65 lines
2.5 KiB
Rust
65 lines
2.5 KiB
Rust
#[cfg(feature = "secret-vault")]
|
|
use std::collections::HashMap;
|
|
use std::path::Path;
|
|
|
|
#[cfg(feature = "secret-vault")]
|
|
use secret_vault::{SecretSource, SecretVaultRef, SecretVaultResult, Secret, SecretMetadata, errors::SecretVaultError};
|
|
|
|
use secret_vault_value::SecretValue;
|
|
|
|
#[derive(Debug)]
|
|
pub struct CredentialLoader(cap_std::fs::Dir);
|
|
|
|
impl CredentialLoader {
|
|
pub fn new() -> Option<Self> {
|
|
let credential_directory = std::env::var_os("CREDENTIALS_DIRECTORY")?;
|
|
let dir = std::fs::File::open(credential_directory).ok()?;
|
|
let dir = cap_std::fs::Dir::from_std_file(dir);
|
|
|
|
Some(Self(dir))
|
|
}
|
|
|
|
pub fn get_file<P: AsRef<Path>>(&self, credential: P) -> std::io::Result<cap_std::fs::File> {
|
|
self.0.open(credential)
|
|
}
|
|
|
|
pub fn get<P: AsRef<Path>>(&self, credential: P) -> std::io::Result<SecretValue> {
|
|
Ok(SecretValue::new(self.0.read(credential)?))
|
|
}
|
|
}
|
|
|
|
#[cfg(feature = "secret-vault")]
|
|
#[async_trait::async_trait]
|
|
impl SecretSource for CredentialLoader {
|
|
fn name(&self) -> String {
|
|
"CredentialLoader".to_string()
|
|
}
|
|
|
|
async fn get_secrets(&self, references: &[SecretVaultRef]) -> SecretVaultResult<HashMap<SecretVaultRef, Secret>> {
|
|
let mut result_map: HashMap<SecretVaultRef, Secret> = HashMap::default();
|
|
|
|
for secret_ref in references {
|
|
let secret_name = secret_ref.key.secret_name.as_ref();
|
|
let secret_version = secret_ref.key.secret_version.as_ref().map(|sv| format!("_v{sv}")).unwrap_or_default();
|
|
let secret_file_name = format!("{secret_name}{secret_version}");
|
|
|
|
match self.get(secret_file_name) {
|
|
Ok(secret_value) => {
|
|
let metadata = SecretMetadata::create_from_ref(secret_ref);
|
|
result_map.insert(secret_ref.clone(), Secret::new(secret_value, metadata));
|
|
}
|
|
Err(err) if secret_ref.required => {
|
|
return Err(SecretVaultError::DataNotFoundError(
|
|
secret_vault::errors::SecretVaultDataNotFoundError::new(
|
|
secret_vault::errors::SecretVaultErrorPublicGenericDetails::new("SECRET_NOT_FOUND".into()),
|
|
format!(
|
|
"Secret is required but corresponding file is not available {secret_file_name:?}: {err}"
|
|
))
|
|
))
|
|
}
|
|
Err(_err) => {}
|
|
}
|
|
}
|
|
todo!();
|
|
}
|
|
} |