earl 0.5.2

AI-safe CLI for AI agents
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328

use std::sync::Mutex;

use anyhow::{Context, Result, anyhow, bail};
use aws_sdk_secretsmanager::error::ProvideErrorMetadata;
use secrecy::SecretString;

use crate::secrets::resolver::SecretResolver;

/// Characters that are unsafe in AWS secret references (query/fragment delimiters).
const UNSAFE_CHARS: &[char] = &['?', '#'];

/// Validate that an AWS reference component does not contain `?`, `#`,
/// whitespace, or control characters. Slashes are allowed in secret names.
fn validate_aws_component(value: &str, field_name: &str) -> Result<()> {
    for ch in value.chars() {
        if UNSAFE_CHARS.contains(&ch) || ch.is_whitespace() || ch.is_control() {
            bail!(
                "{field_name} contains invalid character '{}' — \
                 must not contain '?', '#', whitespace, or control characters",
                ch.escape_debug()
            );
        }
    }
    Ok(())
}

/// A parsed `aws://secret-name` or `aws://secret-name#json-key` reference.
#[derive(Debug)]
struct AwsReference {
    secret_id: String,
    json_key: Option<String>,
}

impl AwsReference {
    fn parse(reference: &str) -> Result<Self> {
        let after_scheme = reference
            .strip_prefix("aws://")
            .ok_or_else(|| anyhow!("invalid AWS reference: must start with aws://"))?;

        if after_scheme.is_empty() {
            bail!("invalid AWS reference: secret name must not be empty in {reference}");
        }

        // Split on '#' to separate secret name from optional JSON key
        let (secret_id, json_key) = match after_scheme.split_once('#') {
            Some((name, key)) => {
                if name.is_empty() {
                    bail!("invalid AWS reference: secret name must not be empty in {reference}");
                }
                if key.is_empty() {
                    bail!(
                        "invalid AWS reference: JSON key after '#' must not be empty in {reference}"
                    );
                }
                (name.to_string(), Some(key.to_string()))
            }
            None => (after_scheme.to_string(), None),
        };

        validate_aws_component(&secret_id, "secret name")?;
        if let Some(ref key) = json_key {
            validate_aws_component(key, "JSON key")?;
        }

        Ok(Self {
            secret_id,
            json_key,
        })
    }
}

/// Resolver for AWS Secrets Manager secrets using the `aws://` URI scheme.
///
/// Authentication is handled by the standard AWS SDK credential chain (environment
/// variables, `~/.aws/credentials`, IAM role, etc.).
///
/// References use one of two formats:
/// * `aws://secret-name` — returns the full `SecretString`
/// * `aws://secret-name#json-key` — parses `SecretString` as JSON and extracts the key
///
/// Examples:
/// * `aws://prod/api-key` — returns the raw secret value
/// * `aws://prod/db-creds#password` — parses the secret as JSON and returns the `password` field
///
/// **Note on retries:** The AWS SDK has its own internal retry logic (3 attempts by
/// default). Earl's retry wrapper in `require_secret()` adds an additional layer,
/// so AWS calls may see up to 9 total attempts on transient failures.
pub struct AwsResolver {
    /// Cached AWS SDK client — reused across resolves to avoid re-loading
    /// credentials and config on every call.
    client_cache: Mutex<Option<aws_sdk_secretsmanager::Client>>,
}

impl AwsResolver {
    pub fn new() -> Self {
        Self {
            client_cache: Mutex::new(None),
        }
    }
}

impl Default for AwsResolver {
    fn default() -> Self {
        Self::new()
    }
}

#[allow(clippy::result_large_err)]
impl SecretResolver for AwsResolver {
    fn scheme(&self) -> &str {
        "aws"
    }

    fn resolve(&self, reference: &str) -> Result<SecretString> {
        let aws_ref = AwsReference::parse(reference)?;

        // Reuse cached client to avoid re-loading credentials/config per call.
        let client = {
            let mut cache = self.client_cache.lock().unwrap_or_else(|e| e.into_inner());
            if let Some(ref client) = *cache {
                client.clone()
            } else {
                let config = tokio::task::block_in_place(|| {
                    tokio::runtime::Handle::current().block_on(aws_config::load_defaults(
                        aws_config::BehaviorVersion::latest(),
                    ))
                });
                let new_client = aws_sdk_secretsmanager::Client::new(&config);
                *cache = Some(new_client.clone());
                new_client
            }
        };

        let result = tokio::task::block_in_place(|| {
            tokio::runtime::Handle::current().block_on(
                client
                    .get_secret_value()
                    .secret_id(&aws_ref.secret_id)
                    .send(),
            )
        });

