docs(sdk/rust): clarify SecretsManager::new() deferred bind lifecycle (KSM-973)#1024
Open
maksimu wants to merge 1 commit into
Open
docs(sdk/rust): clarify SecretsManager::new() deferred bind lifecycle (KSM-973)#1024maksimu wants to merge 1 commit into
maksimu wants to merge 1 commit into
Conversation
… (KSM-973) SecretsManager::new() does not make any network calls — the one-time token is redeemed on the first get_secrets() call. Before that call the storage backend is 'unbound' and is missing appKey + appOwnerPublicKey, which means an exported copy cannot be loaded into a new SecretsManager later. This was previously undocumented and the canonical example stopped at new(), implying initialisation was complete. An integrator persisting the config to an external store (OS keychain, AWS Secrets Manager, KMS, etc.) between new() and the first network call ended up with an unbound config that broke on restart (reported during a KeeperDB integration). Changes: - Expand the doc comment on SecretsManager::new() to make the deferred-bind contract explicit and add a worked example that calls get_secrets(vec![]) immediately after new(). - Add 4 unit tests in tests/bind_lifecycle_tests.rs covering: - new() does not make a network call (verified via panicking custom_post_function) - storage is unbound after new() (no appKey / appOwnerPublicKey) - pre-bind keys (clientId, privateKey, hostname) are present after new() - a fully-bound config can be reloaded without a token No public API change.
maksimu
force-pushed
the
fix/ksm-973-rust-sdk-bind-lifecycle
branch
from
4a1ba7f to
05ae679
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
SecretsManager::new()does not make any network calls — the one-time token is redeemed on the firstget_secrets()call. This contract was previously undocumented and caused real integration bugs (most recently while integrating the Rust SDK into KeeperDB).What changes
Doc only — no public API change.
SecretsManager::new()to make the deferred-bind contract explicit, explain when the storage is "unbound" (missingappKeyandappOwnerPublicKey), and warn against persisting the config before the first network call.secrets_manager.get_secrets(vec![])?immediately afternew()with an explanatory comment.Why it matters
If an integrator reads from the SDK's storage and persists it (to OS keychain, AWS Secrets Manager, HashiCorp Vault, …) between
new()and the first network call, the saved blob is missingappKey+appOwnerPublicKey. On the next run, loading that blob produces aSecretsManagerthat cannot fetch secrets. The fix is to force the bind by callingget_secrets(vec![])first — but until now nothing in the public surface signalled this.Tests
New test file
sdk/rust/tests/bind_lifecycle_tests.rswith four tests covering the bind lifecycle contract:test_new_does_not_perform_network_callnew()never invokes the HTTP layer — verified by injecting a panickingcustom_post_functiontest_storage_is_unbound_after_newappKeyandappOwnerPublicKeyare absent immediately afternew()test_pre_bind_keys_present_after_newclientId,privateKey,hostnameARE present afternew()(written locally, no network)test_bound_config_can_be_reloaded_without_tokenSecretsManagerwith no token (the second-run path)All four pass locally:
cargo test --test bind_lifecycle_tests→4 passed; 0 failed.Follow-ups (not in this PR)
bind()andis_bound()convenience methods, but that needs to be done consistently across all SDKs — out of scope here.Jira: KSM-973