Dark-Alex-17/gman
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Environment variable interpolation in the Gman configuration file

Browse Source
This commit is contained in:
Alex Clarke
2025-09-30 11:10:20 -06:00
parent 01d4819160
commit 78d7e90e68
10 changed files with 615 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Cargo.lock
Generated
+41
View File
@@ -1672,6 +1672,7 @@ dependencies = [
"serde_json", "serde_json",
"serde_with", "serde_with",
"serde_yaml", "serde_yaml",
"serial_test",
"tempfile", "tempfile",
"tokio", "tokio",
"validator", "validator",
@@ -3251,6 +3252,15 @@ version = "1.0.20"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f" checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f"
[[package]]
name = "scc"
version = "2.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "46e6f046b7fef48e2660c57ed794263155d713de679057f2d0c169bfc6e756cc"
dependencies = [
"sdd",
]
[[package]] [[package]]
name = "schannel" name = "schannel"
version = "0.1.28" version = "0.1.28"
@@ -3300,6 +3310,12 @@ dependencies = [
"untrusted", "untrusted",
] ]
[[package]]
name = "sdd"
version = "3.0.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "490dcfcbfef26be6800d11870ff2df8774fa6e86d047e3e8c8a76b25655e41ca"
[[package]] [[package]]
name = "secrecy" name = "secrecy"
version = "0.10.3" version = "0.10.3"
@@ -3481,6 +3497,31 @@ dependencies = [
"unsafe-libyaml", "unsafe-libyaml",
] ]
[[package]]
name = "serial_test"
version = "3.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1b258109f244e1d6891bf1053a55d63a5cd4f8f4c30cf9a1280989f80e7a1fa9"
dependencies = [
"futures",
"log",
"once_cell",
"parking_lot",
"scc",
"serial_test_derive",
]
[[package]]
name = "serial_test_derive"
version = "3.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5d69265a08751de7844521fd15003ae0a888e035773ba05695c5c759a6f89eef"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]] [[package]]
name = "sha2" name = "sha2"
version = "0.10.9" version = "0.10.9"
Cargo.toml
+1 -1
View File
@@ -79,7 +79,7 @@ pretty_assertions = "1.4.1"
proptest = "1.5.0" proptest = "1.5.0"
assert_cmd = "2.0.16" assert_cmd = "2.0.16"
predicates = "3.1.2" predicates = "3.1.2"
serial_test = "3.2.0"
[[bin]] [[bin]]
bench = false bench = false
README.md
+25
View File
@@ -242,6 +242,31 @@ providers:
run_configs: [] run_configs: []
``` ```
### Environment Variable Interpolation
The config file supports environment variable interpolation using `${VAR_NAME}` syntax. For example, to use an
AWS profile from your environment:
```yaml
providers:
- name: aws
type: aws_secrets_manager
aws_profile: ${AWS_PROFILE} # Uses the AWS_PROFILE env var
aws_region: us-east-1
```
Or to set a default profile to use when `AWS_PROFILE` is unset:
```yaml
providers:
- name: aws
type: aws_secrets_manager
aws_profile: ${AWS_PROFILE:-default} # Uses 'default' if AWS_PROFILE is unset
aws_region: us-east-1
```
**Important Note:** Environment variable interpolation is only supported in string or numeric fields. It is not
supported in lists or maps.
