feat(core): [proxy payments] send external vault proxy metadata to UCS (#9108)

2025-10-27 03:13:56 +08:00 · 2025-09-01 16:28:37 +05:30
parent ff14b7cac8
commit c02d8b9ba9
8 changed files with 244 additions and 17 deletions
--- a/crates/external_services/src/grpc_client/unified_connector_service.rs
+++ b/crates/external_services/src/grpc_client/unified_connector_service.rs
@ -156,6 +156,23 @@ pub struct ConnectorAuthMetadata {
    pub merchant_id: Secret<String>,
 }

+/// External Vault Proxy Related Metadata
+#[derive(Debug, Clone, serde::Deserialize, serde::Serialize)]
+#[serde(untagged)]
+pub enum ExternalVaultProxyMetadata {
+    /// VGS proxy data variant
+    VgsMetadata(VgsMetadata),
+}
+
+/// VGS proxy data
+#[derive(Debug, Clone, serde::Deserialize, serde::Serialize)]
+pub struct VgsMetadata {
+    /// External vault url
+    pub proxy_url: Url,
+    /// CA certificates to verify the vault server
+    pub certificate: Secret<String>,
+}
+
 impl UnifiedConnectorServiceClient {
    /// Builds the connection to the gRPC service
    pub async fn build_connections(config: &GrpcClientSettings) -> Option<Self> {
@ -206,13 +223,18 @@ impl UnifiedConnectorServiceClient {
        &self,
        payment_authorize_request: payments_grpc::PaymentServiceAuthorizeRequest,
        connector_auth_metadata: ConnectorAuthMetadata,
+        external_vault_proxy_metadata: Option<String>,
        grpc_headers: GrpcHeaders,
    ) -> UnifiedConnectorServiceResult<tonic::Response<PaymentServiceAuthorizeResponse>> {
        let mut request = tonic::Request::new(payment_authorize_request);

        let connector_name = connector_auth_metadata.connector_name.clone();
-        let metadata =
-            build_unified_connector_service_grpc_headers(connector_auth_metadata, grpc_headers)?;
+        let metadata = build_unified_connector_service_grpc_headers(
+            connector_auth_metadata,
+            external_vault_proxy_metadata,
+            grpc_headers,
+        )?;
+
        *request.metadata_mut() = metadata;

        self.client
@ -241,8 +263,11 @@ impl UnifiedConnectorServiceClient {
        let mut request = tonic::Request::new(payment_get_request);

        let connector_name = connector_auth_metadata.connector_name.clone();
-        let metadata =
-            build_unified_connector_service_grpc_headers(connector_auth_metadata, grpc_headers)?;
+        let metadata = build_unified_connector_service_grpc_headers(
+            connector_auth_metadata,
+            None,
+            grpc_headers,
+        )?;
        *request.metadata_mut() = metadata;

        self.client
@ -271,8 +296,11 @@ impl UnifiedConnectorServiceClient {
        let mut request = tonic::Request::new(payment_register_request);

        let connector_name = connector_auth_metadata.connector_name.clone();
-        let metadata =
-            build_unified_connector_service_grpc_headers(connector_auth_metadata, grpc_headers)?;
+        let metadata = build_unified_connector_service_grpc_headers(
+            connector_auth_metadata,
+            None,
+            grpc_headers,
+        )?;
        *request.metadata_mut() = metadata;

        self.client
@ -302,8 +330,11 @@ impl UnifiedConnectorServiceClient {
        let mut request = tonic::Request::new(payment_repeat_request);

        let connector_name = connector_auth_metadata.connector_name.clone();
-        let metadata =
-            build_unified_connector_service_grpc_headers(connector_auth_metadata, grpc_headers)?;
+        let metadata = build_unified_connector_service_grpc_headers(
+            connector_auth_metadata,
+            None,
+            grpc_headers,
+        )?;
        *request.metadata_mut() = metadata;

        self.client
@ -331,8 +362,11 @@ impl UnifiedConnectorServiceClient {
        let mut request = tonic::Request::new(webhook_transform_request);

        let connector_name = connector_auth_metadata.connector_name.clone();
-        let metadata =
-            build_unified_connector_service_grpc_headers(connector_auth_metadata, grpc_headers)?;
+        let metadata = build_unified_connector_service_grpc_headers(
+            connector_auth_metadata,
+            None,
+            grpc_headers,
+        )?;
        *request.metadata_mut() = metadata;

        self.client
@ -354,6 +388,7 @@ impl UnifiedConnectorServiceClient {
 /// Build the gRPC Headers for Unified Connector Service Request
 pub fn build_unified_connector_service_grpc_headers(
    meta: ConnectorAuthMetadata,
+    external_vault_proxy_metadata: Option<String>,
    grpc_headers: GrpcHeaders,
 ) -> Result<MetadataMap, UnifiedConnectorServiceError> {
    let mut metadata = MetadataMap::new();
@ -405,6 +440,13 @@ pub fn build_unified_connector_service_grpc_headers(
        parse(common_utils_consts::X_MERCHANT_ID, meta.merchant_id.peek())?,
    );

+    if let Some(external_vault_proxy_metadata) = external_vault_proxy_metadata {
+        metadata.append(
+            consts::UCS_HEADER_EXTERNAL_VAULT_METADATA,
+            parse("external_vault_metadata", &external_vault_proxy_metadata)?,
+        );
+    };
+
    if let Err(err) = grpc_headers
        .tenant_id
        .parse()
--- a/crates/external_services/src/lib.rs
+++ b/crates/external_services/src/lib.rs
@ -91,6 +91,9 @@ pub mod consts {

    /// Header key for sending the AUTH KEY MAP in currency-based authentication.
    pub(crate) const UCS_HEADER_AUTH_KEY_MAP: &str = "x-auth-key-map";
+
+    /// Header key for sending the EXTERNAL VAULT METADATA in proxy payments
+    pub(crate) const UCS_HEADER_EXTERNAL_VAULT_METADATA: &str = "x-external-vault-metadata";
 }

 /// Metrics for interactions with external systems.