Merge pull request #137 from wa5i/cli

wa5i · web-flow · commit 96ca26d29066 · 2025-07-20T11:10:51.000+08:00
Add interface: /internal/ui/mounts
diff --git a/src/api/auth_token.rs b/src/api/auth_token.rs
@@ -59,7 +59,7 @@ impl TokenAuth<'_> {
 
     pub fn create_with_role(&self, input: &TokenInput, role_name: &str) -> Result<HttpResponse, RvError> {
         let data = serde_json::to_value(input)?;
-        self.request_write(&format!("/v1/auth/token/create/{}", role_name), data.as_object().cloned())
+        self.request_write(format!("/v1/auth/token/create/{}", role_name), data.as_object().cloned())
     }
 
     pub fn lookup(&self, token: &str) -> Result<HttpResponse, RvError> {
diff --git a/src/api/client.rs b/src/api/client.rs
@@ -156,7 +156,13 @@ impl Client {
         self
     }
 
-    pub fn request(&self, method: &str, path: &str, data: Option<Map<String, Value>>) -> Result<HttpResponse, RvError> {
+    pub fn request<S: Into<String>>(
+        &self,
+        method: &str,
+        path: S,
+        data: Option<Map<String, Value>>,
+    ) -> Result<HttpResponse, RvError> {
+        let path = path.into();
         let url = if path.starts_with('/') {
             format!("{}{}", self.address, path)
         } else {
@@ -199,27 +205,39 @@ impl Client {
         }
     }
 
-    pub fn request_list(&self, path: &str) -> Result<HttpResponse, RvError> {
+    pub fn request_list<S: Into<String>>(&self, path: S) -> Result<HttpResponse, RvError> {
         self.request("LIST", path, None)
     }
 
-    pub fn request_read(&self, path: &str) -> Result<HttpResponse, RvError> {
+    pub fn request_read<S: Into<String>>(&self, path: S) -> Result<HttpResponse, RvError> {
         self.request("GET", path, None)
     }
 
-    pub fn request_get(&self, path: &str) -> Result<HttpResponse, RvError> {
+    pub fn request_get<S: Into<String>>(&self, path: S) -> Result<HttpResponse, RvError> {
         self.request("GET", path, None)
     }
 
-    pub fn request_write(&self, path: &str, data: Option<Map<String, Value>>) -> Result<HttpResponse, RvError> {
+    pub fn request_write<S: Into<String>>(
+        &self,
+        path: S,
+        data: Option<Map<String, Value>>,
+    ) -> Result<HttpResponse, RvError> {
         self.request("POST", path, data)
     }
 
-    pub fn request_put(&self, path: &str, data: Option<Map<String, Value>>) -> Result<HttpResponse, RvError> {
+    pub fn request_put<S: Into<String>>(
+        &self,
+        path: S,
+        data: Option<Map<String, Value>>,
+    ) -> Result<HttpResponse, RvError> {
         self.request("PUT", path, data)
     }
 
-    pub fn request_delete(&self, path: &str, data: Option<Map<String, Value>>) -> Result<HttpResponse, RvError> {
+    pub fn request_delete<S: Into<String>>(
+        &self,
+        path: S,
+        data: Option<Map<String, Value>>,
+    ) -> Result<HttpResponse, RvError> {
         self.request("DELETE", path, data)
     }
 }
diff --git a/src/api/logical.rs b/src/api/logical.rs
@@ -18,15 +18,15 @@ impl Client {
 
 impl Logical<'_> {
     pub fn read(&self, path: &str) -> Result<HttpResponse, RvError> {
-        self.request_read(&format!("/v1/{}", path))
+        self.request_read(format!("/v1/{}", path))
     }
 
     pub fn write(&self, path: &str, data: Option<Map<String, Value>>) -> Result<HttpResponse, RvError> {
-        self.request_write(&format!("/v1/{}", path), data)
+        self.request_write(format!("/v1/{}", path), data)
     }
 
