feat: Set non-administrative secret handling in `ParallelHermeticConfig`

Add `NonAdministrativeSecretHandling` to `ParallelHermeticConfig` and adjust all documentation to reflect this. Signed-off-by: David Runge <dvzrv@archlinux.org>

feat: Set non-administrative secret handling in `ParallelHermeticConfig`
d606f8ba · David Runge · 94d79f64 · d606f8ba · d606f8ba · d606f8ba
Verified Commit d606f8ba authored 2 months ago by David Runge
--- a/nethsm-config/src/config.rs
+++ b/nethsm-config/src/config.rs
@@ -1582,6 +1582,12 @@ pub enum NonAdministrativeSecretHandling {
 /// ## - "plaintext": Administrative secrets are persisted on the system in unencrypted plaintext files (only for testing).
 /// admin_secret_handling = "shamirs-secret-sharing"
 ///
+/// ## The handling of non-administrative secrets on the system.
+/// ## One of:
+/// ## - "systemd-creds": Non-administrative secrets are persisted on the system as host-specific files, encrypted using systemd-creds (the default).
+/// ## - "plaintext": Non-administrative secrets are persisted on the system in unencrypted plaintext files (only for testing).
+/// non_admin_secret_handling = "systemd-creds"
+///
 /// [[connections]]
 /// url = "https://localhost:8443/api/v1/"
 /// tls_security = "Unsafe"
@@ -1761,6 +1767,7 @@ pub enum NonAdministrativeSecretHandling {
 pub struct HermeticParallelConfig {
    iteration: u32,
    admin_secret_handling: AdministrativeSecretHandling,
+    non_admin_secret_handling: NonAdministrativeSecretHandling,
    connections: HashSet<Connection>,
    users: HashSet<UserMapping>,
    #[serde(skip)]
@@ -1788,6 +1795,7 @@ impl HermeticParallelConfig {
    ///     let config_string = r#"
    /// iteration = 1
    /// admin_secret_handling = "shamirs-secret-sharing"
+    /// non_admin_secret_handling = "systemd-creds"
    /// [[connections]]
    /// url = "https://localhost:8443/api/v1/"
    /// tls_security = "Unsafe"
@@ -1937,6 +1945,7 @@ impl HermeticParallelConfig {
    ///     ConfigSettings,
    ///     Connection,
    ///     HermeticParallelConfig,
+    ///     NonAdministrativeSecretHandling,
    ///     UserMapping,
    /// };
    ///
@@ -1949,6 +1958,7 @@ impl HermeticParallelConfig {
    ///     ),
    ///     1,
    ///     AdministrativeSecretHandling::ShamirsSecretSharing,
+    ///     NonAdministrativeSecretHandling::SystemdCreds,
    ///     HashSet::from([Connection::new(
    ///         "https://localhost:8443/api/v1/".parse()?,
    ///         "Unsafe".parse()?,
@@ -1971,12 +1981,14 @@ impl HermeticParallelConfig {
        config_settings: ConfigSettings,
        iteration: u32,
        admin_secret_handling: AdministrativeSecretHandling,
+        non_admin_secret_handling: NonAdministrativeSecretHandling,
        connections: HashSet<Connection>,
        users: HashSet<UserMapping>,
    ) -> Result<Self, Error> {
        let config = Self {
            iteration,
            admin_secret_handling,
+            non_admin_secret_handling,
            connections,
            users,
            settings: config_settings,
@@ -2007,6 +2019,7 @@ impl HermeticParallelConfig {
    ///     Connection,
    ///     HermeticParallelConfig,
    ///     NetHsmMetricsUsers,
+    ///     NonAdministrativeSecretHandling,
    ///     UserMapping,
    /// };
    ///
@@ -2019,6 +2032,7 @@ impl HermeticParallelConfig {
    ///     ),
    ///     1,
    ///     AdministrativeSecretHandling::ShamirsSecretSharing,
+    ///     NonAdministrativeSecretHandling::SystemdCreds,
    ///     HashSet::from([Connection::new(
    ///         "https://localhost:8443/api/v1/".parse()?,
    ///         "Unsafe".parse()?,

--- a/nethsm-config/tests/fixtures/duplicate-authorized-keys-share-downloader/basic-parallel-config-admin-plaintext.toml
+++ b/nethsm-config/tests/fixtures/duplicate-authorized-keys-share-downloader/basic-parallel-config-admin-plaintext.toml
 iteration = 1
 admin_secret_handling = "plaintext"
+non_admin_secret_handling = "systemd-creds"
 [[connections]]
 url = "https://localhost:8443/api/v1/"
 tls_security = "Unsafe"

