greentic-secrets-spec 0.5.0

Canonical traits and data models for Greentic secrets (read/write, versioning, metadata).
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

use crate::error::Result;
use crate::types::{Scope, SecretListItem, SecretRecord};
use crate::uri::SecretUri;
#[cfg(feature = "serde")]
use serde::{Deserialize, Serialize};
#[cfg(feature = "std")]
use std::sync::Arc;

/// Version metadata describing a specific revision of a secret.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
pub struct SecretVersion {
    pub version: u64,
    pub deleted: bool,
}

impl SecretVersion {
    pub fn is_deleted(&self) -> bool {
        self.deleted
    }
}

/// Versioned record returned by backends.
#[derive(Debug, Clone, PartialEq, Eq)]
#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
pub struct VersionedSecret {
    pub version: u64,
    pub deleted: bool,
    pub record: Option<SecretRecord>,
}

impl VersionedSecret {
    pub fn record(&self) -> Option<&SecretRecord> {
        self.record.as_ref()
    }
}

/// Storage interface implemented by provider backends.
pub trait SecretsBackend: Send + Sync {
    fn put(&self, record: SecretRecord) -> Result<SecretVersion>;
    fn get(&self, uri: &SecretUri, version: Option<u64>) -> Result<Option<VersionedSecret>>;
    fn list(
        &self,
        scope: &Scope,
        category_prefix: Option<&str>,
        name_prefix: Option<&str>,
    ) -> Result<Vec<SecretListItem>>;
    fn delete(&self, uri: &SecretUri) -> Result<SecretVersion>;
    fn versions(&self, uri: &SecretUri) -> Result<Vec<SecretVersion>>;
    fn exists(&self, uri: &SecretUri) -> Result<bool>;
}

#[cfg(feature = "std")]
impl<T> SecretsBackend for Arc<T>
where
    T: SecretsBackend + ?Sized,
{
    fn put(&self, record: SecretRecord) -> Result<SecretVersion> {
        (**self).put(record)
    }

    fn get(&self, uri: &SecretUri, version: Option<u64>) -> Result<Option<VersionedSecret>> {
        (**self).get(uri, version)
    }

    fn list(
        &self,
        scope: &Scope,
        category_prefix: Option<&str>,
        name_prefix: Option<&str>,
    ) -> Result<Vec<SecretListItem>> {
        (**self).list(scope, category_prefix, name_prefix)
    }

    fn delete(&self, uri: &SecretUri) -> Result<SecretVersion> {
        (**self).delete(uri)
    }

    fn versions(&self, uri: &SecretUri) -> Result<Vec<SecretVersion>> {
        (**self).versions(uri)
    }

    fn exists(&self, uri: &SecretUri) -> Result<bool> {
        (**self).exists(uri)
    }
}

impl<T> SecretsBackend for Box<T>
where
    T: SecretsBackend + ?Sized,
{
    fn put(&self, record: SecretRecord) -> Result<SecretVersion> {
        (**self).put(record)
    }

    fn get(&self, uri: &SecretUri, version: Option<u64>) -> Result<Option<VersionedSecret>> {
        (**self).get(uri, version)
    }

    fn list(
        &self,
        scope: &Scope,
        category_prefix: Option<&str>,
        name_prefix: Option<&str>,
    ) -> Result<Vec<SecretListItem>> {
        (**self).list(scope, category_prefix, name_prefix)
    }

    fn delete(&self, uri: &SecretUri) -> Result<SecretVersion> {
        (**self).delete(uri)
    }

    fn versions(&self, uri: &SecretUri) -> Result<Vec<SecretVersion>> {
        (**self).versions(uri)
    }

    fn exists(&self, uri: &SecretUri) -> Result<bool> {
        (**self).exists(uri)
    }
}