Merge pull request #10 from duyet/feat/envs

Author: duyet

Cargo.toml

@@ -22,6 +22,7 @@ ascii_table = "3"
 md5 = "0.7"
 walkdir = "2"
 ansi_term = "0.12"
+envmnt = "0.9"
 
 [dev-dependencies]
 assert_cmd = "0.10"

README.md

@@ -16,7 +16,8 @@ Using `grant` tool:
 
 ```bash
 $ grant --help
-grant 0.0.1-beta.1
+
+grant 0.0.1-beta.2
 Manage database roles and privileges in GitOps style
 
 USAGE:
@@ -27,22 +28,21 @@ FLAGS:
     -V, --version    Prints version information
 
 SUBCOMMANDS:
-    apply       Apply changes
-    gen         Generate project
+    apply       Apply a configuration to a redshift by file name. Yaml format are accepted
+    gen         Generate sample configuration file
     gen-pass    Generate random password
     help        Prints this message or the help of the given subcommand(s)
-    inspect     Inspect current database cluster by config file
-    validate    Validate target file
+    inspect     Inspect current database cluster with connection info from configuration file
+    validate    Validate a configuration file or a target directory that contains configuration files
 ```
 
 ## Generate project structure
 
 ```bash
-grant gen --target duyet-cluster
+grant gen --target ./cluster
 
-# or
-mkdir duyet-cluster && cd $_
-grant gen --target .
+Creating path: "./cluster"
+Generated: "./cluster/config.yml"
 ```
 
 ## Apply privilege changes
@@ -52,6 +52,7 @@ Content of `./examples/example.yaml`:
 ```yaml
 connection:
   type: "postgres"
+  # support environment variables, e.g. postgres://${HOSTNAME}:5432
   url: "postgres://postgres@localhost:5432/postgres"
 
 roles:
@@ -86,13 +87,13 @@ roles:
 
 users:
   - name: duyet
-    password: 1234567890
+    password: 1234567890 # password in plaintext
     roles:
       - role_database_level
       - role_all_schema
       - role_schema_level
   - name: duyet2
-    password: 1234567890
+    password: md58243e8f5dfb84bbd851de920e28f596f # support md5 style
     roles:
       - role_database_level
       - role_all_schema
@@ -102,7 +103,7 @@ users:
 Apply this config to cluster:
 
 ```bash
-grant apply --dryrun -f ./examples/example.yaml
+grant apply -f ./examples/example.yaml
 
 [2021-12-06T14:37:03Z INFO  grant::connection] Connected to database: postgres://postgres@localhost:5432/postgres
 [2021-12-06T14:37:03Z INFO  grant::apply] Summary:
@@ -193,6 +194,7 @@ cargo test
 
 # TODO
 
+- [x] Support reading connection info from environment variables
 - [ ] Support store encrypted password in Git
 - [x] Support Postgres
 - [ ] Visuallization (who can see what?)

examples/example.yaml

@@ -1,6 +1,6 @@
 connection:
   type: "postgres"
-  url: "postgres://postgres@localhost:5432/postgres"
+  url: "postgres://postgres:${PASSWORD:postgres}@localhost:5432/postgres"
 
 roles:
   - name: role_database_level

src/cli.rs

@@ -13,7 +13,7 @@ pub struct Cli {
 
 #[derive(StructOpt, Debug)]
 pub enum Command {
-    /// Generate project
+    /// Generate sample configuration file
     Gen {
         /// The target folder
         #[structopt(short, long, default_value = ".", parse(from_os_str))]
@@ -33,29 +33,30 @@ pub enum Command {
         password: Option<String>,
     },
 
-    /// Apply changes
+    /// Apply a configuration to a redshift by file name.
+    /// Yaml format are accepted.
     Apply {
         /// The path to the file to read
         #[structopt(short, long, parse(from_os_str))]
         file: PathBuf,
 
-        /// Dry run
+        /// Dry run mode, only print what would be apply
         #[structopt(short, long)]
         dryrun: bool,
-
-        /// Connection string
-        #[structopt(short, long)]
-        conn: Option<String>,
     },
 
