host-identity 1.1.1

Stable, collision-resistant host identity resolution across platforms, container runtimes, cloud providers, and Kubernetes
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

//! Portable sources: overrides and custom callbacks.
//!
//! # Identity scope
//!
//! `EnvOverride`, `FileOverride`, and `FnSource` are **caller-scoped**:
//! whoever sets the variable, writes the file, or supplies the closure
//! picks the scope. Setting `HOST_IDENTITY` in a host-level systemd
//! unit gives host scope to every container that inherits the
//! environment; setting the same variable in a Kubernetes pod spec
//! (via `valueFrom.fieldRef.fieldPath: metadata.uid`) gives per-pod
//! scope. The crate cannot tell which you intended — pick
//! intentionally.
//!
//! For per-pod identity sourced from a projected file, prefer the
//! purpose-built [`crate::sources::KubernetesDownwardApi`] over
//! wiring `FileOverride` at a downward-API path: the k8s source
//! labels the probe with `SourceKind::KubernetesDownwardApi` so the
//! resulting [`crate::HostId`] records the correct provenance.
//! Reserve `FileOverride` for genuinely caller-pinned paths (a
//! per-instance volume, an HSM-written file, a provisioning agent's
//! output).
//!
//! See `docs/algorithm.md` → "Identity scope" for the host-vs-
//! container trap these sources are most often used to work around.

use std::path::{Path, PathBuf};

use crate::error::Error;
use crate::source::{Probe, Source, SourceKind};
use crate::sources::util::{normalize, read_capped};

/// Read the identifier from an environment variable.
///
/// Skipped (`Ok(None)`) when the variable is unset, empty, or holds only
/// whitespace.
#[derive(Debug, Clone)]
pub struct EnvOverride {
    var: String,
}

impl EnvOverride {
    /// Read from the named environment variable.
    #[must_use]
    pub fn new(var: impl Into<String>) -> Self {
        Self { var: var.into() }
    }
}

impl Source for EnvOverride {
    fn kind(&self) -> SourceKind {
        SourceKind::EnvOverride
    }

    fn probe(&self) -> Result<Option<Probe>, Error> {
        match std::env::var(&self.var) {
            Ok(value) => Ok(normalize(&value).map(|v| Probe::new(SourceKind::EnvOverride, v))),
            Err(_) => Ok(None),
        }
    }
}

/// Read the identifier from a single-line file.
///
/// Skipped when the file does not exist, is empty, or contains only
/// whitespace. Returns an I/O error for permission problems or other
/// unexpected read failures.
#[derive(Debug, Clone)]
pub struct FileOverride {
    path: PathBuf,
}

impl FileOverride {
    /// Read from the given file path.
    #[must_use]
    pub fn new(path: impl Into<PathBuf>) -> Self {
        Self { path: path.into() }
    }

    /// The configured path.
    #[must_use]
    pub fn path(&self) -> &Path {
        &self.path
    }
}

impl Source for FileOverride {
    fn kind(&self) -> SourceKind {
        SourceKind::FileOverride
    }

    fn probe(&self) -> Result<Option<Probe>, Error> {
        match read_capped(&self.path) {
            Ok(content) => Ok(normalize(&content).map(|v| Probe::new(SourceKind::FileOverride, v))),
            Err(err) if err.kind() == std::io::ErrorKind::NotFound => Ok(None),
            Err(source) => Err(Error::Io {
                source_kind: SourceKind::FileOverride,
                path: self.path.clone(),
                source,
            }),
        }
    }
}

/// A [`Source`] backed by a user-supplied closure.
///
/// Use to plug in arbitrary identity providers (cloud metadata, Kubernetes
/// downward API, hardware security modules, …) without implementing the
/// trait manually.
pub struct FnSource<F> {
    kind: SourceKind,
    f: F,
}

impl<F> FnSource<F>
where
    F: Fn() -> Result<Option<String>, Error> + Send + Sync,
{
    /// Build a source from a closure that returns an optional raw identifier.
    pub fn new(kind: SourceKind, f: F) -> Self {
        Self { kind, f }
    }
}

impl<F> std::fmt::Debug for FnSource<F> {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.debug_struct("FnSource")
            .field("kind", &self.kind)
            .finish_non_exhaustive()
    }
}

impl<F> Source for FnSource<F>
where
    F: Fn() -> Result<Option<String>, Error> + Send + Sync,
{
    fn kind(&self) -> SourceKind {
        self.kind
    }

    fn probe(&self) -> Result<Option<Probe>, Error> {
        Ok((self.f)()?
            .as_deref()
            .and_then(normalize)
            .map(|v| Probe::new(self.kind, v)))
    }
}