Feat (kv2): kv2 data access (no metadata)

.sqlx/query-844de8351a0ed204e2080857373507389c90453b5d3ad92344272838958ab28e.json

@@ -40,5 +40,5 @@
       false
     ]
   },
-  "hash": "0b6d152060335c7c8cc6e781eac810a3fc1c2ad752e3f856a66e75b73b2ab3c6"
+  "hash": "844de8351a0ed204e2080857373507389c90453b5d3ad92344272838958ab28e"
 }

.sqlx/query-919758dd0aee1053065d62d528bca5bbd5220b909b6c1b5eb5c77ce0dd2259e4.json

@@ -0,0 +1,44 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT secret_data, created_time, deletion_time, version_number, secret_path\n            FROM kv2_secret_version WHERE engine_path = $1 AND secret_path = $2 AND deletion_time IS NULL\n                AND version_number = $3",
+  "describe": {
+    "columns": [
+      {
+        "name": "secret_data",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "created_time",
+        "ordinal": 1,
+        "type_info": "Datetime"
+      },
+      {
+        "name": "deletion_time",
+        "ordinal": 2,
+        "type_info": "Datetime"
+      },
+      {
+        "name": "version_number",
+        "ordinal": 3,
+        "type_info": "Integer"
+      },
+      {
+        "name": "secret_path",
+        "ordinal": 4,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": [
+      false,
+      false,
+      true,
+      false,
+      false
+    ]
+  },
+  "hash": "919758dd0aee1053065d62d528bca5bbd5220b909b6c1b5eb5c77ce0dd2259e4"
+}

Cargo.lock

@@ -174,9 +174,9 @@ checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
 
 [[package]]
 name = "base64ct"
-version = "1.6.0"
+version = "1.7.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
+checksum = "89e25b6adfb930f02d1981565a6e5d9c547ac15a96606256d3b59040e5cd4ca3"
 
 [[package]]
 name = "bitflags"
@@ -210,9 +210,9 @@ checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a"
 
 [[package]]
 name = "cc"
-version = "1.2.16"
+version = "1.2.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "be714c154be609ec7f5dad223a33bf1482fff90472de28f7362806e6d4832b8c"
+checksum = "1fcb57c740ae1daf453ae85f16e37396f672b039e00d9d866e07ddb24e328e3a"
 dependencies = [
  "shlex",
 ]
@@ -306,9 +306,9 @@ dependencies = [
 
 [[package]]
 name = "deranged"
-version = "0.3.11"
+version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4"
+checksum = "28cfac68e08048ae1883171632c2aef3ebc555621ae56fbccce1cbf22dd7f058"
 dependencies = [
  "powerfmt",
  "serde",
@@ -364,14 +364,14 @@ dependencies = [
 
 [[package]]
 name = "env_logger"
-version = "0.11.6"
+version = "0.11.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dcaee3d8e3cfc3fd92428d477bc97fc29ec8716d180c0d74c643bb26166660e0"
+checksum = "c3716d7a920fb4fac5d84e9d4bce8ceb321e9414b4409da61b07b75c1e3d0697"
 dependencies = [
  "anstream",
  "anstyle",
  "env_filter",
- "humantime",
+ "jiff",
  "log",
 ]
 
@@ -438,9 +438,9 @@ checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
 
 [[package]]
 name = "foldhash"
-version = "0.1.4"
+version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a0d2fde1f7b3d48b8395d5f2de76c18a528bd6a9cdde438df747bfcba3e05d6f"
+checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2"
 
 [[package]]
 name = "form_urlencoded"
@@ -546,14 +546,14 @@ dependencies = [
 
 [[package]]
 name = "getrandom"
-version = "0.3.1"
+version = "0.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "43a49c392881ce6d5c3b8cb70f98717b7c07aabbdff06687b9030dbfbe2725f8"
+checksum = "73fea8450eea4bac3940448fb7ae50d91f034f941199fcd9d909a5a07aa455f0"
 dependencies = [
  "cfg-if",
  "libc",
- "wasi 0.13.3+wasi-0.2.2",
+ "r-efi",
- "windows-targets 0.52.6",
+ "wasi 0.14.2+wasi-0.2.4",
 ]
 
 [[package]]
@@ -623,9 +623,9 @@ dependencies = [
 
 [[package]]
 name = "http"
-version = "1.2.0"
+version = "1.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f16ca2af56261c99fba8bac40a10251ce8188205a4c448fbb745a2e4daa76fea"
+checksum = "f4a85d31aea989eead29a3aaf9e1115a180df8282431156e533de47660892565"
 dependencies = [
  "bytes",
  "fnv",
@@ -644,12 +644,12 @@ dependencies = [
 
 [[package]]
 name = "http-body-util"
-version = "0.1.2"
+version = "0.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "793429d76616a256bcb62c2a2ec2bed781c8307e797e2598c50010f2bee2544f"
+checksum = "b021d93e26becf5dc7e1b75b1bed1fd93124b374ceb73f43d4d4eafec896a64a"
 dependencies = [
  "bytes",
- "futures-util",
+ "futures-core",
  "http",
  "http-body",
  "pin-project-lite",
@@ -667,12 +667,6 @@ version = "1.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"
 
-[[package]]
-name = "humantime"
-version = "2.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4"
-
 [[package]]
 name = "hyper"
 version = "1.6.0"
@@ -849,9 +843,9 @@ dependencies = [
 
