Merge pull request #82 from Haennetz/feature/prepare_release_0.7.1

Feature/release 0.7.1
jmgilman · Mar 16, 2024 · f317bfa · f317bfa
2 parents 192ba2a + 53025a6
commit f317bfa
Show file tree

Hide file tree

Showing 42 changed files with 387 additions and 549 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,23 @@ and this project adheres to
 
 ## [Unreleased]
 
+## [0.7.1] - 202-03-16
+
+### Added
+
+- The `X-Vault-Request` Header to each request.
+- Support for Client Certificate.
+- Support custom metadata in KV2 secret engine.
+- Support `expiration` field to `GenerateCertificateResponse`.
+- Support for `AWS` secret engine.
+- Partial support for `identity` secret engine (`entity`, `entity_alias`, `group` and `group_alias`).
+### Fixed
+
+- Issue with the `native-tls` feature where it doesn't compile.
+- Issue where a URL was encoded twice what leads to wrong paths.
+- Wrong name for `derived` filed in `CreateKeyRequest`.
+- RUSTSEC-2023-0052 by bumping aws modules to the latest version.
+
 ## [0.7.0] - 2023-03-25
 
 ### Added

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -23,7 +23,7 @@ configuring roles.
 
 This library leans heavily on [rustify](https://docs.rs/rustify/0.1.0/rustify/)
 in order to scaffold the Vault API endpoints. Hashicorp also has [extensive
-documentation](https://www.vaultproject.io/api) available for all supported
+documentation](https://developer.hashicorp.com/vault/api-docs) available for all supported
 endpoints. Vault uses the concepts of *secret engines* in order to categorize
 the functionality offered by the software. For exampele, there's a PKI engine,
 KV engine, SSH engine, various database engines, etc. This library takes
@@ -45,7 +45,7 @@ crate root which provides the high level API functions for the engine.
 /// * Path: {self.mount}/root/generate/{self.cert_type}
 /// * Method: POST
 /// * Response: [Option<GenerateRootResponse]
-/// * Reference: https://www.vaultproject.io/api/secret/pki#generate-root
+/// * Reference: https://developer.hashicorp.com/vault/api-docssecret/pki#generate-root
 #[skip_serializing_none]
 #[derive(Builder, Debug, Default, Endpoint, Serialize)]
 #[endpoint(

diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "vaultrs"
-version = "0.7.0"
+version = "0.7.1"
 authors = ["Joshua Gilman <joshuagilman@gmail.com>"]
 description = "An asynchronous Rust client library for the Hashicorp Vault API."
 license = "MIT"

diff --git a/README.md b/README.md
@@ -7,7 +7,7 @@
     <a href="https://docs.rs/vaultrs">
         <img src="https://img.shields.io/docsrs/vaultrs" />
     </a>
-    <a href="https://www.vaultproject.io/">
+    <a href="https://developer.hashicorp.com/vault/">
         <img src="https://img.shields.io/badge/Vault-1.8.2-green" />
     </a>
     <a href="https://github.com/jmgilman/vaultrs/actions/workflows/ci.yml">
@@ -20,25 +20,26 @@
 The following features are currently supported:
 
