2025-12-03 22:23:30 -03:00
|
|
|
use anyhow::{anyhow, Result};
|
|
|
|
|
use log::{debug, info, warn};
|
2025-11-30 16:25:51 -03:00
|
|
|
use std::collections::HashMap;
|
|
|
|
|
use std::env;
|
2025-12-07 02:13:28 -03:00
|
|
|
use std::path::PathBuf;
|
2025-11-30 16:25:51 -03:00
|
|
|
use std::sync::Arc;
|
2025-12-03 22:23:30 -03:00
|
|
|
use std::sync::Arc as StdArc;
|
2025-11-30 16:25:51 -03:00
|
|
|
use tokio::sync::RwLock;
|
2025-12-03 22:23:30 -03:00
|
|
|
use vaultrs::client::{VaultClient, VaultClientSettingsBuilder};
|
|
|
|
|
use vaultrs::kv2;
|
2025-11-30 16:25:51 -03:00
|
|
|
|
2025-12-02 21:09:43 -03:00
|
|
|
#[derive(Debug)]
|
2025-11-30 16:25:51 -03:00
|
|
|
pub struct SecretPaths;
|
|
|
|
|
|
|
|
|
|
impl SecretPaths {
|
|
|
|
|
pub const DIRECTORY: &'static str = "gbo/directory";
|
|
|
|
|
pub const TABLES: &'static str = "gbo/tables";
|
|
|
|
|
pub const DRIVE: &'static str = "gbo/drive";
|
|
|
|
|
pub const CACHE: &'static str = "gbo/cache";
|
|
|
|
|
pub const EMAIL: &'static str = "gbo/email";
|
|
|
|
|
pub const LLM: &'static str = "gbo/llm";
|
|
|
|
|
pub const ENCRYPTION: &'static str = "gbo/encryption";
|
|
|
|
|
pub const MEET: &'static str = "gbo/meet";
|
|
|
|
|
pub const ALM: &'static str = "gbo/alm";
|
|
|
|
|
pub const VECTORDB: &'static str = "gbo/vectordb";
|
|
|
|
|
pub const OBSERVABILITY: &'static str = "gbo/observability";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct CachedSecret {
|
|
|
|
|
data: HashMap<String, String>,
|
|
|
|
|
expires_at: std::time::Instant,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[derive(Clone)]
|
|
|
|
|
pub struct SecretsManager {
|
2025-12-03 22:23:30 -03:00
|
|
|
client: Option<StdArc<VaultClient>>,
|
2025-11-30 16:25:51 -03:00
|
|
|
cache: Arc<RwLock<HashMap<String, CachedSecret>>>,
|
2025-12-03 22:23:30 -03:00
|
|
|
cache_ttl: u64,
|
2025-11-30 16:25:51 -03:00
|
|
|
enabled: bool,
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-02 21:09:43 -03:00
|
|
|
impl std::fmt::Debug for SecretsManager {
|
|
|
|
|
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
|
|
|
|
f.debug_struct("SecretsManager")
|
2025-12-26 08:59:25 -03:00
|
|
|
.field("client", &self.client.is_some())
|
|
|
|
|
.field("cache", &"<RwLock<HashMap>>")
|
2025-12-03 22:23:30 -03:00
|
|
|
.field("cache_ttl", &self.cache_ttl)
|
2025-12-26 08:59:25 -03:00
|
|
|
.field("enabled", &self.enabled)
|
2025-12-03 22:23:30 -03:00
|
|
|
.finish()
|
2025-12-02 21:09:43 -03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2025-11-30 16:25:51 -03:00
|
|
|
impl SecretsManager {
|
2025-12-03 22:23:30 -03:00
|
|
|
pub fn from_env() -> Result<Self> {
|
|
|
|
|
let addr = env::var("VAULT_ADDR").unwrap_or_default();
|
|
|
|
|
let token = env::var("VAULT_TOKEN").unwrap_or_default();
|
|
|
|
|
let skip_verify = env::var("VAULT_SKIP_VERIFY")
|
|
|
|
|
.map(|v| v == "true" || v == "1")
|
2025-12-23 18:40:58 -03:00
|
|
|
.unwrap_or(false);
|
2025-12-03 22:23:30 -03:00
|
|
|
let cache_ttl = env::var("VAULT_CACHE_TTL")
|
|
|
|
|
.ok()
|
|
|
|
|
.and_then(|v| v.parse().ok())
|
|
|
|
|
.unwrap_or(300);
|
2025-12-08 00:19:29 -03:00
|
|
|
|
2025-12-07 02:13:28 -03:00
|
|
|
let ca_cert = env::var("VAULT_CACERT")
|
|
|
|
|
.unwrap_or_else(|_| "./botserver-stack/conf/system/certificates/ca/ca.crt".to_string());
