Add missing transit commands, export commands object, fix commands TypeScript type

features.md

@@ -44,17 +44,17 @@
 
 ## vault.addKubernetesRole
 
-`POST /auth/{{mount_point}}{{^mount_point}}kubernetes{{/mount_point}}/role/{{ role_name }}`
+`POST /auth/{{mount_point}}{{^mount_point}}{{kubernetesPath}}{{/mount_point}}/role/{{ role_name }}`
 
 
 ## vault.getKubernetesRole
 
-`GET /auth/{{mount_point}}{{^mount_point}}kubernetes{{/mount_point}}/role/{{ role_name }}`
+`GET /auth/{{mount_point}}{{^mount_point}}{{kubernetesPath}}{{/mount_point}}/role/{{ role_name }}`
 
 
 ## vault.deleteKubernetesRole
 
-`DELETE /auth/{{mount_point}}{{^mount_point}}kubernetes{{/mount_point}}/role/{{ role_name }}`
+`DELETE /auth/{{mount_point}}{{^mount_point}}{{kubernetesPath}}{{/mount_point}}/role/{{ role_name }}`
 
 
 ## vault.addApproleRole
@@ -122,6 +122,31 @@
 `POST /transit/decrypt/{{name}}`
 
 
+## vault.rewrapData
+
+`POST /transit/rewrap/{{name}}`
+
+
+## vault.transitCreateKey
+
+`POST /transit/keys/{{name}}`
+
+
+## vault.transitReadKey
+
+`GET /transit/keys/{{name}}`
+
+
+## vault.transitListKeys
+
+`LIST /transit/keys`
+
+
+## vault.transitDeleteKey
+
+`DELETE /transit/keys/{{name}}`
+
+
 ## vault.generateDatabaseCredentials
 
 `GET /{{databasePath}}/creds/{{name}}`
@@ -224,7 +249,7 @@
 
 ## vault.kubernetesLogin
 
-`POST /auth/{{mount_point}}{{^mount_point}}kubernetes{{/mount_point}}/login`
+`POST /auth/{{mount_point}}{{^mount_point}}{{kubernetesPath}}{{/mount_point}}/login`
 
 
 ## vault.awsIamLogin
@@ -257,6 +282,11 @@
 `POST /auth/cert/login`
 
 
+## vault.jwtLogin
+
+`POST /auth/{{mount_point}}{{^mount_point}}jwt{{/mount_point}}/login`
+
+
 ## vault.tokenAccessors
 
 `LIST /auth/token/accessors`

index.d.ts

@@ -50,6 +50,7 @@ declare namespace NodeVault {
         update(path: string, data: any, requestOptions?: Option): Promise<any>;
 
         generateFunction(name: string, conf: functionConf): void;
+        commands: { [name: string]: functionConf };
 
         status(options?: Option): Promise<any>;
         initialized(options?: Option): Promise<any>;
@@ -124,13 +125,18 @@ declare namespace NodeVault {
         stepDown(options?: Option): Promise<any>;
         encryptData(options?: Option): Promise<any>;
         decryptData(options?: Option): Promise<any>;
+        rewrapData(options?: Option): Promise<any>;
+        transitCreateKey(options?: Option): Promise<any>;
+        transitReadKey(options?: Option): Promise<any>;
+        transitListKeys(options?: Option): Promise<any>;
+        transitDeleteKey(options?: Option): Promise<any>;
         generateDatabaseCredentials(options?: Option): Promise<any>;
     }
 
     interface VaultOptions {
         debug?(...args: any[]): any;
         tv4?(...args: any[]): any;
-        commands?: Array<{ method: string, path: string, scheme: any }>;
+        commands?: { [name: string]: functionConf };
         mustache?: any;
         "request-promise"?: any;
         Promise?: PromiseConstructor;

