diff --git a/features.md b/features.md index b72f29e..330b813 100644 --- a/features.md +++ b/features.md @@ -44,17 +44,17 @@ ## vault.addKubernetesRole -`POST /auth/{{mount_point}}{{^mount_point}}kubernetes{{/mount_point}}/role/{{ role_name }}` +`POST /auth/{{mount_point}}{{^mount_point}}{{kubernetesPath}}{{/mount_point}}/role/{{ role_name }}` ## vault.getKubernetesRole -`GET /auth/{{mount_point}}{{^mount_point}}kubernetes{{/mount_point}}/role/{{ role_name }}` +`GET /auth/{{mount_point}}{{^mount_point}}{{kubernetesPath}}{{/mount_point}}/role/{{ role_name }}` ## vault.deleteKubernetesRole -`DELETE /auth/{{mount_point}}{{^mount_point}}kubernetes{{/mount_point}}/role/{{ role_name }}` +`DELETE /auth/{{mount_point}}{{^mount_point}}{{kubernetesPath}}{{/mount_point}}/role/{{ role_name }}` ## vault.addApproleRole @@ -122,6 +122,31 @@ `POST /transit/decrypt/{{name}}` +## vault.rewrapData + +`POST /transit/rewrap/{{name}}` + + +## vault.transitCreateKey + +`POST /transit/keys/{{name}}` + + +## vault.transitReadKey + +`GET /transit/keys/{{name}}` + + +## vault.transitListKeys + +`LIST /transit/keys` + + +## vault.transitDeleteKey + +`DELETE /transit/keys/{{name}}` + + ## vault.generateDatabaseCredentials `GET /{{databasePath}}/creds/{{name}}` @@ -224,7 +249,7 @@ ## vault.kubernetesLogin -`POST /auth/{{mount_point}}{{^mount_point}}kubernetes{{/mount_point}}/login` +`POST /auth/{{mount_point}}{{^mount_point}}{{kubernetesPath}}{{/mount_point}}/login` ## vault.awsIamLogin @@ -257,6 +282,11 @@ `POST /auth/cert/login` +## vault.jwtLogin + +`POST /auth/{{mount_point}}{{^mount_point}}jwt{{/mount_point}}/login` + + ## vault.tokenAccessors `LIST /auth/token/accessors` diff --git a/index.d.ts b/index.d.ts index 6127192..c22a856 100644 --- a/index.d.ts +++ b/index.d.ts @@ -50,6 +50,7 @@ declare namespace NodeVault { update(path: string, data: any, requestOptions?: Option): Promise; generateFunction(name: string, conf: functionConf): void; + commands: { [name: string]: functionConf }; status(options?: Option): Promise; initialized(options?: Option): Promise; @@ -124,13 +125,18 @@ declare namespace NodeVault { stepDown(options?: Option): Promise; encryptData(options?: Option): Promise; decryptData(options?: Option): Promise; + rewrapData(options?: Option): Promise; + transitCreateKey(options?: Option): Promise; + transitReadKey(options?: Option): Promise; + transitListKeys(options?: Option): Promise; + transitDeleteKey(options?: Option): Promise; generateDatabaseCredentials(options?: Option): Promise; } interface VaultOptions { debug?(...args: any[]): any; tv4?(...args: any[]): any; - commands?: Array<{ method: string, path: string, scheme: any }>; + commands?: { [name: string]: functionConf }; mustache?: any; "request-promise"?: any; Promise?: PromiseConstructor; diff --git a/package-lock.json b/package-lock.json index f462ebf..49a5ccc 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "node-vault", - "version": "0.10.9", + "version": "0.10.10", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "node-vault", - "version": "0.10.9", + "version": "0.10.10", "license": "MIT", "dependencies": { "axios": "^1.13.6", diff --git a/src/commands.js b/src/commands.js index c653dde..47bd49b 100644 --- a/src/commands.js +++ b/src/commands.js @@ -451,6 +451,26 @@ module.exports = { method: 'POST', path: '/transit/decrypt/{{name}}', }, + rewrapData: { + method: 'POST', + path: '/transit/rewrap/{{name}}', + }, + transitCreateKey: { + method: 'POST', + path: '/transit/keys/{{name}}', + }, + transitReadKey: { + method: 'GET', + path: '/transit/keys/{{name}}', + }, + transitListKeys: { + method: 'LIST', + path: '/transit/keys', + }, + transitDeleteKey: { + method: 'DELETE', + path: '/transit/keys/{{name}}', + }, generateDatabaseCredentials: { method: 'GET', path: '/{{databasePath}}/creds/{{name}}', diff --git a/src/index.js b/src/index.js index f134f86..fd3d43d 100644 --- a/src/index.js +++ b/src/index.js @@ -286,6 +286,7 @@ module.exports = (config = {}) => { } client.generateFunction = generateFunction; + client.commands = commands; // protecting global object properties from being added // enforcing the immutable rule: https://github.com/airbnb/javascript#iterators-and-generators diff --git a/test/unit.js b/test/unit.js index 1ba6738..a43e90f 100644 --- a/test/unit.js +++ b/test/unit.js @@ -738,6 +738,96 @@ describe('node-vault', () => { }); }); + describe('transit commands', () => { + it('should have rewrapData function', () => { + vault.rewrapData.should.be.a('function'); + }); + + it('should have transitCreateKey function', () => { + vault.transitCreateKey.should.be.a('function'); + }); + + it('should have transitReadKey function', () => { + vault.transitReadKey.should.be.a('function'); + }); + + it('should have transitListKeys function', () => { + vault.transitListKeys.should.be.a('function'); + }); + + it('should have transitDeleteKey function', () => { + vault.transitDeleteKey.should.be.a('function'); + }); + + it('should call rewrapData with correct path and method', (done) => { + const params = { + method: 'POST', + path: '/transit/rewrap/mykey', + }; + vault.rewrapData({ name: 'mykey', ciphertext: 'vault:v1:abc' }) + .then(assertRequest(request, params, done)) + .catch(done); + }); + + it('should call transitListKeys with correct method', (done) => { + const params = { + method: 'LIST', + path: '/transit/keys', + }; + vault.transitListKeys() + .then(assertRequest(request, params, done)) + .catch(done); + }); + + it('should call transitReadKey with correct path', (done) => { + const params = { + method: 'GET', + path: '/transit/keys/mykey', + }; + vault.transitReadKey({ name: 'mykey' }) + .then(assertRequest(request, params, done)) + .catch(done); + }); + + it('should call transitCreateKey with correct path and method', (done) => { + const params = { + method: 'POST', + path: '/transit/keys/mykey', + }; + vault.transitCreateKey({ name: 'mykey', type: 'aes256-gcm96' }) + .then(assertRequest(request, params, done)) + .catch(done); + }); + + it('should call transitDeleteKey with correct path and method', (done) => { + const params = { + method: 'DELETE', + path: '/transit/keys/mykey', + }; + vault.transitDeleteKey({ name: 'mykey' }) + .then(assertRequest(request, params, done)) + .catch(done); + }); + }); + + describe('commands export', () => { + it('should expose commands object on client', () => { + vault.commands.should.be.an('object'); + }); + + it('should include encryptData in commands', () => { + vault.commands.encryptData.should.be.an('object'); + vault.commands.encryptData.method.should.equal('POST'); + vault.commands.encryptData.path.should.equal('/transit/encrypt/{{name}}'); + }); + + it('should include rewrapData in commands', () => { + vault.commands.rewrapData.should.be.an('object'); + vault.commands.rewrapData.method.should.equal('POST'); + vault.commands.rewrapData.path.should.equal('/transit/rewrap/{{name}}'); + }); + }); + describe('request(options)', () => { it('should reject if options are undefined', (done) => { vault.request()