     pub fn list(&self, path: &str) -> Result<HttpResponse, RvError> {
-        let mut ret = self.request_list(&format!("/v1/{}", path))?;
+        let mut ret = self.request_list(format!("/v1/{}", path))?;
         if ret.response_status != 200 || ret.response_data.is_none() {
             return Ok(ret);
         }
@@ -38,6 +38,6 @@ impl Logical<'_> {
     }
 
     pub fn delete(&self, path: &str, data: Option<Map<String, Value>>) -> Result<HttpResponse, RvError> {
-        self.request_delete(&format!("/v1/{}", path), data)
+        self.request_delete(format!("/v1/{}", path), data)
     }
 }
diff --git a/src/api/sys.rs b/src/api/sys.rs
@@ -111,20 +111,20 @@ impl Sys<'_> {
 
     pub fn enable_auth(&self, path: &str, input: &AuthInput) -> Result<HttpResponse, RvError> {
         let data = serde_json::to_value(input)?;
-        self.request_write(&format!("/v1/sys/auth/{}", path), data.as_object().cloned())
+        self.request_write(format!("/v1/sys/auth/{}", path), data.as_object().cloned())
     }
 
     pub fn disable_auth(&self, path: &str) -> Result<HttpResponse, RvError> {
-        self.request_delete(&format!("/v1/sys/auth/{}", path), None)
+        self.request_delete(format!("/v1/sys/auth/{}", path), None)
     }
 
     pub fn mount(&self, path: &str, input: &MountInput) -> Result<HttpResponse, RvError> {
         let data = serde_json::to_value(input)?;
-        self.request_write(&format!("/v1/sys/mounts/{}", path), data.as_object().cloned())
+        self.request_write(format!("/v1/sys/mounts/{}", path), data.as_object().cloned())
     }
 
     pub fn unmount(&self, path: &str) -> Result<HttpResponse, RvError> {
-        self.request_delete(&format!("/v1/sys/mounts/{}", path), None)
+        self.request_delete(format!("/v1/sys/mounts/{}", path), None)
     }
 
     pub fn remount(&self, from: &str, to: &str) -> Result<HttpResponse, RvError> {
@@ -145,18 +145,18 @@ impl Sys<'_> {
     }
 
     pub fn read_policy(&self, name: &str) -> Result<HttpResponse, RvError> {
-        self.request_read(&format!("/v1/sys/policies/acl/{}", name))
+        self.request_read(format!("/v1/sys/policies/acl/{}", name))
     }
 
     pub fn write_policy(&self, name: &str, policy: &str) -> Result<HttpResponse, RvError> {
         let data = json!({
             "policy": policy,
         });
 
-        self.request_write(&format!("/v1/sys/policies/acl/{}", name), data.as_object().cloned())
+        self.request_write(format!("/v1/sys/policies/acl/{}", name), data.as_object().cloned())
     }
 