|
2025-12-08 00:19:29 -03:00
|
|
|
let client_cert = env::var("VAULT_CLIENT_CERT").unwrap_or_else(|_| {
|
|
|
|
|
"./botserver-stack/conf/system/certificates/botserver/client.crt".to_string()
|
|
|
|
|
});
|
|
|
|
|
let client_key = env::var("VAULT_CLIENT_KEY").unwrap_or_else(|_| {
|
|
|
|
|
"./botserver-stack/conf/system/certificates/botserver/client.key".to_string()
|
|
|
|
|
});
|
2025-12-03 22:23:30 -03:00
|
|
|
|
|
|
|
|
let enabled = !token.is_empty() && !addr.is_empty();
|
2025-11-30 16:25:51 -03:00
|
|
|
|
|
|
|
|
if !enabled {
|
2025-12-03 22:23:30 -03:00
|
|
|
warn!("Vault not configured. Using environment variables directly.");
|
|
|
|
|
return Ok(Self {
|
|
|
|
|
client: None,
|
|
|
|
|
cache: Arc::new(RwLock::new(HashMap::new())),
|
|
|
|
|
cache_ttl,
|
|
|
|
|
enabled: false,
|
|
|
|
|
});
|
2025-11-30 16:25:51 -03:00
|
|
|
}
|
|
|
|
|
|
2025-12-07 02:13:28 -03:00
|
|
|
let ca_path = PathBuf::from(&ca_cert);
|
|
|
|
|
let cert_path = PathBuf::from(&client_cert);
|
|
|
|
|
let key_path = PathBuf::from(&client_key);
|
2025-12-08 00:19:29 -03:00
|
|
|
|
2025-12-07 02:13:28 -03:00
|
|
|
let mut settings_builder = VaultClientSettingsBuilder::default();
|
2025-12-08 00:19:29 -03:00
|
|
|
settings_builder.address(&addr).token(&token);
|
|
|
|
|
|
Fix tasks UI, WebSocket progress, memory monitoring, and app generator
Tasks UI fixes:
- Fix task list to query auto_tasks table instead of tasks table
- Fix task detail endpoint to use UUID binding for auto_tasks query
- Add proper filter handling: complete, active, awaiting, paused, blocked
- Add TaskStats fields: awaiting, paused, blocked, time_saved
- Add /api/tasks/time-saved endpoint
- Add count-all to stats HTML response
App generator improvements:
- Add AgentActivity struct for detailed terminal-style progress
- Add emit_activity method for rich progress events
- Add detailed logging for LLM calls with timing
- Track files_written, tables_synced, bytes_generated
Memory and performance:
- Add memory_monitor module for tracking RSS and thread activity
- Skip 0-byte files in drive monitor and document processor
- Change DRIVE_MONITOR checking logs from info to trace
- Remove unused profile_section macro
WebSocket progress:
- Ensure TaskProgressEvent includes activity field
- Add with_activity builder method
2025-12-30 22:42:32 -03:00
|
|
|
// Only warn about TLS verification for HTTPS connections
|
|
|
|
|
let is_https = addr.starts_with("https://");
|
2025-12-07 02:13:28 -03:00
|
|
|
if skip_verify {
|
Fix tasks UI, WebSocket progress, memory monitoring, and app generator
Tasks UI fixes:
- Fix task list to query auto_tasks table instead of tasks table
- Fix task detail endpoint to use UUID binding for auto_tasks query
- Add proper filter handling: complete, active, awaiting, paused, blocked
- Add TaskStats fields: awaiting, paused, blocked, time_saved
- Add /api/tasks/time-saved endpoint
- Add count-all to stats HTML response
App generator improvements:
- Add AgentActivity struct for detailed terminal-style progress
- Add emit_activity method for rich progress events
- Add detailed logging for LLM calls with timing
- Track files_written, tables_synced, bytes_generated
Memory and performance:
- Add memory_monitor module for tracking RSS and thread activity
- Skip 0-byte files in drive monitor and document processor
- Change DRIVE_MONITOR checking logs from info to trace
- Remove unused profile_section macro
WebSocket progress:
- Ensure TaskProgressEvent includes activity field
- Add with_activity builder method
2025-12-30 22:42:32 -03:00
|
|
|
if is_https {
|
|
|
|
|
warn!("TLS verification disabled - NOT RECOMMENDED FOR PRODUCTION");
|
|
|
|
|
}
|
2025-12-07 02:13:28 -03:00
|
|
|
settings_builder.verify(false);
|
|
|
|
|
} else {
|
|
|
|
|
settings_builder.verify(true);
|
2025-12-23 18:40:58 -03:00
|
|
|
|
2025-12-07 02:13:28 -03:00
|
|
|
if ca_path.exists() {
|
|
|
|
|
info!("Using CA certificate for Vault: {}", ca_cert);
|
2025-12-26 08:59:25 -03:00
|
|
|
settings_builder.ca_certs(vec![ca_cert]);
|
2025-12-07 02:13:28 -03:00
|
|
|
}
|
|
|
|
|
}
|
2025-12-08 00:19:29 -03:00
|
|
|
|
|
|
|
|
if cert_path.exists() && key_path.exists() && !skip_verify {
|
2025-12-07 02:13:28 -03:00
|
|
|
info!("Using mTLS client certificate for Vault: {}", client_cert);
|
|
|
|
|
}
|
2025-12-08 00:19:29 -03:00
|
|
|
|
2025-12-07 02:13:28 -03:00
|
|
|
let settings = settings_builder.build()?;
|
2025-12-03 22:23:30 -03:00
|
|
|
let client = VaultClient::new(settings)?;
|
|
|
|
|
|
2025-12-07 02:13:28 -03:00
|
|
|
info!("Vault client initialized with TLS: {}", addr);
|
2025-11-30 16:25:51 -03:00
|
|
|
|
|
|
|
|
Ok(Self {
|
2025-12-03 22:23:30 -03:00
|
|
|
client: Some(StdArc::new(client)),
|
2025-11-30 16:25:51 -03:00
|
|
|
cache: Arc::new(RwLock::new(HashMap::new())),
|
2025-12-03 22:23:30 -03:00
|
|
|
cache_ttl,
|
|
|
|
|
enabled: true,
|
2025-11-30 16:25:51 -03:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn is_enabled(&self) -> bool {
|
|
|
|
|
self.enabled
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub async fn get_secret(&self, path: &str) -> Result<HashMap<String, String>> {
|
|
|
|
|
if !self.enabled {
|
2025-12-26 08:59:25 -03:00
|
|
|
return Self::get_from_env(path);
|
2025-11-30 16:25:51 -03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if let Some(cached) = self.get_cached(path).await {
|
|
|
|
|
return Ok(cached);
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-03 22:23:30 -03:00
|
|
|
let client = self
|
|
|
|
|
.client
|
|
|
|
|
.as_ref()
|
|
|
|
|
.ok_or_else(|| anyhow!("No Vault client"))?;
|
|
|
|
|
|
|
|
|
|
let result: Result<HashMap<String, String>, _> =
|
|
|
|
|
kv2::read(client.as_ref(), "secret", path).await;
|
|
|
|
|
|
|
|
|
|
let data = match result {
|
|
|
|
|
Ok(d) => d,
|
|
|
|
|
Err(e) => {
|
|
|
|
|
debug!(
|
|
|
|
|
"Vault read failed for '{}': {}, falling back to env",
|
|
|
|
|
path, e
|
|
|
|
|
);
|
2025-12-26 08:59:25 -03:00
|
|
|
return Self::get_from_env(path);
|
2025-12-03 22:23:30 -03:00
|
|
|
}
|
|
|
|
|
};
|
2025-11-30 16:25:51 -03:00
|
|
|
|
2025-12-03 22:23:30 -03:00
|
|
|
if self.cache_ttl > 0 {
|
|
|
|
|
self.cache_secret(path, data.clone()).await;
|
2025-11-30 16:25:51 -03:00
|
|
|
}
|
|
|
|
|
|
2025-12-03 22:23:30 -03:00
|
|
|
Ok(data)
|
2025-11-30 16:25:51 -03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub async fn get_value(&self, path: &str, key: &str) -> Result<String> {
|
2025-12-03 22:23:30 -03:00
|
|
|
self.get_secret(path)
|
|
|
|
|
.await?