--- a/nethsm-config/tests/fixtures/duplicate-authorized-keys-share-downloader/basic-parallel-config-admin-shamirs-secret-sharing.toml
+++ b/nethsm-config/tests/fixtures/duplicate-authorized-keys-share-downloader/basic-parallel-config-admin-shamirs-secret-sharing.toml
 iteration = 1
 admin_secret_handling = "shamirs-secret-sharing"
+non_admin_secret_handling = "systemd-creds"
 [[connections]]
 url = "https://localhost:8443/api/v1/"
 tls_security = "Unsafe"

--- a/nethsm-config/tests/fixtures/duplicate-authorized-keys-share-downloader/basic-parallel-config-admin-systemd-creds.toml
+++ b/nethsm-config/tests/fixtures/duplicate-authorized-keys-share-downloader/basic-parallel-config-admin-systemd-creds.toml
 iteration = 1
 admin_secret_handling = "systemd-creds"
+non_admin_secret_handling = "systemd-creds"
 [[connections]]
 url = "https://localhost:8443/api/v1/"
 tls_security = "Unsafe"

--- a/nethsm-config/tests/fixtures/duplicate-authorized-keys-share-uploader/basic-parallel-config-admin-plaintext.toml
+++ b/nethsm-config/tests/fixtures/duplicate-authorized-keys-share-uploader/basic-parallel-config-admin-plaintext.toml
 iteration = 1
 admin_secret_handling = "plaintext"
+non_admin_secret_handling = "systemd-creds"
 [[connections]]
 url = "https://localhost:8443/api/v1/"
 tls_security = "Unsafe"

--- a/nethsm-config/tests/fixtures/duplicate-authorized-keys-share-uploader/basic-parallel-config-admin-shamirs-secret-sharing.toml
+++ b/nethsm-config/tests/fixtures/duplicate-authorized-keys-share-uploader/basic-parallel-config-admin-shamirs-secret-sharing.toml
 iteration = 1
 admin_secret_handling = "shamirs-secret-sharing"
+non_admin_secret_handling = "systemd-creds"
 [[connections]]
 url = "https://localhost:8443/api/v1/"
 tls_security = "Unsafe"

--- a/nethsm-config/tests/fixtures/duplicate-authorized-keys-share-uploader/basic-parallel-config-admin-systemd-creds.toml
+++ b/nethsm-config/tests/fixtures/duplicate-authorized-keys-share-uploader/basic-parallel-config-admin-systemd-creds.toml
 iteration = 1
 admin_secret_handling = "systemd-creds"
+non_admin_secret_handling = "systemd-creds"
 [[connections]]
 url = "https://localhost:8443/api/v1/"
 tls_security = "Unsafe"

--- a/nethsm-config/tests/fixtures/duplicate-authorized-keys-users/basic-parallel-config-admin-plaintext.toml
+++ b/nethsm-config/tests/fixtures/duplicate-authorized-keys-users/basic-parallel-config-admin-plaintext.toml
 iteration = 1
 admin_secret_handling = "plaintext"
+non_admin_secret_handling = "systemd-creds"
 [[connections]]
 url = "https://localhost:8443/api/v1/"
 tls_security = "Unsafe"

--- a/nethsm-config/tests/fixtures/duplicate-authorized-keys-users/basic-parallel-config-admin-shamirs-secret-sharing.toml
+++ b/nethsm-config/tests/fixtures/duplicate-authorized-keys-users/basic-parallel-config-admin-shamirs-secret-sharing.toml
 iteration = 1
 admin_secret_handling = "shamirs-secret-sharing"
+non_admin_secret_handling = "systemd-creds"
 [[connections]]
 url = "https://localhost:8443/api/v1/"
 tls_security = "Unsafe"

--- a/nethsm-config/tests/fixtures/duplicate-authorized-keys-users/basic-parallel-config-admin-systemd-creds.toml
+++ b/nethsm-config/tests/fixtures/duplicate-authorized-keys-users/basic-parallel-config-admin-systemd-creds.toml
 iteration = 1
 admin_secret_handling = "systemd-creds"
+non_admin_secret_handling = "systemd-creds"
 [[connections]]
 url = "https://localhost:8443/api/v1/"
 tls_security = "Unsafe"

--- a/nethsm-config/tests/fixtures/duplicate-key-id-in-namespace/basic-parallel-config-admin-plaintext.toml
+++ b/nethsm-config/tests/fixtures/duplicate-key-id-in-namespace/basic-parallel-config-admin-plaintext.toml
 iteration = 1
 admin_secret_handling = "plaintext"
+non_admin_secret_handling = "systemd-creds"
 [[connections]]
 url = "https://localhost:8443/api/v1/"
 tls_security = "Unsafe"

