bitwarden_sm/
client_secrets.rs

1use bitwarden_core::Client;
2
3use crate::{
4    error::SecretsManagerError,
5    secrets::{
6        SecretCreateRequest, SecretGetRequest, SecretIdentifiersByProjectRequest,
7        SecretIdentifiersRequest, SecretIdentifiersResponse, SecretPutRequest, SecretResponse,
8        SecretsDeleteRequest, SecretsDeleteResponse, SecretsGetRequest, SecretsResponse,
9        SecretsSyncRequest, SecretsSyncResponse, create_secret, delete_secrets, get_secret,
10        get_secrets_by_ids, list_secrets, list_secrets_by_project, sync_secrets, update_secret,
11    },
12};
13
14/// Aliases to maintain backward compatibility
15pub type ClientSecrets = SecretsClient;
16
17#[allow(missing_docs)]
18pub struct SecretsClient {
19    client: Client,
20}
21
22impl SecretsClient {
23    #[allow(missing_docs)]
24    pub fn new(client: Client) -> Self {
25        Self { client }
26    }
27
28    #[allow(missing_docs)]
29    pub async fn get(
30        &self,
31        input: &SecretGetRequest,
32    ) -> Result<SecretResponse, SecretsManagerError> {
33        get_secret(&self.client, input).await
34    }
35
36    #[allow(missing_docs)]
37    pub async fn get_by_ids(
38        &self,
39        input: SecretsGetRequest,
40    ) -> Result<SecretsResponse, SecretsManagerError> {
41        get_secrets_by_ids(&self.client, input).await
42    }
43
44    #[allow(missing_docs)]
45    pub async fn create(
46        &self,
47        input: &SecretCreateRequest,
48    ) -> Result<SecretResponse, SecretsManagerError> {
49        create_secret(&self.client, input).await
50    }
51
52    #[allow(missing_docs)]
53    pub async fn list(
54        &self,
55        input: &SecretIdentifiersRequest,
56    ) -> Result<SecretIdentifiersResponse, SecretsManagerError> {
57        list_secrets(&self.client, input).await
58    }
59
60    #[allow(missing_docs)]
61    pub async fn list_by_project(
62        &self,
63        input: &SecretIdentifiersByProjectRequest,
64    ) -> Result<SecretIdentifiersResponse, SecretsManagerError> {
65        list_secrets_by_project(&self.client, input).await
66    }
67
68    #[allow(missing_docs)]
69    pub async fn update(
70        &self,
71        input: &SecretPutRequest,
72    ) -> Result<SecretResponse, SecretsManagerError> {
73        update_secret(&self.client, input).await
74    }
75
76    #[allow(missing_docs)]
77    pub async fn delete(
78        &self,
79        input: SecretsDeleteRequest,
80    ) -> Result<SecretsDeleteResponse, SecretsManagerError> {
81        delete_secrets(&self.client, input).await
82    }
83
84    #[allow(missing_docs)]
85    pub async fn sync(
86        &self,
87        input: &SecretsSyncRequest,
88    ) -> Result<SecretsSyncResponse, SecretsManagerError> {
89        sync_secrets(&self.client, input).await
90    }
91}
92
93/// This trait is for backward compatibility
94pub trait ClientSecretsExt {
95    #[allow(missing_docs)]
96    fn secrets(&self) -> ClientSecrets;
97}
98
99impl ClientSecretsExt for Client {
100    fn secrets(&self) -> ClientSecrets {
101        SecretsClient::new(self.clone())
102    }
103}
104
105#[allow(missing_docs)]
106pub trait SecretsClientExt {
107    #[allow(missing_docs)]
108    fn secrets(&self) -> SecretsClient;
109}
110
111impl SecretsClientExt for Client {
