fluentci_graphql/schema/
secrets.rs

1use std::{
2    path::PathBuf,
3    sync::{Arc, Mutex},
4};
5
6use async_graphql::{Context, Error, Object, ID};
7use fluentci_common::common;
8use fluentci_core::deps::Graph;
9use fluentci_secrets::{
10    aws::AwsConfig,
11    azure::{AzureConfig, AzureCredential},
12    google::GoogleConfig,
13    vault::HashicorpVaultConfig,
14    Provider,
15};
16
17use crate::schema::objects::secret_manager::SecretManager;
18
19use super::objects::secret::Secret;
20
21#[derive(Default, Clone)]
22pub struct SecretsQuery;
23
24#[Object]
25impl SecretsQuery {
26    async fn set_secret(
27        &self,
28        ctx: &Context<'_>,
29        name: String,
30        value: String,
31    ) -> Result<Secret, Error> {
32        let graph = ctx.data::<Arc<Mutex<Graph>>>().unwrap();
33        let secret_id = common::set_secret(graph.clone(), &name, &value)?;
34        Ok(Secret {
35            id: ID(secret_id),
36            name,
37            mount: "default".to_string(),
38        })
39    }
40
41    async fn google_cloud_secret_manager(
42        &self,
43        ctx: &Context<'_>,
44        project: String,
45        google_credentials_file: String,
46    ) -> Result<SecretManager, Error> {
47        let graph = ctx.data::<Arc<Mutex<Graph>>>().unwrap();
48        let provider = Provider::Google(GoogleConfig {
49            google_project: Some(project),
50            google_credentials_file: Some(PathBuf::from(google_credentials_file)),
51            google_credentials_json: None,
52        });
53        let id = common::add_secretmanager(graph.clone(), provider)?;
54        Ok(SecretManager { id: ID(id) })
55    }
56
57    async fn aws_secrets_manager(
58        &self,
59        ctx: &Context<'_>,
60        region: String,
61        access_key_id: String,
62        secret_access_key: String,
63    ) -> Result<SecretManager, Error> {
64        let graph = ctx.data::<Arc<Mutex<Graph>>>().unwrap();
65        let provider = Provider::Aws(AwsConfig {
66            aws_region: region,
67            aws_access_key_id: Some(access_key_id),
68            aws_secret_access_key: Some(secret_access_key),
69        });
70        let id = common::add_secretmanager(graph.clone(), provider)?;
71        Ok(SecretManager { id: ID(id) })
72    }
73
74    async fn azure_keyvault(
75        &self,
76        ctx: &Context<'_>,
77        client_id: String,
78        client_secret: String,
79        tenant_id: String,
80        keyvault_name: String,
81        keyvault_url: String,
82    ) -> Result<SecretManager, Error> {
83        let graph = ctx.data::<Arc<Mutex<Graph>>>().unwrap();
84        let credential = AzureCredential {
85            azure_client_id: Some(client_id),
86            azure_client_secret: Some(client_secret),
87            azure_tenant_id: Some(tenant_id),
88        };
89        let provider = Provider::Azure(AzureConfig {
90            credential,
91            azure_keyvault_name: Some(keyvault_name),
92            azure_keyvault_url: Some(keyvault_url),
93        });
94        let id = common::add_secretmanager(graph.clone(), provider)?;
95        Ok(SecretManager { id: ID(id) })
96    }
97
98    async fn hashicorp_vault(
99        &self,
100        ctx: &Context<'_>,
101        address: String,
102        token: String,
103        cacerts: Option<String>,
104    ) -> Result<SecretManager, Error> {
105        let graph = ctx.data::<Arc<Mutex<Graph>>>().unwrap();
106        let provider = Provider::Hashicorp(HashicorpVaultConfig {
107            vault_address: Some(address),
108            vault_token: Some(token),
109            vault_cacert: cacerts.map(|x| PathBuf::from(x)),
110        });
111        let id = common::add_secretmanager(graph.clone(), provider)?;
112        Ok(SecretManager { id: ID(id) })
113    }
114}
fluentci_graphql/schema/secrets.rs

fluentci_graphql/schema/
secrets.rs