src/commands.js

@@ -451,6 +451,26 @@ module.exports = {
         method: 'POST',
         path: '/transit/decrypt/{{name}}',
     },
+    rewrapData: {
+        method: 'POST',
+        path: '/transit/rewrap/{{name}}',
+    },
+    transitCreateKey: {
+        method: 'POST',
+        path: '/transit/keys/{{name}}',
+    },
+    transitReadKey: {
+        method: 'GET',
+        path: '/transit/keys/{{name}}',
+    },
+    transitListKeys: {
+        method: 'LIST',
+        path: '/transit/keys',
+    },
+    transitDeleteKey: {
+        method: 'DELETE',
+        path: '/transit/keys/{{name}}',
+    },
     generateDatabaseCredentials: {
         method: 'GET',
         path: '/{{databasePath}}/creds/{{name}}',

src/index.js

@@ -286,6 +286,7 @@ module.exports = (config = {}) => {
     }
 
     client.generateFunction = generateFunction;
+    client.commands = commands;
 
     // protecting global object properties from being added
     // enforcing the immutable rule: https://github.com/airbnb/javascript#iterators-and-generators

test/unit.js

@@ -738,6 +738,96 @@ describe('node-vault', () => {
             });
         });
 
+        describe('transit commands', () => {
+            it('should have rewrapData function', () => {
+                vault.rewrapData.should.be.a('function');
+            });
+
+            it('should have transitCreateKey function', () => {
+                vault.transitCreateKey.should.be.a('function');
+            });
+
+            it('should have transitReadKey function', () => {
+                vault.transitReadKey.should.be.a('function');
+            });
+
+            it('should have transitListKeys function', () => {
+                vault.transitListKeys.should.be.a('function');
+            });
+
+            it('should have transitDeleteKey function', () => {
+                vault.transitDeleteKey.should.be.a('function');
+            });
+
+            it('should call rewrapData with correct path and method', (done) => {
+                const params = {
+                    method: 'POST',
+                    path: '/transit/rewrap/mykey',
+                };
+                vault.rewrapData({ name: 'mykey', ciphertext: 'vault:v1:abc' })
+                    .then(assertRequest(request, params, done))
+                    .catch(done);
+            });
+
+            it('should call transitListKeys with correct method', (done) => {
+                const params = {
+                    method: 'LIST',
+                    path: '/transit/keys',
+                };
+                vault.transitListKeys()
+                    .then(assertRequest(request, params, done))
+                    .catch(done);
+            });
+
+            it('should call transitReadKey with correct path', (done) => {
+                const params = {
+                    method: 'GET',
+                    path: '/transit/keys/mykey',
+                };
+                vault.transitReadKey({ name: 'mykey' })
+                    .then(assertRequest(request, params, done))
+                    .catch(done);
+            });
+
+            it('should call transitCreateKey with correct path and method', (done) => {
+                const params = {
+                    method: 'POST',
+                    path: '/transit/keys/mykey',
+                };
+                vault.transitCreateKey({ name: 'mykey', type: 'aes256-gcm96' })
+                    .then(assertRequest(request, params, done))
+                    .catch(done);
+            });
+
+            it('should call transitDeleteKey with correct path and method', (done) => {
+                const params = {
+                    method: 'DELETE',
+                    path: '/transit/keys/mykey',
+                };
+                vault.transitDeleteKey({ name: 'mykey' })
+                    .then(assertRequest(request, params, done))
+                    .catch(done);
+            });
+        });
+
+        describe('commands export', () => {
+            it('should expose commands object on client', () => {
+                vault.commands.should.be.an('object');
+            });
+
+            it('should include encryptData in commands', () => {
+                vault.commands.encryptData.should.be.an('object');
+                vault.commands.encryptData.method.should.equal('POST');
+                vault.commands.encryptData.path.should.equal('/transit/encrypt/{{name}}');
+            });
+
+            it('should include rewrapData in commands', () => {
+                vault.commands.rewrapData.should.be.an('object');
+                vault.commands.rewrapData.method.should.equal('POST');
+                vault.commands.rewrapData.path.should.equal('/transit/rewrap/{{name}}');
+            });
+        });
+
         describe('request(options)', () => {
             it('should reject if options are undefined', (done) => {
                 vault.request()