feat: Support for secret injection into the global config file (API keys, for example)
This commit is contained in:
+2772
-2730
File diff suppressed because it is too large
Load Diff
+227
-237
@@ -1,6 +1,6 @@
|
||||
use crate::config::Config;
|
||||
use crate::utils::{abortable_run_with_spinner, AbortSignal};
|
||||
use crate::vault::SECRET_RE;
|
||||
use crate::vault::interpolate_secrets;
|
||||
use anyhow::{anyhow, Context, Result};
|
||||
use futures_util::future::BoxFuture;
|
||||
use futures_util::{stream, StreamExt, TryStreamExt};
|
||||
@@ -26,303 +26,293 @@ type ConnectedServer = RunningService<RoleClient, ()>;
|
||||
|
||||
#[derive(Debug, Clone, Deserialize)]
|
||||
struct McpServersConfig {
|
||||
#[serde(rename = "mcpServers")]
|
||||
mcp_servers: HashMap<String, McpServer>,
|
||||
#[serde(rename = "mcpServers")]
|
||||
mcp_servers: HashMap<String, McpServer>,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Deserialize)]
|
||||
struct McpServer {
|
||||
command: String,
|
||||
args: Option<Vec<String>>,
|
||||
env: Option<HashMap<String, JsonField>>,
|
||||
cwd: Option<String>,
|
||||
command: String,
|
||||
args: Option<Vec<String>>,
|
||||
env: Option<HashMap<String, JsonField>>,
|
||||
cwd: Option<String>,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Deserialize)]
|
||||
#[serde(untagged)]
|
||||
enum JsonField {
|
||||
Str(String),
|
||||
Bool(bool),
|
||||
Int(i64),
|
||||
Str(String),
|
||||
Bool(bool),
|
||||
Int(i64),
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Default)]
|
||||
pub struct McpRegistry {
|
||||
log_path: Option<PathBuf>,
|
||||
config: Option<McpServersConfig>,
|
||||
servers: HashMap<String, Arc<RunningService<RoleClient, ()>>>,
|
||||
log_path: Option<PathBuf>,
|
||||
config: Option<McpServersConfig>,
|
||||
servers: HashMap<String, Arc<RunningService<RoleClient, ()>>>,
|
||||
}
|
||||
|
||||
impl McpRegistry {
|
||||
pub async fn init(
|
||||
log_path: Option<PathBuf>,
|
||||
start_mcp_servers: bool,
|
||||
use_mcp_servers: Option<String>,
|
||||
abort_signal: AbortSignal,
|
||||
config: &Config,
|
||||
) -> Result<Self> {
|
||||
let mut registry = Self {
|
||||
log_path,
|
||||
..Default::default()
|
||||
};
|
||||
if !Config::mcp_config_file().try_exists().with_context(|| {
|
||||
format!(
|
||||
"Failed to check MCP config file at {}",
|
||||
Config::mcp_config_file().display()
|
||||
)
|
||||
})? {
|
||||
debug!(
|
||||
pub async fn init(
|
||||
log_path: Option<PathBuf>,
|
||||
start_mcp_servers: bool,
|
||||
use_mcp_servers: Option<String>,
|
||||
abort_signal: AbortSignal,
|
||||
config: &Config,
|
||||
) -> Result<Self> {
|
||||
let mut registry = Self {
|
||||
log_path,
|
||||
..Default::default()
|
||||
};
|
||||
if !Config::mcp_config_file().try_exists().with_context(|| {
|
||||
format!(
|
||||
"Failed to check MCP config file at {}",
|
||||
Config::mcp_config_file().display()
|
||||
)
|
||||
})? {
|
||||
debug!(
|
||||
"MCP config file does not exist at {}, skipping MCP initialization",
|
||||
Config::mcp_config_file().display()
|
||||
);
|
||||
return Ok(registry);
|
||||
}
|
||||
let err = || {
|
||||
format!(
|
||||
"Failed to load MCP config file at {}",
|
||||
Config::mcp_config_file().display()
|
||||
)
|
||||
};
|
||||
let content = tokio::fs::read_to_string(Config::mcp_config_file())
|
||||
.await
|
||||
.with_context(err)?;
|
||||
return Ok(registry);
|
||||
}
|
||||
let err = || {
|
||||
format!(
|
||||
"Failed to load MCP config file at {}",
|
||||
Config::mcp_config_file().display()
|
||||
)
|
||||
};
|
||||
let content = tokio::fs::read_to_string(Config::mcp_config_file())
|
||||
.await
|
||||
.with_context(err)?;
|
||||
|
||||
if content.trim().is_empty() {
|
||||
debug!("MCP config file is empty, skipping MCP initialization");
|
||||
return Ok(registry);
|
||||
}
|
||||
if content.trim().is_empty() {
|
||||
debug!("MCP config file is empty, skipping MCP initialization");
|
||||
return Ok(registry);
|
||||
}
|
||||
|
||||