112    fn secrets(&self) -> SecretsClient {
113        SecretsClient::new(self.clone())
114    }
115}
116
117#[cfg(test)]
118mod tests {
119    use bitwarden_core::{
120        Client, ClientSettings, DeviceType, auth::login::AccessTokenLoginRequest,
121    };
122
123    use crate::{
124        ClientSecretsExt,
125        secrets::{SecretGetRequest, SecretIdentifiersRequest},
126    };
127
128    async fn start_mock(mocks: Vec<wiremock::Mock>) -> (wiremock::MockServer, Client) {
129        let server = wiremock::MockServer::start().await;
130
131        for mock in mocks {
132            server.register(mock).await;
133        }
134
135        let settings = ClientSettings {
136            identity_url: format!("http://{}/identity", server.address()),
137            api_url: format!("http://{}/api", server.address()),
138            user_agent: "Bitwarden Rust-SDK [TEST]".into(),
139            device_type: DeviceType::SDK,
140            bitwarden_client_version: None,
141        };
142
143        (server, Client::new(Some(settings)))
144    }
145
146    #[tokio::test]
147    async fn test_access_token_login() {
148        use wiremock::{Mock, ResponseTemplate, matchers};
149
150        // Create the mock server with the necessary routes for this test
151        let (_server, client) = start_mock(vec![
152            Mock::given(matchers::path("/identity/connect/token"))
153            .respond_with(ResponseTemplate::new(200).set_body_json(
154                serde_json::json!({
155                    "access_token":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjMwMURENkE1MEU4NEUxRDA5MUM4MUQzQjAwQkY5MDEwQzg1REJEOUFSUzI1NiIsInR5cCI6\
156                    ImF0K2p3dCIsIng1dCI6Ik1CM1dwUTZFNGRDUnlCMDdBTC1RRU1oZHZabyJ9.eyJuYmYiOjE2NzUxMDM3ODEsImV4cCI6MTY3NTEwNzM4MSwiaXNzIjo\
157                    iaHR0cDovL2xvY2FsaG9zdCIsImNsaWVudF9pZCI6ImVjMmMxZDQ2LTZhNGItNDc1MS1hMzEwLWFmOTYwMTMxN2YyZCIsInN1YiI6ImQzNDgwNGNhLTR\
158                    mNmMtNDM5Mi04NmI3LWFmOTYwMTMxNzVkMCIsIm9yZ2FuaXphdGlvbiI6ImY0ZTQ0YTdmLTExOTAtNDMyYS05ZDRhLWFmOTYwMTMxMjdjYiIsImp0aSI\
159                    6IjU3QUU0NzQ0MzIwNzk1RThGQkQ4MUIxNDA2RDQyNTQyIiwiaWF0IjoxNjc1MTAzNzgxLCJzY29wZSI6WyJhcGkuc2VjcmV0cyJdfQ.GRKYzqgJZHEE\
160                    ZHsJkhVZH8zjYhY3hUvM4rhdV3FU10WlCteZdKHrPIadCUh-Oz9DxIAA2HfALLhj1chL4JgwPmZgPcVS2G8gk8XeBmZXowpVWJ11TXS1gYrM9syXbv9j\
161                    0JUCdpeshH7e56WnlpVynyUwIum9hmYGZ_XJUfmGtlKLuNjYnawTwLEeR005uEjxq3qI1kti-WFnw8ciL4a6HLNulgiFw1dAvs4c7J0souShMfrnFO3g\
162                    SOHff5kKD3hBB9ynDBnJQSFYJ7dFWHIjhqs0Vj-9h0yXXCcHvu7dVGpaiNjNPxbh6YeXnY6UWcmHLDtFYsG2BWcNvVD4-VgGxXt3cMhrn7l3fSYuo32Z\
163                    Yk4Wop73XuxqF2fmfmBdZqGI1BafhENCcZw_bpPSfK2uHipfztrgYnrzwvzedz0rjFKbhDyrjzuRauX5dqVJ4ntPeT9g_I5n71gLxiP7eClyAx5RxdF6\
164                    He87NwC8i-hLBhugIvLTiDj-Sk9HvMth6zaD0ebxd56wDjq8-CMG_WcgusDqNzKFHqWNDHBXt8MLeTgZAR2rQMIMFZqFgsJlRflbig8YewmNUA9wAU74\
165                    TfxLY1foO7Xpg49vceB7C-PlvGi1VtX6F2i0tc_67lA5kWXnnKBPBUyspoIrmAUCwfms5nTTqA9xXAojMhRHAos_OdM",
166                    "expires_in":3600,
167                    "token_type":"Bearer",
168                    "scope":"api.secrets",
169                    "encrypted_payload":"2.E9fE8+M/VWMfhhim1KlCbQ==|eLsHR484S/tJbIkM6spnG/HP65tj9A6Tba7kAAvUp+rYuQmGLixiOCfMsqt5OvBctDfvvr/Aes\
