| | | 1 | | namespace Envilder; |
| | | 2 | | |
| | | 3 | | using global::Envilder.Infrastructure; |
| | | 4 | | using System.Collections.Generic; |
| | | 5 | | using System.IO; |
| | | 6 | | using System.Threading; |
| | | 7 | | using System.Threading.Tasks; |
| | | 8 | | |
| | | 9 | | /// <summary> |
| | | 10 | | /// Fluent builder for configuring and resolving secrets from a map file. |
| | | 11 | | /// Obtain an instance via <see cref="Env.FromMapFile(string)"/>. |
| | | 12 | | /// </summary> |
| | | 13 | | /// <example> |
| | | 14 | | /// <code> |
| | | 15 | | /// var secrets = Env.FromMapFile("envilder.json") |
| | | 16 | | /// .WithProvider(SecretProviderType.Azure) |
| | | 17 | | /// .WithVaultUrl("https://my-vault.vault.azure.net") |
| | | 18 | | /// .Resolve(); |
| | | 19 | | /// </code> |
| | | 20 | | /// </example> |
| | | 21 | | public class EnvilderBuilder |
| | | 22 | | { |
| | | 23 | | private readonly string _filePath; |
| | 1 | 24 | | private readonly EnvilderOptions _options = new(); |
| | | 25 | | |
| | 1 | 26 | | internal EnvilderBuilder(string filePath) |
| | | 27 | | { |
| | 1 | 28 | | _filePath = filePath; |
| | 1 | 29 | | } |
| | | 30 | | |
| | | 31 | | /// <summary> |
| | | 32 | | /// Overrides the secret provider type specified in the map file's <c>$config</c>. |
| | | 33 | | /// </summary> |
| | | 34 | | /// <param name="provider">The provider to use (AWS or Azure).</param> |
| | | 35 | | /// <returns>This builder for chaining.</returns> |
| | | 36 | | public EnvilderBuilder WithProvider(SecretProviderType provider) |
| | | 37 | | { |
| | 1 | 38 | | _options.Provider = provider; |
| | 1 | 39 | | return this; |
| | | 40 | | } |
| | | 41 | | |
| | | 42 | | /// <summary> |
| | | 43 | | /// Overrides the AWS named profile used for credential resolution. |
| | | 44 | | /// Only applicable when the provider is AWS. |
| | | 45 | | /// </summary> |
| | | 46 | | /// <param name="profile">The AWS profile name.</param> |
| | | 47 | | /// <returns>This builder for chaining.</returns> |
| | | 48 | | public EnvilderBuilder WithProfile(string profile) |
| | | 49 | | { |
| | 1 | 50 | | _options.Profile = profile; |
| | 1 | 51 | | return this; |
| | | 52 | | } |
| | | 53 | | |
| | | 54 | | /// <summary> |
| | | 55 | | /// Overrides the Azure Key Vault URL used for secret retrieval. |
| | | 56 | | /// Only applicable when the provider is Azure. |
| | | 57 | | /// </summary> |
| | | 58 | | /// <param name="vaultUrl">The Key Vault URL (e.g. <c>https://my-vault.vault.azure.net</c>).</param> |
| | | 59 | | /// <returns>This builder for chaining.</returns> |
| | | 60 | | public EnvilderBuilder WithVaultUrl(string vaultUrl) |
| | | 61 | | { |
| | 1 | 62 | | _options.VaultUrl = vaultUrl; |
| | 1 | 63 | | return this; |
| | | 64 | | } |
| | | 65 | | |
| | | 66 | | /// <summary> |
| | | 67 | | /// Resolves secrets from the map file using the configured overrides and |
| | | 68 | | /// returns them as a dictionary, without injecting into the environment. |
| | | 69 | | /// </summary> |
| | | 70 | | /// <returns>Resolved secrets keyed by environment variable name.</returns> |
| | | 71 | | public IReadOnlyDictionary<string, string> Resolve() |
| | | 72 | | { |
| | 1 | 73 | | Env.ValidateFileExists(_filePath); |
| | 1 | 74 | | var json = File.ReadAllText(_filePath); |
| | 1 | 75 | | var mapFile = new MapFileParser().Parse(json); |
| | 1 | 76 | | var provider = SecretProviderFactory.Create(mapFile.Config, _options); |
| | 1 | 77 | | return new Dictionary<string, string>(new EnvilderClient(provider).ResolveSecrets(mapFile)); |
| | | 78 | | } |
| | | 79 | | |
| | | 80 | | /// <summary> |
| | | 81 | | /// Asynchronously resolves secrets from the map file using the configured overrides. |
| | | 82 | | /// </summary> |
| | | 83 | | /// <param name="cancellationToken">Optional cancellation token.</param> |
| | | 84 | | /// <returns>Resolved secrets keyed by environment variable name.</returns> |
| | | 85 | | public async Task<IReadOnlyDictionary<string, string>> ResolveAsync( |
| | | 86 | | CancellationToken cancellationToken = default) |
| | | 87 | | { |
| | 1 | 88 | | Env.ValidateFileExists(_filePath); |
| | 1 | 89 | | var json = await Env.ReadFileAsync(_filePath, cancellationToken).ConfigureAwait(false); |
| | 1 | 90 | | var mapFile = new MapFileParser().Parse(json); |
| | 1 | 91 | | var provider = SecretProviderFactory.Create(mapFile.Config, _options); |
| | 1 | 92 | | var secrets = await new EnvilderClient(provider).ResolveSecretsAsync(mapFile, cancellationToken).ConfigureAwait(fals |
| | 1 | 93 | | return new Dictionary<string, string>(secrets); |
| | 1 | 94 | | } |
| | | 95 | | |
| | | 96 | | /// <summary> |
| | | 97 | | /// Resolves secrets and injects them as process-level environment variables |
| | | 98 | | /// via <see cref="System.Environment.SetEnvironmentVariable(string, string)"/>. |
| | | 99 | | /// </summary> |
| | | 100 | | /// <returns>Resolved secrets keyed by environment variable name.</returns> |
| | | 101 | | public IReadOnlyDictionary<string, string> Inject() |
| | | 102 | | { |
| | 1 | 103 | | var secrets = Resolve(); |
| | 1 | 104 | | EnvilderClient.InjectIntoEnvironment(secrets); |
| | 1 | 105 | | return secrets; |
| | | 106 | | } |
| | | 107 | | |
| | | 108 | | /// <summary> |
| | | 109 | | /// Asynchronously resolves secrets and injects them as process-level environment variables. |
| | | 110 | | /// </summary> |
| | | 111 | | /// <param name="cancellationToken">Optional cancellation token.</param> |
| | | 112 | | /// <returns>Resolved secrets keyed by environment variable name.</returns> |
| | | 113 | | public async Task<IReadOnlyDictionary<string, string>> InjectAsync( |
| | | 114 | | CancellationToken cancellationToken = default) |
| | | 115 | | { |
| | 1 | 116 | | var secrets = await ResolveAsync(cancellationToken).ConfigureAwait(false); |
| | 1 | 117 | | EnvilderClient.InjectIntoEnvironment(secrets); |
| | 1 | 118 | | return secrets; |
| | 1 | 119 | | } |
| | | 120 | | } |