let mut missing_secrets = vec![];
|
||||
let parsed_content = SECRET_RE.replace_all(&content, |caps: &fancy_regex::Captures<'_>| {
|
||||
let secret = config.vault.get_secret(&caps[1], false);
|
||||
match secret {
|
||||
Ok(s) => s,
|
||||
Err(_) => {
|
||||
missing_secrets.push(caps[1].to_string());
|
||||
"".to_string()
|
||||
}
|
||||
}
|
||||
});
|
||||
let (parsed_content, missing_secrets) = interpolate_secrets(&content, &config.vault);
|
||||
|
||||
if !missing_secrets.is_empty() {
|
||||
return Err(anyhow!(formatdoc!(
|
||||
if !missing_secrets.is_empty() {
|
||||
return Err(anyhow!(formatdoc!(
|
||||
"
|
||||
MCP config file references secrets that are missing from the vault: {:?}
|
||||
Please add these secrets to the vault and try again.",
|
||||
missing_secrets
|
||||
)));
|
||||
}
|
||||
}
|
||||
|
||||
let mcp_servers_config: McpServersConfig =
|
||||
serde_json::from_str(&parsed_content).with_context(err)?;
|
||||
registry.config = Some(mcp_servers_config);
|
||||
let mcp_servers_config: McpServersConfig =
|
||||
serde_json::from_str(&parsed_content).with_context(err)?;
|
||||
registry.config = Some(mcp_servers_config);
|
||||
|
||||
if start_mcp_servers && config.mcp_servers {
|
||||
abortable_run_with_spinner(
|
||||
registry.start_select_mcp_servers(use_mcp_servers),
|
||||
"Loading MCP servers",
|
||||
abort_signal,
|
||||
)
|
||||
.await?;
|
||||
}
|
||||
if start_mcp_servers && config.mcp_servers {
|
||||
abortable_run_with_spinner(
|
||||
registry.start_select_mcp_servers(use_mcp_servers),
|
||||
"Loading MCP servers",
|
||||
abort_signal,
|
||||
)
|
||||
.await?;
|
||||
}
|
||||
|
||||
Ok(registry)
|
||||
}
|
||||
Ok(registry)
|
||||
}
|
||||
|
||||
pub async fn reinit(
|
||||
registry: McpRegistry,
|
||||
use_mcp_servers: Option<String>,
|
||||
abort_signal: AbortSignal,
|
||||
) -> Result<Self> {
|
||||
debug!("Reinitializing MCP registry");
|
||||
debug!("Stopping all MCP servers");
|
||||
let mut new_registry = abortable_run_with_spinner(
|
||||
registry.stop_all_servers(),
|
||||
"Stopping MCP servers",
|
||||
abort_signal.clone(),
|
||||
)
|
||||
.await?;
|
||||
pub async fn reinit(
|
||||
registry: McpRegistry,
|
||||
use_mcp_servers: Option<String>,
|
||||
abort_signal: AbortSignal,
|
||||
) -> Result<Self> {
|
||||
debug!("Reinitializing MCP registry");
|
||||
debug!("Stopping all MCP servers");
|
||||
let mut new_registry = abortable_run_with_spinner(
|
||||
registry.stop_all_servers(),
|
||||
"Stopping MCP servers",
|
||||
abort_signal.clone(),
|
||||
)
|
||||
.await?;
|
||||
|
||||
abortable_run_with_spinner(
|
||||
new_registry.start_select_mcp_servers(use_mcp_servers),
|
||||
"Loading MCP servers",
|
||||
abort_signal,
|
||||
)
|
||||
.await?;
|
||||
abortable_run_with_spinner(
|
||||
new_registry.start_select_mcp_servers(use_mcp_servers),
|
||||
"Loading MCP servers",
|
||||
abort_signal,
|
||||
)
|
||||
.await?;
|
||||
|
||||
Ok(new_registry)
|
||||
}
|
||||
Ok(new_registry)
|
||||
}
|
||||
|
||||
async fn start_select_mcp_servers(&mut self, use_mcp_servers: Option<String>) -> Result<()> {
|
||||
if self.config.is_none() {
|
||||
debug!("MCP config is not present; assuming MCP servers are disabled globally. Skipping MCP initialization");
|
||||
return Ok(());
|
||||
}
|
||||
async fn start_select_mcp_servers(&mut self, use_mcp_servers: Option<String>) -> Result<()> {
|
||||
if self.config.is_none() {
|
||||
debug!("MCP config is not present; assuming MCP servers are disabled globally. Skipping MCP initialization");
|
||||
return Ok(());
|
||||
}
|
||||
|
||||
if let Some(servers) = use_mcp_servers {
|
||||
debug!("Starting selected MCP servers: {:?}", servers);
|
||||
let config = self
|
||||
.config
|
||||
.as_ref()
|
||||
.with_context(|| "MCP Config not defined. Cannot start servers")?;
|
||||
let mcp_servers = config.mcp_servers.clone();
|
||||
if let Some(servers) = use_mcp_servers {
|
||||
debug!("Starting selected MCP servers: {:?}", servers);
|
||||
let config = self
|
||||