 [[package]]
 name = "indexmap"
-version = "2.7.1"
+version = "2.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8c9c992b02b5b4c94ea26e32fe5bccb7aa7d9f390ab5c1221ff895bc7ea8b652"
+checksum = "3954d50fe15b02142bf25d3b8bdadb634ec3948f103d04ffe3031bc8fe9d7058"
 dependencies = [
  "equivalent",
  "hashbrown",
@@ -869,6 +863,30 @@ version = "1.0.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c"
 
+[[package]]
+name = "jiff"
+version = "0.2.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c102670231191d07d37a35af3eb77f1f0dbf7a71be51a962dcd57ea607be7260"
+dependencies = [
+ "jiff-static",
+ "log",
+ "portable-atomic",
+ "portable-atomic-util",
+ "serde",
+]
+
+[[package]]
+name = "jiff-static"
+version = "0.2.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4cdde31a9d349f1b1f51a0b3714a5940ac022976f4b49485fc04be052b183b4c"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "json-patch"
 version = "4.0.0"
@@ -902,9 +920,9 @@ dependencies = [
 
 [[package]]
 name = "libc"
-version = "0.2.170"
+version = "0.2.171"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "875b3680cb2f8f71bdcf9a30f38d48282f5d3c95cbf9b3fa57269bb5d5c06828"
+checksum = "c19937216e9d3aa9956d9bb8dfc0b0c8beb6058fc4f7a4dc4d850edf86a237d6"
 
 [[package]]
 name = "libm"
@@ -925,9 +943,9 @@ dependencies = [
 
 [[package]]
 name = "linux-raw-sys"
-version = "0.4.15"
+version = "0.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab"
+checksum = "fe7db12097d22ec582439daf8618b8fdd1a7bef6270e9af3b1ebcd30893cf413"
 
 [[package]]
 name = "litemap"
@@ -947,9 +965,9 @@ dependencies = [
 
 [[package]]
 name = "log"
-version = "0.4.26"
+version = "0.4.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "30bde2b3dc3671ae49d8e2e9f044c7c005836e7a023ee57cffa25ab82764bb9e"
+checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94"
 
 [[package]]
 name = "matchit"
@@ -1063,9 +1081,9 @@ dependencies = [
 
 [[package]]
 name = "once_cell"
-version = "1.20.3"
+version = "1.21.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "945462a4b81e43c4e3ba96bd7b49d834c6f61198356aa858733bc4acf3cbe62e"
+checksum = "d75b0bedcc4fe52caa0e03d9f1151a323e4aa5e2d78ba3580400cd3c9e2bc4bc"
 
 [[package]]
 name = "parking"
@@ -1150,6 +1168,21 @@ version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c"
 
+[[package]]
+name = "portable-atomic"
+version = "1.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "350e9b48cbc6b0e028b0473b114454c6316e57336ee184ceab6e53f72c178b3e"
+
+[[package]]
+name = "portable-atomic-util"
+version = "0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d8a2f0d8d040d7848a709caf78912debcc3f33ee4b3cac47d73d1e1069e83507"
+dependencies = [
+ "portable-atomic",
+]
+
 [[package]]
 name = "powerfmt"
 version = "0.2.0"
@@ -1158,9 +1191,9 @@ checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
 
 [[package]]
 name = "ppv-lite86"
-version = "0.2.20"
+version = "0.2.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04"
+checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9"
 dependencies = [
  "zerocopy",
 ]
@@ -1176,13 +1209,19 @@ dependencies = [
 
 [[package]]
 name = "quote"
-version = "1.0.39"
+version = "1.0.40"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c1f1914ce909e1658d9907913b4b91947430c7d9be598b15a1912935b8c04801"
+checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d"
 dependencies = [
  "proc-macro2",
 ]
 
+[[package]]
+name = "r-efi"
+version = "5.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "74765f6d916ee2faa39bc8e68e4f3ed8949b48cccdac59983d287a7cb71ce9c5"
+
 [[package]]
 name = "rand"
 version = "0.8.5"
@@ -1253,9 +1292,9 @@ checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c"
 
 [[package]]
 name = "ring"
-version = "0.17.12"
+version = "0.17.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ed9b823fa29b721a59671b41d6b06e66b29e0628e207e8b1c3ceeda701ec928d"
+checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7"
 dependencies = [
  "cc",
  "cfg-if",
@@ -1267,9 +1306,9 @@ dependencies = [
 
 [[package]]
 name = "rsa"
-version = "0.9.7"
+version = "0.9.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "47c75d7c5c6b673e58bf54d8544a9f432e3a925b0e80f7cd3602ab5c50c55519"
+checksum = "78928ac1ed176a5ca1d17e578a1825f3d81ca54cf41053a592584b020cfd691b"
 dependencies = [
  "const-oid",
  "digest",
@@ -1293,9 +1332,9 @@ checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f"
 
 [[package]]
 name = "rustix"
-version = "0.38.44"
+version = "1.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154"
+checksum = "e56a18552996ac8d29ecc3b190b4fdbb2d91ca4ec396de7bbffaf43f3d637e96"
 dependencies = [
  "bitflags",
  "errno",
@@ -1306,9 +1345,9 @@ dependencies = [
 
 [[package]]
 name = "rustls"
-version = "0.23.23"
+version = "0.23.25"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "47796c98c480fce5406ef69d1c76378375492c3b0a0de587be0c1d9feb12f395"
+checksum = "822ee9188ac4ec04a2f0531e55d035fb2de73f18b41a63c70c2712503b6fb13c"
 dependencies = [
  "once_cell",
  "ring",
@@ -1335,9 +1374,9 @@ checksum = "917ce264624a4b4db1c364dcc35bfca9ded014d0a958cd47ad3e960e988ea51c"
 
