CleverCloud
diff --git a/‎Cargo.toml‎
Lines changed: 10 additions & 6 deletions b/‎Cargo.toml‎
Lines changed: 10 additions & 6 deletions
diff --git a/‎src/clever_env.rs‎
Lines changed: 222 additions & 0 deletions b/‎src/clever_env.rs‎
Lines changed: 222 additions & 0 deletions
diff --git a/‎src/clever_tools.rs‎
Lines changed: 87 additions & 0 deletions b/‎src/clever_tools.rs‎
Lines changed: 87 additions & 0 deletions
@@ -13,17 +13,18 @@ keywords = ["clevercloud", "sdk", "logging", "metrics", "jsonschemas"]
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [features]
-default = ["logging"]
+default = ["logging", "network-group"]
 jsonschemas = ["dep:schemars"]
 logging = ["dep:log", "oauth10a/logging", "tracing/log-always"]
 metrics = ["oauth10a/metrics"]
 tracing = ["oauth10a/tracing", "dep:tracing"]
-network-group = ["dep:base64", "x25519-dalek", "dep:rand_core", "dep:zeroize"]
+network-group = ["dep:base64", "x25519-dalek", "dep:rand_core", "dep:cidr"]
 
 [dependencies]
 base64 = { version = "^0.22.1", optional = true }
 chrono = { version = "^0.4.41", features = ["serde"] }
-oauth10a = { version = "^3.0.0", default-features = false, features = [
+cidr = { version = "^0.3.1", features = ["serde"], optional = true }
+oauth10a = { path = "../oauth10a-rust", default-features = false, features = [
     "client",
     "serde",
     "rest",
@@ -49,7 +50,10 @@ x25519-dalek = { version = "^2.0.1", features = [
     "zeroize",
     "static_secrets",
 ], optional = true }
-zeroize = { version = "^1.8.1", features = [
+zeroize = { version = "^1.8.1", features = ["serde", "derive"] }
+env-capture = { git = "https://gitlab.corp.clever-cloud.com/CedricLG/env-capture", features = [
     "serde",
-    "derive",
-], optional = true }
+] }
+
+[dev-dependencies]
+tracing-subscriber = { version = "^0.3.19", features = ["env-filter"] }
@@ -0,0 +1,222 @@
+use std::{borrow::Cow, fs, io, path::Path};
+
+use env_capture::{Env, IgnoreAsciiCase};
+use oauth10a::{credentials::Credentials, url::Url};
+
+use crate::{
+    DEFAULT_SSH_GATEWAY, PartialCredentials,
+    clever_tools::{CleverTools, CleverToolsConfig, CleverToolsConfigError},
+    default_api_host, default_auth_bridge_host,
+};
+
+// PARTIAL OAUTH ERROR /////////////////////////////////////////////////////////
+
+#[derive(Debug, thiserror::Error)]
+pub enum PartialOAuthError {
+    #[error("missing token")]
+    Token,
+    #[error("missing secret")]
+    Secret,
+    #[error("missing consumer token")]
+    ConsumerKey,
+    #[error("missing consumer secret")]
+    ConsumerSecret,
+}
+
+// CLEVER ENV //////////////////////////////////////////////////////////////////
+
+#[derive(Debug, thiserror::Error)]
+pub enum CleverEnvError {
+    #[error("failed to capture environnement, {0}")]
+    Capture(#[from] env_capture::Error),
+    #[error(transparent)]
+    CleverToolsConfigFile(#[from] CleverToolsConfigError),
+    #[error("partial OAuth credentials: {0}")]
+    PartialOAuth(#[from] PartialOAuthError),
+    #[error("failed to create configuration directory")]
+    ConfigDir(io::Error),
+}
+
+/// Snapshot of the clever environment variables, hydrated with the OAuth
+/// configuration from the main configuration file of the `clever-tools`, if any.