.config
|
||||
.as_ref()
|
||||
.with_context(|| "MCP Config not defined. Cannot start servers")?;
|
||||
let mcp_servers = config.mcp_servers.clone();
|
||||
|
||||
let enabled_servers: HashSet<String> =
|
||||
servers.split(',').map(|s| s.trim().to_string()).collect();
|
||||
let server_ids: Vec<String> = if servers == "all" {
|
||||
mcp_servers.into_keys().collect()
|
||||
} else {
|
||||
mcp_servers
|
||||
.into_keys()
|
||||
.filter(|id| enabled_servers.contains(id))
|
||||
.collect()
|
||||
};
|
||||
let enabled_servers: HashSet<String> =
|
||||
servers.split(',').map(|s| s.trim().to_string()).collect();
|
||||
let server_ids: Vec<String> = if servers == "all" {
|
||||
mcp_servers.into_keys().collect()
|
||||
} else {
|
||||
mcp_servers
|
||||
.into_keys()
|
||||
.filter(|id| enabled_servers.contains(id))
|
||||
.collect()
|
||||
};
|
||||
|
||||
let results: Vec<(String, Arc<_>)> = stream::iter(
|
||||
server_ids
|
||||
.into_iter()
|
||||
.map(|id| async { self.start_server(id).await }),
|
||||
)
|
||||
.buffer_unordered(num_cpus::get())
|
||||
.try_collect()
|
||||
.await?;
|
||||
let results: Vec<(String, Arc<_>)> = stream::iter(
|
||||
server_ids
|
||||
.into_iter()
|
||||
.map(|id| async { self.start_server(id).await }),
|
||||
)
|
||||
.buffer_unordered(num_cpus::get())
|
||||
.try_collect()
|
||||
.await?;
|
||||
|
||||
self.servers = results.into_iter().collect();
|
||||
}
|
||||
self.servers = results.into_iter().collect();
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
|
||||
async fn start_server(&self, id: String) -> Result<(String, Arc<ConnectedServer>)> {
|
||||
let server = self
|
||||
.config
|
||||
.as_ref()
|
||||
.and_then(|c| c.mcp_servers.get(&id))
|
||||
.with_context(|| format!("MCP server not found in config: {id}"))?;
|
||||
let mut cmd = Command::new(&server.command);
|
||||
if let Some(args) = &server.args {
|
||||
cmd.args(args);
|
||||
}
|
||||
if let Some(env) = &server.env {
|
||||
let env: HashMap<String, String> = env
|
||||
.iter()
|
||||
.map(|(k, v)| match v {
|
||||
JsonField::Str(s) => (k.clone(), s.clone()),
|
||||
JsonField::Bool(b) => (k.clone(), b.to_string()),
|
||||
JsonField::Int(i) => (k.clone(), i.to_string()),
|
||||
})
|
||||
.collect();
|
||||
cmd.envs(env);
|
||||
}
|
||||
if let Some(cwd) = &server.cwd {
|
||||
cmd.current_dir(cwd);
|
||||
}
|
||||
async fn start_server(&self, id: String) -> Result<(String, Arc<ConnectedServer>)> {
|
||||
let server = self
|
||||
.config
|
||||
.as_ref()
|
||||
.and_then(|c| c.mcp_servers.get(&id))
|
||||
.with_context(|| format!("MCP server not found in config: {id}"))?;
|
||||
let mut cmd = Command::new(&server.command);
|
||||
if let Some(args) = &server.args {
|
||||
cmd.args(args);
|
||||
}
|
||||
if let Some(env) = &server.env {
|
||||
let env: HashMap<String, String> = env
|
||||
.iter()
|
||||
.map(|(k, v)| match v {
|
||||
JsonField::Str(s) => (k.clone(), s.clone()),
|
||||
JsonField::Bool(b) => (k.clone(), b.to_string()),
|
||||
JsonField::Int(i) => (k.clone(), i.to_string()),
|
||||
})
|
||||
.collect();
|
||||
cmd.envs(env);
|
||||
}
|
||||
if let Some(cwd) = &server.cwd {
|
||||
cmd.current_dir(cwd);
|
||||
}
|
||||
|
||||
let transport = if let Some(log_path) = self.log_path.as_ref() {
|
||||
cmd.stdin(Stdio::piped()).stdout(Stdio::piped());
|
||||
let transport = if let Some(log_path) = self.log_path.as_ref() {
|
||||
cmd.stdin(Stdio::piped()).stdout(Stdio::piped());
|
||||
|
||||
let log_file = OpenOptions::new()
|
||||
.create(true)
|
||||
.append(true)
|
||||
.open(log_path)?;
|
||||
let (transport, _) = TokioChildProcess::builder(cmd).stderr(log_file).spawn()?;
|
||||
transport
|
||||
} else {
|
||||
TokioChildProcess::new(cmd)?
|
||||
};
|
||||
let log_file = OpenOptions::new()
|
||||
.create(true)
|
||||
.append(true)
|
||||
.open(log_path)?;
|
||||
let (transport, _) = TokioChildProcess::builder(cmd).stderr(log_file).spawn()?;
|
||||
transport
|
||||
} else {
|
||||
TokioChildProcess::new(cmd)?