 - Auth
-  - [AppRole](https://www.vaultproject.io/docs/auth/approle)
-  - [AWS](https://www.vaultproject.io/docs/auth/aws)
-  - [JWT/OIDC](https://www.vaultproject.io/api-docs/auth/jwt)
-  - [Kubernetes](https://www.vaultproject.io/docs/auth/kubernetes)
-  - [Token](https://www.vaultproject.io/docs/auth/token)
-  - [Userpass](https://www.vaultproject.io/docs/auth/userpass)
+  - [AppRole](https://developer.hashicorp.com/vault/docs/auth/approle)
+  - [AWS](https://developer.hashicorp.com/vault/docs/auth/aws)
+  - [JWT/OIDC](https://developer.hashicorp.com/vault/api-docs/auth/jwt)
+  - [Kubernetes](https://developer.hashicorp.com/vault/docs/auth/kubernetes)
+  - [Token](https://developer.hashicorp.com/vault/docs/auth/token)
+  - [Certificate](https://developer.hashicorp.com/vault/docs/auth/cert)
+  - [Userpass](https://developer.hashicorp.com/vault/docs/auth/userpass)
 - Secrets
   - [AWS](https://developer.hashicorp.com/vault/docs/secrets/aws)
-  - [Databases](https://www.vaultproject.io/api-docs/secret/databases)
-  - [KV v1](https://www.vaultproject.io/docs/secrets/kv/kv-v1)
-  - [KV v2](https://www.vaultproject.io/docs/secrets/kv/kv-v2)
-  - [PKI](https://www.vaultproject.io/docs/secrets/pki)
-  - [SSH](https://www.vaultproject.io/docs/secrets/ssh)
-  - [Transit](https://www.vaultproject.io/api-docs/secret/transit)
+  - [Databases](https://developer.hashicorp.com/vault/api-docs/secret/databases)
+  - [KV v1](https://developer.hashicorp.com/vault/docs/secrets/kv/kv-v1)
+  - [KV v2](https://developer.hashicorp.com/vault/docs/secrets/kv/kv-v2)
+  - [PKI](https://developer.hashicorp.com/vault/docs/secrets/pki)
+  - [SSH](https://developer.hashicorp.com/vault/docs/secrets/ssh)
+  - [Transit](https://developer.hashicorp.com/vault/api-docs/secret/transit)
 - Sys
-  - [Health](https://www.vaultproject.io/api-docs/system/health)
-  - [Policies](https://www.vaultproject.io/api-docs/system/policy)
-  - [Sealing](https://www.vaultproject.io/api-docs/system/seal)
-  - [Wrapping](https://www.vaultproject.io/docs/concepts/response-wrapping)
+  - [Health](https://developer.hashicorp.com/vault/api-docs/system/health)
+  - [Policies](https://developer.hashicorp.com/vault/api-docs/system/policy)
+  - [Sealing](https://developer.hashicorp.com/vault/api-docs/system/seal)
+  - [Wrapping](https://developer.hashicorp.com/vault/docs/concepts/response-wrapping)
 
 See something missing?
 [Open an issue](https://github.com/jmgilman/vaultrs/issues/new).
@@ -59,15 +60,15 @@ Then, add `vaultrs` as a dependency to your cargo.toml:
 
 ```toml
 [dependencies]
-vaultrs = "0.7.0"
+vaultrs = "0.7.1"
 ```
 
 2. To use [rust-native-tls](https://github.com/sfackler/rust-native-tls), which
    builds on your platform-specific TLS implementation, specify:
 
 ```toml
 [dependencies]
-vaultrs = { version = "0.6.2", default-features = false, features = [ "native-tls" ] }
+vaultrs = { version = "0.7.1", default-features = false, features = [ "native-tls" ] }
 ```
 
 ## Usage
@@ -98,30 +99,33 @@ let client = VaultClient::new(
 The library currently supports all operations available for the
 AWS Secret Engine.
 
-See [tests/aws.rs](./tests/aws.rs) for more examples.
+See [tests/aws.rs][4] for more examples.
+
+```rust,ignore
+use vaultrs::sys::mount;
+use vaultrs::aws;
+use vaultrs::api::aws::requests::{SetConfigurationRequest, CreateUpdateRoleRequest, GenerateCredentialsRequest};
 
-```rust
 // Mount AWS SE
-server.mount_secret(client, path, "aws").await?;
-let endpoint = AwsSecretEngineEndpoint { path: path }
+mount::enable(&client, "aws_test", "aws", None).await?;
 
 // Configure AWS SE
-aws::config::set(client, &endpoint.path, "access_key", "secret_key", Some(SetConfigurationRequest::builder()        
+aws::config::set(&client, "aws_test", "access_key", "secret_key", Some(SetConfigurationRequest::builder()        
     .max_retries(3)
     .region("eu-central-1")
-)).await?,
+)).await?;
 
 // Create HVault role
-aws::roles::create_update(client, &endpoint.path, "my_role", "assumed_role", Some(CreateUpdateRoleRequest::builder()
-        .role_arns( vec!["arn:aws:iam::123456789012:role/test_role"] )
-)).await?
+aws::roles::create_update(&client, "aws_test", "my_role", "assumed_role", Some(CreateUpdateRoleRequest::builder()
+        .role_arns( vec!["arn:aws:iam::123456789012:role/test_role".to_string()] )
+)).await?;
 
 // Generate credentials
-let res = aws::roles::credentials(client, &endpoint.path, "my_role", Some(GenerateCredentialsRequest::builder()
+let res = aws::roles::credentials(&client, "aws_test", "my_role", Some(GenerateCredentialsRequest::builder()
     .ttl("3h")
 )).await?;
 
-let creds = res.unwrap();
+let creds = res;
 // creds.access_key
 // creds.secret_key
 // creds.security_token
@@ -132,7 +136,7 @@ let creds = res.unwrap();
 The library currently supports all operations available for version 2 of the
 key/value store.
 
-```rust
+```rust,ignore
 use serde::{Deserialize, Serialize};
 use vaultrs::kv2;
 
@@ -163,31 +167,34 @@ println!("{}", secret.password); // "secret"
 The library currently supports all operations available for version 1 of the
 key/value store.
 