     pub fn delete_policy(&self, name: &str) -> Result<HttpResponse, RvError> {
-        self.request_delete(&format!("/v1/sys/policies/acl/{}", name), None)
+        self.request_delete(format!("/v1/sys/policies/acl/{}", name), None)
     }
 }
diff --git a/src/cli/kv_util.rs b/src/cli/kv_util.rs
@@ -0,0 +1,41 @@
+use serde_json::{Map, Value};
+
+use crate::{
+    api::{Client, HttpResponse},
+    errors::RvError,
+    rv_error_string,
+};
+
+pub fn kv_read_request(client: &Client, path: &str, data: Option<Map<String, Value>>) -> Result<HttpResponse, RvError> {
+    client.request("GET", format!("/v1/{}", path), data)
+}
+
+pub fn kv_preflight_version_request(client: &Client, path: &str) -> Result<(String, u32), RvError> {
+    let resp = client.request_read(format!("/v1/sys/internal/ui/mounts/{}", path))?;
+
+    if resp.response_status == 404 {
+        // If we get a 404 we are using an older version of rusty_vault, default to version 1
+        return Ok(("".to_string(), 1));
+    }
+
+    let Some(data) = resp.response_data else {
+        return Err(rv_error_string!("nil response from pre-flight request"));
+    };
+
+    let path = data["path"].as_str().unwrap_or("");
+    let version: u32 = if let Some(options) = data.get("options") {
+        match options["version"].as_str().unwrap_or("") {
+            "2" => 2,
+            _ => 1,
+        }
+    } else {
+        1
+    };
+
+    Ok((path.to_string(), version))
+}
+
+pub fn is_kv_v2(client: &Client, path: &str) -> Result<(String, bool), RvError> {
+    let (mount_path, version) = kv_preflight_version_request(client, path)?;
+    Ok((mount_path, version == 2))
+}
diff --git a/src/cli/mod.rs b/src/cli/mod.rs
@@ -8,6 +8,7 @@ use crate::{cli::command::CommandExecutor, EXIT_CODE_INSUFFICIENT_PARAMS, VERSIO
 
 pub mod command;
 pub mod config;
+pub mod kv_util;
 pub mod util;
 
 #[derive(Parser)]
diff --git a/src/http/sys.rs b/src/http/sys.rs
@@ -400,6 +400,29 @@ async fn sys_delete_policies_request_handler(
     handle_request(core, &mut r).await
 }
 
+async fn sys_get_internal_ui_mounts_request_handler(
+    req: HttpRequest,
+    core: web::Data<Arc<RwLock<Core>>>,
+) -> Result<HttpResponse, RvError> {
+    let mut r = request_auth(&req);
+    r.path = "sys/internal/ui/mounts".to_string();
+    r.operation = Operation::Read;
+
+    handle_request(core, &mut r).await
+}
+
+async fn sys_get_internal_ui_mount_request_handler(
+    req: HttpRequest,
+    name: web::Path<String>,
+    core: web::Data<Arc<RwLock<Core>>>,
+) -> Result<HttpResponse, RvError> {
+    let mut r = request_auth(&req);
+    r.path = "sys/internal/ui/mounts/".to_owned() + name.into_inner().as_str();
+    r.operation = Operation::Read;
+
+    handle_request(core, &mut r).await
+}
+
 pub fn init_sys_service(cfg: &mut web::ServiceConfig) {
     cfg.service(
         web::scope("/v1/sys")
@@ -452,6 +475,13 @@ pub fn init_sys_service(cfg: &mut web::ServiceConfig) {
                     .route(web::get().to(sys_read_policies_request_handler))
                     .route(web::post().to(sys_write_policies_request_handler))
                     .route(web::delete().to(sys_delete_policies_request_handler)),
+            )
+            .service(
+                web::resource("/internal/ui/mounts").route(web::get().to(sys_get_internal_ui_mounts_request_handler)),
+            )
+            .service(
+                web::resource("/internal/ui/mounts/{name:.*}")
+                    .route(web::get().to(sys_get_internal_ui_mount_request_handler)),
             ),
     );
 }
diff --git a/src/logical/request.rs b/src/logical/request.rs
@@ -36,20 +36,32 @@ pub struct Request {
 }
 
 impl Request {
-    pub fn new(path: &str) -> Self {
-        Self { path: path.to_string(), ..Default::default() }
+    pub fn new<S: Into<String>>(path: S) -> Self {
+        Self { path: path.into(), ..Default::default() }
     }
 
-    pub fn new_revoke_request(path: &str, secret: Option<SecretData>, data: Option<Map<String, Value>>) -> Self {
-        Self { operation: Operation::Revoke, path: path.to_string(), secret, data, ..Default::default() }
+    pub fn new_revoke_request<S: Into<String>>(
+        path: S,
+        secret: Option<SecretData>,
+        data: Option<Map<String, Value>>,
+    ) -> Self {
+        Self { operation: Operation::Revoke, path: path.into(), secret, data, ..Default::default() }
     }
 