## Providers ## Providers
`gman` supports multiple providers for secret storage. The default provider is `local`, which stores secrets in an `gman` supports multiple providers for secret storage. The default provider is `local`, which stores secrets in an
encrypted file on your filesystem. The CLI and config format are designed to be extensible so new providers can be encrypted file on your filesystem. The CLI and config format are designed to be extensible so new providers can be
src/bin/gman/cli.rs
+124 -7
View File
@@ -283,8 +283,8 @@ pub fn run_config_completer(current: &OsStr) -> Vec<CompletionCandidate> {
pub fn provider_completer(current: &OsStr) -> Vec<CompletionCandidate> { pub fn provider_completer(current: &OsStr) -> Vec<CompletionCandidate> {
let cur = current.to_string_lossy(); let cur = current.to_string_lossy();
match load_config() { match load_config() {
Ok(config) => { Ok(config) => config
config.providers .providers
.iter() .iter()
.filter(|pc| { .filter(|pc| {
pc.name pc.name
@@ -292,11 +292,8 @@ pub fn provider_completer(current: &OsStr) -> Vec<CompletionCandidate> {
.expect("run config has no name") .expect("run config has no name")
.starts_with(&*cur) .starts_with(&*cur)
}) })
.map(|pc| { .map(|pc| CompletionCandidate::new(pc.name.as_ref().expect("provider has no name")))
CompletionCandidate::new(pc.name.as_ref().expect("provider has no name")) .collect(),
})
.collect()
}
Err(_) => vec![], Err(_) => vec![],
} }
} }
@@ -328,8 +325,11 @@ mod tests {
use crate::cli::generate_files_secret_injections; use crate::cli::generate_files_secret_injections;
use gman::config::{Config, RunConfig}; use gman::config::{Config, RunConfig};
use pretty_assertions::{assert_eq, assert_str_eq}; use pretty_assertions::{assert_eq, assert_str_eq};
use serial_test::serial;
use std::collections::HashMap; use std::collections::HashMap;
use std::env as std_env;
use std::ffi::OsString; use std::ffi::OsString;
use tempfile::tempdir;
#[test] #[test]
fn test_generate_files_secret_injections() { fn test_generate_files_secret_injections() {
@@ -430,4 +430,121 @@ mod tests {
.expect_err("expected failed secret resolution in dry_run"); .expect_err("expected failed secret resolution in dry_run");
assert!(err.to_string().contains("Failed to fetch")); assert!(err.to_string().contains("Failed to fetch"));
} }
#[test]
#[serial]
fn test_run_config_completer_filters_by_prefix() {
let td = tempdir().unwrap();
let xdg = td.path().join("xdg");
let app_dir = xdg.join("gman");
fs::create_dir_all(&app_dir).unwrap();
unsafe { std_env::set_var("XDG_CONFIG_HOME", &xdg) };
let yaml = indoc::indoc! {
"---
default_provider: local
providers:
- name: local
type: local
run_configs:
- name: echo
secrets: [API_KEY]
- name: docker
secrets: [DB_PASSWORD]
- name: aws
secrets: [AWS_ACCESS_KEY_ID]
"
};
fs::write(app_dir.join("config.yml"), yaml).unwrap();
let out = run_config_completer(OsStr::new("do"));
assert_eq!(out.len(), 1);
// Compare via debug string to avoid depending on crate internals
let rendered = format!("{:?}", &out[0]);
assert!(rendered.contains("docker"), "got: {}", rendered);
unsafe { std_env::remove_var("XDG_CONFIG_HOME") };
}
#[test]
#[serial]
fn test_provider_completer_lists_matching_providers() {
let td = tempdir().unwrap();
let xdg = td.path().join("xdg");
