feat: allow loading setup user credentials, remove unused config fields

jacobtread · jacobtread · commit 7206f717ca94 · 2025-08-31T13:48:49.000+12:00
diff --git a/src/database.rs b/src/database.rs
@@ -4,6 +4,8 @@ use crate::CliDatabaseConfiguration;
 
 pub struct CliDatabaseProvider {
     pub config: CliDatabaseConfiguration,
+    pub username: String,
+    pub password: String,
 }
 
 impl docbox_management::database::DatabaseProvider for CliDatabaseProvider {
@@ -14,8 +16,8 @@ impl docbox_management::database::DatabaseProvider for CliDatabaseProvider {
         let options = PgConnectOptions::new()
             .host(&self.config.host)
             .port(self.config.port)
-            .username(&self.config.setup_user.username)
-            .password(&self.config.setup_user.password)
+            .username(&self.username)
+            .password(&self.password)
             .database(database);
 
         PgPool::connect_with(options)
diff --git a/src/main.rs b/src/main.rs
@@ -51,14 +51,14 @@ pub struct CliConfiguration {
 pub struct CliDatabaseConfiguration {
     pub host: String,
     pub port: u16,
-    pub setup_user: CliDatabaseSetupUserConfig,
+    pub setup_user: Option<CliDatabaseSetupUserConfig>,
+    pub setup_user_secret_name: Option<String>,
     pub root_secret_name: String,
-    pub root_role_name: String,
-    pub root_secret_password: String,
 }
 
 #[derive(Clone, Deserialize)]
 pub struct CliDatabaseSetupUserConfig {
+    #[serde(alias = "user")]
     pub username: String,
     pub password: String,
 }
@@ -182,8 +182,37 @@ async fn main() -> eyre::Result<()> {
     let search_factory =
         SearchIndexFactory::from_config(&aws_config, config.search.clone()).map_err(AnyhowError)?;
     let storage_factory = StorageLayerFactory::from_config(&aws_config, config.storage.clone());
-    let db_provider = CliDatabaseProvider {
-        config: config.database.clone(),
+
+    let db_provider = match (
+        config.database.setup_user.as_ref(),
+        config.database.setup_user_secret_name.as_deref(),
+    ) {
+        (Some(setup_user), _) => CliDatabaseProvider {
+            config: config.database.clone(),
+            username: setup_user.username.clone(),
+            password: setup_user.password.clone(),
+        },
+        (_, Some(setup_user_secret_name)) => {
+            let secret: CliDatabaseSetupUserConfig = secrets
+                .parsed_secret(setup_user_secret_name)
+                .await
+                .map_err(AnyhowError)
+                .context("failed to get setup user database secret")?
+                .context("setup user database secret not found")?;
+
+            tracing::debug!("loaded database secrets from secret manager");
+
+            CliDatabaseProvider {
+                config: config.database.clone(),
+                username: secret.username.clone(),
+                password: secret.password.clone(),
+            }
+        }
+        (None, None) => {
+            return Err(eyre::eyre!(
+                "must provided either setup_user or setup_user_secret_name in database config"
+            ));
+        }
     };
 
     match command {
