Use SecretMount for mount paths

Author: abedra

example/secrets/key_value/Makefile

@@ -1,14 +1,18 @@
 default: example
 
 example.o: example.cpp
-	g++ -std=c++17 -c example.cpp
+	g++ -Wall -std=c++17 -I../../../include -c ../../../lib/json.hpp example.cpp
 
 example: example.o
-	g++ example.o -o example -lvault -lcurl
+	g++ -L../../../cmake-build-debug example.o -o example -lvault -lcurl
+
+.PHONY: macos
+macos:
+	install_name_tool -change @rpath/libvault.0.dylib ../../../cmake-build-debug/libvault.0.dylib example
 
 .PHONY: clean
 clean:
 	rm -f example.o example
 
 vault:
-	docker run -p 8200:8200 vault
+	docker run -p 8200:8200 vault

example/secrets/key_value/example.cpp

@@ -1,51 +1,54 @@
-#include <iostream>
-#include "VaultClient.h"
 #include "../../shared/shared.h"
+#include <iostream>
 
-Vault::Client setup(const Vault::Client &rootClient) {
+Vault::Client setup(const Vault::Client &rootClient,
+                    const Vault::Path &appRoleMount,
+                    const Vault::SecretMount &secretMount) {
   Vault::Sys::Auth authAdmin{rootClient};
   Vault::AppRole appRoleAdmin{rootClient};
   Vault::Sys::Policy policyAdmin{rootClient};
   Vault::Sys::Mounts mountAdmin{rootClient};
 
   createPolicy(policyAdmin);
-  enableAppRole(authAdmin);
+  enableAppRole(authAdmin, appRoleMount);
   createRole(appRoleAdmin);
-  enableKeyValue(mountAdmin);
+  enableKeyValue(mountAdmin, secretMount);
 
   Vault::RoleId roleId = getRoleId(appRoleAdmin);
   Vault::SecretId secretId = getSecretId(appRoleAdmin);
 
-  return getAppRoleClient(roleId, secretId);
+  return getAppRoleClient(roleId, secretId, appRoleMount);
 }
 
-void cleanup(const Vault::Client &rootClient) {
+void cleanup(const Vault::Client &rootClient, const Vault::Path &appRoleMount,
+             const Vault::SecretMount &secretMount) {
   Vault::Sys::Auth authAdmin = Vault::Sys::Auth{rootClient};
   Vault::AppRole appRoleAdmin = Vault::AppRole{rootClient};
   Vault::Sys::Mounts mountAdmin{rootClient};
   Vault::Sys::Policy policyAdmin{rootClient};
 
   deleteRole(appRoleAdmin);
-  disableAppRole(authAdmin);
-  disableKeyValue(mountAdmin);
+  disableAppRole(authAdmin, appRoleMount);
+  disableKeyValue(mountAdmin, secretMount);
   deletePolicy(policyAdmin);
 }
 
 int main(void) {
   char *rootTokenEnv = std::getenv("VAULT_ROOT_TOKEN");
   if (!rootTokenEnv) {
-    std::cout << "The VAULT_ROOT_TOKEN environment variable must be set" << std::endl;
+    std::cout << "The VAULT_ROOT_TOKEN environment variable must be set"
+              << std::endl;
     exit(-1);
   }
   Vault::Token rootToken{rootTokenEnv};
   Vault::Client rootClient = getRootClient(rootToken);
-  Vault::Client client = setup(rootClient);
-  Vault::KeyValue kv{client};
+  Vault::Path appRoleMount{"approle"};
+  Vault::SecretMount secretMount{"kv"};
+  Vault::Client client = setup(rootClient, appRoleMount, secretMount);
+  Vault::KeyValue kv{client, secretMount};
   Vault::Path key{"hello"};
   Vault::Parameters parameters(
-      {{"foo",       "world"},
-       {"baz",       "quux"},
-       {"something", "something else"}});
+      {{"foo", "world"}, {"baz", "quux"}, {"something", "something else"}});
 
   kv.create(key, parameters);
   auto response = kv.read(key);
@@ -55,5 +58,5 @@ int main(void) {
     std::cout << "Unable to read secrets" << std::endl;
   }
 