 [[package]]
 name = "rustls-webpki"
-version = "0.102.8"
+version = "0.103.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9"
+checksum = "0aa4eeac2588ffff23e9d7a7e9b3f971c5fb5b7ebc9452745e0c232c64f83b2f"
 dependencies = [
  "ring",
  "rustls-pki-types",
@@ -1382,18 +1421,18 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
 
 [[package]]
 name = "serde"
-version = "1.0.218"
+version = "1.0.219"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e8dfc9d19bdbf6d17e22319da49161d5d0108e4188e8b680aef6299eed22df60"
+checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.218"
+version = "1.0.219"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f09503e191f4e797cb8aac08e9a4a4695c5edf6a2e70e376d961ddd5c969f82b"
+checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1747,9 +1786,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
 
 [[package]]
 name = "syn"
-version = "2.0.99"
+version = "2.0.100"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e02e925281e18ffd9d640e234264753c43edc62d64b2d4cf898f1bc5e75f3fc2"
+checksum = "b09a44accad81e1ba1cd74a32461ba89dee89095ba17b32f5d03683b1b1fc2a0"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1775,13 +1814,12 @@ dependencies = [
 
 [[package]]
 name = "tempfile"
-version = "3.17.1"
+version = "3.19.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22e5a0acb1f3f55f65cc4a866c361b2fb2a0ff6366785ae6fbb5f85df07ba230"
+checksum = "7437ac7763b9b123ccf33c338a5cc1bac6f69b45a136c19bdd8a65e3916435bf"
 dependencies = [
- "cfg-if",
  "fastrand",
- "getrandom 0.3.1",
+ "getrandom 0.3.2",
  "once_cell",
  "rustix",
  "windows-sys 0.59.0",
@@ -1829,9 +1867,9 @@ dependencies = [
 
 [[package]]
 name = "time"
-version = "0.3.39"
+version = "0.3.41"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dad298b01a40a23aac4580b67e3dbedb7cc8402f3592d7f49469de2ea4aecdd8"
+checksum = "8a7619e19bc266e0f9c5e6686659d394bc57973859340060a69221e57dbc0c40"
 dependencies = [
  "deranged",
  "itoa",
@@ -1844,15 +1882,15 @@ dependencies = [
 
 [[package]]
 name = "time-core"
-version = "0.1.3"
+version = "0.1.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "765c97a5b985b7c11d7bc27fa927dc4fe6af3a6dfb021d28deb60d3bf51e76ef"
+checksum = "c9e9a38711f559d9e3ce1cdb06dd7c5b8ea546bc90052da6d06bb76da74bb07c"
 
 [[package]]
 name = "time-macros"
-version = "0.2.20"
+version = "0.2.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e8093bc3e81c3bc5f7879de09619d06c9a5a5e45ca44dfeeb7225bae38005c5c"
+checksum = "3526739392ec93fd8b359c8e98514cb3e8e021beb4e5f597b00a0221f8ed8a49"
 dependencies = [
  "num-conv",
  "time-core",
@@ -1885,9 +1923,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 
 [[package]]
 name = "tokio"
-version = "1.43.0"
+version = "1.44.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d61fa4ffa3de412bfea335c6ecff681de2b609ba3c77ef3e00e521813a9ed9e"
+checksum = "f382da615b842244d4b8738c82ed1275e6c5dd90c459a30941cd07080b06c91a"
 dependencies = [
  "backtrace",
  "bytes",
@@ -2071,9 +2109,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
 
 [[package]]
 name = "wasi"
-version = "0.13.3+wasi-0.2.2"
+version = "0.14.2+wasi-0.2.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "26816d2e1a4a36a2940b96c5296ce403917633dff8f3440e9b236ed6f6bacad2"
+checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3"
 dependencies = [
  "wit-bindgen-rt",
 ]
@@ -2095,9 +2133,9 @@ dependencies = [
 
 [[package]]
 name = "whoami"
-version = "1.5.2"
+version = "1.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "372d5b87f58ec45c384ba03563b03544dc5fadc3983e434b286913f5b4a9bb6d"
+checksum = "6994d13118ab492c3c80c1f81928718159254c53c472bf9ce36f8dae4add02a7"
 dependencies = [
  "redox_syscall",
  "wasite",
@@ -2253,9 +2291,9 @@ checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
 
 [[package]]
 name = "wit-bindgen-rt"
-version = "0.33.0"
+version = "0.39.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3268f3d866458b787f390cf61f4bbb563b922d091359f9608842999eaee3943c"
+checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1"
 dependencies = [
  "bitflags",
 ]
@@ -2298,19 +2336,18 @@ dependencies = [
 
 [[package]]
 name = "zerocopy"
-version = "0.7.35"
+version = "0.8.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0"
+checksum = "2586fea28e186957ef732a5f8b3be2da217d65c5969d4b1e17f973ebbe876879"
 dependencies = [
- "byteorder",
  "zerocopy-derive",
 ]
 
 [[package]]
 name = "zerocopy-derive"
-version = "0.7.35"
+version = "0.8.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
+checksum = "a996a8f63c5c4448cd959ac1bab0aaa3306ccfd060472f85943ee0750f0169be"
 dependencies = [
  "proc-macro2",
  "quote",

Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "rvault-server"
 version = "0.1.0"
-edition = "2021"
+edition = "2024"
 
 [dependencies]
 log = "0.4.21"

Containerfile

@@ -1,9 +1,12 @@
-FROM docker.io/library/rust:1-alpine3.19 AS builder
+ARG alpine_version=3.21
+
+FROM docker.io/library/rust:1-alpine${alpine_version} AS builder
 
