Merge pull request #136 from wa5i/cli

Implemented CLI commands for secrets and it's subcommands.

Author: Paul Yang

src/api/auth_token.rs

@@ -0,0 +1,139 @@
+use std::collections::HashMap;
+
+use derive_more::Deref;
+use serde::{Deserialize, Serialize};
+
+use super::{Client, HttpResponse};
+use crate::errors::RvError;
+
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+pub struct TokenInput {
+    #[serde(default)]
+    pub id: String,
+    #[serde(default)]
+    pub policies: Vec<String>,
+    #[serde(default)]
+    pub meta: HashMap<String, String>,
+    #[serde(default)]
+    pub lease: String,
+    #[serde(default)]
+    pub ttl: String,
+    #[serde(default)]
+    pub explicit_max_ttl: String,
+    #[serde(default)]
+    pub period: String,
+    #[serde(default)]
+    pub no_parent: bool,
+    #[serde(default)]
+    pub no_default_policy: bool,
+    pub display_name: String,
+    pub num_uses: u32,
+    #[serde(default)]
+    pub renewable: bool,
+    #[serde(default, rename = "type")]
+    pub logical_type: String,
+}
+
+#[derive(Deref)]
+pub struct TokenAuth<'a> {
+    #[deref]
+    pub client: &'a Client,
+}
+
+impl Client {
+    pub fn token(&self) -> TokenAuth {
+        TokenAuth { client: self }
+    }
+}
+
+impl TokenAuth<'_> {
+    pub fn create(&self, input: &TokenInput) -> Result<HttpResponse, RvError> {
+        let data = serde_json::to_value(input)?;
+        self.request_write("/v1/auth/token/create", data.as_object().cloned())
+    }
+
+    pub fn create_orphan(&self, input: &TokenInput) -> Result<HttpResponse, RvError> {
+        let data = serde_json::to_value(input)?;
+        self.request_write("/v1/auth/token/create-orphan", data.as_object().cloned())
+    }
+
+    pub fn create_with_role(&self, input: &TokenInput, role_name: &str) -> Result<HttpResponse, RvError> {
+        let data = serde_json::to_value(input)?;
+        self.request_write(&format!("/v1/auth/token/create/{}", role_name), data.as_object().cloned())
+    }
+
+    pub fn lookup(&self, token: &str) -> Result<HttpResponse, RvError> {
+        let data = serde_json::json!({
+            "token": token,
+        });
+        self.request_write("/v1/auth/token/lookup", data.as_object().cloned())
+    }
+
+    pub fn lookup_accessor(&self, accessor: &str) -> Result<HttpResponse, RvError> {
+        let data = serde_json::json!({
+            "accessor": accessor,
+        });
+        self.request_write("/v1/auth/token/lookup-accessor", data.as_object().cloned())
+    }
+
+    pub fn lookup_self(&self) -> Result<HttpResponse, RvError> {
+        self.request_get("/v1/auth/token/lookup-self")
+    }
+
+    pub fn renew(&self, token: &str, increment: u32) -> Result<HttpResponse, RvError> {
+        let data = serde_json::json!({
+            "token": token,
+            "increment": increment,
+        });
+        self.request_write("/v1/auth/token/renew", data.as_object().cloned())
+    }
+
+    pub fn renew_accessor(&self, accessor: &str, increment: u32) -> Result<HttpResponse, RvError> {
+        let data = serde_json::json!({
+            "accessor": accessor,
+            "increment": increment,
+        });
+        self.request_write("/v1/auth/token/renew-accessor", data.as_object().cloned())
+    }
+
+    pub fn renew_self(&self, increment: u32) -> Result<HttpResponse, RvError> {
+        let data = serde_json::json!({
+            "increment": increment,
+        });
+        self.request_write("/v1/auth/token/renew-self", data.as_object().cloned())
+    }
+
+    pub fn renew_token_as_self(&self, token: &str, increment: u32) -> Result<HttpResponse, RvError> {
+        let mut client = self.client.clone();
+        client.token = token.to_string();
+        let data = serde_json::json!({
+            "increment": increment,
+        });
+        client.request_write("/v1/auth/token/renew-self", data.as_object().cloned())
+    }
+
+    pub fn revoke_accessor(&self, accessor: &str) -> Result<HttpResponse, RvError> {
+        let data = serde_json::json!({
+            "accessor": accessor,
+        });
+        self.request_write("/v1/auth/token/revoke-accessor", data.as_object().cloned())
+    }
+
+    pub fn revoke_orphan(&self, token: &str) -> Result<HttpResponse, RvError> {
+        let data = serde_json::json!({
+            "token": token,
+        });
+        self.request_put("/v1/auth/token/revoke-orphan", data.as_object().cloned())
+    }
+
+    pub fn revoke_self(&self) -> Result<HttpResponse, RvError> {
+        self.request_put("/v1/auth/token/revoke-self", None)
+    }
+
+    pub fn revoke_tree(&self, token: &str) -> Result<HttpResponse, RvError> {
+        let data = serde_json::json!({
+            "token": token,
+        });
+        self.request_put("/v1/auth/token/revoke", data.as_object().cloned())
+    }
+}

src/api/client.rs

@@ -17,7 +17,7 @@ pub struct TLSConfig {
     client_config: ClientConfig,
 }
 
-#[derive(Default)]
+#[derive(Default, Clone)]
 pub struct TLSConfigBuilder {
     pub server_ca_pem: Option<Vec<u8>>,
     pub client_cert_pem: Option<Vec<u8>>,
@@ -26,7 +26,7 @@ pub struct TLSConfigBuilder {
     pub insecure: bool,
 }
 
