Change primary secret type
This commit is contained in:
parent
feed596a95
commit
8ba4ad9f34
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "sd-credentials"
|
name = "sd-credentials"
|
||||||
version = "0.1.0"
|
version = "0.2.0"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
license = "MIT"
|
license = "MIT"
|
||||||
authors = ["Mathieu Trossevin <mtrossevin@evolix.fr>"]
|
authors = ["Mathieu Trossevin <mtrossevin@evolix.fr>"]
|
||||||
|
@ -12,10 +12,11 @@ description = "A simple crate to recover secrets passed by systemd (or anything
|
||||||
[features]
|
[features]
|
||||||
default = []
|
default = []
|
||||||
# For some inane reason this seems to also require tokio but I am not adding it as a dependency here as nothing I implement actually require tokio.
|
# For some inane reason this seems to also require tokio but I am not adding it as a dependency here as nothing I implement actually require tokio.
|
||||||
secret-vault = ["dep:secret-vault", "dep:async-trait"]
|
secret-vault = ["dep:secret-vault", "dep:secret-vault-value", "dep:async-trait"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
async-trait = { version = "0.1.74", optional = true }
|
async-trait = { version = "0.1.74", optional = true }
|
||||||
cap-std = "2.0.0"
|
cap-std = "2.0.0"
|
||||||
|
secrecy = "0.8.0"
|
||||||
secret-vault = { version = "1.10.1", optional = true }
|
secret-vault = { version = "1.10.1", optional = true }
|
||||||
secret-vault-value = "0.3.8"
|
secret-vault-value = { version = "0.3.8", optional = true }
|
||||||
|
|
29
src/lib.rs
29
src/lib.rs
|
@ -3,9 +3,13 @@ use std::collections::HashMap;
|
||||||
use std::path::Path;
|
use std::path::Path;
|
||||||
|
|
||||||
#[cfg(feature = "secret-vault")]
|
#[cfg(feature = "secret-vault")]
|
||||||
use secret_vault::{SecretSource, SecretVaultRef, SecretVaultResult, Secret, SecretMetadata, errors::SecretVaultError};
|
use secret_vault::{
|
||||||
|
errors::SecretVaultError, SecretMetadata, SecretSource, SecretVaultRef, SecretVaultResult,
|
||||||
|
};
|
||||||
|
|
||||||
use secret_vault_value::SecretValue;
|
#[cfg(feature = "secret-vault")]
|
||||||
|
use secrecy::ExposeSecret;
|
||||||
|
use secrecy::Secret;
|
||||||
|
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub struct CredentialLoader(cap_std::fs::Dir);
|
pub struct CredentialLoader(cap_std::fs::Dir);
|
||||||
|
@ -23,8 +27,8 @@ impl CredentialLoader {
|
||||||
self.0.open(credential)
|
self.0.open(credential)
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn get<P: AsRef<Path>>(&self, credential: P) -> std::io::Result<SecretValue> {
|
pub fn get<P: AsRef<Path>>(&self, credential: P) -> std::io::Result<Secret<Vec<u8>>> {
|
||||||
Ok(SecretValue::new(self.0.read(credential)?))
|
Ok(Secret::from(self.0.read(credential)?))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -35,18 +39,27 @@ impl SecretSource for CredentialLoader {
|
||||||
"CredentialLoader".to_string()
|
"CredentialLoader".to_string()
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn get_secrets(&self, references: &[SecretVaultRef]) -> SecretVaultResult<HashMap<SecretVaultRef, Secret>> {
|
async fn get_secrets(
|
||||||
let mut result_map: HashMap<SecretVaultRef, Secret> = HashMap::default();
|
&self,
|
||||||
|
references: &[SecretVaultRef],
|
||||||
|
) -> SecretVaultResult<HashMap<SecretVaultRef, secret_vault::Secret>> {
|
||||||
|
let mut result_map: HashMap<SecretVaultRef, secret_vault::Secret> = HashMap::default();
|
||||||
|
|
||||||
for secret_ref in references {
|
for secret_ref in references {
|
||||||
let secret_name = secret_ref.key.secret_name.as_ref();
|
let secret_name = secret_ref.key.secret_name.as_ref();
|
||||||
let secret_version = secret_ref.key.secret_version.as_ref().map(|sv| format!("_v{sv}")).unwrap_or_default();
|
let secret_version = secret_ref
|
||||||
|
.key
|
||||||
|
.secret_version
|
||||||
|
.as_ref()
|
||||||
|
.map(|sv| format!("_v{sv}"))
|
||||||
|
.unwrap_or_default();
|
||||||
let secret_file_name = format!("{secret_name}{secret_version}");
|
let secret_file_name = format!("{secret_name}{secret_version}");
|
||||||
|
|
||||||
match self.get(secret_file_name) {
|
match self.get(secret_file_name) {
|
||||||
Ok(secret_value) => {
|
Ok(secret_value) => {
|
||||||
|
let secret_value = secret_vault_value::SecretValue::new(secret_value.expose_secret().clone());
|
||||||
let metadata = SecretMetadata::create_from_ref(secret_ref);
|
let metadata = SecretMetadata::create_from_ref(secret_ref);
|
||||||
result_map.insert(secret_ref.clone(), Secret::new(secret_value, metadata));
|
result_map.insert(secret_ref.clone(), secret_vault::Secret::new(secret_value, metadata));
|
||||||
}
|
}
|
||||||
Err(err) if secret_ref.required => {
|
Err(err) if secret_ref.required => {
|
||||||
return Err(SecretVaultError::DataNotFoundError(
|
return Err(SecretVaultError::DataNotFoundError(
|
||||||
|
|
Loading…
Reference in a new issue