-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsecret_store.rs
More file actions
119 lines (105 loc) · 3.77 KB
/
secret_store.rs
File metadata and controls
119 lines (105 loc) · 3.77 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
//! Environment variable secret store for local development.
//!
//! Reads secrets from the process environment. Set secrets as environment
//! variables before starting the dev server:
//!
//! ```bash
//! API_KEY=mysecret cargo edgezero dev
//! ```
use async_trait::async_trait;
use bytes::Bytes;
use edgezero_core::secret_store::{SecretError, SecretStore};
/// Secret store for local development that reads secrets from environment variables.
///
/// When `[stores.secrets]` is declared in `edgezero.toml`, the dev server
/// creates an `EnvSecretStore` that reads secrets from the process environment.
pub struct EnvSecretStore;
impl EnvSecretStore {
pub fn new() -> Self {
Self
}
}
impl Default for EnvSecretStore {
fn default() -> Self {
Self::new()
}
}
#[async_trait(?Send)]
impl SecretStore for EnvSecretStore {
async fn get_bytes(&self, _store_name: &str, key: &str) -> Result<Option<Bytes>, SecretError> {
#[cfg(unix)]
{
use std::os::unix::ffi::OsStringExt;
match std::env::var_os(key) {
Some(value) => Ok(Some(Bytes::from(value.into_vec()))),
None => Ok(None),
}
}
#[cfg(not(unix))]
{
match std::env::var(key) {
Ok(value) => Ok(Some(Bytes::from(value.into_bytes()))),
Err(std::env::VarError::NotPresent) => Ok(None),
Err(std::env::VarError::NotUnicode(_)) => Err(SecretError::Internal(
anyhow::anyhow!("secret store returned an invalid Unicode value"),
)),
}
}
}
}
#[cfg(test)]
mod tests {
use super::*;
use crate::test_utils::{env_guard, EnvOverride};
use bytes::Bytes;
#[cfg(unix)]
use std::ffi::OsString;
#[tokio::test(flavor = "current_thread")]
async fn get_bytes_returns_none_when_var_not_set() {
let _guard = env_guard().lock().await;
let _env = EnvOverride::clear("__EDGEZERO_TEST_MISSING_VAR_XYZ__");
let store = EnvSecretStore::new();
let result = store
.get_bytes("env", "__EDGEZERO_TEST_MISSING_VAR_XYZ__")
.await
.unwrap();
assert!(result.is_none());
}
#[tokio::test(flavor = "current_thread")]
async fn get_bytes_returns_value_when_var_set() {
let _guard = env_guard().lock().await;
let _env = EnvOverride::set("__EDGEZERO_TEST_SECRET__", "test_value_123");
let store = EnvSecretStore::new();
let result = store
.get_bytes("env", "__EDGEZERO_TEST_SECRET__")
.await
.unwrap();
assert_eq!(result, Some(Bytes::from("test_value_123")));
}
#[cfg(unix)]
#[tokio::test(flavor = "current_thread")]
async fn get_bytes_preserves_non_utf8_secret_values() {
use std::os::unix::ffi::OsStringExt;
let _guard = env_guard().lock().await;
let _env = EnvOverride::set(
"__EDGEZERO_TEST_BINARY_SECRET__",
OsString::from_vec(vec![0xff, 0x61]),
);
let store = EnvSecretStore::new();
let result = store
.get_bytes("env", "__EDGEZERO_TEST_BINARY_SECRET__")
.await
.unwrap();
assert_eq!(result, Some(Bytes::from_static(&[0xff, 0x61])));
}
// Contract tests: use InMemorySecretStoreProvider since EnvSecretStore needs
// real env vars, which are unsafe in parallel tests.
// The EnvSecretStore is tested individually above.
use edgezero_core::secret_store_contract_tests;
secret_store_contract_tests!(env_secret_contract, {
edgezero_core::InMemorySecretStore::new([
("mystore/contract_key", Bytes::from("contract_value")),
("mystore/contract_key_2", Bytes::from("another_value")),
])
});
}