fix: experiment with WASI

NOTE: it is a no go - but still valuable insight into sandboxing by the runtime

Author: dnitsch

cmd/configmanager/configmanager.go

@@ -73,7 +73,7 @@ func cmdutilsInit(rootCmd *Root, cmd *cobra.Command, path string) (*cmdutils.Cmd
 
 	cm := configmanager.New(cmd.Context())
 	cm.Config.WithTokenSeparator(rootCmd.rootFlags.tokenSeparator).WithOutputPath(path).WithKeySeparator(rootCmd.rootFlags.keySeparator).WithEnvSubst(rootCmd.rootFlags.enableEnvSubst)
-	gnrtr := generator.NewGenerator(cmd.Context(), func(gv *generator.GenVars) {
+	gnrtr := generator.New(cmd.Context(), func(gv *generator.Generator) {
 		if rootCmd.rootFlags.verbose {
 			rootCmd.logger.SetLevel(log.DebugLvl)
 		}

configmanager.go

@@ -46,7 +46,7 @@ type ConfigManager struct {
 func New(ctx context.Context) *ConfigManager {
 	cm := &ConfigManager{}
 	cm.Config = config.NewConfig()
-	cm.generator = generator.NewGenerator(ctx).WithConfig(cm.Config)
+	cm.generator = generator.New(ctx).WithConfig(cm.Config)
 	cm.logger = log.New(io.Discard)
 	return cm
 }

generator/generator.go

@@ -17,32 +17,32 @@ import (
 	"github.com/DevLabFoundry/configmanager/v3/internal/strategy"
 )
 
-// GenVars is the main struct holding the
+// Generator is the main struct holding the
 // strategy patterns iface
 // any initialised config if overridded with withers
 // as well as the final outString and the initial rawMap
 // which wil be passed in a loop into a goroutine to perform the
 // relevant strategy network calls to the config store implementations
-type GenVars struct {
+type Generator struct {
 	Logger   log.ILogger
 	strategy strategy.StrategyFuncMap
 	ctx      context.Context
 	config   config.GenVarsConfig
 }
 
-type Opts func(*GenVars)
+type Opts func(*Generator)
 
-// NewGenerator returns a new instance of Generator
+// New returns a new instance of Generator
 // with a default strategy pattern wil be overwritten
 // during the first run of a found tokens map
-func NewGenerator(ctx context.Context, opts ...Opts) *GenVars {
+func New(ctx context.Context, opts ...Opts) *Generator {
 	// defaultStrategy := NewDefatultStrategy()
-	return newGenVars(ctx, opts...)
+	return new(ctx, opts...)
 }
 
-func newGenVars(ctx context.Context, opts ...Opts) *GenVars {
+func new(ctx context.Context, opts ...Opts) *Generator {
 	conf := config.NewConfig()
-	g := &GenVars{
+	g := &Generator{
 		Logger: log.New(io.Discard),
 		ctx:    ctx,
 		// return using default config
@@ -61,13 +61,13 @@ func newGenVars(ctx context.Context, opts ...Opts) *GenVars {
 // WithStrategyMap
 //
 // Adds addtional funcs for storageRetrieval used for testing only
-func (c *GenVars) WithStrategyMap(sm strategy.StrategyFuncMap) *GenVars {
+func (c *Generator) WithStrategyMap(sm strategy.StrategyFuncMap) *Generator {
 	c.strategy = sm
 	return c
 }
 
 // WithConfig uses custom config
-func (c *GenVars) WithConfig(cfg *config.GenVarsConfig) *GenVars {
+func (c *Generator) WithConfig(cfg *config.GenVarsConfig) *Generator {
 	// backwards compatibility
 	if cfg != nil {
 		c.config = *cfg
@@ -76,21 +76,21 @@ func (c *GenVars) WithConfig(cfg *config.GenVarsConfig) *GenVars {
 }
 
 // WithContext uses caller passed context
-func (c *GenVars) WithContext(ctx context.Context) *GenVars {
+func (c *Generator) WithContext(ctx context.Context) *Generator {
 	c.ctx = ctx
 	return c
 }
 
 // Config gets Config on the GenVars
-func (c *GenVars) Config() *config.GenVarsConfig {
+func (c *Generator) Config() *config.GenVarsConfig {
 	return &c.config
 }
 
 // Generate generates a k/v map of the tokens with their corresponding secret/paramstore values
 // the standard pattern of a token should follow a path like string
 //
 // Called only from a slice of tokens
-func (c *GenVars) Generate(tokens []string) (ReplacedToken, error) {
+func (c *Generator) Generate(tokens []string) (ReplacedToken, error) {
 
 	ntm, err := c.DiscoverTokens(strings.Join(tokens, "\n"))
 	if err != nil {
@@ -112,7 +112,7 @@ var ErrTokenDiscovery = errors.New("failed to discover tokens")
 // the standard pattern of a token should follow a path like string
 //
 // Called only from a slice of tokens
-func (c *GenVars) DiscoverTokens(text string) (NormalizedTokenSafe, error) {
+func (c *Generator) DiscoverTokens(text string) (NormalizedTokenSafe, error) {
 
 	rtm := NewRawTokenConfig()
 
