Skip to content

Commit

Permalink
config: add secret path env var
Browse files Browse the repository at this point in the history
  • Loading branch information
@happysalada
happysalada committed Jun 12, 2023
1 parent f40d289 commit 2252f1e
Show file tree
Hide file tree
Showing 6 changed files with 270 additions and 2 deletions.
1 change: 1 addition & 0 deletions .envrc
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
use flake
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,4 @@ data/
tarpaulin-report.html
lcov.info
site
.direnv/
119 changes: 119 additions & 0 deletions flake.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

103 changes: 103 additions & 0 deletions flake.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
{
description = "Just a shell for now";

inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
rust-overlay.url = "github:oxalica/rust-overlay";
rust-overlay.inputs.nixpkgs.follows = "nixpkgs";
devshell.url = "github:numtide/devshell";
devshell.inputs.nixpkgs.follows = "nixpkgs";
};

outputs = {
self,
nixpkgs,
rust-overlay,
devshell,
}: let
supportedSystems = ["x86_64-linux" "x86_64-darwin"];
forAllSystems = f: nixpkgs.lib.genAttrs supportedSystems (system: f system);
nixpkgsFor = forAllSystems (system:
import nixpkgs {
inherit system;
config.allowUnfree = true;
overlays = [rust-overlay.overlays.default devshell.overlays.default];
});
in {
devShell = forAllSystems (
system: let
pkgs = nixpkgsFor."${system}";
rust-binaries = pkgs.rust-bin.stable.latest.default.override {
extensions = ["rust-src"];
};

packages = with pkgs;
[
rust-binaries
llvmPackages_latest.clang
llvmPackages_latest.lld
cargo-udeps
]
++ lib.optionals stdenv.isDarwin [
libiconv
darwin.apple_sdk.frameworks.Security
darwin.apple_sdk.frameworks.CoreFoundation
] ++ lib.optionals stdenv.isLinux [
pkg-config openssl
];
in
with pkgs; pkgs.devshell.mkShell
{
imports = ["${devshell}/extra/language/rust.nix"];
language.rust.enableDefaultToolchain = false;
inherit packages;
env = [
{
name = "RUSTFLAGS";
eval = "\"-C link-arg=-fuse-ld=lld $RUSTFLAGS\"";
}
{
name = "RUSTDOCFLAGS";
eval = "\"-C link-arg=-fuse-ld=lld $RUSTDOCFLAGS\"";
}
{
name = "RUST_LOG";
value = "info";
}
{
name = "OPENSSL_NO_VENDOR";
value = 1;
}
{
name = "OPENSSL_LIB_DIR";
value = "${lib.getLib openssl}/lib";
}
{
name = "OPENSSL_INCLUDE_DIR";
value = "${lib.getDev openssl}/include";
}
{
name = "LD_LIBRARY_PATH";
prefix = "${lib.getLib openssl}/lib";
}
];
commands = [
{
name = "clippy";
category = "dev";
help = "Clippy checks accross all targets";
command = "cargo clippy --all --all-targets -- -Dwarnings -Drust-2018-idioms -Adeprecated";
}
{
name = "dev";
category = "dev";
help = "Start the dev server";
command = ''
cargo run
'';
}
];
}
);
};
}
13 changes: 13 additions & 0 deletions src/config.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,12 +62,25 @@ pub struct StorageOptions {
#[arg(long, env = "RUSTUS_S3_ACCESS_KEY")]
pub s3_access_key: Option<String>,

/// S3 access key path.
///
/// This parameter is used fo s3-based storages.
/// It's a version of s3_access_key more suitable for secrets.
#[arg(long, env = "RUSTUS_S3_ACCESS_KEY_PATH")]
pub s3_access_key_path: Option<PathBuf>,

/// S3 secret key.
///
/// This parameter is required fo s3-based storages.
#[arg(long, env = "RUSTUS_S3_SECRET_KEY")]
pub s3_secret_key: Option<String>,

/// S3 secret key path.
///
/// This parameter is required fo s3-based storages.
#[arg(long, env = "RUSTUS_S3_SECRET_KEY_PATH")]
pub s3_secret_key_path: Option<PathBuf>,

/// S3 URL.
///
/// This parameter is required fo s3-based storages.
Expand Down
35 changes: 33 additions & 2 deletions src/storages/models/available_stores.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@ use crate::{
RustusConf, Storage,
};
use derive_more::{Display, From};
use std::{
fs::File,
io::{BufReader, Read},
path::PathBuf,
};
use strum::EnumIter;

/// Enum of available Storage implementations.
Expand Down Expand Up @@ -35,11 +40,19 @@ impl AvailableStores {
)),
Self::HybridS3 => {
log::warn!("Hybrid S3 is an unstable feature. If you ecounter a problem, please raise an issue: https://github.com/s3rius/rustus/issues.");
let access_key = from_string_or_path(
&config.storage_opts.s3_access_key,
&config.storage_opts.s3_access_key_path,
);
let secret_key = from_string_or_path(
&config.storage_opts.s3_secret_key,
&config.storage_opts.s3_secret_key_path,
);
Box::new(s3_hybrid_storage::S3HybridStorage::new(
config.storage_opts.s3_url.clone().unwrap(),
config.storage_opts.s3_region.clone().unwrap(),
&config.storage_opts.s3_access_key,
&config.storage_opts.s3_secret_key,
&access_key,
&secret_key,
&config.storage_opts.s3_security_token,
&config.storage_opts.s3_session_token,
&config.storage_opts.s3_profile,
Expand All @@ -54,3 +67,21 @@ impl AvailableStores {
}
}
}

// TODO this should probably be a COW
fn from_string_or_path(variable: &Option<String>, path: &Option<PathBuf>) -> Option<String> {
if let Some(variable) = variable {
Some(variable.to_string())
} else if let Some(path) = path {
let file = File::open("path_to_your_file")
.unwrap_or_else(|_| panic!("failed to open path {}", path.display()));
let mut buf_reader = BufReader::new(file);
let mut contents = String::new();
buf_reader
.read_to_string(&mut contents)
.unwrap_or_else(|_| panic!("failed to open path {}", path.display()));
Some(contents)
} else {
panic!("can't find {variable:?} or path {:?}", path)
}
}

0 comments on commit 2252f1e

Please sign in to comment.