|
2025-11-30 16:25:51 -03:00
|
|
|
.get(key)
|
|
|
|
|
.cloned()
|
2025-12-03 22:23:30 -03:00
|
|
|
.ok_or_else(|| anyhow!("Key '{}' not found in '{}'", key, path))
|
2025-11-30 16:25:51 -03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub async fn get_drive_credentials(&self) -> Result<(String, String)> {
|
2025-12-03 22:23:30 -03:00
|
|
|
let s = self.get_secret(SecretPaths::DRIVE).await?;
|
2025-11-30 16:25:51 -03:00
|
|
|
Ok((
|
2025-12-03 22:23:30 -03:00
|
|
|
s.get("accesskey").cloned().unwrap_or_default(),
|
|
|
|
|
s.get("secret").cloned().unwrap_or_default(),
|
2025-11-30 16:25:51 -03:00
|
|
|
))
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-03 22:23:30 -03:00
|
|
|
pub async fn get_database_config(&self) -> Result<(String, u16, String, String, String)> {
|
|
|
|
|
let s = self.get_secret(SecretPaths::TABLES).await?;
|
2025-11-30 16:25:51 -03:00
|
|
|
Ok((
|
2025-12-03 22:23:30 -03:00
|
|
|
s.get("host").cloned().unwrap_or_else(|| "localhost".into()),
|
|
|
|
|
s.get("port").and_then(|p| p.parse().ok()).unwrap_or(5432),
|
|
|
|
|
s.get("database")
|
|
|
|
|
.cloned()
|
|
|
|
|
.unwrap_or_else(|| "botserver".into()),
|
|
|
|
|
s.get("username")
|
2025-11-30 16:25:51 -03:00
|
|
|
.cloned()
|
2025-12-03 22:23:30 -03:00
|
|
|
.unwrap_or_else(|| "gbuser".into()),
|
|
|
|
|
s.get("password").cloned().unwrap_or_default(),
|
2025-11-30 16:25:51 -03:00
|
|
|
))
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-03 22:23:30 -03:00
|
|
|
pub async fn get_database_url(&self) -> Result<String> {
|
|
|
|
|
let (host, port, db, user, pass) = self.get_database_config().await?;
|
|
|
|
|
Ok(format!(
|
|
|
|
|
"postgres://{}:{}@{}:{}/{}",
|
|
|
|
|
user, pass, host, port, db
|
|
|
|
|
))
|
2025-11-30 16:25:51 -03:00
|
|
|
}
|
|
|
|
|
|
2025-12-03 22:23:30 -03:00
|
|
|
pub async fn get_database_credentials(&self) -> Result<(String, String)> {
|
|
|
|
|
let s = self.get_secret(SecretPaths::TABLES).await?;
|
2025-11-30 16:25:51 -03:00
|
|
|
Ok((
|
2025-12-03 22:23:30 -03:00
|
|
|
s.get("username")
|
2025-11-30 16:25:51 -03:00
|
|
|
.cloned()
|
2025-12-03 22:23:30 -03:00
|
|
|
.unwrap_or_else(|| "gbuser".into()),
|
|
|
|
|
s.get("password").cloned().unwrap_or_default(),
|
2025-11-30 16:25:51 -03:00
|
|
|
))
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-03 22:23:30 -03:00
|
|
|
pub async fn get_cache_password(&self) -> Result<Option<String>> {
|
|
|
|
|
Ok(self
|
|
|
|
|
.get_secret(SecretPaths::CACHE)
|
|
|
|
|
.await?