|
||||
};
|
||||
|
||||
let service = Arc::new(
|
||||
().serve(transport)
|
||||
.await
|
||||
.with_context(|| format!("Failed to start MCP server: {}", &server.command))?,
|
||||
);
|
||||
debug!(
|
||||
let service = Arc::new(
|
||||
().serve(transport)
|
||||
.await
|
||||
.with_context(|| format!("Failed to start MCP server: {}", &server.command))?,
|
||||
);
|
||||
debug!(
|
||||
"Available tools for MCP server {id}: {:?}",
|
||||
service.list_tools(None).await?
|
||||
);
|
||||
|
||||
info!("Started MCP server: {id}");
|
||||
info!("Started MCP server: {id}");
|
||||
|
||||
Ok((id.to_string(), service))
|
||||
}
|
||||
Ok((id.to_string(), service))
|
||||
}
|
||||
|
||||
pub async fn stop_all_servers(mut self) -> Result<Self> {
|
||||
for (id, server) in self.servers {
|
||||
Arc::try_unwrap(server)
|
||||
.map_err(|_| anyhow!("Failed to unwrap Arc for MCP server: {id}"))?
|
||||
.cancel()
|
||||
.await
|
||||
.with_context(|| format!("Failed to stop MCP server: {id}"))?;
|
||||
info!("Stopped MCP server: {id}");
|
||||
}
|
||||
pub async fn stop_all_servers(mut self) -> Result<Self> {
|
||||
for (id, server) in self.servers {
|
||||
Arc::try_unwrap(server)
|
||||
.map_err(|_| anyhow!("Failed to unwrap Arc for MCP server: {id}"))?
|
||||
.cancel()
|
||||
.await
|
||||
.with_context(|| format!("Failed to stop MCP server: {id}"))?;
|
||||
info!("Stopped MCP server: {id}");
|
||||
}
|
||||
|
||||
self.servers = HashMap::new();
|
||||
self.servers = HashMap::new();
|
||||
|
||||
Ok(self)
|
||||
}
|
||||
Ok(self)
|
||||
}
|
||||
|
||||
pub fn list_started_servers(&self) -> Vec<String> {
|
||||
self.servers.keys().cloned().collect()
|
||||
}
|
||||
pub fn list_started_servers(&self) -> Vec<String> {
|
||||
self.servers.keys().cloned().collect()
|
||||
}
|
||||
|
||||
pub fn list_configured_servers(&self) -> Vec<String> {
|
||||
if let Some(config) = &self.config {
|
||||
config.mcp_servers.keys().cloned().collect()
|
||||
} else {
|
||||
vec![]
|
||||
}
|
||||
}
|
||||
pub fn list_configured_servers(&self) -> Vec<String> {
|
||||
if let Some(config) = &self.config {
|
||||
config.mcp_servers.keys().cloned().collect()
|
||||
} else {
|
||||
vec![]
|
||||
}
|
||||
}
|
||||
|
||||
pub fn catalog(&self) -> BoxFuture<'static, Result<Value>> {
|
||||
let servers: Vec<(String, Arc<ConnectedServer>)> = self
|
||||
.servers
|
||||
.iter()
|
||||
.map(|(id, s)| (id.clone(), s.clone()))
|
||||
.collect();
|
||||
pub fn catalog(&self) -> BoxFuture<'static, Result<Value>> {
|
||||
let servers: Vec<(String, Arc<ConnectedServer>)> = self
|
||||
.servers
|
||||
.iter()
|
||||
.map(|(id, s)| (id.clone(), s.clone()))
|
||||
.collect();
|
||||
|
||||
Box::pin(async move {
|
||||
let mut out = Vec::with_capacity(servers.len());
|
||||
for (id, server) in servers {
|
||||
let tools = server.list_tools(None).await?;
|
||||
let resources = server.list_resources(None).await.unwrap_or_default();
|
||||
// TODO implement prompt sampling for MCP servers
|
||||
// let prompts = server.service.list_prompts(None).await.unwrap_or_default();
|
||||
out.push(json!({
|
||||
Box::pin(async move {
|
||||
let mut out = Vec::with_capacity(servers.len());
|
||||
for (id, server) in servers {
|
||||
let tools = server.list_tools(None).await?;
|
||||
let resources = server.list_resources(None).await.unwrap_or_default();
|
||||
// TODO implement prompt sampling for MCP servers
|
||||
// let prompts = server.service.list_prompts(None).await.unwrap_or_default();
|
||||
out.push(json!({
|
||||
"server": id,
|
||||
"tools": tools,
|
||||
"resources": resources,
|
||||
}));
|
||||
}
|
||||
Ok(Value::Array(out))
|
||||
})
|
||||
}
|
||||
}
|
||||
Ok(Value::Array(out))
|
||||
})
|
||||
}
|
||||
|
||||
pub fn invoke(
|
||||
&self,
|
||||
server: &str,
|
||||
tool: &str,
|
||||
arguments: Value,
|
||||
) -> BoxFuture<'static, Result<CallToolResult>> {
|
||||
let server = self
|
||||
.servers
|
||||
.get(server)
|
||||
.cloned()
|
||||
.with_context(|| format!("Invoked MCP server does not exist: {server}"));
|
||||
pub fn invoke(
|
||||
&self,
|
||||
server: &str,
