2026-03-21 14:34:23 +00:00
|
|
|
#[macro_use]
|
|
|
|
|
pub mod error;
|
|
|
|
|
|
feat: ServiceClient trait, HttpTransport, and SunbeamClient factory
Foundation layer for unified service client wrappers:
- AuthMethod enum (None, Bearer, Header, Token)
- ServiceClient trait with service_name(), base_url(), from_parts()
- HttpTransport with json(), json_opt(), send(), bytes() helpers
- SunbeamClient lazy factory with OnceLock-cached per-service clients
- Feature flags for all service modules (identity, gitea, matrix, etc.)
Bump: sunbeam-sdk v0.2.0
2026-03-21 20:11:22 +00:00
|
|
|
pub mod client;
|
|
|
|
|
|
2026-03-21 14:34:23 +00:00
|
|
|
pub mod auth;
|
|
|
|
|
pub mod checks;
|
|
|
|
|
pub mod cluster;
|
|
|
|
|
pub mod config;
|
|
|
|
|
pub mod constants;
|
|
|
|
|
pub mod gitea;
|
|
|
|
|
pub mod images;
|
|
|
|
|
pub mod kube;
|
|
|
|
|
pub mod manifests;
|
|
|
|
|
pub mod openbao;
|
|
|
|
|
pub mod output;
|
|
|
|
|
pub mod pm;
|
|
|
|
|
pub mod secrets;
|
|
|
|
|
pub mod services;
|
|
|
|
|
pub mod update;
|
|
|
|
|
pub mod users;
|
feat: encrypted vault keystore, JWT auth, Drive upload
Vault keystore (vault_keystore.rs):
- AES-256-GCM encrypted local storage for root tokens + unseal keys
- Argon2id KDF with machine-specific salt, 0600 permissions
- save/load/verify/export API with 26 unit tests
- Integrated into seed flow: save after init, load as fallback,
backfill from cluster, restore K8s Secret if wiped
Vault CLI:
- vault reinit: wipe and re-initialize vault with confirmation
- vault keys: show local keystore status
- vault export-keys: plaintext export for machine migration
- vault status: now shows keystore status + uses JWT auth
- Fixed seal_status() bypassing request() (missing auth headers)
Vault OIDC auth:
- JWT auth method enabled on OpenBao via seed script
- cli-admin role: full access for users with admin:true JWT claim
- cli-reader role: read-only for non-admin SSO users
- BaoClient.with_proxy_auth(): sends both Bearer (proxy) and
X-Vault-Token (vault) headers
- SunbeamClient.bao() authenticates via JWT login, falls back
to local keystore root token
Drive:
- SDK client uses /items/ endpoint (was /files/ and /folders/)
- Added create_child, upload_ended, upload_to_s3 methods
- Added recursive drive upload command (--path, --folder-id)
- Switched all La Suite clients to /external_api/v1.0/
Infrastructure:
- Removed openbao-keys-placeholder.yaml from kustomization
- Added sunbeam.dev/managed-by label to programmatic secrets
- kv_patch→kv_put fallback for fresh vault initialization
- Hydra/Kratos secrets combined (new,old) for key rotation
2026-03-24 12:09:01 +00:00
|
|
|
pub mod vault_keystore;
|
feat: ServiceClient trait, HttpTransport, and SunbeamClient factory
Foundation layer for unified service client wrappers:
- AuthMethod enum (None, Bearer, Header, Token)
- ServiceClient trait with service_name(), base_url(), from_parts()
- HttpTransport with json(), json_opt(), send(), bytes() helpers
- SunbeamClient lazy factory with OnceLock-cached per-service clients
- Feature flags for all service modules (identity, gitea, matrix, etc.)
Bump: sunbeam-sdk v0.2.0
2026-03-21 20:11:22 +00:00
|
|
|
|
|
|
|
|
// Feature-gated service client modules
|
|
|
|
|
#[cfg(feature = "identity")]
|
|
|
|
|
pub mod identity;
|
|
|
|
|
#[cfg(feature = "matrix")]
|
|
|
|
|
pub mod matrix;
|
|
|
|
|
#[cfg(feature = "opensearch")]
|
|
|
|
|
pub mod search;
|
|
|
|
|
#[cfg(feature = "s3")]
|
|
|
|
|
pub mod storage;
|
|
|
|
|
#[cfg(feature = "livekit")]
|
|
|
|
|
pub mod media;
|
|
|
|
|
#[cfg(feature = "monitoring")]
|
|
|
|
|
pub mod monitoring;
|
|
|
|
|
#[cfg(feature = "lasuite")]
|
|
|
|
|
pub mod lasuite;
|
|
|
|
|
#[cfg(feature = "build")]
|
|
|
|
|
pub mod build;
|