Merge pull request #48 from Infisical/daniel/sdk-improvements

Feat: General SDK improvements

crates/infisical/src/api/secrets/get_secret.rs

@@ -19,9 +19,9 @@ pub async fn get_secret_request(
     let json: &serde_json::Value = &serde_json::json!({
         "workspaceId": input.project_id,
         "environment": input.environment,
-        "secretPath": input.path.as_ref().unwrap_or(&"/".to_string()), // default is "/"
-        "type": input.r#type.as_ref().unwrap_or(&"shared".to_string()), // default is shared
-        "include_imports": input.include_imports.as_ref().unwrap_or(&false), // default is false
+        "secretPath": input.path.clone().unwrap_or("/".to_string()), // default is "/"
+        "type": input.r#type.clone().unwrap_or("shared".to_string()), // default is shared
+        "include_imports": input.include_imports.unwrap_or(false).to_string(),
     });
 
     let secret_type = match input.r#type.as_ref() {

crates/infisical/src/client/auth_method_settings.rs

@@ -3,8 +3,8 @@ use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
 use crate::constants::{
-    INFISICAL_AWS_IAM_AUTH_IDENTITY_ID_ENV_NAME, INFISICAL_AZURE_AUTH_IDENTITY_ID_ENV_NAME,
-    INFISICAL_GCP_AUTH_IDENTITY_ID_ENV_NAME,
+    INFISICAL_ACCESS_TOKEN_ENV_NAME, INFISICAL_AWS_IAM_AUTH_IDENTITY_ID_ENV_NAME,
+    INFISICAL_AZURE_AUTH_IDENTITY_ID_ENV_NAME, INFISICAL_GCP_AUTH_IDENTITY_ID_ENV_NAME,
     INFISICAL_GCP_IAM_SERVICE_ACCOUNT_KEY_FILE_PATH_ENV_NAME,
     INFISICAL_KUBERNETES_IDENTITY_ID_ENV_NAME,
     INFISICAL_KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH_ENV_NAME,
@@ -105,11 +105,20 @@ pub enum AuthMethod {
     GcpIdToken,
     GcpIam,
     AwsIam,
+    AccessToken,
 }
 
 // Custom validation to ensure that if universal_auth or gcp_auth are present, their fields are populated
 impl AuthenticationOptions {
     pub fn validate(&mut self) -> Result<AuthMethod, String> {
+        // ACCESS TOKEN:
+        if let Some(ref access_token) = self.access_token {
+            if !access_token.is_empty() {
+                return Ok(AuthMethod::AccessToken);
+            }
+            return Err("access_token is present but is empty".into());
+        }
+
         // UNIVERSAL AUTH:
         if let Some(ref auth) = self.universal_auth {
             if !auth.client_id.is_empty() && !auth.client_secret.is_empty() {
@@ -155,6 +164,10 @@ impl AuthenticationOptions {
         } else {
             debug!("No authentication method is set. Checking environment variables.");
 
+            // access token env
+            let access_token_env =
+                std::env::var(INFISICAL_ACCESS_TOKEN_ENV_NAME).unwrap_or_default();
+
             // universal auth env's
             let universal_auth_client_id_env =
                 std::env::var(INFISICAL_UNIVERSAL_AUTH_CLIENT_ID_ENV_NAME).unwrap_or_default();
@@ -183,6 +196,12 @@ impl AuthenticationOptions {
             let azure_auth_identity_id_env =
                 std::env::var(INFISICAL_AZURE_AUTH_IDENTITY_ID_ENV_NAME).unwrap_or_default();
 
+            // access token env check
+            if !access_token_env.is_empty() {
+                self.access_token = Some(access_token_env);
+                return Ok(AuthMethod::AccessToken);
+            }
+
             // universal auth env check
             if !universal_auth_client_id_env.is_empty()
                 && !universal_auth_client_secret_env.is_empty()

crates/infisical/src/client/client.rs

@@ -24,7 +24,9 @@ impl Client {
         // Move the deprecated fields to the new auth object for backwards compatibility.
         #[allow(deprecated)]
         {
-            settings.auth.access_token = settings.access_token;
+            if settings.auth.access_token.is_none() {
+                settings.auth.access_token = settings.access_token;
+            }
 
             if settings.client_id.is_some() && settings.client_secret.is_some() {
                 settings.auth.universal_auth = Some(UniversalAuthMethod {

crates/infisical/src/constants.rs

@@ -21,6 +21,8 @@ pub const INFISICAL_AZURE_AUTH_IDENTITY_ID_ENV_NAME: &str = "INFISICAL_AZURE_AUT
 
 pub const INFISICAL_KUBERNETES_IDENTITY_ID_ENV_NAME: &str = "INFISICAL_KUBERNETES_IDENTITY_ID";
 
+pub const INFISICAL_ACCESS_TOKEN_ENV_NAME: &str = "INFISICAL_ACCESS_TOKEN";
+
 // AWS EC2 Metadata Service:
 pub const AWS_EC2_METADATA_TOKEN_URL: &str = "http://169.254.169.254/latest/api/token";
 pub const AWS_EC2_INSTANCE_IDENTITY_DOCUMENT_URL: &str =

crates/infisical/src/helper.rs

@@ -38,10 +38,14 @@ pub async fn handle_authentication(client: &mut Client) -> Result<()> {
     debug!("Auth validation passed");
 
     let auth_method = validation_result.unwrap_or(AuthMethod::UniversalAuth);
-
     let result;
 
     match auth_method {
+        AuthMethod::AccessToken => {
+            // Special case, since we don't need to do any authentication with Infisical.
+            client.set_access_token(client.auth.access_token.clone().unwrap_or("".to_string()));
+            return Ok(());
+        }
         AuthMethod::UniversalAuth => {
             debug!("Auth method is Universal Auth");
 

crates/infisical/src/manager/secrets/get.rs

@@ -13,9 +13,8 @@ pub struct GetSecretOptions {
     pub environment: String,
     pub project_id: String,
     pub path: Option<String>,
-
+    pub expand_secret_references: Option<bool>,
     pub r#type: Option<String>,
-
     pub include_imports: Option<bool>,
 }
 

crates/infisical/tests/secrets.rs

@@ -183,6 +183,7 @@ mod tests {
             project_id: variables.project_id.to_string(),
             path: None,
             r#type: None,
+            expand_secret_references: None,
             include_imports: None,
         };