terraphim_settings 1.16.31

Terraphim settings handling library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361

use directories::ProjectDirs;
use serde::de::{self, Deserializer};
use serde::{Deserialize, Serialize};
use std::collections::HashMap;
use std::path::PathBuf;
use twelf::reexports::toml;
use twelf::{Layer, config};

#[cfg(feature = "onepassword")]
use terraphim_onepassword_cli::{OnePasswordLoader, SecretLoader};

#[derive(thiserror::Error, Debug)]
pub enum Error {
    #[error("config error: {0}")]
    ConfigError(#[from] twelf::Error),
    #[error("io error: {0}")]
    IoError(#[from] std::io::Error),
    #[error("env error: {0}")]
    EnvError(#[from] std::env::VarError),
    #[cfg(feature = "onepassword")]
    #[error("1Password error: {0}")]
    OnePasswordError(#[from] terraphim_onepassword_cli::OnePasswordError),
}

// Need to name it explicitly to avoid conflict with std::Result
// which gets used by the `#[config]` macro below.
pub type DeviceSettingsResult<T> = std::result::Result<T, Error>;

/// Default config path
pub const DEFAULT_CONFIG_PATH: &str = ".config";

/// Default settings file
pub const DEFAULT_SETTINGS: &str = include_str!("../default/settings_local_dev.toml");

fn deserialize_bool_from_string<'de, D>(deserializer: D) -> Result<bool, D::Error>
where
    D: Deserializer<'de>,
{
    // This will accept both string and bool values
    #[derive(Deserialize)]
    #[serde(untagged)]
    enum BoolOrString {
        Bool(bool),
        String(String),
    }

    match BoolOrString::deserialize(deserializer)? {
        BoolOrString::Bool(b) => Ok(b),
        BoolOrString::String(s) => match s.to_lowercase().as_str() {
            "true" => Ok(true),
            "false" => Ok(false),
            _ => Err(de::Error::custom(format!("invalid boolean value: {}", s))),
        },
    }
}

/// Configuration settings for the device (i.e. the server or runtime).
///
/// These values are set when the server is initialized, and do not change while
/// running. These are constructed from default or local files and ENV
/// variables.
#[config]
#[derive(Debug, Serialize, Clone)]
pub struct DeviceSettings {
    /// The address to listen on
    pub server_hostname: String,
    /// API endpoint for the server
    pub api_endpoint: String,
    /// init completed
    #[serde(deserialize_with = "deserialize_bool_from_string")]
    pub initialized: bool,
    /// default data path
    pub default_data_path: String,
    /// configured storage backends available on device
    pub profiles: HashMap<String, HashMap<String, String>>,
    /// Path to a JSON role configuration file (supports ~, $HOME, ${VAR:-default})
    /// On first run, roles are loaded from this file and saved to persistence.
    /// Subsequent runs use persistence (so CLI changes stick). Use `config reload` to re-read.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub role_config: Option<String>,
    /// Default role name to select on startup (must exist in the role_config file)
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub default_role: Option<String>,
}

impl Default for DeviceSettings {
    fn default() -> Self {
        Self::new()
    }
}

impl DeviceSettings {
    /// Create a new DeviceSettings
    pub fn new() -> Self {
        Self::load_from_env_and_file(None).unwrap_or_else(|e| {
            log::warn!(
                "Failed to load device settings from file: {:?}, using defaults",
                e
            );
            Self::default_embedded()
        })
    }

    /// Load settings with 1Password secret resolution
    #[cfg(feature = "onepassword")]
    pub async fn load_with_onepassword(config_path: Option<PathBuf>) -> DeviceSettingsResult<Self> {
        log::info!("Loading device settings with 1Password integration...");
        let config_path = config_path.unwrap_or_else(Self::default_config_path);

        log::debug!("Settings path: {:?}", config_path);
        let config_file = init_config_file(&config_path)?;
        log::debug!("Loading config_file: {:?}", config_file);

        // Read the raw configuration file
        let raw_config = std::fs::read_to_string(&config_file)?;

        // Process 1Password references
        let loader = OnePasswordLoader::new();
        let processed_config = if loader.is_available().await {
            log::info!("1Password CLI available, processing secrets...");
            loader.process_config(&raw_config).await?
        } else {
            log::warn!("1Password CLI not available, using raw configuration");
            raw_config
        };

