alien-bindings 1.4.0

Alien platform runtime bindings
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

use crate::error::{ErrorData, Result};
use alien_error::{AlienError, Context, IntoAlienError};
use async_trait::async_trait;
use std::collections::HashMap;
use std::path::PathBuf;

/// Local vault binding implementation for development and testing.
///
/// Secrets are stored in a JSON file in the vault directory without encryption.
/// Encryption will be added in a future iteration.
#[derive(Debug)]
pub struct LocalVault {
    vault_name: String,
    vault_dir: PathBuf,
}

impl LocalVault {
    /// Create a new local vault binding.
    ///
    /// # Arguments
    /// * `vault_name` - Name of the vault
    /// * `vault_dir` - Directory where secrets are stored
    pub fn new(vault_name: String, vault_dir: PathBuf) -> Self {
        Self {
            vault_name,
            vault_dir,
        }
    }

    /// Get the path to the secrets file.
    fn secrets_file_path(&self) -> PathBuf {
        self.vault_dir.join("secrets.json")
    }

    /// Load secrets from disk.
    async fn load_secrets(&self) -> Result<HashMap<String, String>> {
        let secrets_file = self.secrets_file_path();

        if !secrets_file.exists() {
            return Ok(HashMap::new());
        }

        let content = tokio::fs::read_to_string(&secrets_file)
            .await
            .into_alien_error()
            .context(ErrorData::CloudPlatformError {
                message: format!(
                    "Failed to read vault secrets file: {}",
                    secrets_file.display()
                ),
                resource_id: None,
            })?;

        serde_json::from_str(&content)
            .into_alien_error()
            .context(ErrorData::CloudPlatformError {
                message: format!(
                    "Failed to parse vault secrets file: {}",
                    secrets_file.display()
                ),
                resource_id: None,
            })
    }

    /// Save secrets to disk.
    async fn save_secrets(&self, secrets: &HashMap<String, String>) -> Result<()> {
        let secrets_file = self.secrets_file_path();

        // Ensure directory exists
        if let Some(parent) = secrets_file.parent() {
            tokio::fs::create_dir_all(parent)
                .await
                .into_alien_error()
                .context(ErrorData::CloudPlatformError {
                    message: format!("Failed to create vault directory: {}", parent.display()),
                    resource_id: None,
                })?;
        }

        let json = serde_json::to_string_pretty(secrets)
            .into_alien_error()
            .context(ErrorData::CloudPlatformError {
                message: "Failed to serialize vault secrets".to_string(),
                resource_id: None,
            })?;

        let path = secrets_file.clone();
        let data = json.into_bytes();
        tokio::task::spawn_blocking(move || alien_core::file_utils::write_secret_file(&path, &data))
            .await
            .into_alien_error()
            .context(ErrorData::CloudPlatformError {
                message: "Failed to spawn blocking write task".to_string(),
                resource_id: None,
            })?
            .into_alien_error()
            .context(ErrorData::CloudPlatformError {
                message: format!(
                    "Failed to write vault secrets file: {}",
                    secrets_file.display()
                ),
                resource_id: None,
            })
    }
}

#[async_trait]
impl crate::traits::Binding for LocalVault {}

#[async_trait]
impl crate::traits::Vault for LocalVault {
    /// Get a secret value by name
    async fn get_secret(&self, secret_name: &str) -> Result<String> {
        let secrets = self.load_secrets().await?;

        secrets.get(secret_name).cloned().ok_or_else(|| {
            AlienError::new(ErrorData::CloudPlatformError {
                message: format!(
                    "Secret '{}' not found in vault '{}'",
                    secret_name, self.vault_name
                ),
                resource_id: None,
            })
        })
    }

    /// Set a secret value
    async fn set_secret(&self, secret_name: &str, value: &str) -> Result<()> {
        let mut secrets = self.load_secrets().await?;
        secrets.insert(secret_name.to_string(), value.to_string());
        self.save_secrets(&secrets).await
    }

    /// Delete a secret
    async fn delete_secret(&self, secret_name: &str) -> Result<()> {
        let mut secrets = self.load_secrets().await?;

        secrets.remove(secret_name).ok_or_else(|| {
            AlienError::new(ErrorData::CloudPlatformError {
                message: format!(
                    "Secret '{}' not found in vault '{}'",
                    secret_name, self.vault_name
                ),
                resource_id: None,
            })
        })?;

        self.save_secrets(&secrets).await
    }
}