-#[derive(Default)]
+#[derive(Default, Clone)]
 pub struct Client {
     #[default("https://127.0.0.1:8200".into())]
     pub address: String,

src/api/mod.rs

@@ -3,6 +3,7 @@
 use serde_json::Value;
 
 pub mod auth;
+pub mod auth_token;
 pub mod client;
 pub mod logical;
 pub mod secret;

src/api/secret.rs

@@ -3,7 +3,9 @@ use std::collections::HashMap;
 use serde::{Deserialize, Serialize};
 use serde_json::{Map, Value};
 
-#[derive(Debug, Clone, Serialize, Deserialize)]
+use crate::{errors::RvError, rv_error_string};
+
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
 pub struct Secret {
     #[serde(default)]
     pub request_id: String,
@@ -19,7 +21,7 @@ pub struct Secret {
     pub auth: Option<SecretAuth>,
 }
 
-#[derive(Debug, Clone, Serialize, Deserialize)]
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
 pub struct SecretAuth {
     #[serde(default)]
     pub client_token: String,
@@ -36,7 +38,131 @@ pub struct SecretAuth {
     #[serde(default)]
     pub entity_id: String,
     #[serde(default)]
-    pub lease_duration: u32,
+    pub lease_duration: u64,
     #[serde(default)]
     pub renewable: bool,
 }
+
+impl Secret {
+    pub fn token_is_renewable(&self) -> Result<bool, RvError> {
+        if let Some(auth) = &self.auth {
+            return Ok(auth.renewable);
+        }
+
+        let Some(renewable_value) = self.data.get("renewable") else {
+            return Ok(false);
+        };
+
+        let Some(renewable) = renewable_value.as_bool() else {
+            return Err(rv_error_string!("token id found but in the wrong format"));
+        };
+
+        Ok(renewable)
+    }
+
+    pub fn token_id(&self) -> Result<String, RvError> {
+        if let Some(auth) = &self.auth {
+            if !auth.client_token.is_empty() {
+                return Ok(auth.client_token.clone());
+            }
+        }
+
+        let Some(id_value) = self.data.get("id") else {
+            return Ok("".into());
+        };
+
+        let Some(id) = id_value.as_str() else {
+            return Err(rv_error_string!("token id found but in the wrong format"));
+        };
+
+        Ok(id.to_string())
+    }
+
+    pub fn token_accessor(&self) -> Result<String, RvError> {
+        if let Some(auth) = &self.auth {
+            if !auth.accessor.is_empty() {
+                return Ok(auth.accessor.clone());
+            }
+        }
+
+        let Some(accessor_value) = self.data.get("accessor") else {
+            return Ok("".into());
+        };
+
+        let Some(accessor) = accessor_value.as_str() else {
+            return Err(rv_error_string!("token accessor found but in the wrong format"));
+        };
+
+        Ok(accessor.to_string())
+    }
+
+    pub fn token_policies(&self) -> Result<Vec<String>, RvError> {
+        if let Some(auth) = &self.auth {
+            if !auth.policies.is_empty() {
+                return Ok(auth.policies.clone());
+            }
+        }
+
+        let Some(policies_value) = self.data.get("policies") else {
+            return Ok(vec![]);
+        };
+
+        let Some(policies) = policies_value.as_array() else {
+            return Err(rv_error_string!("token policies found but in the wrong format"));
+        };
+
+        Ok(policies.iter().filter_map(|v| v.as_str().map(|s| s.to_string())).collect())
+    }
+
+    pub fn token_ttl(&self) -> Result<u64, RvError> {
+        if let Some(auth) = &self.auth {
+            return Ok(auth.lease_duration);
+        }
+
+        let Some(ttl_value) = self.data.get("ttl") else {
+            return Ok(0);
+        };
+
+        let Some(ttl) = ttl_value.as_u64() else {
+            return Err(rv_error_string!("token ttl found but in the wrong format"));
+        };
+
+        Ok(ttl)
+    }
+
+    pub fn token_metadata(&self) -> Result<HashMap<String, String>, RvError> {
+        if let Some(auth) = &self.auth {
+            if !auth.metadata.is_empty() {
+                return Ok(auth.metadata.clone());
+            }
+        }
+
+        if let Some(data) = self.data.get("metadata") {
+            let Some(metadata) = data.as_object() else {
+                return Err(rv_error_string!("token metadata found but in the wrong format"));
+            };
+
+            return Ok(metadata.into_iter().map(|(k, v)| (k.to_string(), value_to_string(v))).collect());
+        }
+
+        if let Some(data) = self.data.get("meta") {
+            let Some(meta) = data.as_object() else {
+                return Err(rv_error_string!("token meta found but in the wrong format"));
+            };
+
+            return Ok(meta.into_iter().map(|(k, v)| (k.to_string(), value_to_string(v))).collect());
+        }
+
+        Ok(HashMap::new())
+    }
+}
+
+fn value_to_string(value: &Value) -> String {
+    match value {
+        Value::String(s) => s.clone(),
+        Value::Number(n) => n.to_string(),
+        Value::Bool(b) => b.to_string(),
+        Value::Null => "null".to_string(),
+        _ => "".to_string(),
+    }
+}