Skip to content

Commit

Permalink
Merge pull request #82 from Haennetz/feature/prepare_release_0.7.1
Browse files Browse the repository at this point in the history
Feature/release 0.7.1
  • Loading branch information
Haennetz authored Mar 16, 2024
2 parents 192ba2a + 53025a6 commit f317bfa
Show file tree
Hide file tree
Showing 42 changed files with 387 additions and 549 deletions.
17 changes: 17 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,23 @@ and this project adheres to

## [Unreleased]

## [0.7.1] - 202-03-16

### Added

- The `X-Vault-Request` Header to each request.
- Support for Client Certificate.
- Support custom metadata in KV2 secret engine.
- Support `expiration` field to `GenerateCertificateResponse`.
- Support for `AWS` secret engine.
- Partial support for `identity` secret engine (`entity`, `entity_alias`, `group` and `group_alias`).
### Fixed

- Issue with the `native-tls` feature where it doesn't compile.
- Issue where a URL was encoded twice what leads to wrong paths.
- Wrong name for `derived` filed in `CreateKeyRequest`.
- RUSTSEC-2023-0052 by bumping aws modules to the latest version.

## [0.7.0] - 2023-03-25

### Added
Expand Down
4 changes: 2 additions & 2 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ configuring roles.

This library leans heavily on [rustify](https://docs.rs/rustify/0.1.0/rustify/)
in order to scaffold the Vault API endpoints. Hashicorp also has [extensive
documentation](https://www.vaultproject.io/api) available for all supported
documentation](https://developer.hashicorp.com/vault/api-docs) available for all supported
endpoints. Vault uses the concepts of *secret engines* in order to categorize
the functionality offered by the software. For exampele, there's a PKI engine,
KV engine, SSH engine, various database engines, etc. This library takes
Expand All @@ -45,7 +45,7 @@ crate root which provides the high level API functions for the engine.
/// * Path: {self.mount}/root/generate/{self.cert_type}
/// * Method: POST
/// * Response: [Option<GenerateRootResponse]
/// * Reference: https://www.vaultproject.io/api/secret/pki#generate-root
/// * Reference: https://developer.hashicorp.com/vault/api-docssecret/pki#generate-root
#[skip_serializing_none]
#[derive(Builder, Debug, Default, Endpoint, Serialize)]
#[endpoint(
Expand Down
2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "vaultrs"
version = "0.7.0"
version = "0.7.1"
authors = ["Joshua Gilman <[email protected]>"]
description = "An asynchronous Rust client library for the Hashicorp Vault API."
license = "MIT"
Expand Down
99 changes: 55 additions & 44 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<a href="https://docs.rs/vaultrs">
<img src="https://img.shields.io/docsrs/vaultrs" />
</a>
<a href="https://www.vaultproject.io/">
<a href="https://developer.hashicorp.com/vault/">
<img src="https://img.shields.io/badge/Vault-1.8.2-green" />
</a>
<a href="https://github.com/jmgilman/vaultrs/actions/workflows/ci.yml">
Expand All @@ -20,25 +20,26 @@
The following features are currently supported:

- Auth
- [AppRole](https://www.vaultproject.io/docs/auth/approle)
- [AWS](https://www.vaultproject.io/docs/auth/aws)
- [JWT/OIDC](https://www.vaultproject.io/api-docs/auth/jwt)
- [Kubernetes](https://www.vaultproject.io/docs/auth/kubernetes)
- [Token](https://www.vaultproject.io/docs/auth/token)
- [Userpass](https://www.vaultproject.io/docs/auth/userpass)
- [AppRole](https://developer.hashicorp.com/vault/docs/auth/approle)
- [AWS](https://developer.hashicorp.com/vault/docs/auth/aws)
- [JWT/OIDC](https://developer.hashicorp.com/vault/api-docs/auth/jwt)
- [Kubernetes](https://developer.hashicorp.com/vault/docs/auth/kubernetes)
- [Token](https://developer.hashicorp.com/vault/docs/auth/token)
- [Certificate](https://developer.hashicorp.com/vault/docs/auth/cert)
- [Userpass](https://developer.hashicorp.com/vault/docs/auth/userpass)
- Secrets
- [AWS](https://developer.hashicorp.com/vault/docs/secrets/aws)
- [Databases](https://www.vaultproject.io/api-docs/secret/databases)
- [KV v1](https://www.vaultproject.io/docs/secrets/kv/kv-v1)
- [KV v2](https://www.vaultproject.io/docs/secrets/kv/kv-v2)
- [PKI](https://www.vaultproject.io/docs/secrets/pki)
- [SSH](https://www.vaultproject.io/docs/secrets/ssh)
- [Transit](https://www.vaultproject.io/api-docs/secret/transit)
- [Databases](https://developer.hashicorp.com/vault/api-docs/secret/databases)
- [KV v1](https://developer.hashicorp.com/vault/docs/secrets/kv/kv-v1)
- [KV v2](https://developer.hashicorp.com/vault/docs/secrets/kv/kv-v2)
- [PKI](https://developer.hashicorp.com/vault/docs/secrets/pki)
- [SSH](https://developer.hashicorp.com/vault/docs/secrets/ssh)
- [Transit](https://developer.hashicorp.com/vault/api-docs/secret/transit)
- Sys
- [Health](https://www.vaultproject.io/api-docs/system/health)
- [Policies](https://www.vaultproject.io/api-docs/system/policy)
- [Sealing](https://www.vaultproject.io/api-docs/system/seal)
- [Wrapping](https://www.vaultproject.io/docs/concepts/response-wrapping)
- [Health](https://developer.hashicorp.com/vault/api-docs/system/health)
- [Policies](https://developer.hashicorp.com/vault/api-docs/system/policy)
- [Sealing](https://developer.hashicorp.com/vault/api-docs/system/seal)
- [Wrapping](https://developer.hashicorp.com/vault/docs/concepts/response-wrapping)

See something missing?
[Open an issue](https://github.com/jmgilman/vaultrs/issues/new).
Expand All @@ -59,15 +60,15 @@ Then, add `vaultrs` as a dependency to your cargo.toml:

```toml
[dependencies]
vaultrs = "0.7.0"
vaultrs = "0.7.1"
```

2. To use [rust-native-tls](https://github.com/sfackler/rust-native-tls), which
builds on your platform-specific TLS implementation, specify:

```toml
[dependencies]
vaultrs = { version = "0.6.2", default-features = false, features = [ "native-tls" ] }
vaultrs = { version = "0.7.1", default-features = false, features = [ "native-tls" ] }
```

## Usage
Expand Down Expand Up @@ -98,30 +99,33 @@ let client = VaultClient::new(
The library currently supports all operations available for the
AWS Secret Engine.

See [tests/aws.rs](./tests/aws.rs) for more examples.
See [tests/aws.rs][4] for more examples.

```rust,ignore
use vaultrs::sys::mount;
use vaultrs::aws;
use vaultrs::api::aws::requests::{SetConfigurationRequest, CreateUpdateRoleRequest, GenerateCredentialsRequest};
```rust
// Mount AWS SE
server.mount_secret(client, path, "aws").await?;
let endpoint = AwsSecretEngineEndpoint { path: path }
mount::enable(&client, "aws_test", "aws", None).await?;
// Configure AWS SE
aws::config::set(client, &endpoint.path, "access_key", "secret_key", Some(SetConfigurationRequest::builder()
aws::config::set(&client, "aws_test", "access_key", "secret_key", Some(SetConfigurationRequest::builder()
.max_retries(3)
.region("eu-central-1")
)).await?,
)).await?;
// Create HVault role
aws::roles::create_update(client, &endpoint.path, "my_role", "assumed_role", Some(CreateUpdateRoleRequest::builder()
.role_arns( vec!["arn:aws:iam::123456789012:role/test_role"] )
)).await?
aws::roles::create_update(&client, "aws_test", "my_role", "assumed_role", Some(CreateUpdateRoleRequest::builder()
.role_arns( vec!["arn:aws:iam::123456789012:role/test_role".to_string()] )
)).await?;
// Generate credentials
let res = aws::roles::credentials(client, &endpoint.path, "my_role", Some(GenerateCredentialsRequest::builder()
let res = aws::roles::credentials(&client, "aws_test", "my_role", Some(GenerateCredentialsRequest::builder()
.ttl("3h")
)).await?;
let creds = res.unwrap();
let creds = res;
// creds.access_key
// creds.secret_key
// creds.security_token
Expand All @@ -132,7 +136,7 @@ let creds = res.unwrap();
The library currently supports all operations available for version 2 of the
key/value store.

```rust
```rust,ignore
use serde::{Deserialize, Serialize};
use vaultrs::kv2;
Expand Down Expand Up @@ -163,31 +167,34 @@ println!("{}", secret.password); // "secret"
The library currently supports all operations available for version 1 of the
key/value store.

```rust
```rust,ignore
use vaultrs::kv1;
use std::collections::HashMap;
let my_secrets = HashMap::from([
("key1".to_string(), "value1".to_string()),
("key2".to_string(), "value2".to_string())
]);
kv1::set(&client, mount, "my/secrets", &my_secrets).await.unwrap();
kv1::set(&client, "secret", "my/secrets", &my_secrets).await.unwrap();
let read_secrets: HashMap<String, String> = kv1::get(&client, &mount, "my/secrets").await.unwrap();
let read_secrets: HashMap<String, String> = kv1::get(&client, "secret", "my/secrets").await.unwrap();
println!("{:}", read_secrets.get("key1").unwrap()); // value1
let list_secret = kv1::list(&client, &mount, "my").await.unwrap();
let list_secret = kv1::list(&client, "secret", "my").await.unwrap();
println!("{:?}", list_secret.data.keys); // [ "secrets" ]
kv1::delete(&client, &mount, "my/secrets").await.unwrap();
kv1::delete(&client, "secret", "my/secrets").await.unwrap();
```

### PKI

The library currently supports all operations available for the PKI secrets
engine.

