Skip to main content

zvault_server/
state.rs

1//! Shared application state for `ZVault` server.
2//!
3//! A single [`AppState`] is constructed at startup and shared across all
4//! Axum handlers via `Arc`. It holds references to the barrier, seal manager,
5//! token store, policy store, mount manager, audit manager, and lease manager.
6
7use std::collections::HashMap;
8use std::sync::Arc;
9
10use tokio::sync::RwLock;
11
12use zvault_core::approle::AppRoleStore;
13use zvault_core::audit::AuditManager;
14use zvault_core::barrier::Barrier;
15use zvault_core::database::DatabaseEngine;
16use zvault_core::engine::KvEngine;
17use zvault_core::lease::LeaseManager;
18use zvault_core::mount::MountManager;
19use zvault_core::pki::PkiEngine;
20use zvault_core::policy::PolicyStore;
21use zvault_core::seal::SealManager;
22use zvault_core::token::TokenStore;
23use zvault_core::transit::TransitEngine;
24
25use crate::config::SpringOAuthConfig;
26
27/// Shared application state passed to all HTTP handlers.
28pub struct AppState {
29    /// The encryption barrier.
30    pub barrier: Arc<Barrier>,
31    /// Seal/unseal lifecycle manager.
32    pub seal_manager: Arc<SealManager>,
33    /// Token creation, lookup, and revocation.
34    pub token_store: Arc<TokenStore>,
35    /// Policy CRUD and evaluation.
36    pub policy_store: Arc<PolicyStore>,
37    /// Engine mount table.
38    pub mount_manager: Arc<MountManager>,
39    /// Audit log manager.
40    pub audit_manager: Arc<AuditManager>,
41    /// Lease lifecycle manager.
42    pub lease_manager: Arc<LeaseManager>,
43    /// Registered KV engines keyed by mount path.
44    pub kv_engines: RwLock<HashMap<String, Arc<KvEngine>>>,
45    /// Registered transit engines keyed by mount path.
46    pub transit_engines: RwLock<HashMap<String, Arc<TransitEngine>>>,
47    /// Registered database engines keyed by mount path.
48    pub database_engines: RwLock<HashMap<String, Arc<DatabaseEngine>>>,
49    /// Registered PKI engines keyed by mount path.
50    pub pki_engines: RwLock<HashMap<String, Arc<PkiEngine>>>,
51    /// AppRole auth store (None if not enabled).
52    pub approle_store: Option<Arc<AppRoleStore>>,
53    /// Spring OAuth configuration (None if not configured).
54    pub spring_oauth: Option<SpringOAuthConfig>,
55    /// Path to the audit log file (for reading audit entries via API).
56    pub audit_file_path: Option<String>,
57}
58
59impl std::fmt::Debug for AppState {
60    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
61        f.debug_struct("AppState").finish_non_exhaustive()
62    }
63}