vaultrs/auth/
approle.rs

1use crate::{
2    api::{
3        self,
4        auth::approle::requests::{LoginWithApproleRequest, TidyRequest},
5        AuthInfo,
6    },
7    client::Client,
8    error::ClientError,
9};
10
11// Fetch a token with policies in corresponding AppRole.
12//
13// See [LoginWithApproleRequest]
14pub async fn login(
15    client: &impl Client,
16    mount: &str,
17    role_id: &str,
18    secret_id: &str,
19) -> Result<AuthInfo, ClientError> {
20    let endpoint = LoginWithApproleRequest::builder()
21        .mount(mount)
22        .role_id(role_id)
23        .secret_id(secret_id)
24        .build()
25        .unwrap();
26    api::auth(client, endpoint).await
27}
28
29/// Tidy's up the AppRole backend.
30///
31/// See [TidyRequest]
32pub async fn tidy(client: &impl Client, mount: &str) -> Result<(), ClientError> {
33    let endpoint = TidyRequest::builder().mount(mount).build().unwrap();
34    api::exec_with_empty_result(client, endpoint).await
35}
36
37pub mod role {
38    use crate::api;
39    use crate::api::auth::approle::requests::UpdateRoleIDRequest;
40    use crate::api::auth::approle::{
41        requests::{
42            DeleteAppRoleRequest, ListRolesRequest, ReadAppRoleRequest, ReadRoleIDRequest,
43            SetAppRoleRequest, SetAppRoleRequestBuilder,
44        },
45        responses::{ListRolesResponse, ReadAppRoleResponse, ReadRoleIDResponse},
46    };
47    use crate::client::Client;
48    use crate::error::ClientError;
49
50    /// Lists all AppRoles.
51    ///
52    /// See [ListRolesRequest]
53    pub async fn list(client: &impl Client, mount: &str) -> Result<ListRolesResponse, ClientError> {
54        let endpoint = ListRolesRequest::builder().mount(mount).build().unwrap();
55        api::exec_with_result(client, endpoint).await
56    }
57
58    /// Reads properties of an AppRole.
59    ///
60    /// See [ReadAppRoleRequest]
61    pub async fn read(
62        client: &impl Client,
63        mount: &str,
64        role_name: &str,
65    ) -> Result<ReadAppRoleResponse, ClientError> {
66        let endpoint = ReadAppRoleRequest::builder()
67            .mount(mount)
68            .role_name(role_name)
69            .build()
70            .unwrap();
71        api::exec_with_result(client, endpoint).await
72    }
73
74    /// Creates or updates an AppRole.
75    ///
76    /// See [SetAppRoleRequest]
77    pub async fn set(
78        client: &impl Client,
79        mount: &str,
80        role_name: &str,
81        opts: Option<&mut SetAppRoleRequestBuilder>,
82    ) -> Result<(), ClientError> {
83        let mut t = SetAppRoleRequest::builder();
84        let endpoint = opts
85            .unwrap_or(&mut t)
86            .mount(mount)
87            .role_name(role_name)
88            .build()
89            .unwrap();
90        api::exec_with_empty(client, endpoint).await
91    }
92
93    /// Deletes an existing AppRole.
94    ///
95    /// See [DeleteAppRoleRequest]
96    pub async fn delete(
97        client: &impl Client,
98        mount: &str,
99        role_name: &str,
100    ) -> Result<(), ClientError> {
101        let endpoint = DeleteAppRoleRequest::builder()
102            .mount(mount)
103            .role_name(role_name)
104            .build()
105            .unwrap();
106        api::exec_with_empty(client, endpoint).await
107    }
108
109    /// Reads the RoleID of an existing AppRole.
110    ///
111    /// See [ReadRoleIDRequest]
112    pub async fn read_id(
113        client: &impl Client,
114        mount: &str,
115        role_name: &str,
116    ) -> Result<ReadRoleIDResponse, ClientError> {
117        let endpoint = ReadRoleIDRequest::builder()
118            .mount(mount)
119            .role_name(role_name)
120            .build()
121            .unwrap();
122        api::exec_with_result(client, endpoint).await
123    }
124
125    /// Updates the Role ID of an AppRole.
126    ///
127    /// See [UpdateRoleIDRequest]
128    pub async fn update_id(
129        client: &impl Client,
130        mount: &str,
131        role_name: &str,
132        role_id: &str,
133    ) -> Result<(), ClientError> {
134        let endpoint = UpdateRoleIDRequest::builder()
135            .mount(mount)
136            .role_name(role_name)
137            .role_id(role_id)
138            .build()
139            .unwrap();
140        api::exec_with_empty(client, endpoint).await
141    }
142
143    pub mod secret {
144        use crate::api;
145        use crate::api::auth::approle::requests::{
146            CreateCustomSecretIDRequest, CreateCustomSecretIDRequestBuilder,
147            DeleteSecretIDAccessorRequest, DeleteSecretIDRequest, GenerateNewSecretIDRequest,
148            GenerateNewSecretIDRequestBuilder, ListSecretIDRequest, ReadSecretIDAccessorRequest,
149            ReadSecretIDRequest,
150        };
151        use crate::api::auth::approle::responses::{
152            CreateCustomSecretIDResponse, GenerateNewSecretIDResponse, ListSecretIDResponse,
153            ReadSecretIDResponse,
154        };
155        use crate::client::Client;
156        use crate::error::ClientError;
157
158        /// Creates a custom secret ID.