|
||||
tool: &str,
|
||||
arguments: Value,
|
||||
) -> BoxFuture<'static, Result<CallToolResult>> {
|
||||
let server = self
|
||||
.servers
|
||||
.get(server)
|
||||
.cloned()
|
||||
.with_context(|| format!("Invoked MCP server does not exist: {server}"));
|
||||
|
||||
let tool = tool.to_owned();
|
||||
Box::pin(async move {
|
||||
let server = server?;
|
||||
let call_tool_request = CallToolRequestParam {
|
||||
name: Cow::Owned(tool.to_owned()),
|
||||
arguments: arguments.as_object().cloned(),
|
||||
};
|
||||
let tool = tool.to_owned();
|
||||
Box::pin(async move {
|
||||
let server = server?;
|
||||
let call_tool_request = CallToolRequestParam {
|
||||
name: Cow::Owned(tool.to_owned()),
|
||||
arguments: arguments.as_object().cloned(),
|
||||
};
|
||||
|
||||
let result = server.call_tool(call_tool_request).await?;
|
||||
Ok(result)
|
||||
})
|
||||
}
|
||||
let result = server.call_tool(call_tool_request).await?;
|
||||
Ok(result)
|
||||
})
|
||||
}
|
||||
|
||||
pub fn is_empty(&self) -> bool {
|
||||
self.servers.is_empty()
|
||||
}
|
||||
pub fn is_empty(&self) -> bool {
|
||||
self.servers.is_empty()
|
||||
}
|
||||
}
|
||||
|
||||
+93
-91
@@ -1,5 +1,7 @@
|
||||
mod utils;
|
||||
|
||||
pub use utils::interpolate_secrets;
|
||||
|
||||
use crate::cli::Cli;
|
||||
use crate::config::Config;
|
||||
use crate::vault::utils::ensure_password_file_initialized;
|
||||
@@ -11,122 +13,122 @@ use inquire::{required, Password, PasswordDisplayMode};
|
||||
use std::sync::LazyLock;
|
||||
use tokio::runtime::Handle;
|
||||
|
||||
pub static SECRET_RE: LazyLock<Regex> = LazyLock::new(|| Regex::new(r"\{\{(.+)}}").unwrap());
|
||||
static SECRET_RE: LazyLock<Regex> = LazyLock::new(|| Regex::new(r"\{\{(.+)}}").unwrap());
|
||||
|
||||
#[derive(Debug, Default, Clone)]
|
||||
pub struct Vault {
|
||||
local_provider: LocalProvider,
|
||||
local_provider: LocalProvider,
|
||||
}
|
||||
|
||||
impl Vault {
|
||||
pub fn init(config: &Config) -> Self {
|
||||
let vault_password_file = config.vault_password_file();
|
||||
let mut local_provider = LocalProvider {
|
||||
password_file: Some(vault_password_file),
|
||||
git_branch: None,
|
||||
..LocalProvider::default()
|
||||
};
|
||||
pub fn init(config: &Config) -> Self {
|
||||
let vault_password_file = config.vault_password_file();
|
||||
let mut local_provider = LocalProvider {
|
||||
password_file: Some(vault_password_file),
|
||||
git_branch: None,
|
||||
..LocalProvider::default()
|
||||
};
|
||||
|
||||
ensure_password_file_initialized(&mut local_provider)
|
||||
.expect("Failed to initialize password file");
|
||||
ensure_password_file_initialized(&mut local_provider)
|
||||
.expect("Failed to initialize password file");
|
||||
|
||||
Self { local_provider }
|
||||
}
|
||||
Self { local_provider }
|
||||
}
|
||||
|
||||
pub fn add_secret(&self, secret_name: &str) -> Result<()> {
|
||||
let secret_value = Password::new("Enter the secret value:")
|
||||
.with_validator(required!())
|
||||
.with_display_mode(PasswordDisplayMode::Masked)
|
||||
.prompt()
|
||||
.with_context(|| "unable to read secret from input")?;
|
||||
pub fn add_secret(&self, secret_name: &str) -> Result<()> {
|
||||
let secret_value = Password::new("Enter the secret value:")
|
||||
.with_validator(required!())
|
||||
.with_display_mode(PasswordDisplayMode::Masked)
|
||||
.prompt()
|
||||
.with_context(|| "unable to read secret from input")?;
|
||||
|
||||
let h = Handle::current();
|
||||
tokio::task::block_in_place(|| {
|
||||
h.block_on(self.local_provider.set_secret(secret_name, &secret_value))
|
||||
})?;
|
||||
println!("✓ Secret '{secret_name}' added to the vault.");
|
||||
let h = Handle::current();
|
||||
tokio::task::block_in_place(|| {
|
||||
h.block_on(self.local_provider.set_secret(secret_name, &secret_value))
|
||||
})?;
|
||||
println!("✓ Secret '{secret_name}' added to the vault.");
|
||||
|
||||
Ok(())
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
|
||||
pub fn get_secret(&self, secret_name: &str, display_output: bool) -> Result<String> {
|
||||
let h = Handle::current();