 WORKDIR /src
 RUN apk add --no-cache musl-dev
 
 RUN cargo install sqlx-cli --no-default-features --features sqlite
+# Required for compile-time schemata checks of migrations
 ENV DATABASE_URL=sqlite:/tmp/rvault.db
 RUN touch /tmp/rvault.db
 
@@ -13,6 +16,7 @@ RUN --mount=type=cache,target=/usr/local/cargo/registry \
     cargo fetch --locked --target $(rustc -vV | sed -n 's|host: ||p') && \
     rm src/main.rs
 
+# Required for compile-time checks of query - database-schema compatibility 
 COPY migrations migrations
 RUN cargo sqlx migrate run
 
@@ -20,9 +24,9 @@ COPY src src
 RUN --mount=type=cache,target=/usr/local/cargo/registry \
     cargo build --release --locked
 
-FROM docker.io/library/alpine:3.19 AS runner
+FROM docker.io/library/alpine:${alpine_version} AS runner
 # FROM scratch AS runner
 
-COPY --from=builder /src/target/release/rvault-server /usr/local/bin/rvault-server
+COPY --from=builder /src/target/release/rvault-server /usr/bin/rvault-server
 
-CMD ["/usr/local/bin/rvault-server"]
+CMD ["/usr/bin/rvault-server"]

Justfile

@@ -1,6 +1,6 @@
 
 build_tests:
-    podman build -t rvault-go-tests -f ./go_client/Containerfile ./go_client
+    podman build -t rvault-go-tests -f ./go_tests/Containerfile ./go_tests
 
 run_tests: build_tests
     podman run --rm -it --net=host rvault-go-tests

go_client/TODO.md

@@ -1,14 +0,0 @@
-# Testing module proposals
-
-- Basic API calls
-    - Login/logout
-- kv IO test module
-- Token
-    - Lookup
-    - Generation
-
-(- TLS module)
-(- Auth module)
-
-
-==> Nur KvV2 testen

go_client/main.go

@@ -1,29 +0,0 @@
-package main
-
-import (
-	"log"
-	"log/slog"
-	"time"
-
-	"github.com/hashicorp/vault-client-go"
-)
-
-// vault cmd args: >vault server -dev -dev-root-token-id="my-token"
-
-func main() {
-	slog.Info("run tests in tests/ with >go test")
-	// prepare a client with the given base address
-	client, err := vault.New(
-		vault.WithAddress("http://localhost:8200"),
-		vault.WithRequestTimeout(30*time.Second),
-	)
-	if err != nil {
-		log.Fatal(err)
-	}
-	log.Println("client prepared")
-
-	// authenticate with a root token (insecure)
-	if err := client.SetToken("my-token"); err != nil {
-		log.Fatal(err)
-	}
-}

go_tests/go.mod

@@ -2,9 +2,12 @@ module github.com/C0ffeeCode/rvault/go_client
 
 go 1.21.9
 
-require github.com/hashicorp/vault-client-go v0.4.3
+// require github.com/hashicorp/vault-client-go v0.4.3
 
-require github.com/hashicorp/vault/api v1.16.0
+require (
+	github.com/hashicorp/vault-client-go v0.4.3
+	github.com/hashicorp/vault/api v1.16.0
+)
 
 require (
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect

go_tests/go.sum

@@ -6,20 +6,24 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
+github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
 github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U=
 github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
+github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw=
+github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI=
+github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
-github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
+github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=
-github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
 github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
 github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
@@ -38,7 +42,11 @@ github.com/hashicorp/vault-client-go v0.4.3/go.mod h1:4tDw7Uhq5XOxS1fO+oMtotHL7j
 github.com/hashicorp/vault/api v1.16.0 h1:nbEYGJiAPGzT9U4oWgaaB0g+Rj8E59QuHKyA5LhwQN4=
 github.com/hashicorp/vault/api v1.16.0/go.mod h1:KhuUhzOD8lDSk29AtzNjgAu2kxRA9jL9NAbkFlqvkBA=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
@@ -53,18 +61,14 @@ github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFo
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
 golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
 golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
 golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
-golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
 golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=

go_tests/main.go

@@ -0,0 +1,26 @@
+package main
+
+import (
+	"log/slog"
+	// "github.com/openbao/openbao"
+)
+
+// vault cmd args: >vault server -dev -dev-root-token-id="my-token"
+
+func main() {
+	slog.Info("run tests in tests/ with >go test")
+	// // prepare a client with the given base address
+	// client, err := vault.New(
+	// 	vault.WithAddress("http://localhost:8200"),
+	// 	vault.WithRequestTimeout(30*time.Second),
+	// )
+	// if err != nil {
+	// 	log.Fatal(err)
+	// }
+	// log.Println("client prepared")
+
+	// // authenticate with a root token (insecure)
+	// if err := client.SetToken("my-token"); err != nil {
+	// 	log.Fatal(err)
+	// }
+}

go_tests/tests/secret_test.go

@@ -11,15 +11,12 @@ import (
 	// "github.com/hashicorp/vault-client-go"
 	// "github.com/hashicorp/vault-client-go/schema"
 	vault "github.com/hashicorp/vault/api"
+	// vault "github.com/openbao/openbao/api/v2"
 )
 
 var client *vault.Client
 var ctx context.Context
 
-// Apparently used as a default if mountpath is an empty string (client library)
-var mountpath = "/kv-v2"
-var mountpath2 = "/some"
-
 func TestMain(m *testing.M) {
 	ctx = context.Background()
 	var err error
@@ -82,6 +79,10 @@ func kv2Delete(t *testing.T, mount string, path string) {
 // https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#create-update-secret
 // @Philip der Path steht in der KvV2Write Methode
 func TestWriteSecret(t *testing.T) {
+	// Apparently used as a default if mountpath is an empty string (client library)
+	var mountpath = "/kv-v2"
+	var mountpath2 = "/some"
+
 	// Path foo
 	t.Logf("Writing to first KV2 engine at %s...", mountpath)
 	kv2Write(t, mountpath, "foo")

migrations/20240501152243_KvSecret.sql

@@ -20,7 +20,7 @@ CREATE TABLE kv2_secret_version (
     engine_path TEXT NOT NULL,
     secret_path TEXT NOT NULL,
 