let app_dir = xdg.join("gman");
fs::create_dir_all(&app_dir).unwrap();
unsafe { std_env::set_var("XDG_CONFIG_HOME", &xdg) };
let yaml = indoc::indoc! {
"---
default_provider: local
providers:
- name: local
type: local
- name: prod
type: local
run_configs:
- name: echo
secrets: [API_KEY]
"
};
fs::write(app_dir.join("config.yml"), yaml).unwrap();
// Prefix 'p' should match only 'prod'
let out = provider_completer(OsStr::new("p"));
assert_eq!(out.len(), 1);
let rendered = format!("{:?}", &out[0]);
assert!(rendered.contains("prod"), "got: {}", rendered);
// Empty prefix returns at least both providers
let out_all = provider_completer(OsStr::new(""));
assert!(out_all.len() >= 2);
unsafe { std_env::remove_var("XDG_CONFIG_HOME") };
}
#[tokio::test(flavor = "multi_thread")]
#[serial]
async fn test_secrets_completer_filters_keys_by_prefix() {
let td = tempdir().unwrap();
let xdg = td.path().join("xdg");
let app_dir = xdg.join("gman");
fs::create_dir_all(&app_dir).unwrap();
unsafe { std_env::set_var("XDG_CONFIG_HOME", &xdg) };
let yaml = indoc::indoc! {
"---
default_provider: local
providers:
- name: local
type: local
run_configs:
- name: echo
secrets: [API_KEY]
"
};
fs::write(app_dir.join("config.yml"), yaml).unwrap();
// Seed a minimal vault with keys (values are irrelevant for listing)
let vault_yaml = indoc::indoc! {
"---
API_KEY: dummy
DB_PASSWORD: dummy
AWS_ACCESS_KEY_ID: dummy
"
};
fs::write(app_dir.join("vault.yml"), vault_yaml).unwrap();
let out = secrets_completer(OsStr::new("AWS"));
assert_eq!(out.len(), 1);
let rendered = format!("{:?}", &out[0]);
assert!(rendered.contains("AWS_ACCESS_KEY_ID"), "got: {}", rendered);
let out2 = secrets_completer(OsStr::new("DB_"));
assert_eq!(out2.len(), 1);
let rendered2 = format!("{:?}", &out2[0]);
assert!(rendered2.contains("DB_PASSWORD"), "got: {}", rendered2);
unsafe { std_env::remove_var("XDG_CONFIG_HOME") };
}
} }
src/config.rs
+395 -2
View File
@@ -26,6 +26,7 @@ use crate::providers::{SecretProvider, SupportedProvider};
use anyhow::{Context, Result}; use anyhow::{Context, Result};
use collections::HashSet; use collections::HashSet;
use log::debug; use log::debug;
use regex::Regex;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use serde_with::serde_as; use serde_with::serde_as;
use serde_with::skip_serializing_none; use serde_with::skip_serializing_none;
@@ -45,14 +46,19 @@ use validator::{Validate, ValidationError};
#[validate(schema(function = "flags_or_files"))] #[validate(schema(function = "flags_or_files"))]
pub struct RunConfig { pub struct RunConfig {
#[validate(required)] #[validate(required)]
#[serde(default, deserialize_with = "deserialize_optional_env_var")]
pub name: Option<String>, pub name: Option<String>,
#[serde(default, deserialize_with = "deserialize_optional_env_var")]
pub provider: Option<String>, pub provider: Option<String>,
#[validate(required)] #[validate(required)]
pub secrets: Option<Vec<String>>, pub secrets: Option<Vec<String>>,
pub files: Option<Vec<PathBuf>>, pub files: Option<Vec<PathBuf>>,
#[serde(default, deserialize_with = "deserialize_optional_env_var")]
pub flag: Option<String>, pub flag: Option<String>,
#[validate(range(min = 1))] #[validate(range(min = 1))]
#[serde(default, deserialize_with = "deserialize_optional_usize_env_var")]