--- a/nethsm-config/tests/fixtures/duplicate-key-id-in-namespace/basic-parallel-config-admin-shamirs-secret-sharing.toml
+++ b/nethsm-config/tests/fixtures/duplicate-key-id-in-namespace/basic-parallel-config-admin-shamirs-secret-sharing.toml
 iteration = 1
 admin_secret_handling = "shamirs-secret-sharing"
+non_admin_secret_handling = "systemd-creds"
 [[connections]]
 url = "https://localhost:8443/api/v1/"
 tls_security = "Unsafe"

--- a/nethsm-config/tests/fixtures/duplicate-key-id-in-namespace/basic-parallel-config-admin-systemd-creds.toml
+++ b/nethsm-config/tests/fixtures/duplicate-key-id-in-namespace/basic-parallel-config-admin-systemd-creds.toml
 iteration = 1
 admin_secret_handling = "systemd-creds"
+non_admin_secret_handling = "systemd-creds"
 [[connections]]
 url = "https://localhost:8443/api/v1/"
 tls_security = "Unsafe"

--- a/nethsm-config/tests/fixtures/duplicate-key-id/basic-parallel-config-admin-plaintext.toml
+++ b/nethsm-config/tests/fixtures/duplicate-key-id/basic-parallel-config-admin-plaintext.toml
 iteration = 1
 admin_secret_handling = "plaintext"
+non_admin_secret_handling = "systemd-creds"
 [[connections]]
 url = "https://localhost:8443/api/v1/"
 tls_security = "Unsafe"

--- a/nethsm-config/tests/fixtures/duplicate-key-id/basic-parallel-config-admin-shamirs-secret-sharing.toml
+++ b/nethsm-config/tests/fixtures/duplicate-key-id/basic-parallel-config-admin-shamirs-secret-sharing.toml
 iteration = 1
 admin_secret_handling = "shamirs-secret-sharing"
+non_admin_secret_handling = "systemd-creds"
 [[connections]]
 url = "https://localhost:8443/api/v1/"
 tls_security = "Unsafe"

--- a/nethsm-config/tests/fixtures/duplicate-key-id/basic-parallel-config-admin-systemd-creds.toml
+++ b/nethsm-config/tests/fixtures/duplicate-key-id/basic-parallel-config-admin-systemd-creds.toml
 iteration = 1
 admin_secret_handling = "systemd-creds"
+non_admin_secret_handling = "systemd-creds"
 [[connections]]
 url = "https://localhost:8443/api/v1/"
 tls_security = "Unsafe"

--- a/nethsm-config/tests/fixtures/duplicate-nethsm-user/basic-parallel-config-admin-plaintext.toml
+++ b/nethsm-config/tests/fixtures/duplicate-nethsm-user/basic-parallel-config-admin-plaintext.toml
 iteration = 1
 admin_secret_handling = "plaintext"
+non_admin_secret_handling = "systemd-creds"
 [[connections]]
 url = "https://localhost:8443/api/v1/"
 tls_security = "Unsafe"

--- a/nethsm-config/tests/fixtures/duplicate-nethsm-user/basic-parallel-config-admin-shamirs-secret-sharing.toml
+++ b/nethsm-config/tests/fixtures/duplicate-nethsm-user/basic-parallel-config-admin-shamirs-secret-sharing.toml
 iteration = 1
 admin_secret_handling = "shamirs-secret-sharing"
+non_admin_secret_handling = "systemd-creds"
 [[connections]]
 url = "https://localhost:8443/api/v1/"
 tls_security = "Unsafe"

--- a/nethsm-config/tests/fixtures/duplicate-nethsm-user/basic-parallel-config-admin-systemd-creds.toml
+++ b/nethsm-config/tests/fixtures/duplicate-nethsm-user/basic-parallel-config-admin-systemd-creds.toml
 iteration = 1
 admin_secret_handling = "systemd-creds"
+non_admin_secret_handling = "systemd-creds"
 [[connections]]
 url = "https://localhost:8443/api/v1/"
 tls_security = "Unsafe"

--- a/nethsm-config/tests/fixtures/duplicate-system-user/basic-parallel-config-admin-plaintext.toml
+++ b/nethsm-config/tests/fixtures/duplicate-system-user/basic-parallel-config-admin-plaintext.toml
 iteration = 1
 admin_secret_handling = "plaintext"
+non_admin_secret_handling = "systemd-creds"
 [[connections]]
 url = "https://localhost:8443/api/v1/"
 tls_security = "Unsafe"