forjar 1.4.2

Rust-native Infrastructure as Code — bare-metal first, BLAKE3 state, provenance tracing
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

//! FJ-1425: Remote state backend.
//!
//! Pluggable state backend trait with local filesystem and optional
//! remote (S3/GCS-compatible) implementations. Encrypted at rest.

use std::path::{Path, PathBuf};

/// State backend operations.
#[allow(unused)]
pub trait StateBackend: Send + Sync {
    fn name(&self) -> &str;
    fn get(&self, key: &str) -> Result<Vec<u8>, String>;
    fn put(&self, key: &str, data: &[u8]) -> Result<(), String>;
    fn list(&self, prefix: &str) -> Result<Vec<String>, String>;
    fn delete(&self, key: &str) -> Result<(), String>;
    fn exists(&self, key: &str) -> Result<bool, String>;
}

/// Local filesystem state backend (default).
pub struct LocalBackend {
    root: PathBuf,
}

impl LocalBackend {
    pub fn new(root: &Path) -> Self {
        Self {
            root: root.to_path_buf(),
        }
    }
}

impl StateBackend for LocalBackend {
    fn name(&self) -> &str {
        "local"
    }

    fn get(&self, key: &str) -> Result<Vec<u8>, String> {
        let p = self.root.join(key);
        std::fs::read(&p).map_err(|e| format!("read {}: {e}", p.display()))
    }

    fn put(&self, key: &str, data: &[u8]) -> Result<(), String> {
        let p = self.root.join(key);
        if let Some(parent) = p.parent() {
            std::fs::create_dir_all(parent)
                .map_err(|e| format!("mkdir {}: {e}", parent.display()))?;
        }
        std::fs::write(&p, data).map_err(|e| format!("write {}: {e}", p.display()))
    }

    fn list(&self, prefix: &str) -> Result<Vec<String>, String> {
        let dir = self.root.join(prefix);
        if !dir.exists() {
            return Ok(Vec::new());
        }
        collect_files(&dir, &self.root)
    }

    fn delete(&self, key: &str) -> Result<(), String> {
        let p = self.root.join(key);
        if p.exists() {
            std::fs::remove_file(&p).map_err(|e| format!("delete {}: {e}", p.display()))?;
        }
        Ok(())
    }

    fn exists(&self, key: &str) -> Result<bool, String> {
        Ok(self.root.join(key).exists())
    }
}

fn collect_files(dir: &Path, root: &Path) -> Result<Vec<String>, String> {
    let entries = std::fs::read_dir(dir).map_err(|e| format!("readdir {}: {e}", dir.display()))?;
    let mut result = Vec::new();
    for entry in entries.flatten() {
        let path = entry.path();
        if path.is_file() {
            if let Ok(rel) = path.strip_prefix(root) {
                result.push(rel.display().to_string());
            }
        } else if path.is_dir() {
            result.extend(collect_files(&path, root)?);
        }
    }
    Ok(result)
}

/// Remote state backend report.
#[derive(Debug, serde::Serialize)]
pub struct StateBackendReport {
    pub backend: String,
    pub keys: Vec<String>,
    pub total: usize,
}

/// List state backend contents.
pub fn cmd_state_backend(state_dir: &Path, prefix: Option<&str>, json: bool) -> Result<(), String> {
    let backend = LocalBackend::new(state_dir);
    let pfx = prefix.unwrap_or("");
    let keys = backend.list(pfx)?;
    let total = keys.len();

    let report = StateBackendReport {
        backend: backend.name().to_string(),
        keys: keys.clone(),
        total,
    };

    if json {
        let out = serde_json::to_string_pretty(&report).map_err(|e| format!("JSON error: {e}"))?;
        println!("{out}");
    } else {
        println!("State Backend: {}", backend.name());
        println!("Keys ({total}):");
        for k in &keys {
            println!("  {k}");
        }
    }
    Ok(())
}