|
||||
let secret = tokio::task::block_in_place(|| {
|
||||
h.block_on(self.local_provider.get_secret(secret_name))
|
||||
})?;
|
||||
pub fn get_secret(&self, secret_name: &str, display_output: bool) -> Result<String> {
|
||||
let h = Handle::current();
|
||||
let secret = tokio::task::block_in_place(|| {
|
||||
h.block_on(self.local_provider.get_secret(secret_name))
|
||||
})?;
|
||||
|
||||
if display_output {
|
||||
println!("{}", secret);
|
||||
}
|
||||
if display_output {
|
||||
println!("{}", secret);
|
||||
}
|
||||
|
||||
Ok(secret)
|
||||
}
|
||||
Ok(secret)
|
||||
}
|
||||
|
||||
pub fn update_secret(&self, secret_name: &str) -> Result<()> {
|
||||
let secret_value = Password::new("Enter the secret value:")
|
||||
.with_validator(required!())
|
||||
.with_display_mode(PasswordDisplayMode::Masked)
|
||||
.prompt()
|
||||
.with_context(|| "unable to read secret from input")?;
|
||||
let h = Handle::current();
|
||||
tokio::task::block_in_place(|| {
|
||||
h.block_on(
|
||||
self.local_provider
|
||||
.update_secret(secret_name, &secret_value),
|
||||
)
|
||||
})?;
|
||||
println!("✓ Secret '{secret_name}' updated in the vault.");
|
||||
pub fn update_secret(&self, secret_name: &str) -> Result<()> {
|
||||
let secret_value = Password::new("Enter the secret value:")
|
||||
.with_validator(required!())
|
||||
.with_display_mode(PasswordDisplayMode::Masked)
|
||||
.prompt()
|
||||
.with_context(|| "unable to read secret from input")?;
|
||||
let h = Handle::current();
|
||||
tokio::task::block_in_place(|| {
|
||||
h.block_on(
|
||||
self.local_provider
|
||||
.update_secret(secret_name, &secret_value),
|
||||
)
|
||||
})?;
|
||||
println!("✓ Secret '{secret_name}' updated in the vault.");
|
||||
|
||||
Ok(())
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
|
||||
pub fn delete_secret(&self, secret_name: &str) -> Result<()> {
|
||||
let h = Handle::current();
|
||||
tokio::task::block_in_place(|| h.block_on(self.local_provider.delete_secret(secret_name)))?;
|
||||
println!("✓ Secret '{secret_name}' deleted from the vault.");
|
||||
pub fn delete_secret(&self, secret_name: &str) -> Result<()> {
|
||||
let h = Handle::current();
|
||||
tokio::task::block_in_place(|| h.block_on(self.local_provider.delete_secret(secret_name)))?;
|
||||
println!("✓ Secret '{secret_name}' deleted from the vault.");
|
||||
|
||||
Ok(())
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
|
||||
pub fn list_secrets(&self, display_output: bool) -> Result<Vec<String>> {
|
||||
let h = Handle::current();
|
||||
let secrets =
|
||||
tokio::task::block_in_place(|| h.block_on(self.local_provider.list_secrets()))?;
|
||||
pub fn list_secrets(&self, display_output: bool) -> Result<Vec<String>> {
|
||||
let h = Handle::current();
|
||||
let secrets =
|
||||
tokio::task::block_in_place(|| h.block_on(self.local_provider.list_secrets()))?;
|
||||
|
||||
if display_output {
|
||||
if secrets.is_empty() {
|
||||
println!("The vault is empty.");
|
||||
} else {
|
||||
for key in &secrets {
|
||||
println!("{}", key);
|
||||
}
|
||||
}
|
||||
}
|
||||
if display_output {
|
||||
if secrets.is_empty() {
|
||||
println!("The vault is empty.");
|
||||
} else {
|
||||
for key in &secrets {
|
||||
println!("{}", key);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Ok(secrets)
|
||||
}
|
||||
Ok(secrets)
|
||||
}
|
||||
|
||||
pub fn handle_vault_flags(cli: Cli, config: Config) -> Result<()> {
|
||||
if let Some(secret_name) = cli.add_secret {
|
||||
config.vault.add_secret(&secret_name)?;
|
||||
}
|
||||
pub fn handle_vault_flags(cli: Cli, config: Config) -> Result<()> {
|
||||
if let Some(secret_name) = cli.add_secret {
|
||||
config.vault.add_secret(&secret_name)?;
|
||||
}
|
||||
|
||||
if let Some(secret_name) = cli.get_secret {
|
||||
config.vault.get_secret(&secret_name, true)?;
|
||||
}
|
||||
if let Some(secret_name) = cli.get_secret {
|
||||
config.vault.get_secret(&secret_name, true)?;
|
||||
}
|
||||
|
||||
if let Some(secret_name) = cli.update_secret {
|
||||
config.vault.update_secret(&secret_name)?;
|
||||
}
|
||||