+#[derive(Debug, serde::Deserialize)]
+pub struct CleverEnv {
+    #[serde(rename = "API_HOST")]
+    pub(crate) api_host: Option<Url>,
+    #[serde(rename = "AUTH_BRIDGE_API")]
+    pub(crate) auth_bridge_host: Option<Url>,
+    #[serde(rename = "SSH_GATEWAY")]
+    pub(crate) ssh_gateway: Option<Box<str>>,
+    #[serde(rename = "", flatten, default)]
+    pub(crate) credentials: Option<PartialCredentials>,
+    #[serde(skip)]
+    pub(crate) config_dir: Option<Box<Path>>,
+}
+
+impl CleverEnv {
+    pub fn from_env() -> Result<Self, CleverEnvError> {
+        let env = Env::<IgnoreAsciiCase>::from_env();
+
+        let mut env = env.with_prefix("CLEVER_").parse::<Self>()?;
+
+        match &mut env.credentials {
+            credentials @ None => {
+                trace!("credentials not found in current process environment");
+
+                let config_dir = CleverToolsConfig::default_config_dir()?;
+
+                let config_path = CleverToolsConfig::config_path_in(&config_dir);
+
+                if config_path.exists() {
+                    env.config_dir.replace(config_dir.into());
+
+                    let CleverToolsConfig {
+                        oauth_token,
+                        oauth_secret,
+                    } = CleverToolsConfig::from_path(&config_path)?;
+
+                    *credentials = Some(Credentials::OAuth1 {
+                        token: oauth_token,
+                        secret: oauth_secret,
+                        consumer_key: None,
+                        consumer_secret: None,
+                    });
+
+                    trace!("using credentials from `clever-tools` configuration file");
+                }
+            }
+            Some(Credentials::OAuth1 {
+                consumer_key: Some(_),
+                consumer_secret: None,
+                ..
+            }) => {
+                return Err(CleverEnvError::PartialOAuth(
+                    PartialOAuthError::ConsumerSecret,
+                ));
+            }
+            Some(Credentials::OAuth1 {
+                consumer_key: None,
+                consumer_secret: Some(_),
+                ..
+            }) => return Err(CleverEnvError::PartialOAuth(PartialOAuthError::ConsumerKey)),
+            Some(_) => trace!("using credentials from environment"),
+        }
+
+        Ok(env)
+    }
+
+    pub fn env_api_host(&self) -> Option<&Url> {
+        self.api_host.as_ref()
+    }
+
+    pub fn api_host(&self) -> &Url {
+        match &self.api_host {
+            None => default_api_host(),
+            Some(v) => v,
+        }
+    }
+
+    pub fn env_auth_bridge_host(&self) -> Option<&Url> {
+        self.auth_bridge_host.as_ref()
+    }
+
+    pub fn auth_bridge_host(&self) -> &Url {
+        match &self.auth_bridge_host {
+            None => default_auth_bridge_host(),
+            Some(v) => v,
+        }
+    }
+
+    pub fn env_ssh_gateway(&self) -> Option<&str> {
+        self.ssh_gateway.as_deref()
+    }
+
+    pub const fn ssh_gateway(&self) -> &str {
+        match &self.ssh_gateway {
+            None => DEFAULT_SSH_GATEWAY,
+            Some(v) => v,
+        }
+    }
+
+    pub const fn env_oauth_consumer_key(&self) -> Option<&str> {
+        match self.credentials {
+            Some(Credentials::OAuth1 {
+                consumer_key: Some(ref v),
+                ..
+            }) => Some(v),
+            _ => None,
+        }
+    }
+
+    pub const fn oauth_consumer_key(&self) -> &str {
+        match self.env_oauth_consumer_key() {
+            Some(x) => x,
+            None => CleverTools::CONSUMER_KEY,
+        }
+    }
+
+    pub const fn env_oauth_consumer_secret(&self) -> Option<&str> {
+        match self.credentials {
+            Some(Credentials::OAuth1 {
+                consumer_secret: Some(ref v),
+                ..
+            }) => Some(v),
+            _ => None,
+        }
+    }
+
+    pub const fn oauth_consumer_secret(&self) -> &str {
+        match self.env_oauth_consumer_secret() {
+            Some(v) => v,
+            None => CleverTools::CONSUMER_SECRET,
+        }
+    }
+
+    /// Returns the path to the directory where configuration files of clever apps are stored.
