1use async_trait::async_trait;
2pub use greentic_types::{
3 EnvId, InvocationEnvelope, NodeError, NodeResult, TeamId, TenantCtx, TenantId, UserId,
4};
5pub use secrets_core::DefaultResolver;
6pub use secrets_core::{Scope as SecretScope, SecretUri};
7use secrets_core::{embedded::SecretsError, errors::Error as CoreError};
8
9#[derive(Clone, Debug)]
10pub struct SecretPath {
11 uri: SecretUri,
12 repr: String,
13}
14
15impl SecretPath {
16 pub fn new(uri: SecretUri) -> Self {
17 let repr = uri.to_string();
18 Self { uri, repr }
19 }
20
21 pub fn as_str(&self) -> &str {
22 &self.repr
23 }
24
25 pub fn to_uri(&self) -> String {
26 self.repr.clone()
27 }
28
29 pub fn uri(&self) -> &SecretUri {
30 &self.uri
31 }
32}
33
34#[async_trait]
35pub trait SecretsResolver: Send + Sync {
36 async fn get_json<T>(&self, path: &SecretPath, ctx: &TenantCtx) -> NodeResult<Option<T>>
37 where
38 T: serde::de::DeserializeOwned + Send;
39
40 async fn put_json<T>(&self, path: &SecretPath, ctx: &TenantCtx, value: &T) -> NodeResult<()>
41 where
42 T: serde::Serialize + Sync + Send;
43}
44
45#[async_trait]
46impl SecretsResolver for DefaultResolver {
47 async fn get_json<T>(&self, path: &SecretPath, _ctx: &TenantCtx) -> NodeResult<Option<T>>
48 where
49 T: serde::de::DeserializeOwned + Send,
50 {
51 let uri = path.to_uri();
52 match self.core().get_json::<T>(&uri).await {
53 Ok(value) => Ok(Some(value)),
54 Err(SecretsError::Core(CoreError::NotFound { .. })) => Ok(None),
55 Err(err) => Err(NodeError::new(
56 "secrets_read",
57 format!("failed to fetch secret {}", uri),
58 )
59 .with_source(err)),
60 }
61 }
62
63 async fn put_json<T>(&self, path: &SecretPath, _ctx: &TenantCtx, value: &T) -> NodeResult<()>
64 where
65 T: serde::Serialize + Sync + Send,
66 {
67 let uri = path.to_uri();
68 self.core()
69 .put_json(&uri, value)
70 .await
71 .map(|_| ())
72 .map_err(|err| {
73 NodeError::new("secrets_write", format!("failed to store secret {}", uri))
74 .with_source(err)
75 })
76 }
77}