if let Some(secret_name) = cli.update_secret {
|
||||
config.vault.update_secret(&secret_name)?;
|
||||
}
|
||||
|
||||
if let Some(secret_name) = cli.delete_secret {
|
||||
config.vault.delete_secret(&secret_name)?;
|
||||
}
|
||||
if let Some(secret_name) = cli.delete_secret {
|
||||
config.vault.delete_secret(&secret_name)?;
|
||||
}
|
||||
|
||||
if cli.list_secrets {
|
||||
config.vault.list_secrets(true)?;
|
||||
}
|
||||
if cli.list_secrets {
|
||||
config.vault.list_secrets(true)?;
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
+115
-97
@@ -1,97 +1,99 @@
|
||||
use crate::config::ensure_parent_exists;
|
||||
use crate::vault::{Vault, SECRET_RE};
|
||||
use anyhow::anyhow;
|
||||
use anyhow::Result;
|
||||
use gman::providers::local::LocalProvider;
|
||||
use indoc::formatdoc;
|
||||
use inquire::validator::Validation;
|
||||
use inquire::{min_length, required, Confirm, Password, PasswordDisplayMode, Text};
|
||||
use std::borrow::Cow;
|
||||
use std::path::PathBuf;
|
||||
|
||||
pub fn ensure_password_file_initialized(local_provider: &mut LocalProvider) -> Result<()> {
|
||||
let vault_password_file = local_provider
|
||||
.password_file
|
||||
.clone()
|
||||
.ok_or_else(|| anyhow!("Password file is not configured"))?;
|
||||
let vault_password_file = local_provider
|
||||
.password_file
|
||||
.clone()
|
||||
.ok_or_else(|| anyhow!("Password file is not configured"))?;
|
||||
|
||||
if vault_password_file.exists() {
|
||||
{
|
||||
let file_contents = std::fs::read_to_string(&vault_password_file)?;
|
||||
if !file_contents.trim().is_empty() {
|
||||
return Ok(());
|
||||
}
|
||||
}
|
||||
if vault_password_file.exists() {
|
||||
{
|
||||
let file_contents = std::fs::read_to_string(&vault_password_file)?;
|
||||
if !file_contents.trim().is_empty() {
|
||||
return Ok(());
|
||||
}
|
||||
}
|
||||
|
||||
let ans = Confirm::new(
|
||||
format!(
|
||||
"The configured password file '{}' is empty. Create a password?",
|
||||
vault_password_file.display()
|
||||
)
|
||||
.as_str(),
|
||||
)
|
||||
.with_default(true)
|
||||
.prompt()?;
|
||||
let ans = Confirm::new(
|
||||
format!(
|
||||
"The configured password file '{}' is empty. Create a password?",
|
||||
vault_password_file.display()
|
||||
)
|
||||
.as_str(),
|
||||
)
|
||||
.with_default(true)
|
||||
.prompt()?;
|
||||
|
||||
if !ans {
|
||||
return Err(anyhow!("The configured password file '{}' is empty. Please populate it with a password and try again.", vault_password_file.display()));
|
||||
}
|
||||
if !ans {
|
||||
return Err(anyhow!("The configured password file '{}' is empty. Please populate it with a password and try again.", vault_password_file.display()));
|
||||
}
|
||||
|
||||
let password = Password::new("Enter a password to encrypt all vault secrets:")
|
||||
.with_validator(required!())
|
||||
.with_validator(min_length!(10))
|
||||
.with_display_mode(PasswordDisplayMode::Masked)
|
||||
.prompt();
|
||||
let password = Password::new("Enter a password to encrypt all vault secrets:")
|
||||
.with_validator(required!())
|
||||
.with_validator(min_length!(10))
|
||||
.with_display_mode(PasswordDisplayMode::Masked)
|
||||
.prompt();
|
||||
|
||||
match password {
|
||||
Ok(pw) => {
|
||||
std::fs::write(&vault_password_file, pw.as_bytes())?;
|
||||
println!(
|
||||
"✓ Password file '{}' updated.",
|
||||
vault_password_file.display()
|
||||
);
|
||||
}
|
||||
Err(_) => {
|
||||
return Err(anyhow!(
|
||||
match password {
|
||||
Ok(pw) => {
|
||||
std::fs::write(&vault_password_file, pw.as_bytes())?;
|
||||
println!(
|
||||
"✓ Password file '{}' updated.",
|
||||
vault_password_file.display()
|
||||
);
|
||||
}
|
||||
Err(_) => {
|
||||
return Err(anyhow!(
|
||||
"Failed to read password from input. Password file not updated."
|
||||
));
|
||||
}
|
||||
}
|
||||
} else {
|
||||
let ans = Confirm::new("No password file configured. Do you want to create one now?")
|
||||
.with_default(true)
|
||||
.prompt()?;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
let ans = Confirm::new("No password file configured. Do you want to create one now?")
