t_rust_less_lib/secrets_store/
mod.rs1use crate::api::{EventHub, Identity, Secret, SecretList, SecretListFilter, SecretVersion, Status};
2use crate::block_store::sync::SyncBlockStore;
3use std::sync::Arc;
4use std::time::Duration;
5
6pub mod cipher;
7mod error;
8pub mod estimate;
9mod index;
10mod multi_lane;
11mod padding;
12
13#[cfg(test)]
14mod index_tests;
15#[cfg(test)]
16mod tests;
17
18pub use self::error::{SecretStoreError, SecretStoreResult};
19use crate::block_store::open_block_store;
20use crate::memguard::SecretBytes;
21
22pub trait SecretsStore: std::fmt::Debug + Send + Sync {
23 fn status(&self) -> SecretStoreResult<Status>;
24
25 fn lock(&self) -> SecretStoreResult<()>;
26 fn unlock(&self, identity_id: &str, passphrase: SecretBytes) -> SecretStoreResult<()>;
27
28 fn identities(&self) -> SecretStoreResult<Vec<Identity>>;
29 fn add_identity(&self, identity: Identity, passphrase: SecretBytes) -> SecretStoreResult<()>;
30 fn change_passphrase(&self, passphrase: SecretBytes) -> SecretStoreResult<()>;
31
32 fn list(&self, filter: &SecretListFilter) -> SecretStoreResult<SecretList>;
33 fn update_index(&self) -> SecretStoreResult<()>;
34
35 fn add(&self, secret_version: SecretVersion) -> SecretStoreResult<String>;
36 fn get(&self, secret_id: &str) -> SecretStoreResult<Secret>;
37 fn get_version(&self, block_id: &str) -> SecretStoreResult<SecretVersion>;
38}
39
40#[allow(clippy::type_complexity)]
41pub fn open_secrets_store(
42 name: &str,
43 url: &str,
44 maybe_remote_url: Option<&str>,
45 node_id: &str,
46 autolock_timeout: Duration,
47 event_hub: Arc<dyn EventHub>,
48) -> SecretStoreResult<(Arc<dyn SecretsStore>, Option<Arc<SyncBlockStore>>)> {
49 let (scheme, block_store_url) = match url.find('+') {
50 Some(idx) => (&url[..idx], &url[idx + 1..]),
51 _ => return Err(SecretStoreError::InvalidStoreUrl(url.to_string())),
52 };
53
54 let mut block_store = open_block_store(block_store_url, node_id)?;
55
56 let sync_block_store = match maybe_remote_url {
57 Some(remote_url) => {
58 let remote = open_block_store(remote_url, node_id)?;
59
60 let sync_block_store = Arc::new(SyncBlockStore::new(block_store, remote));
61
62 block_store = sync_block_store.clone();
63
64 Some(sync_block_store)
65 }
66 _ => None,
67 };
68
69 let secrets_store = match scheme {
70 "multilane" => Arc::new(multi_lane::MultiLaneSecretsStore::new(
71 name,
72 block_store,
73 autolock_timeout,
74 event_hub,
75 )),
76 _ => return Err(SecretStoreError::InvalidStoreUrl(url.to_string())),
77 };
78
79 Ok((secrets_store, sync_block_store))
80}