-    version_number INTEGER NOT NULL,
+    version_number INTEGER NOT NULL CHECK ( version_number > 0 ),
     secret_data TEXT NOT NULL,
     created_time DATETIME NOT NULL,
     deletion_time DATETIME,

src/engines/kv.rs

@@ -1,45 +1,33 @@
-// TODO: Remove
+mod structs;
-#![allow(dead_code)]
+mod data;
-
+mod meta;
-pub mod logic;
-pub mod structs;
 
 // #[cfg(test)]
 // mod tests;
 
-
+use crate::storage::DatabaseDriver;
-use crate::{
-    common::HttpError,
-    engines::kv::{logic::body_to_json, structs::*},
-    storage::DatabaseDriver,
-};
 use axum::{
+    Router,
     extract::{Path, State},
-    http::StatusCode,
-    response::{IntoResponse, NoContent, Response},
     routing::*,
-    Extension, Json, Router,
 };
-use log::{error, info, warn};
-use time::UtcDateTime;
-
-use super::EnginePath;
 
 pub fn kv_router(pool: DatabaseDriver) -> Router {
     Router::new()
         .route("/config", get(get_config))
         .route("/config", post(post_config))
-        .route("/data/{*path}", get(get_data))
+        .route("/data/{*path}", get(data::get_data))
         // .route("/:mount_path/data/*path/", get(get_data))
-        .route("/data/{*path}", post(post_data))
+        .route("/data/{*path}", post(data::post_data))
-        .route("/data/{*path}", put(post_data))
+        // Why does HC V SDK expect PUT instead of POST - neither in the docs nor spec
-        .route("/data/{*path}", delete(delete_data))
+        .route("/data/{*path}", put(data::post_data))
-        .route("/delete/{*path}", post(delete_path))
+        .route("/data/{*path}", delete(data::delete_data))
-        .route("/destroy/{*path}", post(destroy_path))
+        .route("/delete/{*path}", post(meta::delete_path))
-        .route("/metadata/{*path}", get(get_meta))
+        .route("/destroy/{*path}", post(meta::destroy_path))
+        .route("/metadata/{*path}", get(meta::get_meta))
         // .route("/:mount_path/metadata/*path/", get(get_meta))
-        .route("/metadata/{*path}", post(post_meta))
+        .route("/metadata/{*path}", post(meta::post_meta))
-        .route("/metadata/{*path}", delete(delete_meta))
+        .route("/metadata/{*path}", delete(meta::delete_meta))
         .route("/subkeys/{*path}", get(get_subkeys))
         .route("/undelete/{*path}", post(post_undelete))
         .with_state(pool)
@@ -53,241 +41,6 @@ async fn post_config() -> &'static str {
     todo!("not implemented")
 }
 