-    pub fn new_renew_request(path: &str, secret: Option<SecretData>, data: Option<Map<String, Value>>) -> Self {
-        Self { operation: Operation::Renew, path: path.to_string(), secret, data, ..Default::default() }
+    pub fn new_renew_request<S: Into<String>>(
+        path: S,
+        secret: Option<SecretData>,
+        data: Option<Map<String, Value>>,
+    ) -> Self {
+        Self { operation: Operation::Renew, path: path.into(), secret, data, ..Default::default() }
     }
 
-    pub fn new_renew_auth_request(path: &str, auth: Option<Auth>, data: Option<Map<String, Value>>) -> Self {
-        Self { operation: Operation::Renew, path: path.to_string(), auth, data, ..Default::default() }
+    pub fn new_renew_auth_request<S: Into<String>>(
+        path: S,
+        auth: Option<Auth>,
+        data: Option<Map<String, Value>>,
+    ) -> Self {
+        Self { operation: Operation::Renew, path: path.into(), auth, data, ..Default::default() }
     }
 
     pub fn bind_handler(&mut self, handler: Arc<dyn Handler>) {
diff --git a/src/modules/auth/expiration.rs b/src/modules/auth/expiration.rs
@@ -1204,7 +1204,7 @@ mod mod_expiration_tests {
         let paths = ["prod/aws/foo", "prod/aws/sub/bar", "prod/aws/zip"];
 
         for path in paths.iter() {
-            let mut req = Request::new(path);
+            let mut req = Request::new(*path);
             req.client_token = "foobar".into();
             let mut resp = Response {
                 secret: Some(SecretData {
@@ -1267,7 +1267,7 @@ mod mod_expiration_tests {
         let paths = ["prod/aws/foo", "prod/aws/sub/bar", "prod/aws/zip"];
 
         for path in paths.iter() {
-            let mut req = Request::new(path);
+            let mut req = Request::new(*path);
             req.client_token = "foobar".into();
             let mut resp = Response {
                 secret: Some(SecretData {
diff --git a/src/modules/policy/acl.rs b/src/modules/policy/acl.rs
diff --git a/src/modules/policy/policy.rs b/src/modules/policy/policy.rs
diff --git a/src/modules/system/mod.rs b/src/modules/system/mod.rs

Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,7 @@ impl TokenAuth<'_> {`
`59`	`59`
`60`	`60`	`pub fn create_with_role(&self, input: &TokenInput, role_name: &str) -> Result<HttpResponse, RvError> {`
`61`	`61`	`let data = serde_json::to_value(input)?;`
`62`		`- self.request_write(&format!("/v1/auth/token/create/{}", role_name), data.as_object().cloned())`
	`62`	`+ self.request_write(format!("/v1/auth/token/create/{}", role_name), data.as_object().cloned())`
`63`	`63`	`}`
`64`	`64`
`65`	`65`	`pub fn lookup(&self, token: &str) -> Result<HttpResponse, RvError> {`
Original file line number	Diff line number	Diff line change
`@@ -156,7 +156,13 @@ impl Client {`
`156`	`156`	`self`
`157`	`157`	`}`
`158`	`158`
`159`		`- pub fn request(&self, method: &str, path: &str, data: Option<Map<String, Value>>) -> Result<HttpResponse, RvError> {`
	`159`	`+ pub fn request<S: Into<String>>(`
	`160`	`+ &self,`
	`161`	`+ method: &str,`
	`162`	`+ path: S,`
	`163`	`+ data: Option<Map<String, Value>>,`
	`164`	`+ ) -> Result<HttpResponse, RvError> {`
	`165`	`+ let path = path.into();`
`160`	`166`	`let url = if path.starts_with('/') {`
`161`	`167`	`format!("{}{}", self.address, path)`
`162`	`168`	`} else {`
`@@ -199,27 +205,39 @@ impl Client {`
`199`	`205`	`}`
`200`	`206`	`}`
`201`	`207`
`202`		`- pub fn request_list(&self, path: &str) -> Result<HttpResponse, RvError> {`
	`208`	`+ pub fn request_list<S: Into<String>>(&self, path: S) -> Result<HttpResponse, RvError> {`
`203`	`209`	`self.request("LIST", path, None)`
`204`	`210`	`}`
`205`	`211`
`206`		`- pub fn request_read(&self, path: &str) -> Result<HttpResponse, RvError> {`
	`212`	`+ pub fn request_read<S: Into<String>>(&self, path: S) -> Result<HttpResponse, RvError> {`
`207`	`213`	`self.request("GET", path, None)`
`208`	`214`	`}`
`209`	`215`
`210`		`- pub fn request_get(&self, path: &str) -> Result<HttpResponse, RvError> {`
	`216`	`+ pub fn request_get<S: Into<String>>(&self, path: S) -> Result<HttpResponse, RvError> {`
`211`	`217`	`self.request("GET", path, None)`
`212`	`218`	`}`
`213`	`219`
`214`		`- pub fn request_write(&self, path: &str, data: Option<Map<String, Value>>) -> Result<HttpResponse, RvError> {`
	`220`	`+ pub fn request_write<S: Into<String>>(`
	`221`	`+ &self,`
	`222`	`+ path: S,`
	`223`	`+ data: Option<Map<String, Value>>,`
	`224`	`+ ) -> Result<HttpResponse, RvError> {`
`215`	`225`	`self.request("POST", path, data)`
`216`	`226`	`}`
`217`	`227`
`218`		`- pub fn request_put(&self, path: &str, data: Option<Map<String, Value>>) -> Result<HttpResponse, RvError> {`
	`228`	`+ pub fn request_put<S: Into<String>>(`
	`229`	`+ &self,`
	`230`	`+ path: S,`
	`231`	`+ data: Option<Map<String, Value>>,`
	`232`	`+ ) -> Result<HttpResponse, RvError> {`
`219`	`233`	`self.request("PUT", path, data)`
`220`	`234`	`}`
`221`	`235`
`222`		`- pub fn request_delete(&self, path: &str, data: Option<Map<String, Value>>) -> Result<HttpResponse, RvError> {`
	`236`	`+ pub fn request_delete<S: Into<String>>(`
	`237`	`+ &self,`
	`238`	`+ path: S,`
	`239`	`+ data: Option<Map<String, Value>>,`
	`240`	`+ ) -> Result<HttpResponse, RvError> {`
`223`	`241`	`self.request("DELETE", path, data)`
`224`	`242`	`}`
`225`	`243`	`}`
Original file line number	Diff line number	Diff line change
`@@ -18,15 +18,15 @@ impl Client {`
`18`	`18`
`19`	`19`	`impl Logical<'_> {`
`20`	`20`	`pub fn read(&self, path: &str) -> Result<HttpResponse, RvError> {`
`21`		`- self.request_read(&format!("/v1/{}", path))`
