vaultrs/
token.rs

1use crate::{
2    api::{
3        self,
4        token::{
5            requests::{
6                CreateOrphanTokenRequest, CreateOrphanTokenRequestBuilder, CreateRoleTokenRequest,
7                CreateRoleTokenRequestBuilder, CreateTokenRequest, CreateTokenRequestBuilder,
8                LookupTokenAccessorRequest, LookupTokenRequest, LookupTokenSelfRequest,
9                RenewTokenAccessorRequest, RenewTokenRequest, RenewTokenSelfRequest,
10                RevokeTokenAccessorRequest, RevokeTokenOrphanRequest, RevokeTokenRequest,
11                RevokeTokenSelfRequest, TidyRequest,
12            },
13            responses::LookupTokenResponse,
14        },
15        AuthInfo,
16    },
17    client::Client,
18    error::ClientError,
19};
20
21/// Looks up a token
22///
23/// See [LookupTokenResponse]
24pub async fn lookup(client: &impl Client, token: &str) -> Result<LookupTokenResponse, ClientError> {
25    let endpoint = LookupTokenRequest::builder().token(token).build().unwrap();
26    api::exec_with_result(client, endpoint).await
27}
28
29/// Looks up a token by its accessor ID
30///
31/// See [LookupTokenAccessorRequest]
32pub async fn lookup_accessor(
33    client: &impl Client,
34    accessor: &str,
35) -> Result<LookupTokenResponse, ClientError> {
36    let endpoint = LookupTokenAccessorRequest::builder()
37        .accessor(accessor)
38        .build()
39        .unwrap();
40    api::exec_with_result(client, endpoint).await
41}
42
43/// Looks up the token being sent in the header of this request
44///
45/// See [LookupTokenSelfRequest]
46pub async fn lookup_self(client: &impl Client) -> Result<LookupTokenResponse, ClientError> {
47    let endpoint = LookupTokenSelfRequest::builder().build().unwrap();
48    api::exec_with_result(client, endpoint).await
49}
50
51/// Creates a new token
52///
53/// See [CreateTokenRequest]
54pub async fn new(
55    client: &impl Client,
56    opts: Option<&mut CreateTokenRequestBuilder>,
57) -> Result<AuthInfo, ClientError> {
58    let mut t = CreateTokenRequest::builder();
59    let endpoint = opts.unwrap_or(&mut t).build().unwrap();
60    api::auth(client, endpoint).await
61}
62
63/// Creates a new orphan token
64///
65/// See [CreateOrphanTokenRequest]
66pub async fn new_orphan(
67    client: &impl Client,
68    opts: Option<&mut CreateOrphanTokenRequestBuilder>,
69) -> Result<AuthInfo, ClientError> {
70    let mut t = CreateOrphanTokenRequest::builder();
71    let endpoint = opts.unwrap_or(&mut t).build().unwrap();
72    api::auth(client, endpoint).await
73}
74
75/// Creates a new token based on a role
76///
77/// See [CreateRoleTokenRequest]
78pub async fn new_role(
79    client: &impl Client,
80    role: &str,
81    opts: Option<&mut CreateRoleTokenRequestBuilder>,
82) -> Result<AuthInfo, ClientError> {
83    let mut t = CreateRoleTokenRequest::builder();
84    let endpoint = opts.unwrap_or(&mut t).role_name(role).build().unwrap();
85    api::auth(client, endpoint).await
86}
87
88/// Renews a token
89///
90/// See [RenewTokenRequest]
91pub async fn renew(
92    client: &impl Client,
93    token: &str,
94    increment: Option<&str>,
95) -> Result<AuthInfo, ClientError> {
96    let mut endpoint = RenewTokenRequest::builder();
97    if let Some(inc) = increment {
98        endpoint.increment(inc);
99    }
100    api::auth(client, endpoint.token(token).build().unwrap()).await
101}
102
103/// Renews the token by its accessor ID
104///
105/// See [RenewTokenAccessorRequest]
106pub async fn renew_accessor(
107    client: &impl Client,
108    accessor: &str,
109    increment: Option<&str>,
110) -> Result<AuthInfo, ClientError> {
111    let mut endpoint = RenewTokenAccessorRequest::builder();
112    if let Some(inc) = increment {
113        endpoint.increment(inc);
114    }
115    api::auth(client, endpoint.accessor(accessor).build().unwrap()).await
116}
117
118/// Renews the token being sent in the header of this request
119///
120/// See [RenewTokenSelfRequest]
121pub async fn renew_self(
122    client: &impl Client,