        // Parse the processed configuration
        let settings: DeviceSettings = toml::from_str(&processed_config).map_err(|e| {
            Error::IoError(std::io::Error::other(format!("TOML parsing error: {}", e)))
        })?;

        log::info!("Successfully loaded settings with 1Password integration");
        Ok(settings)
    }

    /// Process a configuration string with 1Password secret resolution
    #[cfg(feature = "onepassword")]
    pub async fn process_config_with_secrets(config: &str) -> DeviceSettingsResult<String> {
        let loader = OnePasswordLoader::new();
        if loader.is_available().await {
            Ok(loader.process_config(config).await?)
        } else {
            log::warn!("1Password CLI not available, returning raw configuration");
            Ok(config.to_string())
        }
    }

    /// Create default embedded DeviceSettings without filesystem operations
    /// Used for embedded/offline mode where config files are not needed
    pub fn default_embedded() -> Self {
        use std::collections::HashMap;

        let mut profiles = HashMap::new();

        // Get user data directory for persistent storage
        // Use ProjectDirs for cross-platform paths, fallback to ~/.terraphim
        let data_dir = if let Some(proj_dirs) = ProjectDirs::from("com", "aks", "terraphim") {
            proj_dirs.data_dir().to_string_lossy().to_string()
        } else if let Ok(home) = std::env::var("HOME") {
            format!("{}/.terraphim", home)
        } else {
            // Fallback to /tmp only if we can't get a better path
            "/tmp/terraphim_embedded".to_string()
        };

        // Use only SQLite for persistent storage
        // DashMap disabled - causes role selections to be lost between CLI invocations
        let mut sqlite_profile = HashMap::new();
        sqlite_profile.insert("type".to_string(), "sqlite".to_string());
        sqlite_profile.insert("datadir".to_string(), format!("{}/sqlite", data_dir));
        sqlite_profile.insert(
            "connection_string".to_string(),
            format!("{}/sqlite/terraphim.db", data_dir),
        );
        sqlite_profile.insert("table".to_string(), "terraphim_kv".to_string());
        profiles.insert("sqlite".to_string(), sqlite_profile);

        Self {
            server_hostname: "127.0.0.1:8000".to_string(),
            api_endpoint: "http://localhost:8000/api".to_string(),
            initialized: true,
            default_data_path: data_dir,
            profiles,
            role_config: None,
            default_role: None,
        }
    }
    /// Get the default path for the config file
    ///
    /// This is the default path where the config file is stored.
    pub fn default_config_path() -> PathBuf {
        if let Some(proj_dirs) = ProjectDirs::from("com", "aks", "terraphim") {
            let config_dir = proj_dirs.config_dir();
            config_dir.to_path_buf()
        } else {
            PathBuf::from(DEFAULT_CONFIG_PATH)
        }
    }

    /// Load settings from environment and file
    /// config path shall be a folder and not file
    pub fn load_from_env_and_file(config_path: Option<PathBuf>) -> DeviceSettingsResult<Self> {
        log::info!("Loading device settings...");
        let config_path = match config_path {
            Some(path) => path,
            None => DeviceSettings::default_config_path(),
        };

        log::debug!("Settings path: {:?}", config_path);
        let config_file = init_config_file(&config_path)?;
        log::debug!("Loading config_file: {:?}", config_file);

        Ok(DeviceSettings::with_layers(&[
            Layer::Toml(config_file),
            Layer::Env(Some(String::from("TERRAPHIM_"))),
        ])?)
    }
    pub fn update_initialized_flag(
        &mut self,
        settings_path: Option<PathBuf>,
        initialized: bool,
    ) -> Result<(), Error> {
        let settings_path = settings_path.unwrap_or_else(Self::default_config_path);
        let settings_path = settings_path.join("settings.toml");
        self.initialized = initialized;
        self.save(&settings_path)?;
        Ok(())
    }

    /// Save the current settings to a file
    pub fn save(&self, path: &PathBuf) -> Result<(), Error> {
        log::info!("Saving device settings to: {:?}", path);
        self.save_to_file(path)?;
        Ok(())
    }