|
|
|
|
|
.get("password")
|
|
|
|
|
.cloned())
|
2025-11-30 16:25:51 -03:00
|
|
|
}
|
|
|
|
|
|
2025-12-03 22:23:30 -03:00
|
|
|
pub async fn get_directory_config(&self) -> Result<(String, String, String, String)> {
|
|
|
|
|
let s = self.get_secret(SecretPaths::DIRECTORY).await?;
|
2025-11-30 16:25:51 -03:00
|
|
|
Ok((
|
2025-12-03 22:23:30 -03:00
|
|
|
s.get("url")
|
2025-11-30 16:25:51 -03:00
|
|
|
.cloned()
|
2026-01-06 22:56:35 -03:00
|
|
|
.unwrap_or_else(|| "http://localhost:8300".into()),
|
2025-12-03 22:23:30 -03:00
|
|
|
s.get("project_id").cloned().unwrap_or_default(),
|
|
|
|
|
s.get("client_id").cloned().unwrap_or_default(),
|
|
|
|
|
s.get("client_secret").cloned().unwrap_or_default(),
|
2025-11-30 16:25:51 -03:00
|
|
|
))
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-03 22:23:30 -03:00
|
|
|
pub async fn get_directory_credentials(&self) -> Result<(String, String)> {
|
|
|
|
|
let s = self.get_secret(SecretPaths::DIRECTORY).await?;
|
|
|
|
|
Ok((
|
|
|
|
|
s.get("client_id").cloned().unwrap_or_default(),
|
|
|
|
|
s.get("client_secret").cloned().unwrap_or_default(),
|
2025-11-30 16:25:51 -03:00
|
|
|
))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub async fn get_vectordb_config(&self) -> Result<(String, Option<String>)> {
|
2025-12-03 22:23:30 -03:00
|
|
|
let s = self.get_secret(SecretPaths::VECTORDB).await?;
|
2025-11-30 16:25:51 -03:00
|
|
|
Ok((
|
2025-12-03 22:23:30 -03:00
|
|
|
s.get("url")
|
2025-11-30 16:25:51 -03:00
|
|
|
.cloned()
|
2025-12-03 22:23:30 -03:00
|
|
|
.unwrap_or_else(|| "https://localhost:6334".into()),
|
|
|
|
|
s.get("api_key").cloned(),
|
2025-11-30 16:25:51 -03:00
|
|
|
))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub async fn get_observability_config(&self) -> Result<(String, String, String, String)> {
|
2025-12-03 22:23:30 -03:00
|
|
|
let s = self.get_secret(SecretPaths::OBSERVABILITY).await?;
|
2025-11-30 16:25:51 -03:00
|
|
|
Ok((
|
2025-12-03 22:23:30 -03:00
|
|
|
s.get("url")
|
2025-11-30 16:25:51 -03:00
|
|
|
.cloned()
|
2025-12-03 22:23:30 -03:00
|
|
|
.unwrap_or_else(|| "http://localhost:8086".into()),
|
2026-01-26 17:00:21 -03:00
|
|
|
s.get("org").cloned().unwrap_or_else(|| "system".into()),
|
2025-12-03 22:23:30 -03:00
|
|
|
s.get("bucket").cloned().unwrap_or_else(|| "metrics".into()),
|
|
|
|
|
s.get("token").cloned().unwrap_or_default(),
|
2025-11-30 16:25:51 -03:00
|
|
|
))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub async fn get_llm_api_key(&self, provider: &str) -> Result<Option<String>> {
|
2025-12-03 22:23:30 -03:00
|
|
|
let s = self.get_secret(SecretPaths::LLM).await?;
|
|
|
|
|
Ok(s.get(&format!("{}_key", provider.to_lowercase())).cloned())
|
2025-11-30 16:25:51 -03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub async fn get_encryption_key(&self) -> Result<String> {
|
2025-12-03 22:23:30 -03:00
|
|
|
self.get_value(SecretPaths::ENCRYPTION, "master_key").await
|
2025-11-30 16:25:51 -03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub async fn put_secret(&self, path: &str, data: HashMap<String, String>) -> Result<()> {
|