	`21`	`+ self.request_read(format!("/v1/{}", path))`
`22`	`22`	`}`
`23`	`23`
`24`	`24`	`pub fn write(&self, path: &str, data: Option<Map<String, Value>>) -> Result<HttpResponse, RvError> {`
`25`		`- self.request_write(&format!("/v1/{}", path), data)`
	`25`	`+ self.request_write(format!("/v1/{}", path), data)`
`26`	`26`	`}`
`27`	`27`
`28`	`28`	`pub fn list(&self, path: &str) -> Result<HttpResponse, RvError> {`
`29`		`- let mut ret = self.request_list(&format!("/v1/{}", path))?;`
	`29`	`+ let mut ret = self.request_list(format!("/v1/{}", path))?;`
`30`	`30`	`if ret.response_status != 200 \|\| ret.response_data.is_none() {`
`31`	`31`	`return Ok(ret);`
`32`	`32`	`}`
`@@ -38,6 +38,6 @@ impl Logical<'_> {`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`pub fn delete(&self, path: &str, data: Option<Map<String, Value>>) -> Result<HttpResponse, RvError> {`
`41`		`- self.request_delete(&format!("/v1/{}", path), data)`
	`41`	`+ self.request_delete(format!("/v1/{}", path), data)`
`42`	`42`	`}`
`43`	`43`	`}`
Original file line number	Diff line number	Diff line change
`@@ -111,20 +111,20 @@ impl Sys<'_> {`
`111`	`111`
`112`	`112`	`pub fn enable_auth(&self, path: &str, input: &AuthInput) -> Result<HttpResponse, RvError> {`
`113`	`113`	`let data = serde_json::to_value(input)?;`
`114`		`- self.request_write(&format!("/v1/sys/auth/{}", path), data.as_object().cloned())`
	`114`	`+ self.request_write(format!("/v1/sys/auth/{}", path), data.as_object().cloned())`
`115`	`115`	`}`
`116`	`116`
`117`	`117`	`pub fn disable_auth(&self, path: &str) -> Result<HttpResponse, RvError> {`
`118`		`- self.request_delete(&format!("/v1/sys/auth/{}", path), None)`
	`118`	`+ self.request_delete(format!("/v1/sys/auth/{}", path), None)`
`119`	`119`	`}`
`120`	`120`
`121`	`121`	`pub fn mount(&self, path: &str, input: &MountInput) -> Result<HttpResponse, RvError> {`
`122`	`122`	`let data = serde_json::to_value(input)?;`
`123`		`- self.request_write(&format!("/v1/sys/mounts/{}", path), data.as_object().cloned())`
	`123`	`+ self.request_write(format!("/v1/sys/mounts/{}", path), data.as_object().cloned())`
`124`	`124`	`}`
`125`	`125`
`126`	`126`	`pub fn unmount(&self, path: &str) -> Result<HttpResponse, RvError> {`
`127`		`- self.request_delete(&format!("/v1/sys/mounts/{}", path), None)`
	`127`	`+ self.request_delete(format!("/v1/sys/mounts/{}", path), None)`
`128`	`128`	`}`
`129`	`129`
`130`	`130`	`pub fn remount(&self, from: &str, to: &str) -> Result<HttpResponse, RvError> {`
`@@ -145,18 +145,18 @@ impl Sys<'_> {`
`145`	`145`	`}`
`146`	`146`
`147`	`147`	`pub fn read_policy(&self, name: &str) -> Result<HttpResponse, RvError> {`
`148`		`- self.request_read(&format!("/v1/sys/policies/acl/{}", name))`
	`148`	`+ self.request_read(format!("/v1/sys/policies/acl/{}", name))`
`149`	`149`	`}`
`150`	`150`
`151`	`151`	`pub fn write_policy(&self, name: &str, policy: &str) -> Result<HttpResponse, RvError> {`
`152`	`152`	`let data = json!({`
`153`	`153`	`"policy": policy,`
`154`	`154`	`});`
`155`	`155`
`156`		`- self.request_write(&format!("/v1/sys/policies/acl/{}", name), data.as_object().cloned())`
	`156`	`+ self.request_write(format!("/v1/sys/policies/acl/{}", name), data.as_object().cloned())`
`157`	`157`	`}`
`158`	`158`
`159`	`159`	`pub fn delete_policy(&self, name: &str) -> Result<HttpResponse, RvError> {`
`160`		`- self.request_delete(&format!("/v1/sys/policies/acl/{}", name), None)`
	`160`	`+ self.request_delete(format!("/v1/sys/policies/acl/{}", name), None)`
`161`	`161`	`}`
`162`	`162`	`}`