pub flag_position: Option<usize>, pub flag_position: Option<usize>,
#[serde(default, deserialize_with = "deserialize_optional_env_var")]
pub arg_format: Option<String>, pub arg_format: Option<String>,
} }
@@ -192,6 +198,7 @@ impl ProviderConfig {
#[validate(schema(function = "default_provider_exists"))] #[validate(schema(function = "default_provider_exists"))]
#[validate(schema(function = "providers_names_are_unique"))] #[validate(schema(function = "providers_names_are_unique"))]
pub struct Config { pub struct Config {
#[serde(deserialize_with = "deserialize_optional_env_var")]
pub default_provider: Option<String>, pub default_provider: Option<String>,
#[validate(length(min = 1))] #[validate(length(min = 1))]
#[validate(nested)] #[validate(nested)]
@@ -331,7 +338,7 @@ pub fn load_config() -> Result<Config> {
Ok(config) Ok(config)
} }
/// Returns the configuration file path that `confy` will use for this app. /// Returns the configuration file path that `confy` will use
pub fn get_config_file_path() -> Result<PathBuf> { pub fn get_config_file_path() -> Result<PathBuf> {
if let Some(base) = env::var_os("XDG_CONFIG_HOME").map(PathBuf::from) { if let Some(base) = env::var_os("XDG_CONFIG_HOME").map(PathBuf::from) {
let dir = base.join("gman"); let dir = base.join("gman");
@@ -340,8 +347,394 @@ pub fn get_config_file_path() -> Result<PathBuf> {
if yml.exists() || yaml.exists() { if yml.exists() || yaml.exists() {
return Ok(if yml.exists() { yml } else { yaml }); return Ok(if yml.exists() { yml } else { yaml });
} }
// Prefer .yml if creating anew
return Ok(dir.join("config.yml")); return Ok(dir.join("config.yml"));
} }
Ok(confy::get_configuration_file_path("gman", "config")?) Ok(confy::get_configuration_file_path("gman", "config")?)
} }
pub fn deserialize_optional_env_var<'de, D>(deserializer: D) -> Result<Option<String>, D::Error>
where
D: serde::Deserializer<'de>,
{
let s: Option<String> = Option::deserialize(deserializer)?;
match s {
Some(value) => {
let interpolated = interpolate_env_vars(&value);
Ok(Some(interpolated))
}
None => Ok(None),
}
}
pub fn deserialize_optional_pathbuf_env_var<'de, D>(
deserializer: D,
) -> Result<Option<PathBuf>, D::Error>
where
D: serde::Deserializer<'de>,
{
let s: Option<String> = Option::deserialize(deserializer)?;
match s {
Some(value) => {
let interpolated = interpolate_env_vars(&value);
Ok(Some(interpolated.parse().unwrap()))
}
None => Ok(None),
}
}
fn deserialize_optional_usize_env_var<'de, D>(deserializer: D) -> Result<Option<usize>, D::Error>
where
D: serde::Deserializer<'de>,
{
let s: Option<String> = Option::deserialize(deserializer)?;
match s {
Some(value) => {
let interpolated = interpolate_env_vars(&value);
interpolated
.parse::<usize>()
.map(Some)
.map_err(serde::de::Error::custom)
}
None => Ok(None),
}
}
pub fn interpolate_env_vars(s: &str) -> String {
let result = s.to_string();
let scrubbing_regex = Regex::new(r#"[\s{}^()\[\]\\|`'"]+"#).unwrap();
let var_regex = Regex::new(r"\$\{(.*?)(:-.+)?}").unwrap();
var_regex
.replace_all(s, |caps: &regex::Captures<'_>| {
if let Some(mat) = caps.get(1) {
if let Ok(value) = env::var(mat.as_str()) {
return scrubbing_regex.replace_all(&value, "").to_string();
} else if let Some(default_value) = caps.get(2) {
return scrubbing_regex
.replace_all(
default_value
.as_str()
