Skip to main content

awsim_secretsmanager/
state.rs

1use dashmap::DashMap;
2use std::collections::HashMap;
3
4/// A single version of a secret value.
5#[derive(Debug, Clone)]
6pub struct SecretVersion {
7    pub version_id: String,
8    pub secret_string: Option<String>,
9    /// base64-encoded binary value
10    pub secret_binary: Option<String>,
11    /// e.g. ["AWSCURRENT"], ["AWSPREVIOUS"]
12    pub stages: Vec<String>,
13    /// Unix epoch seconds (f64) — matches awsJson1.1 timestamp wire format.
14    pub created_date: f64,
15}
16
17/// A secret and all its versions.
18#[derive(Debug, Clone)]
19pub struct Secret {
20    pub arn: String,
21    pub name: String,
22    pub description: String,
23    /// version_id → SecretVersion
24    pub versions: HashMap<String, SecretVersion>,
25    pub current_version_id: String,
26    pub tags: HashMap<String, String>,
27    /// Unix epoch seconds (f64) — matches awsJson1.1 timestamp wire format.
28    pub created_date: f64,
29    /// Unix epoch seconds (f64).
30    pub last_changed_date: f64,
31    /// Unix epoch seconds (f64), or None if not scheduled for deletion.
32    pub deleted_date: Option<f64>,
33    /// Whether automatic rotation is enabled.
34    pub rotation_enabled: bool,
35    /// ARN of the Lambda function that performs rotation.
36    pub rotation_lambda_arn: Option<String>,
37    /// Days between automatic rotations.
38    pub rotation_automatically_after_days: Option<u64>,
39    /// KMS key ARN/alias used to encrypt secret values at rest. None
40    /// means the AWS-managed `aws/secretsmanager` key (unsurfaced in
41    /// Describe responses, matching AWS).
42    pub kms_key_id: Option<String>,
43    /// Unix epoch seconds — last time RotateSecret successfully ran.
44    /// `None` until the first rotation completes.
45    pub last_rotated_date: Option<f64>,
46    /// Unix epoch seconds — last time the secret value was retrieved
47    /// (any GetSecretValue call). Surfaces in Describe / ListSecrets.
48    pub last_accessed_date: Option<f64>,
49    /// Replica regions requested via CreateSecret.AddReplicaRegions /
50    /// ReplicateSecretToRegions. Each entry surfaces in DescribeSecret
51    /// as a `ReplicationStatus` row.
52    pub replica_regions: Vec<ReplicaRegion>,
53}
54
55/// A single replica entry. Replication itself is metadata-only today —
56/// no cross-region mirror is created — but storing the requested set is
57/// what most SDK round-trips care about.
58#[derive(Debug, Clone)]
59pub struct ReplicaRegion {
60    pub region: String,
61    pub kms_key_id: Option<String>,
62}
63
64/// Per-account/region Secrets Manager state.
65#[derive(Debug, Default)]
66pub struct SecretsState {
67    /// name → Secret (primary index)
68    pub secrets: DashMap<String, Secret>,
69    /// secret name → JSON resource policy string
70    pub resource_policies: DashMap<String, String>,
71}