@@ -144,7 +144,7 @@ func IsParsed(v any, trm ReplacedToken) bool {
 // Captures the response/error in TokenResponse struct
 // It then denormalizes the NormalizedTokenSafe back to a ReplacedToken map
 // which stores the values for each token to be returned to the caller
-func (c *GenVars) generate(ntm NormalizedTokenSafe) (ReplacedToken, error) {
+func (c *Generator) generate(ntm NormalizedTokenSafe) (ReplacedToken, error) {
 	if len(ntm.normalizedTokenMap) < 1 {
 		c.Logger.Debug("no replaceable tokens found in input")
 		return nil, nil
@@ -232,7 +232,7 @@ func (n NormalizedTokenSafe) GetMap() map[string]*NormalizedToken {
 	return n.normalizedTokenMap
 }
 
-func (c *GenVars) NormalizeRawToken(rtm *RawTokenConfig) NormalizedTokenSafe {
+func (c *Generator) NormalizeRawToken(rtm *RawTokenConfig) NormalizedTokenSafe {
 	ntm := NormalizedTokenSafe{mu: &sync.Mutex{}, normalizedTokenMap: make(map[string]*NormalizedToken)}
 
 	for _, r := range rtm.RawTokenMap() {

generator/generator_test.go

@@ -34,7 +34,7 @@ func TestGenerate(t *testing.T) {
 			return m, nil
 		}
 
-		g := generator.NewGenerator(context.TODO(), func(gv *generator.GenVars) {
+		g := generator.New(context.TODO(), func(gv *generator.Generator) {
 			gv.Logger = log.New(&bytes.Buffer{})
 		})
 		g.WithStrategyMap(strategy.StrategyFuncMap{config.ParamStorePrefix: custFunc})
@@ -54,7 +54,7 @@ func TestGenerate(t *testing.T) {
 			return m, nil
 		}
 
-		g := generator.NewGenerator(context.TODO())
+		g := generator.New(context.TODO())
 		g.WithStrategyMap(strategy.StrategyFuncMap{config.ParamStorePrefix: custFunc})
 		got, err := g.Generate([]string{"AWSPARAMSTR://mountPath/token"})
 
@@ -72,7 +72,7 @@ func TestGenerate(t *testing.T) {
 			return m, nil
 		}
 
-		g := generator.NewGenerator(context.TODO())
+		g := generator.New(context.TODO())
 		g.WithStrategyMap(strategy.StrategyFuncMap{config.ParamStorePrefix: custFunc})
 		got, err := g.Generate([]string{"AWSPARAMSTR://mountPath/token|key1.key2"})
 
@@ -129,7 +129,7 @@ func TestGenerate_withKeys_lookup(t *testing.T) {
 	}
 	for name, tt := range ttests {
 		t.Run(name, func(t *testing.T) {
-			g := generator.NewGenerator(context.TODO())
+			g := generator.New(context.TODO())
 			g.WithStrategyMap(strategy.StrategyFuncMap{config.ParamStorePrefix: tt.custFunc})
 			got, err := g.Generate([]string{tt.token})
 
@@ -175,7 +175,7 @@ func Test_IsParsed(t *testing.T) {
 func TestGenVars_NormalizeRawToken(t *testing.T) {
 
 	t.Run("multiple tokens", func(t *testing.T) {
-		g := generator.NewGenerator(context.TODO())
+		g := generator.New(context.TODO())
 
 		input := `GCPSECRETS:///djsfsdkjvfjkhfdvibdfinjdsfnjvdsflj
 			GCPSECRETS:///djsfsdkjvfjkhfdvibdfinjdsfnjvdsflj|a
@@ -298,7 +298,7 @@ func Test_ConfigManager_DiscoverTokens(t *testing.T) {
 	for name, tt := range ttests {
 		t.Run(name, func(t *testing.T) {
 			config.VarPrefix = map[config.ImplementationPrefix]bool{"AWSPARAMSTR": true}
-			g := generator.NewGenerator(context.TODO())
+			g := generator.New(context.TODO())
 			g.Config().WithTokenSeparator(tt.separator)
 			gdt, err := g.DiscoverTokens(tt.input)
 			if err != nil {
@@ -319,7 +319,7 @@ func Test_ConfigManager_DiscoverTokens(t *testing.T) {
 }
 
 func Test_Generate_EnsureRaceFree(t *testing.T) {
-	g := generator.NewGenerator(context.TODO())
+	g := generator.New(context.TODO())
 
 	input := `
 fg

generator/generatorvars.go

@@ -43,26 +43,6 @@ func (rtm *RawTokenConfig) RawTokenMap() map[string]*config.ParsedTokenConfig {
 	return rtm.tokenMap
 }
 
