rust/hyperswitch
1
0
Fork 0
mirror of https://github.com/juspay/hyperswitch.git synced 2025-10-29 00:49:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(config): dont read cert and url if keymanager is disabled (#6091)

Browse Source
This commit is contained in:
Kartikeya Hegde
2024-09-27 18:50:05 +05:30
committed by GitHub
parent 8d5ad1ecc3
commit 4e875d4220
7 changed files with 44 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/development.toml
View File

@ -13,7 +13,7 @@ use_xray_generator = false
bg_metrics_collection_interval_in_secs = 15
[key_manager]
url = "http://localhost:5000"
enabled = false
# TODO: Update database credentials before running application
[master_database]

2
crates/common_utils/src/types/keymanager.rs
View File

@ -25,7 +25,7 @@ use crate::{
#[derive(Debug, Clone)]
pub struct KeyManagerState {
pub enabled: Option<bool>,
pub enabled: bool,
pub url: String,
pub client_idle_timeout: Option<u64>,
#[cfg(feature = "km_forward_x_request_id")]

2
crates/hyperswitch_domain_models/src/type_encryption.rs
View File

@ -101,7 +101,7 @@ mod encrypt {
fn is_encryption_service_enabled(_state: &KeyManagerState) -> bool {
#[cfg(feature = "encryption_service")]
{
_state.enabled.unwrap_or_default()
_state.enabled
}
#[cfg(not(feature = "encryption_service"))]
{

13
crates/router/src/configs/defaults.rs
View File

@ -12495,16 +12495,3 @@ pub fn get_shipping_required_fields() -> HashMap<String, RequiredFieldInfo> {
),
])
}
impl Default for super::settings::KeyManagerConfig {
fn default() -> Self {
Self {
enabled: None,
url: String::from("localhost:5000"),
#[cfg(feature = "keymanager_mtls")]
ca: String::default().into(),
#[cfg(feature = "keymanager_mtls")]
cert: String::default().into(),
}
}
}

20
crates/router/src/configs/secrets_transformers.rs
View File

@ -232,14 +232,22 @@ impl SecretsHandler for settings::KeyManagerConfig {
let keyconfig = value.get_inner();
#[cfg(feature = "keymanager_mtls")]
let ca = _secret_management_client
.get_secret(keyconfig.ca.clone())
.await?;
let ca = if keyconfig.enabled {
_secret_management_client
.get_secret(keyconfig.ca.clone())
.await?
} else {
keyconfig.ca.clone()
};
#[cfg(feature = "keymanager_mtls")]
let cert = _secret_management_client
.get_secret(keyconfig.cert.clone())
.await?;
let cert = if keyconfig.enabled {
_secret_management_client
.get_secret(keyconfig.cert.clone())
.await?
} else {
keyconfig.ca.clone()
};
Ok(value.transition_state(|keyconfig| Self {
#[cfg(feature = "keymanager_mtls")]

7
crates/router/src/configs/settings.rs
View File

@ -215,9 +215,10 @@ pub struct KvConfig {
pub soft_kill: Option<bool>,
}
#[derive(Debug, Deserialize, Clone)]
#[derive(Debug, Deserialize, Clone, Default)]
#[serde(default)]
pub struct KeyManagerConfig {
pub enabled: Option<bool>,
pub enabled: bool,
pub url: String,
#[cfg(feature = "keymanager_mtls")]
pub cert: Secret<String>,
@ -863,6 +864,8 @@ impl Settings<SecuredSecret> {
.map(|x| x.get_inner().validate())
.transpose()?;
self.key_manager.get_inner().validate()?;
Ok(())
}
}

22
crates/router/src/configs/validations.rs
View File

@ -235,3 +235,25 @@ impl super::settings::NetworkTokenizationService {
})
}
}
impl super::settings::KeyManagerConfig {
pub fn validate(&self) -> Result<(), ApplicationError> {
use common_utils::fp_utils::when;
#[cfg(feature = "keymanager_mtls")]
when(
self.enabled && (self.ca.is_default_or_empty() || self.cert.is_default_or_empty()),
|| {
Err(ApplicationError::InvalidConfigurationValueError(
"Invalid CA or Certificate for Keymanager.".into(),
))
},
)?;
when(self.enabled && self.url.is_default_or_empty(), || {
Err(ApplicationError::InvalidConfigurationValueError(
"Invalid URL for Keymanager".into(),
))
})
}
}