feat: implement value storage backend system

Partial implementation of #4

Core changes:
- Add ValueBackend abstract base class with key-value interface
- Add PlainTextBackend for in-memory storage
- Add comprehensive unit test suite

Documentation:
- Update ADR with value storage model and design rationale
- Enhance low-level design with implementation details
- Update architecture overview with storage components

Testing:
- Set up pytest configuration
- Add unit test structure with backend tests
- Add test coverage for base and plaintext backends

This change introduces a clean separation between configuration
management and value storage, using a simple key-value interface
that aligns well with cloud provider APIs and enables easy testing.

Part of: #4

Author: ritwik-g

docs/ADRs/001-helm-values-manager.md

@@ -25,8 +25,28 @@ We have decided to implement the **Helm Values Manager** as a **Helm plugin writ
 7. **ArgoCD Compatibility:** Generates `values.json` dynamically for GitOps workflows.
 8. **JSON for Configuration:** Using JSON for configuration files provides better schema validation and consistent parsing across different platforms.
 
+### Value Storage Model
+The system uses a key-value storage model with clean separation of concerns:
+1. **Configuration Layer**: Manages paths and environments, generating unique keys
+2. **Storage Layer**: Simple key-value interface for all backend implementations
+
+This design:
+- Simplifies backend implementations
+- Better aligns with cloud provider secret managers
+- Provides flexibility in key generation strategies
+- Enables easier testing and mocking
+
+For detailed implementation, see [Low-Level Design](../Design/low-level-design.md).
+
 ## Configuration Structure
 
+While the configuration file uses a hierarchical structure with paths and environments, internally values are stored using a key-value model. This provides:
+- Simpler backend implementations
+- Better alignment with secret manager APIs
+- Flexibility in key generation strategies
+
+See the [Low-Level Design](../Design/low-level-design.md) for implementation details.
+
 The configuration follows this structure:
 
 ```json

docs/Design/architecture-overview.md

@@ -8,7 +8,8 @@ Helm Values Manager simplifies **configuration and secret management** across mu
 The Helm plugin consists of:
 - **CLI Command Interface (Python Typer-based)**: Handles command execution.
 - **Validation Engine**: Ensures required values have values for each deployment.
-- **Value Storage Backend**: Supports AWS Secrets Manager, Azure Key Vault, HashiCorp Vault, and Git-Secrets.
+- **Configuration Manager**: Manages path/environment organization and key generation.
+- **Value Storage Backend**: Provides key-value storage through AWS Secrets Manager, Azure Key Vault, HashiCorp Vault, and Git-Secrets.
 - **values.yaml Generator**: Produces the final Helm-compatible values file.
 - **Helm Plugin System**: Integrates seamlessly with Helm commands.
 - **JSON Schema Validation**: Ensures configuration files follow the correct structure.
@@ -57,12 +58,12 @@ from abc import ABC, abstractmethod
 
 class ValueBackend(ABC):
     @abstractmethod
-    def get_value(self, path: str, environment: str) -> str:
+    def get_value(self, key: str) -> str:
         """Get a value from the secrets backend."""
         pass
 
     @abstractmethod
-    def set_value(self, path: str, environment: str, value: str) -> None:
+    def set_value(self, key: str, value: str) -> None:
         """Set a value in the secrets backend."""
         pass
 ```