2025-12-03 22:23:30 -03:00
|
|
|
let client = self
|
2025-11-30 16:25:51 -03:00
|
|
|
.client
|
2025-12-03 22:23:30 -03:00
|
|
|
.as_ref()
|
|
|
|
|
.ok_or_else(|| anyhow!("Vault not enabled"))?;
|
|
|
|
|
kv2::set(client.as_ref(), "secret", path, &data).await?;
|
2025-11-30 16:25:51 -03:00
|
|
|
self.invalidate_cache(path).await;
|
|
|
|
|
info!("Secret stored at '{}'", path);
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub async fn delete_secret(&self, path: &str) -> Result<()> {
|
2025-12-03 22:23:30 -03:00
|
|
|
let client = self
|
2025-11-30 16:25:51 -03:00
|
|
|
.client
|
2025-12-03 22:23:30 -03:00
|
|
|
.as_ref()
|
|
|
|
|
.ok_or_else(|| anyhow!("Vault not enabled"))?;
|
|
|
|
|
kv2::delete_latest(client.as_ref(), "secret", path).await?;
|
2025-11-30 16:25:51 -03:00
|
|
|
self.invalidate_cache(path).await;
|
|
|
|
|
info!("Secret deleted at '{}'", path);
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub async fn health_check(&self) -> Result<bool> {
|
2025-12-03 22:23:30 -03:00
|
|
|
if let Some(client) = &self.client {
|
|
|
|
|
Ok(vaultrs::sys::health(client.as_ref()).await.is_ok())
|
|
|
|
|
} else {
|
|
|
|
|
Ok(false)
|
2025-11-30 16:25:51 -03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-03 22:23:30 -03:00
|
|
|
pub async fn clear_cache(&self) {
|
|
|
|
|
self.cache.write().await.clear();
|
2025-11-30 16:25:51 -03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async fn get_cached(&self, path: &str) -> Option<HashMap<String, String>> {
|
|
|
|
|
let cache = self.cache.read().await;
|
2025-12-03 22:23:30 -03:00
|
|
|
cache
|
|
|
|
|
.get(path)
|
|
|
|
|
.and_then(|c| (c.expires_at > std::time::Instant::now()).then(|| c.data.clone()))
|
2025-11-30 16:25:51 -03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async fn cache_secret(&self, path: &str, data: HashMap<String, String>) {
|
2025-12-03 22:23:30 -03:00
|
|
|
self.cache.write().await.insert(
|
2025-11-30 16:25:51 -03:00
|
|
|
path.to_string(),
|
|
|
|
|
CachedSecret {
|
|
|
|
|
data,
|
|
|
|
|
expires_at: std::time::Instant::now()
|
2025-12-03 22:23:30 -03:00
|
|
|
+ std::time::Duration::from_secs(self.cache_ttl),
|
2025-11-30 16:25:51 -03:00
|
|
|
},
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async fn invalidate_cache(&self, path: &str) {
|
2025-12-03 22:23:30 -03:00
|
|
|
self.cache.write().await.remove(path);
|
2025-11-30 16:25:51 -03:00
|
|
|
}
|
|
|
|
|
|
2026-02-14 09:54:14 +00:00
|
|
|
fn get_from_env(path: &str) -> Result<HashMap<String, String>> {
|
|
|
|
|
let mut secrets = HashMap::new();
|
|
|
|
|
|
|
|
|
|
match path {
|
|
|
|
|
SecretPaths::TABLES => {
|
|
|
|
|
secrets.insert("host".into(), "localhost".into());
|
|
|
|
|
secrets.insert("port".into(), "5432".into());
|
|
|
|
|
secrets.insert("database".into(), "botserver".into());
|
|
|
|
|
secrets.insert("username".into(), "gbuser".into());
|
|
|
|
|
secrets.insert("password".into(), "changeme".into());
|
|
|
|
|
}
|
|
|
|
|
SecretPaths::DIRECTORY => {
|
|
|
|
|
secrets.insert("url".into(), "http://localhost:8300".into());
|
|
|
|
|
secrets.insert("project_id".into(), String::new());
|
|