170                    Bu7cZimPLyOEhqEAjn52jF0eaI38XZfeOG2VJl0LOf60Wkfh3ryAMvfvLj3G4ZCNYU8sNgoC2+IQ==|lNApuCQ4Pyakfo/wwuuajWNaEX/2MW8/3rjXB/V7n+k="})
171            )),
172            Mock::given(matchers::path("/api/organizations/f4e44a7f-1190-432a-9d4a-af96013127cb/secrets"))
173            .respond_with(ResponseTemplate::new(200).set_body_json(
174                serde_json::json!({
175                    "secrets":[{
176                            "id":"15744a66-341a-4c62-af50-af960166b6bc",
177                            "organizationId":"f4e44a7f-1190-432a-9d4a-af96013127cb",
178                            "key":"2.pMS6/icTQABtulw52pq2lg==|XXbxKxDTh+mWiN1HjH2N1w==|Q6PkuT+KX/axrgN9ubD5Ajk2YNwxQkgs3WJM0S0wtG8=",
179                            "creationDate":"2023-01-26T21:46:02.2182556Z",
180                            "revisionDate":"2023-01-26T21:46:02.2182557Z"
181                    }],
182                    "projects":[],
183                    "object":"SecretsWithProjectsList"
184                })
185            )),
186            Mock::given(matchers::path("/api/secrets/15744a66-341a-4c62-af50-af960166b6bc"))
187            .respond_with(ResponseTemplate::new(200).set_body_json(
188                serde_json::json!({
189                    "id":"15744a66-341a-4c62-af50-af960166b6bc",
190                    "organizationId":"f4e44a7f-1190-432a-9d4a-af96013127cb",
191                    "key":"2.pMS6/icTQABtulw52pq2lg==|XXbxKxDTh+mWiN1HjH2N1w==|Q6PkuT+KX/axrgN9ubD5Ajk2YNwxQkgs3WJM0S0wtG8=",
192                    "value":"2.Gl34n9JYABC7V21qHcBzHg==|c1Ds244pob7i+8+MXe4++w==|Shimz/qKMYZmzSFWdeBzFb9dFz7oF6Uv9oqkws7rEe0=",
193                    "note":"2.Cn9ABJy7+WfR4uUHwdYepg==|+nbJyU/6hSknoa5dcEJEUg==|1DTp/ZbwGO3L3RN+VMsCHz8XDr8egn/M5iSitGGysPA=",
194                    "creationDate":"2023-01-26T21:46:02.2182556Z",
195                    "revisionDate":"2023-01-26T21:46:02.2182557Z",
196                    "object":"secret"
197                })
198            ))
199        ]).await;
200
201        // Test the login is correct and we store the returned organization ID correctly
202        let res = client
203            .auth()
204            .login_access_token(&AccessTokenLoginRequest {
205                access_token: "0.ec2c1d46-6a4b-4751-a310-af9601317f2d.C2IgxjjLF7qSshsbwe8JGcbM075YXw:X8vbvA0bduihIDe/qrzIQQ==".into(),
206                state_file: None,
207            })
208            .await
209            .unwrap();
210        assert!(res.authenticated);
211
212        let organization_id = "f4e44a7f-1190-432a-9d4a-af96013127cb".try_into().unwrap();
213
214        // Test that we can retrieve the list of secrets correctly
215        let mut res = client
216            .secrets()
217            .list(&SecretIdentifiersRequest { organization_id })
218            .await
219            .unwrap();
220        assert_eq!(res.data.len(), 1);
221
222        // Test that given a secret ID we can get it's data
223        let res = client
224            .secrets()
225            .get(&SecretGetRequest {
226                id: res.data.remove(0).id,
227            })
228            .await
229            .unwrap();
230        assert_eq!(res.key, "TEST");
231        assert_eq!(res.note, "TEST");
232        assert_eq!(res.value, "TEST");
233    }
234}