docs/Design/low-level-design.md

@@ -38,35 +38,37 @@ classDiagram
 
 ### Value Storage
 
-The value storage system follows a clean separation between the domain model and storage backends:
+The value storage system follows a clean separation between the domain model and storage backends. The key design principle is separation of concerns:
+1. `HelmValuesConfig` handles the organization of values (paths and environments)
+2. `ValueBackend` focuses purely on key-value storage
 
 ```mermaid
 classDiagram
     class ValueBackend {
         <<interface>>
-        +get_value(path: str, environment: str)* str
-        +set_value(path: str, environment: str, value: str)* None
+        +get_value(key: str)* str
+        +set_value(key: str, value: str)* None
         +validate_auth_config(auth_config: dict)* None
     }
 
     class PlainTextBackend {
         -Path values_file
-        +get_value(path: str, environment: str) str
-        +set_value(path: str, environment: str, value: str) None
+        +get_value(key: str) str
+        +set_value(key: str, value: str) None
         +validate_auth_config(auth_config: dict) None
     }
 
     class AWSSecretsBackend {
         -SecretsManagerClient client
-        +get_value(path: str, environment: str) str
-        +set_value(path: str, environment: str, value: str) None
+        +get_value(key: str) str
+        +set_value(key: str, value: str) None
         +validate_auth_config(auth_config: dict) None
     }
 
     class AzureKeyVaultBackend {
         -KeyVaultClient client
-        +get_value(path: str, environment: str) str
-        +set_value(path: str, environment: str, value: str) None
+        +get_value(key: str) str
+        +set_value(key: str, value: str) None
         +validate_auth_config(auth_config: dict) None
     }
 
@@ -75,6 +77,50 @@ classDiagram
     ValueBackend <|.. AzureKeyVaultBackend
 ```
 
+Key responsibilities:
+
+1. **HelmValuesConfig**:
+   - Maintains the path/environment organization
+   - Generates unique keys for the backend
+   - Maps keys back to path/environment structure
+   ```python
+   class HelmValuesConfig:
+       def _generate_key(self, path: str, environment: str) -> str:
+           # Could use various strategies
+           return f"{path}:{environment}"  # Simple concatenation
+           # or
+           # return hashlib.sha256(f"{path}:{environment}".encode()).hexdigest()
+
+       def get_value(self, path: str, environment: str) -> str:
+           deployment = self._get_deployment(environment)
+           backend = self._create_backend(deployment)
+           key = self._generate_key(path, environment)
+           return backend.get_value(key)
+   ```
+
+2. **ValueBackend**:
+   - Focuses purely on key-value storage
+   - Handles storage-specific authentication
+   - Manages storage operations and error handling
+   ```python
+   class ValueBackend(ABC):
+       @abstractmethod
+       def get_value(self, key: str) -> str:
+           """Get a value from storage using a unique key."""
+           pass
+
+       @abstractmethod
+       def set_value(self, key: str, value: str) -> None:
+           """Store a value using a unique key."""
+           pass
+   ```
+
+This design provides several benefits:
+1. **Clean Separation**: Each component has a single responsibility
+2. **Cloud Provider Alignment**: Better matches cloud secret manager APIs
+3. **Simplified Backend Implementation**: Reduces complexity in backends
+4. **Future Extensibility**: Easy to add new organizational schemes
+
 ### Configuration Flow
 
 The configuration flow shows how data moves through the system:
@@ -100,7 +146,8 @@ sequenceDiagram
     HelmValuesConfig->>ValueBackend: create_backend(deployment)
     activate ValueBackend
     ValueBackend->>ValueBackend: validate_auth_config()
-    ValueBackend->>Storage: read_value(path, env)
+    HelmValuesConfig->>HelmValuesConfig: generate_key(path, env)
+    ValueBackend->>Storage: read_value(key)
     Storage-->>ValueBackend: value
     ValueBackend-->>HelmValuesConfig: value
     deactivate ValueBackend
@@ -111,7 +158,8 @@ sequenceDiagram
     HelmValuesConfig->>HelmValuesConfig: validate_value(value)
     HelmValuesConfig->>ValueBackend: create_backend(deployment)
     activate ValueBackend
-    ValueBackend->>Storage: write_value(path, env, value)
+    HelmValuesConfig->>HelmValuesConfig: generate_key(path, env)
+    ValueBackend->>Storage: write_value(key, value)
     Storage-->>ValueBackend: success
     ValueBackend-->>HelmValuesConfig: success
     deactivate ValueBackend
@@ -158,7 +206,7 @@ This flow diagram shows:
            backend = self._create_backend(deployment)
 