|
|
|
secrets.insert("client_id".into(), String::new());
|
|
|
|
|
secrets.insert("client_secret".into(), String::new());
|
|
|
|
|
}
|
|
|
|
|
SecretPaths::DRIVE => {
|
|
|
|
|
secrets.insert("accesskey".into(), String::new());
|
|
|
|
|
secrets.insert("secret".into(), String::new());
|
|
|
|
|
}
|
|
|
|
|
SecretPaths::CACHE => {
|
|
|
|
|
secrets.insert("password".into(), String::new());
|
|
|
|
|
}
|
|
|
|
|
SecretPaths::EMAIL => {
|
|
|
|
|
secrets.insert("smtp_host".into(), String::new());
|
|
|
|
|
secrets.insert("smtp_port".into(), "587".into());
|
|
|
|
|
secrets.insert("username".into(), String::new());
|
|
|
|
|
secrets.insert("password".into(), String::new());
|
|
|
|
|
secrets.insert("from_address".into(), String::new());
|
|
|
|
|
}
|
|
|
|
|
SecretPaths::LLM => {
|
|
|
|
|
secrets.insert("openai_key".into(), String::new());
|
|
|
|
|
secrets.insert("anthropic_key".into(), String::new());
|
|
|
|
|
secrets.insert("ollama_url".into(), "http://localhost:11434".into());
|
|
|
|
|
}
|
|
|
|
|
SecretPaths::ENCRYPTION => {
|
|
|
|
|
secrets.insert("master_key".into(), String::new());
|
|
|
|
|
}
|
|
|
|
|
SecretPaths::MEET => {
|
|
|
|
|
secrets.insert("jitsi_url".into(), "https://meet.jit.si".into());
|
|
|
|
|
secrets.insert("app_id".into(), String::new());
|
|
|
|
|
secrets.insert("app_secret".into(), String::new());
|
|
|
|
|
}
|
|
|
|
|
SecretPaths::VECTORDB => {
|
|
|
|
|
secrets.insert("url".into(), "http://localhost:6333".into());
|
|
|
|
|
secrets.insert("api_key".into(), String::new());
|
|
|
|
|
}
|
|
|
|
|
SecretPaths::OBSERVABILITY => {
|
|
|
|
|
secrets.insert("url".into(), "http://localhost:8086".into());
|
|
|
|
|
secrets.insert("org".into(), "system".into());
|
|
|
|
|
secrets.insert("bucket".into(), "metrics".into());
|
|
|
|
|
secrets.insert("token".into(), String::new());
|
|
|
|
|
}
|
|
|
|
|
SecretPaths::ALM => {
|
2026-02-18 17:51:47 +00:00
|
|
|
secrets.insert("url".into(), "http://localhost:9000".into());
|
2026-02-14 09:54:14 +00:00
|
|
|
secrets.insert("username".into(), String::new());
|
|
|
|
|
secrets.insert("password".into(), String::new());
|
|
|
|
|
}
|
|
|
|
|
_ => {
|
|
|
|
|
log::debug!("No default values for secret path: {}", path);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Ok(secrets)
|
2025-11-30 16:25:51 -03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn init_secrets_manager() -> Result<SecretsManager> {
|
|
|
|
|
SecretsManager::from_env()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[derive(Debug, Clone)]
|
|
|
|
|
pub struct BootstrapConfig {
|
|
|
|
|
pub vault_addr: String,
|
|
|
|
|
pub vault_token: String,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl BootstrapConfig {
|
|
|
|
|
pub fn from_env() -> Result<Self> {
|
|
|
|
|
Ok(Self {
|
2025-12-03 22:23:30 -03:00
|
|
|
vault_addr: env::var("VAULT_ADDR")?,
|
|
|
|
|
vault_token: env::var("VAULT_TOKEN")?,
|
2025-11-30 16:25:51 -03:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pub fn is_configured() -> bool {
|
|
|
|
|
env::var("VAULT_ADDR").is_ok() && env::var("VAULT_TOKEN").is_ok()
|
|
|
|
|
}
|
|
|
|
|
}
|