+    pub fn config_dir(&self) -> Result<Cow<'_, Path>, CleverEnvError> {
+        let path = match self.config_dir {
+            Some(ref config_dir) => Cow::Borrowed(&**config_dir),
+            None => Cow::Owned(CleverToolsConfig::default_config_dir()?),
+        };
+
+        fs::create_dir_all(&*path).map_err(CleverEnvError::ConfigDir)?;
+
+        Ok(path)
+    }
+
+    pub fn credentials(&self) -> Option<&PartialCredentials> {
+        self.credentials.as_ref()
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use env_capture::set_tmp_var;
+    use oauth10a::credentials::Credentials;
+
+    use crate::clever_env::CleverEnv;
+
+    #[test]
+    fn test_env() {
+        let _ = unsafe { set_tmp_var("RUST_LOG", "trace") };
+
+        tracing_subscriber::fmt::fmt()
+            .with_level(true)
+            .with_line_number(true)
+            .with_env_filter(tracing_subscriber::EnvFilter::from_default_env())
+            .init();
+
+        let _ = unsafe { set_tmp_var("CLEVER_TOKEN", "my_token") };
+        let _ = unsafe { set_tmp_var("CLEVER_SECRET", "my_secret") };
+
+        if let Credentials::OAuth1 {
+            token,
+            secret,
+            consumer_key,
+            consumer_secret,
+        } = CleverEnv::from_env().unwrap().credentials().unwrap()
+        {
+            dbg!(token, secret, consumer_key, consumer_secret);
+        }
+    }
+}
@@ -0,0 +1,87 @@
+//! Clever Tools
+
+use std::{
+    env, fs,
+    io::{self, Read},
+    path::{Path, PathBuf},
+};
+
+// CLEVER TOOLS ////////////////////////////////////////////////////////////////
+
+/// Default OAuth1 consumer.
+#[derive(Debug)]
+pub struct CleverTools;
+
+impl CleverTools {
+    // Consumer key and secret of the clever-tools are publicly available.
+    // The disclosure of these tokens is not considered a vulnerability.
+    // Do not report this to our security service.
+    //
+    // See:
+    // - <https://github.com/CleverCloud/clever-tools/blob/fed085e2ba0339f55e966d7c8c6439d4dac71164/src/models/configuration.js#L128>
+
+    pub const CONSUMER_KEY: &'static str = "T5nFjKeHH4AIlEveuGhB5S3xg8T19e";
+    pub const CONSUMER_SECRET: &'static str = "MgVMqTr6fWlf2M0tkC2MXOnhfqBWDT";
+}
+
+// CLEVER TOOLS CONFIG ERROR ///////////////////////////////////////////////////
+
+#[derive(Debug, thiserror::Error)]
+pub enum CleverToolsConfigError {
+    #[error("failed to resolve home directory")]
+    HomeDir,
+    #[error("failed to open clever-tools configuration file")]
+    Open(io::Error),
+    #[error("failed to read clever-tools configuration file's contents")]
+    Read(io::Error),
+    #[error("failed to parse clever-tools configuration file's contents")]
+    Json(serde_json::Error),
+}
+
+// CLEVER TOOLS CONFIG /////////////////////////////////////////////////////////
+
+#[derive(Debug, Clone, PartialEq, Eq, serde::Serialize, serde::Deserialize)]
+pub struct CleverToolsConfig {
+    #[serde(rename = "token")]
+    pub oauth_token: Box<str>,
+    #[serde(rename = "secret")]
+    pub oauth_secret: Box<str>,
+}
+
+fn config_dir() -> Result<PathBuf, CleverToolsConfigError> {
+    Ok(match env::var_os("XDG_CONFIG_HOME") {
+        Some(config_dir) => PathBuf::from(config_dir),
+        None => env::home_dir()
+            .ok_or(CleverToolsConfigError::HomeDir)?
+            .join(".config"),
+    })
+}
+
+impl CleverToolsConfig {
+    pub fn default_config_dir() -> Result<PathBuf, CleverToolsConfigError> {
+        Ok(config_dir()?.join("clever-cloud"))
+    }
+
+    pub fn config_path_in(config_dir: &Path) -> PathBuf {
+        config_dir.join("clever-tools.json")
+    }
+
+    pub fn config_path() -> Result<PathBuf, CleverToolsConfigError> {
+        Ok(Self::config_path_in(&Self::default_config_dir()?))
+    }
+
+    pub fn from_path(path: &Path) -> Result<Self, CleverToolsConfigError> {
+        let buf = {
+            let mut buf = String::new();
+
+            let _ = fs::File::open(path)
+                .map_err(CleverToolsConfigError::Open)?
+                .read_to_string(&mut buf)
+                .map_err(CleverToolsConfigError::Read)?;
+
+            buf
+        };
+
+        serde_json::from_str(&buf).map_err(CleverToolsConfigError::Json)
+    }
+}