|
||||
.with_default(true)
|
||||
.prompt()?;
|
||||
|
||||
if !ans {
|
||||
return Err(anyhow!("A password file is required to utilize the Loki vault. Please configure a password file in your config file and try again."));
|
||||
}
|
||||
if !ans {
|
||||
return Err(anyhow!("A password file is required to utilize the Loki vault. Please configure a password file in your config file and try again."));
|
||||
}
|
||||
|
||||
let password_file: PathBuf = Text::new("Enter the path to the password file to create:")
|
||||
.with_default(&vault_password_file.display().to_string())
|
||||
.with_validator(required!("Password file path is required"))
|
||||
.with_validator(|input: &str| {
|
||||
let path = PathBuf::from(input);
|
||||
if path.exists() {
|
||||
Ok(Validation::Invalid(
|
||||
"File already exists. Please choose a different path.".into(),
|
||||
))
|
||||
} else if let Some(parent) = path.parent() {
|
||||
if !parent.exists() {
|
||||
Ok(Validation::Invalid(
|
||||
"Parent directory does not exist.".into(),
|
||||
))
|
||||
} else {
|
||||
Ok(Validation::Valid)
|
||||
}
|
||||
} else {
|
||||
Ok(Validation::Valid)
|
||||
}
|
||||
})
|
||||
.prompt()?
|
||||
.into();
|
||||
let password_file: PathBuf = Text::new("Enter the path to the password file to create:")
|
||||
.with_default(&vault_password_file.display().to_string())
|
||||
.with_validator(required!("Password file path is required"))
|
||||
.with_validator(|input: &str| {
|
||||
let path = PathBuf::from(input);
|
||||
if path.exists() {
|
||||
Ok(Validation::Invalid(
|
||||
"File already exists. Please choose a different path.".into(),
|
||||
))
|
||||
} else if let Some(parent) = path.parent() {
|
||||
if !parent.exists() {
|
||||
Ok(Validation::Invalid(
|
||||
"Parent directory does not exist.".into(),
|
||||
))
|
||||
} else {
|
||||
Ok(Validation::Valid)
|
||||
}
|
||||
} else {
|
||||
Ok(Validation::Valid)
|
||||
}
|
||||
})
|
||||
.prompt()?
|
||||
.into();
|
||||
|
||||
if password_file != vault_password_file {
|
||||
println!(
|
||||
"{}",
|
||||
formatdoc!(
|
||||
if password_file != vault_password_file {
|
||||
println!(
|
||||
"{}",
|
||||
formatdoc!(
|
||||
"
|
||||
Note: The default password file path is '{}'.
|
||||
You have chosen to create a different path: '{}'.
|
||||
@@ -100,33 +102,49 @@ pub fn ensure_password_file_initialized(local_provider: &mut LocalProvider) -> R
|
||||
vault_password_file.display(),
|
||||
password_file.display()
|
||||
)
|
||||
);
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
ensure_parent_exists(&password_file)?;
|
||||
ensure_parent_exists(&password_file)?;
|
||||
|
||||
let password = Password::new("Enter a password to encrypt all vault secrets:")
|
||||
.with_display_mode(PasswordDisplayMode::Masked)
|
||||
.with_validator(required!())
|
||||
.with_validator(min_length!(10))
|
||||
.prompt();
|
||||
let password = Password::new("Enter a password to encrypt all vault secrets:")
|
||||
.with_display_mode(PasswordDisplayMode::Masked)
|
||||
.with_validator(required!())
|
||||
.with_validator(min_length!(10))
|
||||
.prompt();
|
||||
|
||||
match password {
|
||||
Ok(pw) => {
|
||||
std::fs::write(&password_file, pw.as_bytes())?;
|
||||
local_provider.password_file = Some(password_file);
|
||||
println!(
|
||||
"✓ Password file '{}' created.",
|
||||
vault_password_file.display()
|
||||
);
|
||||
}
|
||||
Err(_) => {
|
||||
return Err(anyhow!(
|
||||
match password {
|
||||
Ok(pw) => {
|
||||
std::fs::write(&password_file, pw.as_bytes())?;
|
||||
local_provider.password_file = Some(password_file);
|
||||
println!(
|
||||
"✓ Password file '{}' created.",
|
||||
vault_password_file.display()
|
||||
);
|
||||
}
|
||||
Err(_) => {
|
||||
return Err(anyhow!(
|
||||
"Failed to read password from input. Password file not created."
|
||||
));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Ok(())
|
||||
Ok(())
|
||||
}
|
||||
|
||||
pub fn interpolate_secrets<'a>(content: &'a str, vault: &Vault) -> (Cow<'a, str>, Vec<String>) {
|
||||
let mut missing_secrets = vec![];
|
||||
let parsed_content = SECRET_RE.replace_all(content, |caps: &fancy_regex::Captures<'_>| {
|
||||
let secret = vault.get_secret(caps[1].trim(), false);
|
||||
match secret {
|
||||
Ok(s) => s,
|
||||
Err(_) => {
|
||||
missing_secrets.push(caps[1].to_string());
|
||||
"".to_string()
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
(parsed_content, missing_secrets)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user