-```rust
+```rust,ignore
+use vaultrs::kv1;
+use std::collections::HashMap;
+
 let my_secrets = HashMap::from([
     ("key1".to_string(), "value1".to_string()),
     ("key2".to_string(), "value2".to_string())
 ]);
 
-kv1::set(&client, mount, "my/secrets", &my_secrets).await.unwrap();
+kv1::set(&client, "secret", "my/secrets", &my_secrets).await.unwrap();
 
-let read_secrets: HashMap<String, String> = kv1::get(&client, &mount, "my/secrets").await.unwrap();
+let read_secrets: HashMap<String, String> = kv1::get(&client, "secret", "my/secrets").await.unwrap();
 
 println!("{:}", read_secrets.get("key1").unwrap()); // value1
 
-let list_secret = kv1::list(&client, &mount, "my").await.unwrap();
+let list_secret = kv1::list(&client, "secret", "my").await.unwrap();
 
 println!("{:?}", list_secret.data.keys); // [ "secrets" ]
 
-kv1::delete(&client, &mount, "my/secrets").await.unwrap();
+kv1::delete(&client, "secret", "my/secrets").await.unwrap();
 ```
 
 ### PKI
 
 The library currently supports all operations available for the PKI secrets
 engine.
 
-```rust
+```rust,ignore
 use vaultrs::api::pki::requests::GenerateCertificateRequest;
 use vaultrs::pki::cert;
 
@@ -204,12 +211,13 @@ println!("{}", cert.certificate) // "{PEM encoded certificate}"
 ### Transit
 
 The library supports most operations for the
-[Transit](https://www.vaultproject.io/api-docs/secret/transit) secrets engine,
+[Transit](https://developer.hashicorp.com/vault/api-docs/secret/transit) secrets engine,
 other than importing keys or `batch_input` parameters.
 
-```rust
+```rust,ignore
 use vaultrs::api::transit::requests::CreateKeyRequest;
 use vaultrs::api::transit::KeyType;
+use vaultrs::transit::key;
 
 // Create an encryption key using the /transit backend
 key::create(
@@ -226,10 +234,10 @@ key::create(
 ### Wrapping
 
 All requests implement the ability to be
-[wrapped](https://www.vaultproject.io/docs/concepts/response-wrapping). These
+[wrapped](https://developer.hashicorp.com/vault/docs/concepts/response-wrapping). These
 can be passed in your application internally before being unwrapped.
 
-```rust
+```rust,ignore
 use vaultrs::api::ResponseWrapper;
 use vaultrs::api::sys::requests::ListMountsRequest;
 
@@ -260,7 +268,7 @@ attribute.
 
 ## Testing
 
-See the the [tests](tests) directory for tests. Run tests with `cargo test`.
+See the the [tests][3] directory for tests. Run tests with `cargo test`.
 
 **Note**: All tests rely on bringing up a local Vault development server using
 Docker. In order to run tests Docker must be running locally (Docker Desktop
@@ -277,8 +285,11 @@ then:
 4. Push to the branch (git push origin feature/fooBar)
 5. Create a new Pull Request
 
-See [CONTRIBUTING](CONTRIBUTING.md) for extensive documentation on the
+See [CONTRIBUTING][5] for extensive documentation on the
 architecture of this library and how to add additional functionality to it.
 
-[1]: https://www.vaultproject.io/
+[1]: https://developer.hashicorp.com/vault/
 [2]: https://github.com/jmgilman/vaultrs/issues
+[3]: https://github.com/jmgilman/vaultrs/tree/master/tests
+[4]: https://github.com/jmgilman/vaultrs/tree/master/tests/aws.rs
+[5]: https://github.com/jmgilman/vaultrs/tree/master/CONTRIBUTING.md
diff --git a/src/api.rs b/src/api.rs
@@ -74,12 +74,11 @@ pub struct AuthInfo {
 
 /// Represents an API response that has been wrapped by a unique token.
 ///
-/// See [response wrapping][1] for details on how this works. This struct stores
+/// See [response wrapping][<https://developer.hashicorp.com/vault/docs/concepts/response-wrapping>] for details on how this works. This struct stores
 /// the unique token returned by the server as well as the original endpoint
 /// request that generated this token. The struct contains methods for
 /// interacting with the wrapped response.
 ///
-// [1]: https://www.vaultproject.io/docs/concepts/response-wrapping
 pub struct WrappedResponse<E: Endpoint> {
     pub info: WrapInfo,
     pub endpoint: rustify::endpoint::EndpointResult<E::Response>,