vaultrs/api/auth/oidc/
requests.rs

1use super::responses::{
2    ListRolesResponse, OIDCAuthResponse, ReadConfigurationResponse, ReadRoleResponse,
3};
4use rustify_derive::Endpoint;
5use std::{collections::HashMap, fmt::Debug};
6
7// ## Configure
8/// Configures the validation information to be used globally across all roles.
9///
10/// * Path: /auth/jwt/config
11/// * Method: POST
12/// * Response: N/A
13/// * Reference: <https://developer.hashicorp.com/vault/api-docsauth/jwt#configure>
14#[derive(Builder, Debug, Default, Endpoint)]
15#[endpoint(path = "/auth/{self.mount}/config", method = "POST", builder = "true")]
16#[builder(setter(into, strip_option), default)]
17pub struct SetConfigurationRequest {
18    #[endpoint(skip)]
19    pub mount: String,
20    pub bound_issuer: Option<String>,
21    pub default_role: Option<String>,
22    pub jwks_ca_pem: Option<String>,
23    pub jwt_supported_algs: Option<Vec<String>>,
24    pub jwks_url: Option<String>,
25    pub jwt_validation_pubkeys: Option<Vec<String>>,
26    pub namespace_in_state: Option<bool>,
27    pub oidc_discovery_ca_pem: Option<String>,
28    pub oidc_discovery_url: Option<String>,
29    pub oidc_client_id: Option<String>,
30    pub oidc_client_secret: Option<String>,
31    pub oidc_response_mode: Option<String>,
32    pub oidc_response_types: Option<Vec<String>>,
33    pub provider_config: Option<HashMap<String, String>>,
34}
35
36/// ## Read Config
37/// Returns the previously configured config.
38///
39/// * Path: /auth/{self.mount}/config
40/// * Method: GET
41/// * Response: [ReadConfigurationResponse]
42/// * Reference: <https://developer.hashicorp.com/vault/api-docsauth/jwt#read-config>
43#[derive(Builder, Debug, Default, Endpoint)]
44#[endpoint(
45    path = "/auth/{self.mount}/config",
46    response = "ReadConfigurationResponse",
47    builder = "true"
48)]
49#[builder(setter(into, strip_option), default)]
50pub struct ReadConfigurationRequest {
51    #[endpoint(skip)]
52    pub mount: String,
53}
54
55/// ## Create Role
56/// Registers a role in the method.
57///
58/// * Path: /auth/{self.mount}/role/{self.name}
59/// * Method: POST
60/// * Response: N/A
61/// * Reference: <https://developer.hashicorp.com/vault/api-docsauth/jwt#create-role>
62#[derive(Builder, Debug, Default, Endpoint)]
63#[endpoint(
64    path = "/auth/{self.mount}/role/{self.name}",
65    method = "POST",
66    builder = "true"
67)]
68#[builder(setter(into, strip_option), default)]
69pub struct SetRoleRequest {
70    #[endpoint(skip)]
71    pub mount: String,
72    #[endpoint(skip)]
73    pub name: String,
74    pub allowed_redirect_uris: Vec<String>,
75    pub user_claim: String,
76    pub bound_subject: Option<String>,
77    pub bound_claims: Option<HashMap<String, String>>,
78    pub bound_claims_type: Option<String>,
79    pub bound_audiences: Option<Vec<String>>,
80    pub claim_mappings: Option<HashMap<String, String>>,
81    pub clock_skew_leeway: Option<String>,
82    pub expiration_leeway: Option<String>,
83    pub groups_claim: Option<String>,
84    pub max_age: Option<String>,
85    pub not_before_leeway: Option<String>,
86    pub oidc_scopes: Option<Vec<String>>,
87    pub role_type: Option<String>,
88    pub token_bound_cidrs: Option<Vec<String>>,
89    pub token_explicit_max_ttl: Option<String>,
90    pub token_no_default_policy: Option<bool>,
91    pub token_num_uses: Option<u64>,
92    pub token_period: Option<String>,
93    pub token_policies: Option<Vec<String>>,
94    pub token_ttl: Option<String>,
95    pub token_max_ttl: Option<String>,
96    pub token_type: Option<String>,
97    pub verbose_oidc_logging: Option<bool>,
98}
99
100/// ## Read Role
101/// Returns the previously registered role configuration.