        let output = match result {
            Ok(output) => output,
            Err(err) => {
                // Use typed service error matching where possible for stability.
                if let Some(svc_err) = err.as_service_error() {
                    // ResourceNotFoundException: the secret name does not exist in
                    // Secrets Manager (or not in the configured region).
                    if svc_err.is_resource_not_found_exception() {
                        bail!(
                            "AWS secret '{}' was not found in Secrets Manager. \
                             Verify the secret name and that AWS_REGION or \
                             AWS_DEFAULT_REGION points to the correct region.",
                            aws_ref.secret_id
                        );
                    }
                    // InvalidRequestException: secret exists but the request is
                    // invalid — most commonly because the secret is scheduled for
                    // deletion (pending delete) or is in a state that blocks retrieval.
                    if svc_err.is_invalid_request_exception() {
                        bail!(
                            "AWS secret '{}' cannot be retrieved: the secret may be \
                             scheduled for deletion or in an invalid state. \
                             Check the secret status in the AWS console.",
                            aws_ref.secret_id
                        );
                    }
                    // DecryptionFailure: the KMS key used to encrypt the secret
                    // could not be used for decryption (distinct from IAM AccessDenied).
                    if svc_err.is_decryption_failure() {
                        bail!(
                            "AWS secret '{}' could not be decrypted: the KMS key used to \
                             encrypt this secret is unavailable, disabled, or the IAM principal \
                             lacks kms:Decrypt permission.",
                            aws_ref.secret_id
                        );
                    }
                    // InvalidParameterException: the request contained an invalid value
                    // (e.g., a malformed secret name or unsupported parameter combination).
                    if svc_err.is_invalid_parameter_exception() {
                        bail!(
                            "AWS secret '{}': invalid parameter — verify the secret name is \
                             correct and contains no unsupported characters.",
                            aws_ref.secret_id
                        );
                    }
                    // AccessDeniedException is not a modeled error for GetSecretValue;
                    // it surfaces as an unhandled service error with a known error code.
                    // Note: SdkError's Display ignores f.alternate(), so format!("{err:#}")
                    // always produces "service error" and cannot be used for string matching.
                    if svc_err.code() == Some("AccessDeniedException") {
                        bail!(
                            "IAM access denied for AWS secret '{}': the IAM principal lacks \
                             secretsmanager:GetSecretValue permission (or kms:Decrypt if using \
                             a customer-managed KMS key). Verify the IAM policy grants access \
                             to this secret.",
                            aws_ref.secret_id
                        );
                    }
                }
                return Err(anyhow::anyhow!(err).context(format!(
                    "failed to retrieve AWS secret '{}': ensure AWS credentials are configured \
                     (AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY/AWS_SESSION_TOKEN, \
                     ~/.aws/credentials, or IAM role). \
                     Set AWS_REGION or AWS_DEFAULT_REGION to your secret's region.",
                    aws_ref.secret_id
                )));
            }
        };

        let secret_string = output.secret_string().ok_or_else(|| {
            anyhow!(
                "AWS secret '{}' does not contain a SecretString (it may be binary)",
                aws_ref.secret_id
            )
        })?;

        match &aws_ref.json_key {
            Some(key) => {
                let parsed: serde_json::Value = serde_json::from_str(secret_string)
                    .with_context(|| {
                        format!(
                            "failed to parse AWS secret '{}' as JSON (needed for '#{}' key extraction)",
                            aws_ref.secret_id, key
                        )
                    })?;

                let value = parsed.get(key).ok_or_else(|| {
                    anyhow!(
                        "top-level key '{}' not found in AWS secret '{}'. \
                         Verify the key exists at the top level of the secret's JSON structure. \
                         Note: nested key paths (e.g., 'a.b') are not supported — \
                         only top-level keys can be extracted.",
                        key,
                        aws_ref.secret_id,
                    )
                })?;

                // Extract the string value — if it's a JSON string, unwrap it;
                // otherwise use its JSON representation.
                let text = match value.as_str() {
                    Some(s) => s.to_string(),
                    None => value.to_string(),
                };

                Ok(SecretString::from(text))
            }
            None => Ok(SecretString::from(secret_string.to_string())),
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn simple_name_sets_correct_secret_id() {
        let r = AwsReference::parse("aws://my-secret").unwrap();
        assert_eq!(r.secret_id, "my-secret");
    }

    #[test]
    fn simple_name_has_no_json_key() {
        let r = AwsReference::parse("aws://my-secret").unwrap();
        assert!(r.json_key.is_none());
    }

    #[test]
    fn name_with_slashes_accepted_as_secret_id() {
        let r = AwsReference::parse("aws://prod/db/credentials").unwrap();
        assert_eq!(r.secret_id, "prod/db/credentials");
    }

    #[test]
    fn name_with_slashes_has_no_json_key() {
        let r = AwsReference::parse("aws://prod/db/credentials").unwrap();
        assert!(r.json_key.is_none());
    }

    #[test]
    fn hash_separator_sets_correct_secret_id() {
        let r = AwsReference::parse("aws://prod/db-creds#password").unwrap();
        assert_eq!(r.secret_id, "prod/db-creds");
    }

    #[test]
    fn hash_separator_sets_json_key() {
        let r = AwsReference::parse("aws://prod/db-creds#password").unwrap();
        assert_eq!(r.json_key.as_deref(), Some("password"));
    }

    #[test]
    fn empty_secret_name_returns_error() {
        assert!(AwsReference::parse("aws://").is_err());
    }

    #[test]
    fn empty_secret_name_before_hash_returns_error() {
        assert!(AwsReference::parse("aws://#key").is_err());
    }

    #[test]
    fn empty_key_after_hash_returns_error() {
        assert!(AwsReference::parse("aws://secret#").is_err());
    }

    #[test]
    fn wrong_scheme_prefix_returns_error() {
        assert!(AwsReference::parse("vault://secret/path#field").is_err());
    }

    #[test]
    fn question_mark_in_secret_id_returns_error() {
        assert!(AwsReference::parse("aws://my-secret?inject=1").is_err());
    }

    #[test]
    fn control_char_in_secret_id_returns_error() {
        assert!(AwsReference::parse("aws://my\x00secret").is_err());
    }

    #[test]
    fn whitespace_in_json_key_returns_error() {
        assert!(AwsReference::parse("aws://secret#my key").is_err());
    }
}