-  cleanup(rootClient);
+  cleanup(rootClient, appRoleMount, secretMount);
 }

example/shared/shared.h

@@ -47,7 +47,7 @@ inline Vault::Client getJwtClient(const Vault::RoleId &role,
 inline std::optional<std::string>
 createPolicy(const Vault::Sys::Policy &policyAdmin) {
   Vault::Parameters parameters{
-      {"policy", "path \"secret/*\" {capabilities = [\"read\", \"update\", "
+      {"policy", "path \"kv/*\" {capabilities = [\"read\", \"update\", "
                  "\"list\", \"delete\", \"create\"]}"}};
   return policyAdmin.create(Vault::Path{"example"}, parameters);
 }
@@ -115,14 +115,16 @@ inline Vault::SecretId getSecretId(const Vault::AppRole &appRoleAdmin) {
 }
 
 inline std::optional<std::string>
-enableKeyValue(const Vault::Sys::Mounts &mountAdmin) {
-  return mountAdmin.enable(Vault::Path{}, Vault::Parameters{},
+enableKeyValue(const Vault::Sys::Mounts &mountAdmin,
+               const Vault::SecretMount &secretMount) {
+  return mountAdmin.enable(secretMount, Vault::Parameters{{"type", "kv"}},
                            Vault::Parameters{}, Vault::Parameters{});
 }
 
 inline std::optional<std::string>
-disableKeyValue(const Vault::Sys::Mounts &mountAdmin) {
-  return mountAdmin.disable(Vault::Path{});
+disableKeyValue(const Vault::Sys::Mounts &mountAdmin,
+                const Vault::SecretMount &secretMount) {
+  return mountAdmin.disable(secretMount);
 }
 
 inline std::optional<std::string>

include/VaultClient.h

@@ -869,15 +869,16 @@ class Sys {
     [[nodiscard]] std::optional<std::string> list() const;
     [[nodiscard]] std::optional<std::string> readUi() const;
     [[nodiscard]] std::optional<std::string> read() const;
-    std::optional<std::string> enable(const Path &path,
+    std::optional<std::string> enable(const SecretMount &path,
                                       const Parameters &parameters,
                                       const Parameters &options,
                                       const Parameters &config) const;
-    std::optional<std::string> disable(const Path &path) const;
+    std::optional<std::string> disable(const SecretMount &path) const;
     [[nodiscard]] std::optional<std::string>
-    readConfiguration(const Path &path) const;
+    readConfiguration(const SecretMount &path) const;
     std::optional<std::string>
-    tuneConfiguration(const Path &path, const Parameters &parameters) const;
+    tuneConfiguration(const SecretMount &path,
+                      const Parameters &parameters) const;
 
   private:
     [[nodiscard]] Url getUrl(const Path &path) const;

src/system/mounts/Mounts.cpp

@@ -12,24 +12,28 @@ std::optional<std::string> Vault::Sys::Mounts::read() const {
   return HttpConsumer::get(client_, getUrl(Path{"mounts"}));
 }
 
-std::optional<std::string> Vault::Sys::Mounts::enable(const Path &path,
-                                                      const Parameters &parameters,
-                                                      const Parameters &options,
-                                                      const Parameters &config) const {
-  return HttpConsumer::post(client_, getUrl(Path{"mounts/" + path}), parameters, options, config);
+std::optional<std::string> Vault::Sys::Mounts::enable(
+    const SecretMount &path, const Parameters &parameters,
+    const Parameters &options, const Parameters &config) const {
+  return HttpConsumer::post(client_, getUrl(Path{"mounts/" + path}), parameters,
+                            options, config);
 }
 
-std::optional<std::string> Vault::Sys::Mounts::disable(const Path &path) const {
+std::optional<std::string>
+Vault::Sys::Mounts::disable(const SecretMount &path) const {
   return HttpConsumer::del(client_, getUrl(Path{"mounts/" + path}));
 }
 
-std::optional<std::string> Vault::Sys::Mounts::readConfiguration(const Path &path) const {
+std::optional<std::string>
+Vault::Sys::Mounts::readConfiguration(const SecretMount &path) const {
   return HttpConsumer::get(client_, getUrl(Path{"mounts/" + path + "/tune"}));
 }
 
-std::optional<std::string> Vault::Sys::Mounts::tuneConfiguration(const Path &path,
-                                                                 const Parameters &parameters) const {
-  return HttpConsumer::post(client_, getUrl(Path{"mounts/" + path + "/tune"}), parameters);
+std::optional<std::string>
+Vault::Sys::Mounts::tuneConfiguration(const SecretMount &path,
+                                      const Parameters &parameters) const {
+  return HttpConsumer::post(client_, getUrl(Path{"mounts/" + path + "/tune"}),
+                            parameters);
 }
 
 Vault::Url Vault::Sys::Mounts::getUrl(const Path &path) const {