-// type tokenMapSafe struct {
-// 	mu       *sync.Mutex
-// 	tokenMap ReplacedToken
-// }
-
-// func (tms *tokenMapSafe) getTokenMap() ReplacedToken {
-// 	tms.mu.Lock()
-// 	defer tms.mu.Unlock()
-// 	return tms.tokenMap
-// }
-
-// func (tms *tokenMapSafe) addKeyVal(key *config.ParsedTokenConfig, val string) {
-// 	tms.mu.Lock()
-// 	defer tms.mu.Unlock()
-// 	// NOTE: still use the metadata in the key
-// 	// there could be different versions / labels for the same token and hence different values
-// 	// However the JSONpath look up
-// 	tms.tokenMap[key.String()] = keySeparatorLookup(key, val)
-// }
-
 // keySeparatorLookup checks if the key contains
 // keySeparator character
 // If it does contain one then it tries to parse

go.mod

@@ -1,18 +1,18 @@
 module github.com/DevLabFoundry/configmanager/v3
 
-go 1.25.3
+go 1.25.4
 
 require (
 	cloud.google.com/go/secretmanager v1.16.0
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.1
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1
 	github.com/Azure/azure-sdk-for-go/sdk/data/azappconfig v1.2.0
-	github.com/Azure/azure-sdk-for-go/sdk/data/aztables v1.4.0
+	github.com/Azure/azure-sdk-for-go/sdk/data/aztables v1.4.1
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.4.0
-	github.com/aws/aws-sdk-go-v2 v1.39.6
-	github.com/aws/aws-sdk-go-v2/config v1.31.17
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.39.11
-	github.com/aws/aws-sdk-go-v2/service/ssm v1.66.4
+	github.com/aws/aws-sdk-go-v2 v1.40.0
+	github.com/aws/aws-sdk-go-v2/config v1.32.0
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.40.1
+	github.com/aws/aws-sdk-go-v2/service/ssm v1.67.3
 	github.com/go-test/deep v1.1.1
 	github.com/googleapis/gax-go/v2 v2.15.0
 	github.com/hashicorp/vault/api v1.22.0
@@ -22,6 +22,8 @@ require (
 	gopkg.in/yaml.v3 v3.0.1
 )
 
+require github.com/aws/aws-sdk-go-v2/service/signin v1.0.1 // indirect
+
 require (
 	cloud.google.com/go/auth v0.17.0 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
@@ -32,16 +34,16 @@ require (
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 // indirect
 	github.com/a8m/envsubst v1.4.3
 	github.com/aws/aws-sdk-go v1.55.8 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.18.21 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.13 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.13 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.13 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.19.0 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.13 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.30.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.39.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.30.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.8 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.41.1 // indirect
 	github.com/aws/smithy-go v1.23.2 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/fatih/color v1.18.0 // indirect
@@ -76,23 +78,24 @@ require (
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/spf13/pflag v1.0.10 // indirect
+	github.com/tetratelabs/wazero v1.10.1
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect
 	go.opentelemetry.io/otel v1.38.0 // indirect
 	go.opentelemetry.io/otel/metric v1.38.0 // indirect
 	go.opentelemetry.io/otel/trace v1.38.0 // indirect
-	golang.org/x/crypto v0.43.0 // indirect
-	golang.org/x/net v0.46.0 // indirect
-	golang.org/x/oauth2 v0.32.0 // indirect
-	golang.org/x/sync v0.17.0 // indirect
-	golang.org/x/sys v0.37.0 // indirect
-	golang.org/x/text v0.30.0 // indirect
+	golang.org/x/crypto v0.45.0 // indirect
+	golang.org/x/net v0.47.0 // indirect
+	golang.org/x/oauth2 v0.33.0 // indirect
+	golang.org/x/sync v0.18.0 // indirect
+	golang.org/x/sys v0.38.0 // indirect
+	golang.org/x/text v0.31.0 // indirect
 	golang.org/x/time v0.14.0 // indirect
-	google.golang.org/api v0.255.0 // indirect
-	google.golang.org/genproto v0.0.0-20251103181224-f26f9409b101 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20251103181224-f26f9409b101 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20251103181224-f26f9409b101 // indirect
-	google.golang.org/grpc v1.76.0 // indirect
+	google.golang.org/api v0.256.0 // indirect
+	google.golang.org/genproto v0.0.0-20251111163417-95abcf5c77ba // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20251111163417-95abcf5c77ba // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251111163417-95abcf5c77ba // indirect
+	google.golang.org/grpc v1.77.0 // indirect
 	google.golang.org/protobuf v1.36.10 // indirect
 )