From a898f0b128f85d2db94bf43bdbcf10c99581c211 Mon Sep 17 00:00:00 2001 From: stormshield-gt <143998166+stormshield-gt@users.noreply.github.com.> Date: Mon, 15 Apr 2024 14:52:30 +0200 Subject: [PATCH 1/2] add disable mount endpoit --- src/api/sys/requests.rs | 16 ++++++++++++++++ src/sys.rs | 11 ++++++++++- tests/sys.rs | 6 ++++++ 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/src/api/sys/requests.rs b/src/api/sys/requests.rs index 9af34b8..adb4876 100644 --- a/src/api/sys/requests.rs +++ b/src/api/sys/requests.rs @@ -41,6 +41,22 @@ pub struct EnableEngineDataConfig { pub allowed_response_headers: Option>, } +/// ## Disable Secrets Engine +/// This endpoint disables the mount point specified in the URL. +/// +/// * Path: sys/mounts/{self.path} +/// * Method: DELETE +/// * Response: N/A +/// * Reference: + +#[derive(Builder, Debug, Default, Endpoint, Serialize)] +#[endpoint(path = "sys/mounts/{self.path}", method = "DELETE", builder = "true")] +#[builder(setter(into, strip_option), default)] +pub struct DisableEngineRequest { + #[endpoint(skip)] + pub path: String, +} + /// ## List Mounted Secrets Engines /// This endpoints lists all the mounted secrets engines. /// diff --git a/src/sys.rs b/src/sys.rs index e0aefb8..4962d2d 100644 --- a/src/sys.rs +++ b/src/sys.rs @@ -158,7 +158,7 @@ pub mod mount { use crate::api; use crate::api::sys::requests::{ - EnableEngineRequest, EnableEngineRequestBuilder, ListMountsRequest, + DisableEngineRequest, EnableEngineRequest, EnableEngineRequestBuilder, ListMountsRequest, }; use crate::api::sys::responses::MountResponse; use crate::client::Client; @@ -183,6 +183,15 @@ pub mod mount { api::exec_with_empty(client, endpoint).await } + /// Disable a secret engine at the given path + /// + /// See [DisableEngineRequest] + #[instrument(skip(client), err)] + pub async fn disable(client: &impl Client, path: &str) -> Result<(), ClientError> { + let endpoint = DisableEngineRequest::builder().path(path).build().unwrap(); + api::exec_with_empty(client, endpoint).await + } + /// Lists all mounted secret engines /// /// See [ListMountsRequest] diff --git a/tests/sys.rs b/tests/sys.rs index efb94dc..c4ed52d 100644 --- a/tests/sys.rs +++ b/tests/sys.rs @@ -35,6 +35,7 @@ fn test() { // Test mount crate::mount::test_create_mount(&client).await; crate::mount::test_list_mount(&client).await; + crate::mount::test_delete_mount(&client).await; // Test auth crate::auth::test_create_auth(&client).await; @@ -130,6 +131,11 @@ mod mount { let resp = mount::list(client).await; assert!(resp.is_ok()); } + + pub async fn test_delete_mount(client: &impl Client) { + let resp = mount::disable(client, "pki_temp").await; + assert!(resp.is_ok()); + } } mod auth { From 985032078920d28ffaba0f7dfe2b1a0e53649816 Mon Sep 17 00:00:00 2001 From: stormshield-gt <143998166+stormshield-gt@users.noreply.github.com.> Date: Mon, 15 Apr 2024 15:23:05 +0200 Subject: [PATCH 2/2] add get configuration of the secret engine --- src/api/sys/requests.rs | 26 ++++++++++++++++++++++++-- src/api/sys/responses.rs | 19 +++++++++++++++++++ src/sys.rs | 20 ++++++++++++++++++-- tests/sys.rs | 14 ++++++++++++-- 4 files changed, 73 insertions(+), 6 deletions(-) diff --git a/src/api/sys/requests.rs b/src/api/sys/requests.rs index adb4876..2a618ff 100644 --- a/src/api/sys/requests.rs +++ b/src/api/sys/requests.rs @@ -1,6 +1,7 @@ use super::responses::{ - AuthResponse, ListPoliciesResponse, MountResponse, RandomResponse, ReadHealthResponse, - ReadPolicyResponse, StartInitializationResponse, UnsealResponse, WrappingLookupResponse, + AuthResponse, GetConfigurationOfTheSecretEngineResponse, ListPoliciesResponse, MountResponse, + RandomResponse, ReadHealthResponse, ReadPolicyResponse, StartInitializationResponse, + UnsealResponse, WrappingLookupResponse, }; use rustify_derive::Endpoint; use serde::Serialize; @@ -57,6 +58,27 @@ pub struct