-async fn get_data(
-    State(pool): State<DatabaseDriver>,
-    Path(path): Path<String>,
-    Extension(EnginePath(engine_path)): Extension<EnginePath>,
-) -> Result<Response, ()> {
-    log::trace!("AAAAAAAAAAAAAAAAAAAA! {path} of engine {engine_path}");
-
-    match sqlx::query_as!(
-        KvSecretData,
-        r#"SELECT secret_data, created_time, deletion_time, version_number, secret_path
-        FROM kv2_secret_version WHERE engine_path = $1 AND secret_path = $2 AND deletion_time IS NULL
-        ORDER BY version_number DESC LIMIT 1"#,
-        engine_path, path
-    )
-    .fetch_one(&pool)
-    .await
-    {
-        Ok(secret_content) => {
-            // let version: i64 = v.get("version_number");
-            // let secret_content: HashMap<String, String> = HashMap::from([
-            //     // TODO: use sqlx to parse the row to a struct, do not do it manually
-            //     ("secret_data".to_string(), v.get("secret_data")),
-            //     ("created_time".to_string(), v.get("created_time")),
-            //     ("deletion_time".to_string(), v.get("deletion_time")),
-            //     ("version_number".to_string(), version.to_string()),
-            //     ("secret_path".to_string(), v.get("secret_path")),
-            // ]);
-
-            let data = Wrapper {
-                data: serde_json::from_str(&secret_content.secret_data).unwrap(),
-            };
-            let return_secret = KvSecretRes {
-                data,
-                options: None,
-                version: Some(secret_content.version_number)
-            };
-            let return_secret = Json(return_secret);
-            info!("{:?}", return_secret);
-
-            Ok(return_secret.into_response())
-        }
-        Err(e) => match e {
-            sqlx::Error::RowNotFound => {
-                error!("Row not found {:?}", e);
-                // let error_data: HashMap<String, String> =
-                //     HashMap::from([("error".to_string(), "Secret not found".to_string())]);
-                // let error_secret = KvSecretRes {
-                //     data: error_data,
-                //     options: None,
-                // };
-                Ok(HttpError::simple(
-                    StatusCode::NOT_FOUND,
-                    "Secret not found within kv2 engine",
-                ))
-            }
-            _ => panic!("{e:?}"),
-        },
-    }
-}
-
-async fn post_data(
-    State(pool): State<DatabaseDriver>,
-    Path(kv_path): Path<String>,
-    Extension(EnginePath(engine_path)): Extension<EnginePath>,
-    Json(secret): Json<KvV2WriteRequest>,
-) -> Result<Response, ()> {
-    log::debug!(
-        "Engine: {}, Secret: {}, Content: {}, Version: {:?}, path: {}",
-        engine_path,
-        kv_path,
-        secret.data,
-        secret.version, //.unwrap_or(0),
-        kv_path
-    );
-
-    let created_time = time::UtcDateTime::now();
-    let ts = created_time.unix_timestamp();
-
-    let mut tx = pool.begin().await.unwrap();
-
-    let res_m = sqlx::query!("
-        INSERT INTO kv2_metadata (engine_path, secret_path, cas_required, created_time, max_versions, updated_time)
-        VALUES ($1, $2, 0, $3, 100, $3)
-        ON CONFLICT(engine_path, secret_path) DO NOTHING;
-    ", engine_path, kv_path, ts).execute(&mut *tx).await.unwrap();
-
-    let res_r = sqlx::query_file!(
-        "src/engines/kv/post_secret.sql",
-        engine_path,
-        kv_path,
-        secret.data,
-        ts,
-        secret.version,
-    )
-    .fetch_one(&mut *tx)
-    .await
-    .unwrap();
-
-    tx.commit().await.expect("FAILED TO WRITE TX!");
-
-    warn!("test: {res_m:?} {res_r:?} {}", res_r.version_number);
-
-    let res = KvV2WriteResponse {
-        created_time: created_time.into(),
-        custom_metadata: None,
-        deletion_time: None,
-        destroyed: false,
-        version: res_r.version_number,
-    };
-
-    Ok(Json(res).into_response())
-}
-
-/* mock for return
-async fn post_data(
-    Path(kv_path): Path<String>,
-    Extension(mount_path): Extension<String>,
-    Json(body): Json<KvSecretReq>,
-) -> Json<KvSecretRes> {
-    trace!(
-        "Secret: {}, Content: {:#?}, path: {}",
-        kv_path,
-        body.data,
-        // body.version.unwrap_or(0),
-        mount_path,
-    );
-
-    let res = KvSecretRes {
-        data: KvSecretResData {
-            created_time: chrono::Utc::now(),
-            custom_metadata: None,
-            deletion_time: None,
-            destroyed: false,
-            version: 1,
-        },
-    };
-
-    Json(res)
-} */
-
-/// TODO: soft delete the secret version at path. can be undone with undelete_secret
-// https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#delete-latest-version-of-secret
-// https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#delete-secret-versions
-async fn delete_data(
-    State(pool): State<DatabaseDriver>,
-    Path(path): Path<String>,
-    Extension(EnginePath(engine_path)): Extension<EnginePath>,
-) -> Result<Response, Response> {
-    log::debug!("Secret: {}, path: {}", path, path);
-
-    let del_time = UtcDateTime::now().unix_timestamp();
-
-    let mut tx = pool.begin().await.unwrap();
-
-    // TODO: Find a better way
-    let latest_version = sqlx::query!(
-        r#"
-        SELECT version_number AS latest_version FROM kv2_secret_version
-        WHERE engine_path = $1 AND secret_path = $2 AND deletion_time IS NULL
-        ORDER BY version_number DESC LIMIT 1"#,
-        engine_path,
-        path,
-    )
-    .fetch_optional(&mut *tx)
-    .await
-    .unwrap();
-
-    let latest_version = match latest_version {
-        Some(v) => v.latest_version,
-        None => {
-            return Err(HttpError::simple(
-                StatusCode::NOT_FOUND,
-                "No secret version found which could be deleted",
-            ));
-        }
-    };
-
-    let u = sqlx::query!(
-        r#"
-        UPDATE kv2_secret_version
-        SET deletion_time = $4
-        WHERE engine_path = $1 AND secret_path = $2
-            AND version_number = $3
-        "#,
-        engine_path,
-        path,
-        latest_version,
-        del_time
-    )
-    .execute(&mut *tx)
-    .await;
-
-    if let Err(e) = u {
-        error!("Strange - a version to be deleted has been found but could not be found to set deletion.\n\t{e:?}");
-        // Not commited transactions will be aborted upon drop
-        // tx.rollback().await.unwrap();
-        return Err(HttpError::simple(
-            StatusCode::INTERNAL_SERVER_ERROR,
-            "A version to be deleted was found but could not be deleted",
-        ));
-    }
-
-    tx.commit().await.unwrap();
-
-    info!("Secret {path} version {latest_version} of {engine_path} engine deleted! {u:?}");
-
-    Ok(NoContent.into_response())
-}
-
-async fn delete_path() -> &'static str {
-    todo!("not implemented")
-}
-
-async fn destroy_path() -> &'static str {
-    todo!("not implemented")
-}
-
-async fn get_meta() -> &'static str {
-    todo!("not implemented")
-}
-
-async fn post_meta(
-    State(pool): State<DatabaseDriver>,
-    Path((mount_path, kv_path)): Path<(String, String)>,
-    body: String,
-) -> &'static str {
-    let body_json = body_to_json(body);
-    let meta_data: SecretMeta = Default::default();
-    todo!("not implemented")
-}
-
-async fn delete_meta() -> &'static str {
-    todo!("not implemented")
-}
-
 async fn get_subkeys() -> &'static str {
     todo!("not implemented")
 }