102///
103/// * Path: /auth/{self.mount}/role/{self.name}
104/// * Method: GET
105/// * Response: [ReadRoleResponse]
106/// * Reference: <https://developer.hashicorp.com/vault/api-docsauth/jwt#read-role>
107#[derive(Builder, Debug, Default, Endpoint)]
108#[endpoint(
109    path = "/auth/{self.mount}/role/{self.name}",
110    response = "ReadRoleResponse",
111    builder = "true"
112)]
113#[builder(setter(into, strip_option), default)]
114pub struct ReadRoleRequest {
115    #[endpoint(skip)]
116    pub mount: String,
117    #[endpoint(skip)]
118    pub name: String,
119}
120
121/// ## List Roles
122/// Lists all the roles that are registered with the plugin.
123///
124/// * Path: /auth/{self.mount}/role
125/// * Method: LIST
126/// * Response: [ListRolesResponse]
127/// * Reference: <https://developer.hashicorp.com/vault/api-docsauth/jwt#list-roles>
128#[derive(Builder, Debug, Default, Endpoint)]
129#[endpoint(
130    path = "/auth/{self.mount}/role",
131    method = "LIST",
132    response = "ListRolesResponse",
133    builder = "true"
134)]
135#[builder(setter(into, strip_option), default)]
136pub struct ListRolesRequest {
137    #[endpoint(skip)]
138    pub mount: String,
139}
140
141/// ## Delete Role
142/// Deletes the previously registered role.
143///
144/// * Path: /auth/{self.mount}/role/{self.name}
145/// * Method: DELETE
146/// * Response: N/A
147/// * Reference: <https://developer.hashicorp.com/vault/api-docsauth/jwt#delete-role>
148#[derive(Builder, Debug, Default, Endpoint)]
149#[endpoint(
150    path = "/auth/{self.mount}/role/{self.name}",
151    method = "DELETE",
152    builder = "true"
153)]
154#[builder(setter(into, strip_option), default)]
155pub struct DeleteRoleRequest {
156    #[endpoint(skip)]
157    pub mount: String,
158    #[endpoint(skip)]
159    pub name: String,
160}
161
162/// ## OIDC Authorization URL Request
163/// Obtain an authorization URL from Vault to start an OIDC login flow.
164///
165/// * Path: /auth/{self.mount}/oidc/auth_url
166/// * Method: POST
167/// * Response: N/A
168/// * Reference: <https://developer.hashicorp.com/vault/api-docsauth/jwt#oidc-authorization-url-request>
169#[derive(Builder, Debug, Default, Endpoint)]
170#[endpoint(
171    path = "/auth/{self.mount}/oidc/auth_url",
172    method = "POST",
173    response = "OIDCAuthResponse",
174    builder = "true"
175)]
176#[builder(setter(into, strip_option), default)]
177pub struct OIDCAuthRequest {
178    #[endpoint(skip)]
179    pub mount: String,
180    pub redirect_uri: String,
181    pub role: Option<String>,
182}
183
184/// ## OIDC Callback
185/// Exchange an authorization code for an OIDC ID Token.
186///
187/// * Path: /auth/{self.mount}/oidc/callback
188/// * Method: GET
189/// * Response: N/A
190/// * Reference: <https://developer.hashicorp.com/vault/api-docsauth/jwt#oidc-callback>
191#[derive(Builder, Debug, Default, Endpoint)]
192#[endpoint(path = "/auth/{self.mount}/oidc/callback", builder = "true")]
193#[builder(setter(into, strip_option), default)]
194pub struct OIDCCallbackRequest {
195    #[endpoint(skip)]
196    pub mount: String,
197    #[endpoint(query)]
198    #[endpoint(skip)]
199    pub state: String,
200    #[endpoint(query)]
201    #[endpoint(skip)]
202    pub nonce: String,
203    #[endpoint(query)]
204    #[endpoint(skip)]
205    pub code: String,
206}
207
208/// ## JWT Login
209/// This endpoint takes a signed JSON Web Token (JWT) and a role name for some
210// entity.
211///
212/// * Path: /auth/{self.mount}/login
213/// * Method: POST
214/// * Response: N/A
215/// * Reference: <https://developer.hashicorp.com/vault/api-docsauth/jwt#jwt-login>
216#[derive(Builder, Debug, Default, Endpoint)]
217#[endpoint(path = "/auth/{self.mount}/login", method = "POST", builder = "true")]
218#[builder(setter(into, strip_option), default)]
219pub struct JWTLoginRequest {
220    #[endpoint(skip)]
221    pub mount: String,
222    pub jwt: String,
223    pub role: Option<String>,
224}