1use std::path::PathBuf;
11use std::sync::Arc;
12
13use clap::ValueEnum;
14use mz_aws_secrets_controller::AwsSecretsClient;
15use mz_orchestrator_kubernetes::secrets::KubernetesSecretsReader;
16use mz_orchestrator_process::secrets::ProcessSecretsReader;
17use mz_secrets::SecretsReader;
18
19#[derive(clap::Parser, Clone, Debug)]
20pub struct SecretsReaderCliArgs {
21 #[structopt(long, value_enum, env = "SECRETS_READER")]
23 pub secrets_reader: SecretsControllerKind,
24 #[structopt(
27 long,
28 required_if_eq("secrets_reader", "local-file"),
29 env = "SECRETS_READER_LOCAL_FILE_DIR"
30 )]
31 pub secrets_reader_local_file_dir: Option<PathBuf>,
32 #[structopt(
35 long,
36 required_if_eq("secrets_reader", "kubernetes"),
37 env = "SECRETS_READER_KUBERNETES_CONTEXT"
38 )]
39 pub secrets_reader_kubernetes_context: Option<String>,
40 #[structopt(
42 long,
43 required_if_eq("secrets_reader", "aws-secrets-manager"),
44 env = "SECRETS_READER_AWS_PREFIX"
45 )]
46 pub secrets_reader_aws_prefix: Option<String>,
47 #[structopt(long, env = "SECRETS_READER_NAME_PREFIX")]
50 pub secrets_reader_name_prefix: Option<String>,
51}
52
53#[derive(ValueEnum, Debug, Clone, Copy)]
54pub enum SecretsControllerKind {
55 LocalFile,
56 Kubernetes,
57 AwsSecretsManager,
58}
59
60impl SecretsReaderCliArgs {
61 pub async fn load(self) -> Result<Arc<dyn SecretsReader>, anyhow::Error> {
63 match self.secrets_reader {
64 SecretsControllerKind::LocalFile => {
65 let dir = self.secrets_reader_local_file_dir.expect("clap enforced");
66 Ok(Arc::new(ProcessSecretsReader::new(dir)))
67 }
68 SecretsControllerKind::Kubernetes => {
69 let context = self
70 .secrets_reader_kubernetes_context
71 .expect("clap enforced");
72 Ok(Arc::new(
73 KubernetesSecretsReader::new(context, self.secrets_reader_name_prefix).await?,
74 ))
75 }
76 SecretsControllerKind::AwsSecretsManager => {
77 let prefix = self.secrets_reader_aws_prefix.expect("clap enforced");
78 Ok(Arc::new(AwsSecretsClient::new(&prefix).await))
79 }
80 }
81 }
82
83 pub fn to_flags(&self) -> Vec<String> {
87 match self.secrets_reader {
88 SecretsControllerKind::LocalFile => {
89 vec![
90 "--secrets-reader=local-file".to_string(),
91 format!(
92 "--secrets-reader-local-file-dir={}",
93 self.secrets_reader_local_file_dir
94 .as_ref()
95 .expect("initialized correctly")
96 .display()
97 ),
98 ]
99 }
100 SecretsControllerKind::Kubernetes => {
101 vec![
102 "--secrets-reader=kubernetes".to_string(),
103 format!(
104 "--secrets-reader-kubernetes-context={}",
105 self.secrets_reader_kubernetes_context
106 .as_ref()
107 .expect("initialized correctly")
108 ),
109 ]
110 }
111 SecretsControllerKind::AwsSecretsManager => {
112 vec![
113 "--secrets-reader=aws-secrets-manager".to_string(),
114 format!(
115 "--secrets-reader-aws-prefix={}",
116 self.secrets_reader_aws_prefix
117 .as_ref()
118 .expect("initialized correctly")
119 ),
120 ]
121 }
122 }
123 }
124}