.strip_prefix(":-")
.expect("unable to strip ':-' prefix from default value"),
"",
)
.to_string();
}
}
scrubbing_regex.replace_all(&result, "").to_string()
})
.to_string()
}
#[cfg(test)]
mod tests {
use super::*;
use indoc::indoc;
use pretty_assertions::{assert_eq, assert_str_eq};
use serde::Deserialize;
use serial_test::serial;
use std::path::PathBuf;
#[derive(Default, Deserialize, PartialEq, Eq, Debug)]
struct TestConfig {
#[serde(default, deserialize_with = "deserialize_optional_env_var")]
string_var: Option<String>,
#[serde(default, deserialize_with = "deserialize_optional_pathbuf_env_var")]
path_var: Option<PathBuf>,
#[serde(default, deserialize_with = "deserialize_optional_usize_env_var")]
usize_var: Option<usize>,
}
#[test]
#[serial]
fn test_deserialize_optional_env_var_is_present() {
unsafe { env::set_var("TEST_VAR_DESERIALIZE_OPTION", "localhost") };
let yaml_data = indoc!(
r#"
string_var: ${TEST_VAR_DESERIALIZE_OPTION}
path_var: /some/path
usize_var: 123
"#
);
let config: TestConfig = serde_yaml::from_str(yaml_data).unwrap();
assert_eq!(config.string_var, Some("localhost".to_string()));
assert_eq!(config.path_var, Some(PathBuf::from("/some/path")));
assert_eq!(config.usize_var, Some(123));
unsafe { env::remove_var("TEST_VAR_DESERIALIZE_OPTION") };
}
#[test]
fn test_deserialize_optional_env_var_empty_env_var_uses_default_value_if_provided() {
let yaml_data = indoc!(
r#"
string_var: ${TEST_VAR_DESERIALIZE_OPTION_UNDEFINED:-localhost}
path_var: /some/path
usize_var: 123
"#
);
let config: TestConfig = serde_yaml::from_str(yaml_data).unwrap();
assert_eq!(config.string_var, Some("localhost".to_string()));
assert_eq!(config.path_var, Some(PathBuf::from("/some/path")));
assert_eq!(config.usize_var, Some(123));
}
#[test]
#[serial]
fn test_deserialize_optional_env_var_does_not_overwrite_non_env_value() {
unsafe { env::set_var("TEST_VAR_DESERIALIZE_OPTION_NO_OVERWRITE", "localhost") };
let yaml_data = indoc!(
r#"
string_var: www.example.com
path_var: /some/path
usize_var: 123
"#
);
let config: TestConfig = serde_yaml::from_str(yaml_data).unwrap();
assert_eq!(config.string_var, Some("www.example.com".to_string()));
assert_eq!(config.path_var, Some(PathBuf::from("/some/path")));
assert_eq!(config.usize_var, Some(123));
unsafe { env::remove_var("TEST_VAR_DESERIALIZE_OPTION_NO_OVERWRITE") };
}
#[test]
fn test_deserialize_optional_env_var_empty() {
let yaml_data = indoc!(
r#"
path_var: /some/path
usize_var: 123
"#
);
let config: TestConfig = serde_yaml::from_str(yaml_data).unwrap();
assert_eq!(config.string_var, None);
assert_eq!(config.path_var, Some(PathBuf::from("/some/path")));
assert_eq!(config.usize_var, Some(123));
}
#[test]
#[serial]
fn test_deserialize_optional_pathbuf_env_var_is_present() {
unsafe { env::set_var("TEST_VAR_DESERIALIZE_OPTION_PATHBUF", "/some/path") };
let yaml_data = indoc!(
r#"
string_var: hithere
path_var: ${TEST_VAR_DESERIALIZE_OPTION_PATHBUF}
usize_var: 123
"#
);
let config: TestConfig = serde_yaml::from_str(yaml_data).unwrap();
assert_eq!(config.path_var, Some(PathBuf::from("/some/path")));
assert_eq!(config.string_var, Some("hithere".to_string()));
assert_eq!(config.usize_var, Some(123));
unsafe { env::remove_var("TEST_VAR_DESERIALIZE_OPTION_PATHBUF") };
}
#[test]