123    increment: Option<&str>,
124) -> Result<AuthInfo, ClientError> {
125    let mut endpoint = RenewTokenSelfRequest::builder();
126    if let Some(inc) = increment {
127        endpoint.increment(inc);
128    }
129    api::auth(client, endpoint.build().unwrap()).await
130}
131
132/// Revokes a token
133///
134/// See [RevokeTokenRequest]
135pub async fn revoke(client: &impl Client, token: &str) -> Result<(), ClientError> {
136    let endpoint = RevokeTokenRequest::builder().token(token).build().unwrap();
137    api::exec_with_empty(client, endpoint).await
138}
139
140/// Revokes a token by its accessor ID
141///
142/// See [RevokeTokenAccessorRequest]
143pub async fn revoke_accessor(client: &impl Client, accessor: &str) -> Result<(), ClientError> {
144    let endpoint = RevokeTokenAccessorRequest::builder()
145        .accessor(accessor)
146        .build()
147        .unwrap();
148    api::exec_with_empty(client, endpoint).await
149}
150
151/// Revokes a token excluding any child tokens
152///
153/// See [RevokeTokenOrphanRequest]
154pub async fn revoke_orphan(client: &impl Client, token: &str) -> Result<(), ClientError> {
155    let endpoint = RevokeTokenOrphanRequest::builder()
156        .token(token)
157        .build()
158        .unwrap();
159    api::exec_with_empty(client, endpoint).await
160}
161
162/// Revokes the token being sent in the header of this request
163///
164/// See [RevokeTokenSelfRequest]
165pub async fn revoke_self(client: &impl Client) -> Result<(), ClientError> {
166    let endpoint = RevokeTokenSelfRequest::builder().build().unwrap();
167    api::exec_with_empty(client, endpoint).await
168}
169
170/// Tidy's up the token backend
171///
172/// See [TidyRequest]
173pub async fn tidy(client: &impl Client) -> Result<(), ClientError> {
174    let endpoint = TidyRequest::builder().build().unwrap();
175    api::exec_with_empty_result(client, endpoint).await
176}
177
178pub mod role {
179    use crate::{
180        api::{
181            self,
182            token::{
183                requests::{
184                    DeleteTokenRoleRequest, ListTokenRolesRequest, ReadTokenRoleRequest,
185                    SetTokenRoleRequest, SetTokenRoleRequestBuilder,
186                },
187                responses::{ListTokenRolesResponse, ReadTokenRoleResponse},
188            },
189        },
190        client::Client,
191        error::ClientError,
192    };
193
194    /// Deletes a token role
195    ///
196    /// See [DeleteTokenRoleRequest]
197    pub async fn delete(client: &impl Client, role_name: &str) -> Result<(), ClientError> {
198        let endpoint = DeleteTokenRoleRequest::builder()
199            .role_name(role_name)
200            .build()
201            .unwrap();
202        api::exec_with_empty(client, endpoint).await
203    }
204
205    /// List token roles
206    ///
207    /// See [ListTokenRolesRequest]
208    pub async fn list(client: &impl Client) -> Result<ListTokenRolesResponse, ClientError> {
209        let endpoint = ListTokenRolesRequest::builder().build().unwrap();
210        api::exec_with_result(client, endpoint).await
211    }
212
213    /// Read a token role
214    ///
215    /// See [ReadTokenRoleRequest]
216    pub async fn read(
217        client: &impl Client,
218        role_name: &str,
219    ) -> Result<ReadTokenRoleResponse, ClientError> {
220        let endpoint = ReadTokenRoleRequest::builder()
221            .role_name(role_name)
222            .build()
223            .unwrap();
224        api::exec_with_result(client, endpoint).await
225    }
226
227    /// Creates or updates a role
228    ///
229    /// See [SetTokenRoleRequest]
230    pub async fn set(
231        client: &impl Client,
232        role_name: &str,
233        opts: Option<&mut SetTokenRoleRequestBuilder>,
234    ) -> Result<(), ClientError> {
235        let mut t = SetTokenRoleRequest::builder();
236        let endpoint = opts.unwrap_or(&mut t).role_name(role_name).build().unwrap();
237        api::exec_with_empty(client, endpoint).await
238    }
239}