alien_core/resources/
vault.rs

1use crate::error::{ErrorData, Result};
2use crate::resource::{ResourceDefinition, ResourceOutputsDefinition, ResourceRef, ResourceType};
3use alien_error::AlienError;
4use bon::Builder;
5use serde::{Deserialize, Serialize};
6use std::any::Any;
7use std::fmt::Debug;
8
9/// Represents a secure vault for storing secrets.
10/// This resource provides a platform-agnostic interface over cloud-native secret management services:
11/// - AWS: AWS Secrets Manager with prefixed secret names
12/// - GCP: Secret Manager with prefixed secret names
13/// - Azure: Key Vault resource
14///
15/// The vault acts as a namespace for secrets and controls access permissions for functions and services.
16#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, Builder)]
17#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
18#[serde(rename_all = "camelCase", deny_unknown_fields)]
19#[builder(start_fn = new)]
20pub struct Vault {
21    /// Unique identifier for the vault. Must contain only alphanumeric characters, hyphens, and underscores ([A-Za-z0-9-_]).
22    /// Maximum 64 characters.
23    #[builder(start_fn)]
24    pub id: String,
25}
26
27impl Vault {
28    /// The resource type identifier for Vault
29    pub const RESOURCE_TYPE: ResourceType = ResourceType::from_static("vault");
30
31    /// Returns the vault's unique identifier.
32    pub fn id(&self) -> &str {
33        &self.id
34    }
35}
36
37/// Outputs generated by a successfully provisioned Vault.
38#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
39#[cfg_attr(feature = "openapi", derive(utoipa::ToSchema))]
40#[serde(rename_all = "camelCase")]
41pub struct VaultOutputs {
42    /// Platform-specific vault identifier.
43    /// - AWS: Account and region (e.g., "123456789012:us-west-2") - implicit reference to Secrets Manager
44    /// - GCP: Project and location (e.g., "projects/my-project/locations/us-central1") - implicit reference to Secret Manager
45    /// - Azure: Key Vault resource ID (e.g., "/subscriptions/.../resourceGroups/.../providers/Microsoft.KeyVault/vaults/my-vault")
46    pub vault_id: String,
47}
48
49#[typetag::serde(name = "vault")]
50impl ResourceOutputsDefinition for VaultOutputs {
51    fn resource_type() -> ResourceType {
52        Vault::RESOURCE_TYPE.clone()
53    }
54
55    fn as_any(&self) -> &dyn Any {
56        self
57    }
58
59    fn box_clone(&self) -> Box<dyn ResourceOutputsDefinition> {
60        Box::new(self.clone())
61    }
62
63    fn outputs_eq(&self, other: &dyn ResourceOutputsDefinition) -> bool {
64        other.as_any().downcast_ref::<VaultOutputs>() == Some(self)
65    }
66}
67
68// Implementation of ResourceDefinition trait for Vault
69#[typetag::serde(name = "vault")]
70impl ResourceDefinition for Vault {
71    fn resource_type() -> ResourceType {
72        Self::RESOURCE_TYPE.clone()
73    }
74
75    fn get_resource_type(&self) -> ResourceType {
76        Self::resource_type()
77    }
78
79    fn id(&self) -> &str {
80        &self.id
81    }
82
83    fn get_dependencies(&self) -> Vec<ResourceRef> {
84        Vec::new()
85    }
86
87    fn validate_update(&self, new_config: &dyn ResourceDefinition) -> Result<()> {
88        // Downcast to Vault type to use the existing validate_update method
89        let new_vault = new_config.as_any().downcast_ref::<Vault>().ok_or_else(|| {
90            AlienError::new(ErrorData::UnexpectedResourceType {
91                resource_id: self.id.clone(),
92                expected: Self::RESOURCE_TYPE,
93                actual: new_config.get_resource_type(),
94            })
95        })?;
96
97        if self.id != new_vault.id {
98            return Err(AlienError::new(ErrorData::InvalidResourceUpdate {
99                resource_id: self.id.clone(),
100                reason: "the 'id' field is immutable".to_string(),
101            }));
102        }
103        Ok(())
104    }
105
106    fn as_any(&self) -> &dyn Any {
107        self
108    }
109
110    fn as_any_mut(&mut self) -> &mut dyn Any {
111        self
112    }
113
114    fn box_clone(&self) -> Box<dyn ResourceDefinition> {
115        Box::new(self.clone())
116    }
117
118    fn resource_eq(&self, other: &dyn ResourceDefinition) -> bool {
119        other.as_any().downcast_ref::<Vault>() == Some(self)
120    }
121}
122
123#[cfg(test)]
124mod tests {
125    use super::*;
126
127    #[test]
128    fn test_vault_creation() {
129        let vault = Vault::new("my-vault".to_string()).build();
130        assert_eq!(vault.id, "my-vault");
131    }
132
133    #[test]
134    fn test_vault_dependencies() {
135        let vault = Vault::new("my-vault".to_string()).build();
136        let dependencies = vault.get_dependencies();
137        assert!(dependencies.is_empty());
138    }
139
140    #[test]
141    fn test_vault_outputs_equality() {
142        let outputs1 = VaultOutputs {
143            vault_id: "test-vault".to_string(),
144        };
145
146        let outputs2 = VaultOutputs {
147            vault_id: "test-vault".to_string(),
148        };
149
150        let outputs3 = VaultOutputs {
151            vault_id: "different-vault".to_string(),
152        };
153
154        assert!(outputs1.outputs_eq(&outputs2));
155        assert!(!outputs1.outputs_eq(&outputs3));
156    }
157}
alien_core/resources/vault.rs

alien_core/resources/
vault.rs