fn test_deserialize_optional_pathbuf_env_var_empty_env_var_uses_default_value_if_provided() {
let yaml_data = indoc!(
r#"
string_var: hithere
path_var: ${TEST_VAR_DESERIALIZE_OPTION_PATHBUF_UNDEFINED:-/some/path}
usize_var: 123
"#
);
let config: TestConfig = serde_yaml::from_str(yaml_data).unwrap();
assert_eq!(config.path_var, Some(PathBuf::from("/some/path")));
assert_eq!(config.string_var, Some("hithere".to_string()));
assert_eq!(config.usize_var, Some(123));
}
#[test]
#[serial]
fn test_deserialize_optional_pathbuf_env_var_does_not_overwrite_non_env_value() {
unsafe {
env::set_var(
"TEST_VAR_DESERIALIZE_OPTION_PATHBUF_NO_OVERWRITE",
"/something/else",
)
};
let yaml_data = indoc!(
r#"
string_var: hithere
path_var: /some/path
usize_var: 123
"#
);
let config: TestConfig = serde_yaml::from_str(yaml_data).unwrap();
assert_eq!(config.path_var, Some(PathBuf::from("/some/path")));
assert_eq!(config.string_var, Some("hithere".to_string()));
assert_eq!(config.usize_var, Some(123));
unsafe { env::remove_var("TEST_VAR_DESERIALIZE_OPTION_PATHBUF_NO_OVERWRITE") };
}
#[test]
fn test_deserialize_optional_pathbuf_env_var_empty() {
let yaml_data = indoc!(
r#"
string_var: hithere
usize_var: 123
"#
);
let config: TestConfig = serde_yaml::from_str(yaml_data).unwrap();
assert_eq!(config.string_var, Some("hithere".to_string()));
assert_eq!(config.path_var, None);
assert_eq!(config.usize_var, Some(123));
}
#[test]
#[serial]
fn test_deserialize_optional_usize_env_var_is_present() {
unsafe { env::set_var("TEST_VAR_DESERIALIZE_OPTION_USIZE", "123") };
let yaml_data = indoc!(
r#"
string_var: hithere
path_var: /some/path
usize_var: ${TEST_VAR_DESERIALIZE_OPTION_USIZE}
"#
);
let config: TestConfig = serde_yaml::from_str(yaml_data).unwrap();
assert_eq!(config.usize_var, Some(123));
assert_eq!(config.string_var, Some("hithere".to_string()));
assert_eq!(config.path_var, Some(PathBuf::from("/some/path")));
unsafe { env::remove_var("TEST_VAR_DESERIALIZE_OPTION_USIZE") };
}
#[test]
fn test_deserialize_optional_usize_env_var_uses_default_value_if_provided() {
let yaml_data = indoc!(
r#"
string_var: hithere
path_var: /some/path
usize_var: ${TEST_VAR_DESERIALIZE_OPTION_USIZE_UNDEFINED:-123}
"#
);
let config: TestConfig = serde_yaml::from_str(yaml_data).unwrap();
assert_eq!(config.usize_var, Some(123));
assert_eq!(config.string_var, Some("hithere".to_string()));
assert_eq!(config.path_var, Some(PathBuf::from("/some/path")));
}
#[test]
#[serial]
fn test_deserialize_optional_usize_env_var_does_not_overwrite_non_env_value() {
unsafe { env::set_var("TEST_VAR_DESERIALIZE_OPTION_NO_OVERWRITE_USIZE", "456") };
let yaml_data = indoc!(
r#"
string_var: hithere
path_var: /some/path
usize_var: 123
"#
);
let config: TestConfig = serde_yaml::from_str(yaml_data).unwrap();
assert_eq!(config.usize_var, Some(123));
assert_eq!(config.string_var, Some("hithere".to_string()));
assert_eq!(config.path_var, Some(PathBuf::from("/some/path")));
unsafe { env::remove_var("TEST_VAR_DESERIALIZE_OPTION_NO_OVERWRITE_USIZE") };
}
#[test]
fn test_deserialize_optional_usize_env_var_invalid_number() {
let yaml_data = indoc!(
r#"
string_var: hithere
path_var: /some/path
usize_var: "holo"
"#
);
let result: Result<TestConfig, _> = serde_yaml::from_str(yaml_data);
assert!(result.is_err());
let err = result.unwrap_err().to_string();
