env vars

hasura · Nov 25, 2024 · 138675f · 138675f
1 parent 091a5f9
commit 138675f
Show file tree

Hide file tree

Showing 10 changed files with 231 additions and 68 deletions.
diff --git a/crates/cli/src/lib.rs b/crates/cli/src/lib.rs
@@ -96,28 +96,28 @@ async fn initialize(with_metadata: bool, context: Context<impl Environment>) ->
             ),
             supported_environment_variables: vec![
 				metadata::EnvironmentVariableDefinition {
-					name: "CONNECTION_URI".to_string(),
-					description: "The dynamodb connection URI".to_string(),
+					name: "HASURA_DYNAMODB_AWS_ACCESS_KEY_ID".to_string(),
+					description: "The AWS DynamoDB access key ID".to_string(),
 					default_value: Some("dynamodbql://read_only_user:[email protected]:5432/v3-docs-sample-app".to_string()),
-                    required: false,
+                    required: true,
 				},
 				metadata::EnvironmentVariableDefinition {
-					name: "CLIENT_CERT".to_string(),
-					description: "The SSL client certificate (Optional)".to_string(),
+					name: "HASURA_DYNAMODB_AWS_SECRET_ACCESS_KEY".to_string(),
+					description: "The AWS DynamoDB secret access key".to_string(),
 					default_value: Some(String::new()),
-                    required: false
+                    required: true
 				},
+				// metadata::EnvironmentVariableDefinition {
+				// 	name: "HASURA_DYNAMODB_AWS_PROVIDER_NAME".to_string(),
+				// 	description: "The AWS DynamoDB provider name".to_string(),
+				// 	default_value: Some(String::new()),
+                //     required: true,
+				// },
 				metadata::EnvironmentVariableDefinition {
-					name: "CLIENT_KEY".to_string(),
-					description: "The SSL client key (Optional)".to_string(),
+					name: "HASURA_DYNAMODB_AWS_REGION".to_string(),
+					description: "The AWS DynamoDB region".to_string(),
 					default_value: Some(String::new()),
-                    required: false,
-				},
-				metadata::EnvironmentVariableDefinition {
-					name: "ROOT_CERT".to_string(),
-					description: "The SSL root certificate (Optional)".to_string(),
-					default_value: Some(String::new()),
-                    required: false,
+                    required: true,
 				},
 			],
             commands: metadata::Commands {

diff --git a/crates/configuration/src/configuration.rs b/crates/configuration/src/configuration.rs
@@ -19,8 +19,9 @@ pub const DEFAULT_CONNECTION_URI_VARIABLE: &str = "CONNECTION_URI";
 #[derive(Debug)]
 pub struct Configuration {
     pub metadata: metadata::Metadata,
-    // pub service_key: String,
-    // pub project_id: String,
-    // pub dataset_id: String,
+    pub access_key_id: String,
+    pub secret_access_key: String,
+    // pub provider_name: String,
+    pub region: String,
     // pub mutations_version: Option<metadata::mutations::MutationsVersion>,
 }
diff --git a/crates/configuration/src/connection_settings.rs b/crates/configuration/src/connection_settings.rs
@@ -1,25 +1,39 @@
 //! Database connection settings.
 
-use crate::values::{Secret, ServiceKey};
+use crate::values::{Secret, AccessKeyId, SecretAccessKey, ProviderName, Region};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
-pub const DEFAULT_CONNECTION_URI_PLACEHOLDER: &str = "HASURA_DYNAMODB_CONNECTION_URI_PLACEHOLDER";
+pub const DEFAULT_ACCESS_KEY_ID_VARIABLE: &str = "HASURA_DYNAMODB_AWS_ACCESS_KEY_ID";
+pub const DEFAULT_SECRET_ACCESS_KEY_VARIABLE: &str = "HASURA_DYNAMODB_AWS_SECRET_ACCESS_KEY";
+pub const DEFAULT_PROVIDER_NAME: &str = "HASURA_DYNAMODB_AWS_PROVIDER_NAME";
+pub const DEFAULT_REGION_VARIABLE: &str = "HASURA_DYNAMODB_AWS_REGION";
 
