pub enum SecretScope {
Deployment(String),
Service {
deployment: String,
service: String,
},
Environment {
env_id: String,
},
ProjectEnvironment {
project_id: String,
env_id: String,
},
Custom(String),
}Expand description
The scope of a secret — the single owner of the storage-scope grammar.
A secret is stored under the key "{scope}:{name}", where {scope} is the
string produced by SecretScope::to_storage_scope. This enum is the one
place that knows how each logical scope maps to (and parses back from) that
on-disk scope string, so the grammar is not re-implemented per crate.
§Storage-scope strings
Deployment(d)=>dService { deployment, service }=>deployment/serviceEnvironment { env_id }=>env:{env_id}ProjectEnvironment { project_id, env_id }=>project:{project_id}:env:{env_id}Custom(s)=>s(opaque, verbatim)
Variants§
Deployment(String)
Deployment-level secret, accessible by all services in the deployment.
Service
Service-level secret, accessible only by the specified service.
Fields
Environment
Global environment-scoped secret (no project).
Storage scope: env:{env_id}.
ProjectEnvironment
Project-scoped environment secret.
Storage scope: project:{project_id}:env:{env_id}.
Custom(String)
Opaque fallback scope carrying a storage-scope string verbatim.
Produced by SecretScope::from_storage_scope for any scope string
that does not match a recognized environment grammar (e.g. the
"default" scope, or bare//-containing deployment and service forms).
Implementations§
Source§impl SecretScope
impl SecretScope
Sourcepub fn deployment(name: impl Into<String>) -> Self
pub fn deployment(name: impl Into<String>) -> Self
Create a deployment-scoped secret scope.
Sourcepub fn service(
deployment: impl Into<String>,
service: impl Into<String>,
) -> Self
pub fn service( deployment: impl Into<String>, service: impl Into<String>, ) -> Self
Create a service-scoped secret scope.
Sourcepub fn environment(env_id: impl Into<String>) -> Self
pub fn environment(env_id: impl Into<String>) -> Self
Create a global environment-scoped secret scope (no project).
Sourcepub fn project_environment(
project_id: impl Into<String>,
env_id: impl Into<String>,
) -> Self
pub fn project_environment( project_id: impl Into<String>, env_id: impl Into<String>, ) -> Self
Create a project-scoped environment secret scope.
Sourcepub fn for_env(project_id: Option<&str>, env_id: &str) -> Self
pub fn for_env(project_id: Option<&str>, env_id: &str) -> Self
Build an environment scope from an optional project and an env id.
Returns SecretScope::ProjectEnvironment when project_id is Some,
else SecretScope::Environment. Mirrors the env_scope() helper in
zlayer-api exactly.
Sourcepub fn to_storage_scope(&self) -> String
pub fn to_storage_scope(&self) -> String
Render the storage-scope string for this scope.
This is the {scope} half of the "{scope}:{name}" storage key. It is
the inverse of SecretScope::from_storage_scope for the environment
and custom forms.
Sourcepub fn from_storage_scope(scope: &str) -> Self
pub fn from_storage_scope(scope: &str) -> Self
Parse a storage-scope string back into a SecretScope.
Total parser — never fails. The inverse of
SecretScope::to_storage_scope for the environment and custom forms:
env:{id}(non-emptyid) =>SecretScope::Environmentproject:{pid}:env:{id}(both non-empty) =>SecretScope::ProjectEnvironment- anything else =>
SecretScope::Custom
Bare deployment names and deployment/service forms are not
distinguished here; they round-trip as SecretScope::Custom. Only the
environment and custom forms are guaranteed to round-trip by equality.
Sourcepub fn deployment_name(&self) -> &str
pub fn deployment_name(&self) -> &str
Get the deployment name for this scope.
Returns the empty string for environment/project-environment/custom scopes, which have no deployment component.
Sourcepub fn service_name(&self) -> Option<&str>
pub fn service_name(&self) -> Option<&str>
Get the service name if this is a service-scoped secret.
Sourcepub fn environment_id(&self) -> Option<&str>
pub fn environment_id(&self) -> Option<&str>
Get the environment id if this is an environment-shaped scope.
Returns Some for SecretScope::Environment and
SecretScope::ProjectEnvironment, else None.
Sourcepub fn is_environment_shaped(&self) -> bool
pub fn is_environment_shaped(&self) -> bool
Whether this scope is one of the environment-shaped variants.
Trait Implementations§
Source§impl Clone for SecretScope
impl Clone for SecretScope
Source§fn clone(&self) -> SecretScope
fn clone(&self) -> SecretScope
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreSource§impl Debug for SecretScope
impl Debug for SecretScope
Source§impl<'de> Deserialize<'de> for SecretScope
impl<'de> Deserialize<'de> for SecretScope
Source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
impl Eq for SecretScope
Source§impl Hash for SecretScope
impl Hash for SecretScope
Source§impl PartialEq for SecretScope
impl PartialEq for SecretScope
Source§fn eq(&self, other: &SecretScope) -> bool
fn eq(&self, other: &SecretScope) -> bool
self and other values to be equal, and is used by ==.Source§impl Serialize for SecretScope
impl Serialize for SecretScope
impl StructuralPartialEq for SecretScope
Auto Trait Implementations§
impl Freeze for SecretScope
impl RefUnwindSafe for SecretScope
impl Send for SecretScope
impl Sync for SecretScope
impl Unpin for SecretScope
impl UnsafeUnpin for SecretScope
impl UnwindSafe for SecretScope
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> DeserializeOwned for Twhere
T: for<'de> Deserialize<'de>,
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
key and return true if they are equal.