refactor: kms decrypt analytics config (#3984)

2025-11-02 21:07:58 +08:00 · 2024-03-06 18:11:17 +05:30
parent 34c1b905b1
commit cfade55e69
6 changed files with 66 additions and 5 deletions
--- a/crates/analytics/src/lib.rs
+++ b/crates/analytics/src/lib.rs
@ -15,7 +15,13 @@ pub mod sdk_events;
 mod sqlx;
 mod types;
 use api_event::metrics::{ApiEventMetric, ApiEventMetricRow};
+use common_utils::errors::CustomResult;
 use disputes::metrics::{DisputeMetric, DisputeMetricRow};
+use hyperswitch_interfaces::secrets_interface::{
+    secret_handler::SecretsHandler,
+    secret_state::{RawSecret, SecretStateContainer, SecuredSecret},
+    SecretManagementInterface, SecretsManagementError,
+};
 pub use types::AnalyticsDomain;
 pub mod lambda_utils;
 pub mod utils;
@ -598,6 +604,51 @@ pub enum AnalyticsConfig {
    },
 }

+#[async_trait::async_trait]
+impl SecretsHandler for AnalyticsConfig {
+    async fn convert_to_raw_secret(
+        value: SecretStateContainer<Self, SecuredSecret>,
+        secret_management_client: &dyn SecretManagementInterface,
+    ) -> CustomResult<SecretStateContainer<Self, RawSecret>, SecretsManagementError> {
+        let analytics_config = value.get_inner();
+        let decrypted_password = match analytics_config {
+            // Todo: Perform kms decryption of clickhouse password
+            Self::Clickhouse { .. } => masking::Secret::new(String::default()),
+            Self::Sqlx { sqlx }
+            | Self::CombinedCkh { sqlx, .. }
+            | Self::CombinedSqlx { sqlx, .. } => {
+                secret_management_client
+                    .get_secret(sqlx.password.clone())
+                    .await?
+            }
+        };
+
+        Ok(value.transition_state(|conf| match conf {
+            Self::Sqlx { sqlx } => Self::Sqlx {
+                sqlx: Database {
+                    password: decrypted_password,
+                    ..sqlx
+                },
+            },
+            Self::Clickhouse { clickhouse } => Self::Clickhouse { clickhouse },
+            Self::CombinedCkh { sqlx, clickhouse } => Self::CombinedCkh {
+                sqlx: Database {
+                    password: decrypted_password,
+                    ..sqlx
+                },
+                clickhouse,
+            },
+            Self::CombinedSqlx { sqlx, clickhouse } => Self::CombinedSqlx {
+                sqlx: Database {
+                    password: decrypted_password,
+                    ..sqlx
+                },
+                clickhouse,
+            },
+        }))
+    }
+}
+
 impl Default for AnalyticsConfig {
    fn default() -> Self {
        Self::Sqlx {