// * Response: [ReadCaCertificateRoleResponse]
/// * Reference: <https://developer.hashicorp.com/vault/api-docs/auth/cert#read-ca-certificate-role>
#[derive(Builder, Debug, Default, Endpoint)]
#[endpoint(
    path = "/auth/{self.mount}/certs/{self.name}",
    response = "ReadCaCertificateRoleResponse",
    builder = "true"
)]
#[builder(setter(into, strip_option), default)]
pub struct ReadCaCertificateRoleRequest {
    #[endpoint(skip)]
    pub mount: String,
    #[endpoint(skip)]
    pub name: String,
}

/// ## Delete CA certificate role
/// This endpoint deletes the CA certificate role.
///
/// * Path: /auth/{self.mount}/certs/{self.name}
/// * Method: DELETE
/// * Response: N/A
/// * Reference: <https://developer.hashicorp.com/vault/api-docs/auth/cert#delete-certificate-role>
#[derive(Builder, Debug, Default, Endpoint)]
#[endpoint(
    path = "/auth/{self.mount}/certs/{self.name}",
    method = "DELETE",
    builder = "true"
)]
#[builder(setter(into, strip_option), default)]
pub struct DeleteCaCertificateRoleRequest {
    #[endpoint(skip)]
    pub mount: String,
    #[endpoint(skip)]
    pub name: String,
}

/// ## List CA certificate role
/// List available CA certificate roles.
///
/// * Path: /auth/{self.mount}/certs
/// * Method: LIST
/// * Response: [ListCaCertificateRoleResponse]
/// * Reference: <https://developer.hashicorp.com/vault/api-docs/auth/cert#list-certificate-roles>
#[derive(Builder, Debug, Default, Endpoint)]
#[endpoint(
    path = "/auth/{self.mount}/certs",
    method = "LIST",
    response = "ListCaCertificateRoleResponse",
    builder = "true"
)]
#[builder(setter(into, strip_option), default)]
pub struct ListCaCertificateRoleRequest {
    #[endpoint(skip)]
    pub mount: String,
}

/// ## Configure TLS certificate method
/// Configuration options for the method.
///
/// * Path: /auth/{self.mount}/config
/// * Method: POST
/// * Response: N/A
/// * Reference: <https://developer.hashicorp.com/vault/api-docs/auth/cert#configure-tls-certificate-method>
#[derive(Builder, Debug, Default, Endpoint)]
#[endpoint(path = "/auth/{self.mount}/config", method = "POST", builder = "true")]
#[builder(setter(into, strip_option), default)]
pub struct ConfigureTlsCertificateMethod {
    #[endpoint(skip)]
    pub mount: String,
    /// If set, during renewal, skips the matching of presented client identity with the client identity used during login.
    disable_binding: Option<bool>,
    /// If set, metadata of the certificate including the metadata corresponding to allowed_metadata_extensions will be stored in the alias.
    enable_identity_alias_metadata: Option<bool>,
    /// The size of the OCSP response LRU cache. Note that this cache is used for all configured certificates.
    ocsp_cache_size: Option<u64>,
    /// The size of the role cache. Use -1 to disable role caching.
    role_cache_size: Option<u64>,
}

/// ## Login
/// Login with the TLS certificate method and authenticate against only the named
/// certificate role.
///
/// * Path: /auth/{self.mount}/login
/// * Method: POST
/// * Response: N/A
/// * Reference: <https://developer.hashicorp.com/vault/api-docs/auth/cert#login-with-tls-certificate-method>
#[derive(Builder, Debug, Default, Endpoint)]
#[endpoint(path = "/auth/{self.mount}/login", method = "POST", builder = "true")]
#[builder(setter(into, strip_option), default)]
pub struct LoginRequest {
    #[endpoint(skip)]
    pub mount: String,
    pub cert_name: String,
}