    /// Save settings to a specified file
    fn save_to_file(&self, path: &PathBuf) -> Result<(), Error> {
        let serialized_settings =
            toml::to_string_pretty(self).map_err(|e| Error::IoError(std::io::Error::other(e)))?;

        std::fs::write(path, serialized_settings).map_err(Error::IoError)?;

        Ok(())
    }
}

/// Initialize the config file if it doesn't exist
fn init_config_file(path: &PathBuf) -> Result<PathBuf, std::io::Error> {
    if !path.exists() {
        std::fs::create_dir_all(path)?;
    }
    let config_file = path.join("settings.toml");
    if !config_file.exists() {
        log::info!("Initializing default config file at: {:?}", path);
        std::fs::write(&config_file, DEFAULT_SETTINGS)?;
    } else {
        log::debug!("Config file exists at: {:?}", config_file);
    }
    Ok(config_file)
}

/// To run test with logs and variables use:
/// RUST_LOG="info,warn" TERRAPHIM_API_ENDPOINT="test_endpoint" TERRAPHIM_PROFILE_S3_REGION="us-west-1" cargo test -- --nocapture
#[cfg(test)]
mod tests {
    use super::*;
    use test_log::test;

    use envtestkit::lock::lock_test;
    use tempfile::TempDir;

    #[test]
    fn test_env_variable() {
        let _lock = lock_test();
        let temp_dir = TempDir::new().unwrap();
        let config = DeviceSettings::load_from_env_and_file(Some(temp_dir.path().to_path_buf()));

        log::debug!("Config: {:?}", config);

        // Verify config loads successfully and has expected structure
        let config = config.unwrap();
        assert!(config.profiles.contains_key("dashmap"));
        assert!(config.profiles.contains_key("sqlite"));

        // Verify dashmap profile has required fields
        let dashmap_profile = config.profiles.get("dashmap").unwrap();
        assert!(dashmap_profile.contains_key("root"));
        assert!(dashmap_profile.contains_key("type"));
        assert_eq!(dashmap_profile.get("type").unwrap(), "dashmap");
    }

    #[test]
    fn test_update_initialized_flag() {
        let temp_dir = TempDir::new().unwrap();
        let test_config_path = temp_dir.path().to_path_buf();

        // Check if initialized is false
        let mut config =
            DeviceSettings::load_from_env_and_file(Some(test_config_path.clone())).unwrap();
        config.initialized = false;
        assert!(!config.initialized);

        // Update to true
        config
            .update_initialized_flag(Some(test_config_path.clone()), true)
            .unwrap();

        // Check if initialized is now true
        let config_copy =
            DeviceSettings::load_from_env_and_file(Some(test_config_path.clone())).unwrap();
        assert!(config_copy.initialized);
    }

    #[test]
    fn test_missing_role_config_defaults_to_none() {
        let temp_dir = TempDir::new().unwrap();
        let config =
            DeviceSettings::load_from_env_and_file(Some(temp_dir.path().to_path_buf())).unwrap();
        assert!(
            config.role_config.is_none(),
            "role_config should default to None when absent from TOML"
        );
        assert!(
            config.default_role.is_none(),
            "default_role should default to None when absent from TOML"
        );
    }

    #[test]
    fn test_role_config_loaded_from_toml() {
        let temp_dir = TempDir::new().unwrap();
        let settings_dir = temp_dir.path();
        std::fs::create_dir_all(settings_dir).unwrap();
        let settings_file = settings_dir.join("settings.toml");
        std::fs::write(
            &settings_file,
            r#"
server_hostname = "127.0.0.1:8000"
api_endpoint = "http://localhost:8000/api"
initialized = "false"
default_data_path = "/tmp/test"
role_config = "~/.config/terraphim/my_roles.json"
default_role = "MyRole"

[profiles.dashmap]
type = "dashmap"
root = "/tmp/test_dashmap"
"#,
        )
        .unwrap();

        let config =
            DeviceSettings::load_from_env_and_file(Some(settings_dir.to_path_buf())).unwrap();
        assert_eq!(
            config.role_config.as_deref(),
            Some("~/.config/terraphim/my_roles.json")
        );
        assert_eq!(config.default_role.as_deref(), Some("MyRole"));
    }
}