src/engines/kv/data.rs

@@ -0,0 +1,215 @@
+use super::structs::KvV2WriteRequest;
+use crate::{
+    DatabaseDriver,
+    common::HttpError,
+    engines::{
+        EnginePath,
+        kv::structs::{KvSecretData, KvSecretRes, KvV2WriteResponse, Wrapper},
+    },
+};
+use axum::{
+    Extension, Json,
+    extract::{Path, Query, State},
+    http::StatusCode,
+    response::{IntoResponse, NoContent, Response},
+};
+use log::{error, info, warn};
+use serde::Deserialize;
+use time::UtcDateTime;
+
+#[derive(Deserialize)]
+pub struct GetDataQuery {
+    #[serde(default)]
+    /// Version of secret requested to be read.
+    /// Default `0`, to get the most recent version.
+    pub version: u32,
+}
+
+pub async fn get_data(
+    State(pool): State<DatabaseDriver>,
+    Query(params): Query<GetDataQuery>,
+    Path(path): Path<String>,
+    Extension(EnginePath(engine_path)): Extension<EnginePath>,
+) -> Result<Response, ()> {
+    let res = if params.version == 0 {
+        // With specific version
+        sqlx::query_as!(
+            KvSecretData,
+            r#"SELECT secret_data, created_time, deletion_time, version_number, secret_path
+            FROM kv2_secret_version WHERE engine_path = $1 AND secret_path = $2 AND deletion_time IS NULL
+                AND version_number = $3"#,
+            engine_path, path, params.version).fetch_one(&pool).await
+    } else {
+        // Without specific version
+        sqlx::query_as!(
+            KvSecretData,
+            r#"SELECT secret_data, created_time, deletion_time, version_number, secret_path
+            FROM kv2_secret_version WHERE engine_path = $1 AND secret_path = $2 AND deletion_time IS NULL
+            ORDER BY version_number DESC LIMIT 1"#,
+            engine_path, path).fetch_one(&pool).await
+    };
+
+    match res {
+        Ok(secret_content) => {
+            let data = Wrapper {
+                data: serde_json::from_str(&secret_content.secret_data).unwrap(),
+            };
+            let return_secret = KvSecretRes {
+                data,
+                options: None,
+                version: Some(secret_content.version_number),
+            };
+            let return_secret = Json(return_secret);
+            info!("{:?}", return_secret);
+
+            Ok(return_secret.into_response())
+        }
+        Err(e) => match e {
+            sqlx::Error::RowNotFound => {
+                error!("Row not found {:?}", e);
+                Ok(HttpError::simple(
+                    StatusCode::NOT_FOUND,
+                    "Secret not found within kv2 engine",
+                ))
+            }
+            _ => panic!("{e:?}"),
+        },
+    }
+}
+
+pub async fn post_data(
+    State(pool): State<DatabaseDriver>,
+    Path(kv_path): Path<String>,
+    Extension(EnginePath(engine_path)): Extension<EnginePath>,
+    Json(secret): Json<KvV2WriteRequest>,
+) -> Result<Response, ()> {
+    log::debug!(
+        "Engine: {}, Secret: {}, Content: {}, Version: {:?}, path: {}",
+        engine_path,
+        kv_path,
+        secret.data,
+        secret.version, //.unwrap_or(0),
+        kv_path
+    );
+
+    let created_time = time::UtcDateTime::now();
+    let ts = created_time.unix_timestamp();
+
+    let mut tx = pool.begin().await.unwrap();
+
+    let res_m = sqlx::query!("
+        INSERT INTO kv2_metadata (engine_path, secret_path, cas_required, created_time, max_versions, updated_time)
+        VALUES ($1, $2, 0, $3, 100, $3)
+        ON CONFLICT(engine_path, secret_path) DO NOTHING;
+    ", engine_path, kv_path, ts).execute(&mut *tx).await.unwrap();
+
+    let res_r = sqlx::query_file!(
+        "src/engines/kv/post_secret.sql",
+        engine_path,
+        kv_path,
+        secret.data,
+        ts,
+        secret.version,
+    )
+    .fetch_one(&mut *tx)
+    .await
+    .unwrap();
+
+    tx.commit().await.expect("FAILED TO WRITE TX!");
+
+    warn!("test: {res_m:?} {res_r:?} {}", res_r.version_number);
+
+    let res = KvV2WriteResponse {
+        created_time: created_time.into(),
+        custom_metadata: None,
+        deletion_time: None,
+        destroyed: false,
+        version: res_r.version_number,
+    };
+
+    Ok(Json(res).into_response())
+}
+
+/// TODO: soft delete the secret version at path. can be undone with undelete_secret
+// https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#delete-latest-version-of-secret
+// https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#delete-secret-versions
+pub async fn delete_data(
+    State(pool): State<DatabaseDriver>,
+    Path(path): Path<String>,
+    Extension(EnginePath(engine_path)): Extension<EnginePath>,
+) -> Result<Response, Response> {
+    log::debug!("Secret: {}, path: {}", path, path);
+
+    let del_time = UtcDateTime::now().unix_timestamp();
+
+    let mut tx = pool.begin().await.unwrap();
+
+    // TODO: Find a better way
+    let latest_version = sqlx::query!(
+        r#"
+        SELECT version_number AS latest_version FROM kv2_secret_version
+        WHERE engine_path = $1 AND secret_path = $2 AND deletion_time IS NULL
+        ORDER BY version_number DESC LIMIT 1"#,
+        engine_path,
+        path,
+    )
+    .fetch_optional(&mut *tx)
+    .await
+    .unwrap();
+
+    let latest_version = match latest_version {
+        Some(v) => v.latest_version,
+        None => {
+            return Err(HttpError::simple(
+                StatusCode::NOT_FOUND,
+                "No secret version found which could be deleted",
+            ));
+        }
+    };
+
+    let u = sqlx::query!(
+        r#"
+        UPDATE kv2_secret_version
+        SET deletion_time = $4
+        WHERE engine_path = $1 AND secret_path = $2
+            AND version_number = $3
+        "#,
+        engine_path,
+        path,
+        latest_version,
+        del_time
+    )
+    .execute(&mut *tx)
+    .await;
+
+    if let Err(e) = u {
+        error!(
+            "Strange - a version to be deleted has been found but could not be found to set deletion.\n\t{e:?}"
+        );
+        // Not commited transactions will be aborted upon drop
+        // tx.rollback().await.unwrap();
+        return Err(HttpError::simple(
+            StatusCode::INTERNAL_SERVER_ERROR,
+            "A version to be deleted was found but could not be deleted",
+        ));
+    }
+
+    tx.commit().await.unwrap();
+
+    info!("Secret {path} version {latest_version} of {engine_path} engine deleted! {u:?}");
+
+    Ok(NoContent.into_response())
+}
+
+
+// Not 
+pub async fn patch_data(
+    State(pool): State<DatabaseDriver>,
+    Path(kv_path): Path<String>,
+    Extension(EnginePath(engine_path)): Extension<EnginePath>,
+    Json(secret): Json<KvV2WriteRequest>,
+) -> Result<Response, ()> {
+    // TODO: implement only application/merge-patch+json
+    todo!("Not implemented")
+}
+

