secrets_core/
spec_validate.rs

1use crate::{SecretSpec, SecretsCore, SecretsError};
2
3/// Result produced when validating a set of specs against the runtime core.
4pub struct SecretValidationResult {
5    /// Secret names that were missing or empty.
6    pub missing: Vec<&'static str>,
7    /// Secret names that were present (non-empty).
8    pub present: Vec<&'static str>,
9}
10
11impl SecretsCore {
12    /// Validate that every secret in `specs` exists under the provided prefix.
13    ///
14    /// Example: base prefix `secrets://dev/example/_/` would test URIs such as
15    /// `secrets://dev/example/_/configs/TELEGRAM_TOKEN`.
16    pub async fn validate_specs_at_prefix(
17        &self,
18        base_prefix: &str,
19        specs: &[SecretSpec],
20    ) -> Result<SecretValidationResult, SecretsError> {
21        let mut missing = Vec::new();
22        let mut present = Vec::new();
23        for spec in specs {
24            let uri = format!("{base}configs/{name}", base = base_prefix, name = spec.name);
25            match self.get_bytes(&uri).await {
26                Ok(bytes) if !bytes.is_empty() => present.push(spec.name),
27                _ => missing.push(spec.name),
28            }
29        }
30        Ok(SecretValidationResult { missing, present })
31    }
32}
secrets_core/spec_validate.rs

secrets_core/
spec_validate.rs