```rust
```rust,ignore
use vaultrs::api::pki::requests::GenerateCertificateRequest;
use vaultrs::pki::cert;
Expand All @@ -204,12 +211,13 @@ println!("{}", cert.certificate) // "{PEM encoded certificate}"
### Transit

The library supports most operations for the
[Transit](https://www.vaultproject.io/api-docs/secret/transit) secrets engine,
[Transit](https://developer.hashicorp.com/vault/api-docs/secret/transit) secrets engine,
other than importing keys or `batch_input` parameters.

```rust
```rust,ignore
use vaultrs::api::transit::requests::CreateKeyRequest;
use vaultrs::api::transit::KeyType;
use vaultrs::transit::key;
// Create an encryption key using the /transit backend
key::create(
Expand All @@ -226,10 +234,10 @@ key::create(
### Wrapping

All requests implement the ability to be
[wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping). These
[wrapped](https://developer.hashicorp.com/vault/docs/concepts/response-wrapping). These
can be passed in your application internally before being unwrapped.

```rust
```rust,ignore
use vaultrs::api::ResponseWrapper;
use vaultrs::api::sys::requests::ListMountsRequest;
Expand Down Expand Up @@ -260,7 +268,7 @@ attribute.

## Testing

See the the [tests](tests) directory for tests. Run tests with `cargo test`.
See the the [tests][3] directory for tests. Run tests with `cargo test`.

**Note**: All tests rely on bringing up a local Vault development server using
Docker. In order to run tests Docker must be running locally (Docker Desktop
Expand All @@ -277,8 +285,11 @@ then:
4. Push to the branch (git push origin feature/fooBar)
5. Create a new Pull Request

See [CONTRIBUTING](CONTRIBUTING.md) for extensive documentation on the
See [CONTRIBUTING][5] for extensive documentation on the
architecture of this library and how to add additional functionality to it.

[1]: https://www.vaultproject.io/
[1]: https://developer.hashicorp.com/vault/
[2]: https://github.com/jmgilman/vaultrs/issues
[3]: https://github.com/jmgilman/vaultrs/tree/master/tests
[4]: https://github.com/jmgilman/vaultrs/tree/master/tests/aws.rs
[5]: https://github.com/jmgilman/vaultrs/tree/master/CONTRIBUTING.md
3 changes: 1 addition & 2 deletions src/api.rs
Original file line number Diff line number Diff line change
Expand Up @@ -74,12 +74,11 @@ pub struct AuthInfo {

/// Represents an API response that has been wrapped by a unique token.
///
/// See [response wrapping][1] for details on how this works. This struct stores
/// See [response wrapping][<https://developer.hashicorp.com/vault/docs/concepts/response-wrapping>] for details on how this works. This struct stores
/// the unique token returned by the server as well as the original endpoint
/// request that generated this token. The struct contains methods for
/// interacting with the wrapped response.
///
// [1]: https://www.vaultproject.io/docs/concepts/response-wrapping
pub struct WrappedResponse<E: Endpoint> {
pub info: WrapInfo,
pub endpoint: rustify::endpoint::EndpointResult<E::Response>,
Expand Down
Loading

0 comments on commit f317bfa

Please sign in to comment.