src/engines/kv/logic.rs

@@ -1,56 +0,0 @@
-use serde_json::Value;
-
-use super::structs::*;
-
-// TODO create default function
-
-#[deprecated(note = "Use Axum functionality with structs instead, also, this should be inlined if it is actually needed")]
-/// serialize secret to JSON String
-pub fn serialize_secret_json(secret: &KvSecretRes) -> Result<String, serde_json::Error> {
-    serde_json::to_string(&secret)
-}
-
-#[deprecated(note = "Use Axum functionality with structs instead, also, this should be inlined if it is actually needed")]
-/// deserialize JSON String to secret
-pub fn deserialize_secret_struct(raw: &str) -> Result<KvSecretRes, serde_json::Error> {
-    serde_json::from_str(raw)
-}
-
-#[deprecated(note = "Use Axum functionality with structs instead, also, this should be inlined if it is actually needed")]
-/// serialize metadata to JSON String
-pub fn serialize_metadata_json(secret: &SecretMeta) -> Result<String, serde_json::Error> {
-    serde_json::to_string(&secret)
-}
-
-#[deprecated(note = "Use Axum functionality with structs instead, also, this should be inlined if it is actually needed")]
-/// deserialize JSON String to metadata
-pub fn deserialize_metadata_struct(raw: &str) -> Result<SecretMeta, serde_json::Error> {
-    serde_json::from_str(raw)
-}
-
-#[deprecated(note = "Propably not needed (remove deprecation if actually needed)")]
-/// Consider:
-/// Instead of patching JSON, we should apply the modified fields directly to the database
-pub fn patch_metadata(
-    old: &mut SecretMeta,
-    new: &SecretMeta,
-) -> Result<SecretMeta, serde_json::Error> {
-    let mut patch = serde_json::to_value(old)?; // ? operator is cool: returns early if error was detected
-    let new_json = serde_json::to_value(new)?;
-    json_patch::merge(&mut patch, &new_json);
-    serde_json::from_value(patch)
-}
-
-#[deprecated(note = "DO NOT USE: Use Axum extractors to structs instead")]
-#[allow(unreachable_code, unused_variables)]
-/// See [JSON extractor documentation](https://docs.rs/axum/latest/axum/struct.Json.html#extractor-example)
-pub fn body_to_json(body: String) -> Value {
-    todo!("REMOVE: Use Axum extractors to structs instead");
-    match serde_json::from_str::<serde_json::Value>(body.as_str()) {
-        Ok(val) => val,
-        Err(e) => {
-            log::debug!("Faulty result from conversion: {:?}", e);
-            "Error converting body".into()
-        }
-    }
-}

src/engines/kv/meta.rs

@@ -0,0 +1,26 @@
+use crate::storage::DatabaseDriver;
+use axum::extract::{Path, State};
+
+pub async fn delete_path() -> &'static str {
+    todo!("not implemented")
+}
+
+pub async fn destroy_path() -> &'static str {
+    todo!("not implemented")
+}
+
+pub async fn get_meta() -> &'static str {
+    todo!("not implemented")
+}
+
+pub async fn post_meta(
+    State(pool): State<DatabaseDriver>,
+    Path((mount_path, kv_path)): Path<(String, String)>,
+    body: String,
+) -> &'static str {
+    todo!("not implemented")
+}
+
+pub async fn delete_meta() -> &'static str {
+    todo!("not implemented")
+}

src/engines/kv/post_secret.sql

@@ -12,7 +12,7 @@ VALUES (
     $4, -- created_time
     CASE -- Use provided version if given
         WHEN $5 IS NOT NULL THEN $5 -- version_number (optional)
-        ELSE COALESCE((SELECT max_version FROM latest_version) + 1, 0)
+        ELSE COALESCE((SELECT max_version FROM latest_version) + 1, 1) -- otherwise 1
     END -- version_number logic
 )
 RETURNING version_number;

src/engines/kv/structs.rs

@@ -1,5 +1,4 @@
 use serde::{Deserialize, Serialize};
-use sqlx::FromRow;
 use std::{collections::HashMap, vec};
 use time::{OffsetDateTime, UtcDateTime, serde::rfc3339};