DisableEngineRequest { pub path: String, } +/// ## Get the configuration of a secret engine +/// This endpoint returns the configuration of a specific secret engine. +/// +/// * Path: sys/mounts/{self.path} +/// * Method: GET +/// * Response: GetConfigurationOfTheSecretEngineResponse +/// * Reference: + +#[derive(Builder, Debug, Default, Endpoint, Serialize)] +#[endpoint( + path = "sys/mounts/{self.path}", + method = "GET", + builder = "true", + response = "GetConfigurationOfTheSecretEngineResponse" +)] +#[builder(setter(into, strip_option), default)] +pub struct GetConfigurationOfTheSecretEngineRequest { + #[endpoint(skip)] + pub path: String, +} + /// ## List Mounted Secrets Engines /// This endpoints lists all the mounted secrets engines. /// diff --git a/src/api/sys/responses.rs b/src/api/sys/responses.rs index 00f1216..9ae4ad2 100644 --- a/src/api/sys/responses.rs +++ b/src/api/sys/responses.rs @@ -27,6 +27,25 @@ pub struct MountConfigResponse { pub max_lease_ttl: u64, } +/// Response from executing +/// [GetConfigurationOfTheSecretEngineRequest][crate::api::sys::requests::GetConfigurationOfTheSecretEngineRequest ] +#[derive(Deserialize, Debug, Serialize)] +pub struct GetConfigurationOfTheSecretEngineResponse { + pub accessor: String, + pub config: MountConfigResponse, + pub description: String, + pub external_entropy_access: bool, + pub local: bool, + pub options: Option>, + pub plugin_version: Option, + pub running_plugin_version: Option, + pub running_sha256: Option, + pub seal_wrap: bool, + #[serde(rename = "type")] + pub mount_type: String, + pub uuid: String, +} + /// Response from executing /// [ListAuthsRequest][crate::api::sys::requests::ListAuthsRequest] #[derive(Deserialize, Debug, Serialize)] diff --git a/src/sys.rs b/src/sys.rs index 4962d2d..57c4d2a 100644 --- a/src/sys.rs +++ b/src/sys.rs @@ -158,9 +158,10 @@ pub mod mount { use crate::api; use crate::api::sys::requests::{ - DisableEngineRequest, EnableEngineRequest, EnableEngineRequestBuilder, ListMountsRequest, + DisableEngineRequest, EnableEngineRequest, EnableEngineRequestBuilder, + GetConfigurationOfTheSecretEngineRequest, ListMountsRequest, }; - use crate::api::sys::responses::MountResponse; + use crate::api::sys::responses::{GetConfigurationOfTheSecretEngineResponse, MountResponse}; use crate::client::Client; use crate::error::ClientError; @@ -192,6 +193,21 @@ pub mod mount { api::exec_with_empty(client, endpoint).await } + /// This endpoint returns the configuration of a specific secret engine. + /// + /// See [GetConfigurationOfTheSecretEngineRequest] + #[instrument(skip(client), err)] + pub async fn get_configuration_of_a_secret_engine( + client: &impl Client, + path: &str, + ) -> Result { + let endpoint = GetConfigurationOfTheSecretEngineRequest::builder() + .path(path) + .build() + .unwrap(); + api::exec_with_result(client, endpoint).await + } + /// Lists all mounted secret engines /// /// See [ListMountsRequest] diff --git a/tests/sys.rs b/tests/sys.rs index c4ed52d..3757182 100644 --- a/tests/sys.rs +++ b/tests/sys.rs @@ -35,6 +35,7 @@ fn test() { // Test mount crate::mount::test_create_mount(&client).await; crate::mount::test_list_mount(&client).await; + crate::mount::test_get_configuration_of_a_secret_engine(&client).await; crate::mount::test_delete_mount(&client).await; // Test auth @@ -131,10 +132,19 @@ mod mount { let resp = mount::list(client).await; assert!(resp.is_ok()); } + pub async fn test_get_configuration_of_a_secret_engine(client: &impl Client) { + mount::get_configuration_of_a_secret_engine(client, "pki_temp") + .await + .unwrap(); + } pub async fn test_delete_mount(client: &impl Client) { - let resp = mount::disable(client, "pki_temp").await; - assert!(resp.is_ok()); + mount::disable(client, "pki_temp").await.unwrap(); + assert!( + mount::get_configuration_of_a_secret_engine(client, "pki_temp") + .await + .is_err() + ); } }