 /// Database connection settings.
 #[derive(Clone, PartialEq, Eq, Debug, Deserialize, Serialize, JsonSchema)]
 #[serde(rename_all = "camelCase")]
 pub struct DatabaseConnectionSettings {
-    /// Connection string for a Postgres-compatible database.
-    pub connection_placeholder: ServiceKey,
+    pub access_key_id: AccessKeyId,
+    pub secret_access_key: SecretAccessKey,
+    // pub provider_name: ProviderName,
+    pub region: Region,
 }
 
 impl DatabaseConnectionSettings {
     pub fn empty() -> Self {
         Self {
-            connection_placeholder: ServiceKey(Secret::FromEnvironment {
-                variable: DEFAULT_CONNECTION_URI_PLACEHOLDER.into(),
-            })
+            access_key_id: AccessKeyId(Secret::FromEnvironment {
+                variable: DEFAULT_ACCESS_KEY_ID_VARIABLE.into(),
+            }),
+            secret_access_key: SecretAccessKey(Secret::FromEnvironment {
+                variable: DEFAULT_SECRET_ACCESS_KEY_VARIABLE.into(),
+            }),
+            // provider_name: ProviderName(Secret::FromEnvironment {
+            //     variable: DEFAULT_PROVIDER_NAME.into(),
+            // }),
+            region: Region(Secret::FromEnvironment {
+                variable: DEFAULT_REGION_VARIABLE.into(),
+            }),
         }
     }
 }
diff --git a/crates/configuration/src/lib.rs b/crates/configuration/src/lib.rs
@@ -18,5 +18,5 @@ pub use version1::{
     // PoolSettings,
     ParsedConfiguration,
 };
-
+pub use values::connection_info::{AccessKeyId, Region, SecretAccessKey, ProviderName};
 pub use to_runtime_configuration::make_runtime_configuration;
diff --git a/crates/configuration/src/to_runtime_configuration.rs b/crates/configuration/src/to_runtime_configuration.rs
@@ -6,7 +6,7 @@ use std::collections::BTreeMap;
 use super::version1::ParsedConfiguration;
 use crate::environment::Environment;
 use crate::error::MakeRuntimeConfigurationError;
-use crate::values::{Secret, ServiceKey};
+use crate::values::{Secret, AccessKeyId, Region, SecretAccessKey};
 use query_engine_metadata::{self, metadata};
 // use crate::VersionTag;
 
@@ -16,9 +16,42 @@ pub fn make_runtime_configuration(
     parsed_config: ParsedConfiguration,
     environment: impl Environment,
 ) -> Result<crate::Configuration, MakeRuntimeConfigurationError> {
-    let service_key = match parsed_config.connection_settings.connection_placeholder {
-        ServiceKey(Secret::Plain(key)) => Ok(key),
-        ServiceKey(Secret::FromEnvironment { variable }) => {
+    let access_key_id = match parsed_config.connection_settings.access_key_id {
+        AccessKeyId(Secret::Plain(key)) => Ok(key),
+        AccessKeyId(Secret::FromEnvironment { variable }) => {
+            environment.read(&variable).map_err(|error| {
+                MakeRuntimeConfigurationError::MissingEnvironmentVariable {
+                    file_path: super::version1::CONFIGURATION_FILENAME.into(),
+                    message: error.to_string(),
+                }
+            })
+        }
+    }?;
+    let secret_access_key = match parsed_config.connection_settings.secret_access_key {
+        SecretAccessKey(Secret::Plain(key)) => Ok(key),
+        SecretAccessKey(Secret::FromEnvironment { variable }) => {
+            environment.read(&variable).map_err(|error| {
+                MakeRuntimeConfigurationError::MissingEnvironmentVariable {
+                    file_path: super::version1::CONFIGURATION_FILENAME.into(),
+                    message: error.to_string(),
+                }
+            })
+        }
+    }?;
+    // let provider_name = match parsed_config.connection_settings.provider_name {
+    //     ProviderName(Secret::Plain(key)) => Ok(key),
+    //     ProviderName(Secret::FromEnvironment { variable }) => {
+    //         environment.read(&variable).map_err(|error| {
+    //             MakeRuntimeConfigurationError::MissingEnvironmentVariable {
+    //                 file_path: super::version1::CONFIGURATION_FILENAME.into(),
+    //                 message: error.to_string(),
+    //             }
+    //         })
+    //     }
+    // }?;
+    let region = match parsed_config.connection_settings.region {
+        Region(Secret::Plain(key)) => Ok(key),
+        Region(Secret::FromEnvironment { variable }) => {
             environment.read(&variable).map_err(|error| {
                 MakeRuntimeConfigurationError::MissingEnvironmentVariable {
                     file_path: super::version1::CONFIGURATION_FILENAME.into(),
@@ -29,10 +62,11 @@ pub fn make_runtime_configuration(
     }?;
     Ok(crate::Configuration {
         metadata: convert_metadata(parsed_config.metadata),
+        access_key_id,
+        secret_access_key,
+        // provider_name,
+        region,
         // pool_settings: parsed_config.pool_settings,
-        // service_key,
-        // project_id,
-        // dataset_id,
         // mutations_version: convert_mutations_version(parsed_config.mutations_version),
     })
 }