159        ///
160        /// See [CreateCustomSecretIDRequest]
161        pub async fn custom(
162            client: &impl Client,
163            mount: &str,
164            role_name: &str,
165            secret_id: &str,
166            opts: Option<&mut CreateCustomSecretIDRequestBuilder>,
167        ) -> Result<CreateCustomSecretIDResponse, ClientError> {
168            let mut t = CreateCustomSecretIDRequest::builder();
169            let endpoint = opts
170                .unwrap_or(&mut t)
171                .mount(mount)
172                .role_name(role_name)
173                .secret_id(secret_id)
174                .build()
175                .unwrap();
176            api::exec_with_result(client, endpoint).await
177        }
178
179        /// Deletes an AppRole secret ID.
180        ///
181        /// See [DeleteSecretIDRequest]
182        pub async fn delete(
183            client: &impl Client,
184            mount: &str,
185            role_name: &str,
186            secret_id: &str,
187        ) -> Result<(), ClientError> {
188            let endpoint = DeleteSecretIDRequest::builder()
189                .mount(mount)
190                .role_name(role_name)
191                .secret_id(secret_id)
192                .build()
193                .unwrap();
194            api::exec_with_empty(client, endpoint).await
195        }
196
197        /// Deletes an AppRole secret ID by accessor.
198        ///
199        /// See [DeleteSecretIDAccessorRequest]
200        pub async fn delete_accessor(
201            client: &impl Client,
202            mount: &str,
203            role_name: &str,
204            secret_id_accessor: &str,
205        ) -> Result<(), ClientError> {
206            let endpoint = DeleteSecretIDAccessorRequest::builder()
207                .mount(mount)
208                .role_name(role_name)
209                .secret_id_accessor(secret_id_accessor)
210                .build()
211                .unwrap();
212            api::exec_with_empty(client, endpoint).await
213        }
214
215        /// Generates and issues a new SecretID on an existing AppRole.
216        ///
217        /// See [GenerateNewSecretIDRequest]
218        pub async fn generate(
219            client: &impl Client,
220            mount: &str,
221            role_name: &str,
222            opts: Option<&mut GenerateNewSecretIDRequestBuilder>,
223        ) -> Result<GenerateNewSecretIDResponse, ClientError> {
224            let mut t = GenerateNewSecretIDRequest::builder();
225            let endpoint = opts
226                .unwrap_or(&mut t)
227                .mount(mount)
228                .role_name(role_name)
229                .build()
230                .unwrap();
231            api::exec_with_result(client, endpoint).await
232        }
233
234        /// Lists ApplRole secret IDs.
235        ///
236        /// See [ListSecretIDRequest]
237        pub async fn list(
238            client: &impl Client,
239            mount: &str,
240            role_name: &str,
241        ) -> Result<ListSecretIDResponse, ClientError> {
242            let endpoint = ListSecretIDRequest::builder()
243                .mount(mount)
244                .role_name(role_name)
245                .build()
246                .unwrap();
247            api::exec_with_result(client, endpoint).await
248        }
249
250        /// Reads an AppleRole secret ID.
251        ///
252        /// See [ReadSecretIDRequest]
253        pub async fn read(
254            client: &impl Client,
255            mount: &str,
256            role_name: &str,
257            secret_id: &str,
258        ) -> Result<ReadSecretIDResponse, ClientError> {
259            let endpoint = ReadSecretIDRequest::builder()
260                .mount(mount)
261                .role_name(role_name)
262                .secret_id(secret_id)
263                .build()
264                .unwrap();
265            api::exec_with_result(client, endpoint).await
266        }
267
268        /// Reads an AppleRole secret ID by accessor.
269        ///
270        /// See [ReadSecretIDAccessorRequest]
271        pub async fn read_accessor(
272            client: &impl Client,
273            mount: &str,
274            role_name: &str,
275            secret_id_accessor: &str,
276        ) -> Result<ReadSecretIDResponse, ClientError> {
277            let endpoint = ReadSecretIDAccessorRequest::builder()
278                .mount(mount)
279                .role_name(role_name)
280                .secret_id_accessor(secret_id_accessor)
281                .build()
282                .unwrap();
283            api::exec_with_result(client, endpoint).await
284        }
285    }
286}