assert!(err.contains("invalid digit found in string"));
}
#[test]
fn test_deserialize_optional_usize_env_var_empty() {
let yaml_data = indoc!(
r#"
string_var: hithere
path_var: /some/path
"#
);
let config: TestConfig = serde_yaml::from_str(yaml_data).unwrap();
assert_eq!(config.usize_var, None);
assert_eq!(config.string_var, Some("hithere".to_string()));
assert_eq!(config.path_var, Some(PathBuf::from("/some/path")));
}
#[test]
fn test_interpolate_env_vars_defaults_to_original_string_if_not_in_yaml_interpolation_format() {
let var = interpolate_env_vars("TEST_VAR_INTERPOLATION_NON_YAML");
assert_str_eq!(var, "TEST_VAR_INTERPOLATION_NON_YAML");
}
#[test]
#[serial]
fn test_interpolate_env_vars_scrubs_all_unnecessary_characters() {
unsafe {
env::set_var(
"TEST_VAR_INTERPOLATION_UNNECESSARY_CHARACTERS",
r#"""
`"'https://dontdo:this@testing.com/query?test=%20query#results'"` {([\|])}
"""#,
)
};
let var = interpolate_env_vars("${TEST_VAR_INTERPOLATION_UNNECESSARY_CHARACTERS}");
assert_str_eq!(
var,
"https://dontdo:this@testing.com/query?test=%20query#results"
);
unsafe { env::remove_var("TEST_VAR_INTERPOLATION_UNNECESSARY_CHARACTERS") };
}
#[test]
#[serial]
fn test_interpolate_env_vars_scrubs_all_unnecessary_characters_for_default_values() {
let var = interpolate_env_vars(
r#"${UNSET:-`"'https://dontdo:this@testing.com/query?test=%20query#results'"` {([\|])}}"#,
);
assert_str_eq!(
var,
"https://dontdo:this@testing.com/query?test=%20query#results"
);
}
#[test]
fn test_interpolate_env_vars_scrubs_all_unnecessary_characters_from_non_environment_variable() {
let var =
interpolate_env_vars("https://dontdo:this@testing.com/query?test=%20query#results");
assert_str_eq!(
var,
"https://dontdo:this@testing.com/query?test=%20query#results"
);
}
}
src/providers/aws_secrets_manager.rs
+3
View File
@@ -1,3 +1,4 @@
use crate::config::deserialize_optional_env_var;
use crate::providers::SecretProvider; use crate::providers::SecretProvider;
use anyhow::Context; use anyhow::Context;
use anyhow::Result; use anyhow::Result;
@@ -32,8 +33,10 @@ use validator::Validate;
#[serde(deny_unknown_fields)] #[serde(deny_unknown_fields)]
pub struct AwsSecretsManagerProvider { pub struct AwsSecretsManagerProvider {
#[validate(required)] #[validate(required)]
#[serde(default, deserialize_with = "deserialize_optional_env_var")]
pub aws_profile: Option<String>, pub aws_profile: Option<String>,
#[validate(required)] #[validate(required)]
#[serde(default, deserialize_with = "deserialize_optional_env_var")]
pub aws_region: Option<String>, pub aws_region: Option<String>,
} }
src/providers/azure_key_vault.rs
+2
View File
@@ -1,3 +1,4 @@
use crate::config::deserialize_optional_env_var;
use crate::providers::SecretProvider; use crate::providers::SecretProvider;
use anyhow::{Context, Result}; use anyhow::{Context, Result};
use azure_identity::DefaultAzureCredential; use azure_identity::DefaultAzureCredential;
@@ -30,6 +31,7 @@ use validator::Validate;
#[serde(deny_unknown_fields)] #[serde(deny_unknown_fields)]
pub struct AzureKeyVaultProvider { pub struct AzureKeyVaultProvider {
#[validate(required)] #[validate(required)]
#[serde(default, deserialize_with = "deserialize_optional_env_var")]
pub vault_name: Option<String>, pub vault_name: Option<String>,
} }
src/providers/gcp_secret_manager.rs
+2
View File