diff --git a/crates/configuration/src/values/connection_info.rs b/crates/configuration/src/values/connection_info.rs
@@ -4,15 +4,60 @@ use serde::{Deserialize, Serialize};
 use super::Secret;
 
 #[derive(Debug, Clone, PartialEq, Eq, Deserialize, Serialize, JsonSchema)]
-pub struct ServiceKey(pub Secret);
+pub struct AccessKeyId(pub Secret);
 
-impl From<String> for ServiceKey {
+impl From<String> for AccessKeyId {
     fn from(value: String) -> Self {
         Self(value.into())
     }
 }
 
-impl From<&str> for ServiceKey {
+impl From<&str> for AccessKeyId {
+    fn from(value: &str) -> Self {
+        Self::from(value.to_string())
+    }
+}
+
+#[derive(Debug, Clone, PartialEq, Eq, Deserialize, Serialize, JsonSchema)]
+pub struct SecretAccessKey(pub Secret);
+
+impl From<String> for SecretAccessKey {
+    fn from(value: String) -> Self {
+        Self(value.into())
+    }
+}
+
+impl From<&str> for SecretAccessKey {
+    fn from(value: &str) -> Self {
+        Self::from(value.to_string())
+    }
+}
+
+#[derive(Debug, Clone, PartialEq, Eq, Deserialize, Serialize, JsonSchema)]
+pub struct ProviderName(pub Secret);
+
+impl From<String> for ProviderName {
+    fn from(value: String) -> Self {
+        Self(value.into())
+    }
+}
+
+impl From<&str> for ProviderName {
+    fn from(value: &str) -> Self {
+        Self::from(value.to_string())
+    }
+}
+
+#[derive(Debug, Clone, PartialEq, Eq, Deserialize, Serialize, JsonSchema)]
+pub struct Region(pub Secret);
+
+impl From<String> for Region {
+    fn from(value: String) -> Self {
+        Self(value.into())
+    }
+}
+
+impl From<&str> for Region {
     fn from(value: &str) -> Self {
         Self::from(value.to_string())
     }

diff --git a/crates/configuration/src/values/mod.rs b/crates/configuration/src/values/mod.rs
@@ -1,7 +1,7 @@
 mod secret;
 mod pool_settings;
-mod connection_info;
+pub mod connection_info;
 
 pub use secret::Secret;
 pub use pool_settings::PoolSettings;
-pub use connection_info::ServiceKey;
+pub use connection_info::{AccessKeyId, SecretAccessKey, ProviderName, Region};
diff --git a/crates/configuration/src/version1.rs b/crates/configuration/src/version1.rs
@@ -1,12 +1,13 @@
 //! Internal Configuration and state for our connector.
 