-    /// Validate target file
+    /// Validate a configuration file or
+    /// a target directory that contains configuration files
     Validate {
-        /// The path to the file to read (optional)
+        /// The path to the file or directory
+        /// If the target is not available, the current
+        /// directory will be used.
         #[structopt(short, long, parse(from_os_str))]
         file: Option<PathBuf>,
     },
 
-    /// Inspect current database cluster by config file
+    /// Inspect current database cluster
+    /// with connection info from configuration file
     Inspect {
         /// The path to the file to read
         #[structopt(short, long, parse(from_os_str))]

src/config.rs

@@ -1,4 +1,5 @@
 use anyhow::{anyhow, Context, Result};
+use envmnt::{ExpandOptions, ExpansionType};
 use serde::{Deserialize, Serialize};
 use serde_yaml;
 use std::collections::HashSet;
@@ -30,14 +31,30 @@ pub struct Connection {
 
 impl Connection {
     pub fn new(type_: ConnectionType, url: String) -> Self {
-        Self { type_, url }
+        let mut conn = Self { type_, url };
+        conn = conn.expand_env_vars().unwrap();
+
+        conn
     }
 
     pub fn validate(&self) -> Result<()> {
         match self.type_ {
             ConnectionType::Postgres => Ok(()),
         }
     }
+
+    // xpaned environtment variables in the `url` field.
+    // Expand environment variables in the `url` field.
+    // For example: postgres://user:${PASSWORD}@host:port/database
+    pub fn expand_env_vars(&self) -> Result<Self> {
+        let mut connection = self.clone();
+
+        let mut options = ExpandOptions::new();
+        options.expansion_type = Some(ExpansionType::UnixBracketsWithDefaults);
+        connection.url = envmnt::expand(&self.url, Some(options));
+
+        Ok(connection)
+    }
 }
 
 // Implement default values for connection type and url.
@@ -531,6 +548,9 @@ impl Config {
 
         config.validate()?;
 
+        // expand env variables
+        let config = config.expand_env_vars()?;
+
         Ok(config)
     }
 
@@ -582,6 +602,16 @@ impl Config {
 
         Ok(())
     }
+
+    // Expand env variables in config
+    fn expand_env_vars(&self) -> Result<Self> {
+        let mut config = self.clone();
+
+        // expand connection
+        config.connection = config.connection.expand_env_vars()?;
+
+        Ok(config)
+    }
 }
 
 impl fmt::Display for Config {
@@ -639,6 +669,52 @@ mod tests {
         Config::new(&path).expect("failed to get content");
     }
 
+    // Test config with url contains environement variable
+    #[test]
+    fn test_read_config_with_env_var() {
+        envmnt::set("POSTGRES_HOST", "duyet");
+
+        let _text = indoc! {"
+                 connection:
+                   type: postgres
+                   url: postgres://${POSTGRES_HOST}:5432/postgres
+                 roles: []
+                 users: []
+             "};
+
+        let mut file = NamedTempFile::new().expect("failed to create temp file");
+        file.write(_text.as_bytes())
+            .expect("failed to write to temp file");
+        let path = PathBuf::from(file.path().to_str().unwrap());
+
+        let config = Config::new(&path).expect("failed to get content");
+
+        assert_eq!(config.connection.url, "postgres://duyet:5432/postgres");
+
+        envmnt::remove("POSTGRES_HOST");
+    }
+
+    // Test expand environement variables but not available
+    #[test]
+    fn test_read_config_with_env_var_not_available() {
+        let _text = indoc! {"
+                 connection:
+                   type: postgres
+                   url: postgres://${POSTGRES_HOST:duyet}:5432/${POSTGRES_ABC}
+                 roles: []
+                 users: []
+             "};
+
+        let mut file = NamedTempFile::new().expect("failed to create temp file");
+        file.write(_text.as_bytes())
+            .expect("failed to write to temp file");
+        let path = PathBuf::from(file.path().to_str().unwrap());
+
+        let config = Config::new(&path).expect("failed to get content");
+
+        assert_eq!(config.connection.url, "postgres://duyet:5432/");
+    }
+
     // Test config with invalid connection type
     #[test]
     #[should_panic(expected = "connection.type: unknown variant `invalid`")]