@@ -1,3 +1,4 @@
use crate::config::deserialize_optional_env_var;
use crate::providers::SecretProvider; use crate::providers::SecretProvider;
use anyhow::{Context, Result, anyhow}; use anyhow::{Context, Result, anyhow};
use gcloud_sdk::google::cloud::secretmanager::v1; use gcloud_sdk::google::cloud::secretmanager::v1;
@@ -39,6 +40,7 @@ type SecretsManagerClient = GoogleApi<SecretManagerServiceClient<GoogleAuthMiddl
#[serde(deny_unknown_fields)] #[serde(deny_unknown_fields)]
pub struct GcpSecretManagerProvider { pub struct GcpSecretManagerProvider {
#[validate(required)] #[validate(required)]
#[serde(default, deserialize_with = "deserialize_optional_env_var")]
pub gcp_project_id: Option<String>, pub gcp_project_id: Option<String>,
} }
src/providers/gopass.rs
+2
View File
@@ -1,3 +1,4 @@
use crate::config::deserialize_optional_env_var;
use crate::providers::{ENV_PATH, SecretProvider}; use crate::providers::{ENV_PATH, SecretProvider};
use anyhow::{Context, Result, anyhow}; use anyhow::{Context, Result, anyhow};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
@@ -28,6 +29,7 @@ use validator::Validate;
#[derive(Debug, Default, Clone, Validate, Serialize, Deserialize, PartialEq, Eq)] #[derive(Debug, Default, Clone, Validate, Serialize, Deserialize, PartialEq, Eq)]
#[serde(deny_unknown_fields)] #[serde(deny_unknown_fields)]
pub struct GopassProvider { pub struct GopassProvider {
#[serde(default, deserialize_with = "deserialize_optional_env_var")]
pub store: Option<String>, pub store: Option<String>,
} }
src/providers/local.rs
+9
View File
@@ -1,3 +1,5 @@
use crate::config::deserialize_optional_env_var;
use crate::config::deserialize_optional_pathbuf_env_var;
use anyhow::{Context, anyhow, bail}; use anyhow::{Context, anyhow, bail};
use secrecy::{ExposeSecret, SecretString}; use secrecy::{ExposeSecret, SecretString};
use std::collections::HashMap; use std::collections::HashMap;
@@ -50,14 +52,21 @@ use validator::Validate;
#[derive(Debug, Clone, Validate, Serialize, Deserialize, PartialEq, Eq)] #[derive(Debug, Clone, Validate, Serialize, Deserialize, PartialEq, Eq)]
#[serde(deny_unknown_fields)] #[serde(deny_unknown_fields)]
pub struct LocalProvider { pub struct LocalProvider {
#[serde(default, deserialize_with = "deserialize_optional_pathbuf_env_var")]
pub password_file: Option<PathBuf>, pub password_file: Option<PathBuf>,
#[serde(default, deserialize_with = "deserialize_optional_env_var")]
pub git_branch: Option<String>, pub git_branch: Option<String>,
#[serde(default, deserialize_with = "deserialize_optional_env_var")]
pub git_remote_url: Option<String>, pub git_remote_url: Option<String>,
#[serde(default, deserialize_with = "deserialize_optional_env_var")]
pub git_user_name: Option<String>, pub git_user_name: Option<String>,
#[validate(email)] #[validate(email)]
#[serde(default, deserialize_with = "deserialize_optional_env_var")]
pub git_user_email: Option<String>, pub git_user_email: Option<String>,
#[serde(default, deserialize_with = "deserialize_optional_pathbuf_env_var")]
pub git_executable: Option<PathBuf>, pub git_executable: Option<PathBuf>,
#[serde(skip)] #[serde(skip)]
#[serde(default, deserialize_with = "deserialize_optional_env_var")]
pub runtime_provider_name: Option<String>, pub runtime_provider_name: Option<String>,
} }