-use crate::{connection_settings};
+use crate::{connection_settings, AccessKeyId, ProviderName, SecretAccessKey};
 use crate::environment::Environment;
 use crate::error::WriteParsedConfigurationError;
 use crate::values::{PoolSettings, Secret};
 
 use super::error::ParseConfigurationError;
-use aws_config::Region;
+use aws_config::meta::region::RegionProviderChain;
+// use aws_config::Region;
 // use aws_smithy_http::endpoint::Endpoint;
 use aws_sdk_dynamodb::operation::list_tables;
 use aws_sdk_dynamodb::types::{GlobalSecondaryIndex, KeyType, ProjectionType};
@@ -78,17 +79,49 @@ pub async fn introspect(
     args: &ParsedConfiguration,
     environment: impl Environment,
 ) -> anyhow::Result<ParsedConfiguration> {
-    let key_placeholder = args.connection_settings.connection_placeholder.clone();
+    let access_key_id = match &args.connection_settings.access_key_id {
+        AccessKeyId(Secret::Plain(value)) => Cow::Borrowed(value),
+        AccessKeyId(Secret::FromEnvironment { variable }) => Cow::Owned(environment.read(variable)?),
+    };
+    let secret_access_key = match &args.connection_settings.secret_access_key {
+        SecretAccessKey(Secret::Plain(value)) => Cow::Borrowed(value),
+        SecretAccessKey(Secret::FromEnvironment { variable }) => Cow::Owned(environment.read(variable)?),
+    };
+    // let provider_name = match &args.connection_settings.provider_name {
+    //     ProviderName(Secret::Plain(value)) => Cow::Borrowed(value),
+    //     ProviderName(Secret::FromEnvironment { variable }) => Cow::Owned(environment.read(variable)?),
+    // };
+    let region = match &args.connection_settings.region {
+        crate::Region(Secret::Plain(value)) => Cow::Borrowed(value),
+        crate::Region(Secret::FromEnvironment { variable }) => Cow::Owned(environment.read(variable)?),
+    };
+    // let access_key_id = args.connection_settings.access_key_id.clone();
+    // let secret_access_key = args.connection_settings.secret_access_key.clone();
+    // let session_token = args.connection_settings.session_token.clone();
+    // let region = args.connection_settings.region.clone();
     // let config = aws_config::load_from_env().await;
-    let config = aws_config::defaults(aws_config::BehaviorVersion::latest())
-        .test_credentials()
-        .region(Region::new("us-west-2"))
-        // DynamoDB run locally uses port 8000 by default.
-        .endpoint_url("http://localhost:8085")
-        .load()
-        .await;
-    let dynamodb_local_config = aws_sdk_dynamodb::config::Builder::from(&config).build();
-    let client = aws_sdk_dynamodb::Client::from_conf(dynamodb_local_config);
+    let credentials = aws_sdk_dynamodb::config::Credentials::new(
+        access_key_id.to_string(),
+        secret_access_key.to_string(),
+        None,           // Optional session token
+        None,           // Expiration (None for non-expiring)
+        "my-provider",  // Provider name
+    );
+    // let config = aws_config::defaults(aws_config::BehaviorVersion::latest())
+    //     .test_credentials()
+    //     .region(aws_config::Region::new("us-west-2"))
+    //     // DynamoDB run locally uses port 8000 by default.
+    //     .endpoint_url("http://localhost:8085")
+    //     .load()
+    //     .await;
+
+    // Configure AWS SDK with explicit credentials
+    let config = Config::builder()
+        .region(aws_config::Region::new(region.to_string()))
+        .credentials_provider(credentials)
+        .build();
+    // let dynamodb_local_config = aws_sdk_dynamodb::config::Builder::from(&config).build();
+    let client = aws_sdk_dynamodb::Client::from_conf(config);
     // let endpoint = Endpoint::immutable("http://localhost:8054".parse().unwrap());
     // let client = aws_sdk_dynamodb::Client::from_conf(
     //     Builder::from(&config)
@@ -279,7 +312,11 @@ pub async fn introspect(
     Ok(ParsedConfiguration {
         version: 1,
         connection_settings: connection_settings::DatabaseConnectionSettings {
-            connection_placeholder: args.connection_settings.connection_placeholder.clone(),
+            access_key_id: args.connection_settings.access_key_id.clone(),
+            secret_access_key: args.connection_settings.secret_access_key.clone(),
+            // provider_name: args.connection_settings.provider_name.clone(),
+            region: args.connection_settings.region.clone(),
+            // connection_placeholder: args.connection_settings.connection_placeholder.clone(),
         },
         metadata: metadata::Metadata {
             tables: TablesInfo(tables_info),