            # Get the value through the backend
-           return backend.get_value(path, environment)
+           return backend.get_value(self._generate_key(path, environment))
    ```
 
 ### Backend Implementation
@@ -167,11 +215,11 @@ This flow diagram shows:
    ```python
    class ValueBackend(ABC):
        @abstractmethod
-       def get_value(self, path: str, environment: str) -> str:
+       def get_value(self, key: str) -> str:
            pass
 
        @abstractmethod
-       def set_value(self, path: str, environment: str, value: str) -> None:
+       def set_value(self, key: str, value: str) -> None:
            pass
 
        @abstractmethod

helm_values_manager/backends/__init__.py

@@ -0,0 +1,6 @@
+"""Value storage backends for helm-values-manager."""
+
+from .base import ValueBackend
+from .plain import PlainTextBackend
+
+__all__ = ["ValueBackend", "PlainTextBackend"]

helm_values_manager/backends/base.py

@@ -0,0 +1,67 @@
+"""Base module for value storage backends.
+
+This module provides the abstract base class for all value storage backends.
+Each backend must implement the key-value interface defined here.
+"""
+
+from abc import ABC, abstractmethod
+
+
+class ValueBackend(ABC):
+    """Abstract base class for value storage backends.
+
+    This class defines the interface that all value storage backends must implement.
+    Implementations can store values in memory, secret managers, or other storage systems.
+    The backend operates on a simple key-value model.
+    """
+
+    def __init__(self, auth_config: dict):
+        """Initialize the backend with authentication configuration.
+
+        Args:
+            auth_config: Optional authentication configuration
+        """
+        self._validate_auth_config(auth_config)
+
+    def _validate_auth_config(self, auth_config: dict) -> None:
+        """Validate the authentication configuration.
+
+        This is an internal method called during initialization.
+        Subclasses should override this to implement their specific validation.
+
+        Args:
+            auth_config: The authentication configuration to validate
+        """
+        if auth_config is None or not isinstance(auth_config, dict):
+            raise ValueError("Auth config must be a dictionary")
+
+        if "type" not in auth_config:
+            raise ValueError("Auth config must contain 'type'")
+
+        if auth_config["type"] not in ["env", "file", "direct", "managed_identity"]:
+            raise ValueError(f"Invalid auth type: {auth_config['type']}")
+
+    @abstractmethod
+    def get_value(self, key: str) -> str:
+        """Get a value from the storage backend.
+
+        Args:
+            key: The unique key to retrieve the value for
+
+        Returns:
+            The value stored in the backend
+
+        Raises:
+            ValueError: If the key doesn't exist
+        """
+        pass
+
+    @abstractmethod
+    def set_value(self, key: str, value: str) -> None:
+        """Set a value in the storage backend.
+
+        Args:
+            key: The unique key to store the value under
+            value: The value to store
+        """
+        pass

helm_values_manager/backends/plaintext.py

@@ -0,0 +1,63 @@
+"""PlainText backend for value storage.
+
+This module provides a simple in-memory key-value store implementation.
+It is suitable for development and testing environments.
+"""
+
+from typing import Dict
+
+from .base import ValueBackend
+
+
+class PlainTextBackend(ValueBackend):
+    """A backend that stores values in memory.
+
+    This backend is suitable for development and testing environments.
+    Values are stored in memory and will be lost when the process exits.
+    """
+
+    def __init__(self, auth_config: dict = None):
+        """Initialize the backend.
+
+        Args:
+            auth_config: Optional authentication configuration (not used)
+        """
+        self._values: Dict[str, str] = {}
+        super().__init__(auth_config)
+
+    def _validate_auth_config(self, auth_config: dict) -> None:
+        """Validate the authentication configuration.
+
+        For PlainTextBackend, no authentication is required.
+        Any auth config will pass validation.
+
+        Args:
+            auth_config: The authentication configuration to validate
+        """
+        pass  # No validation needed for plain text backend
+
+    def get_value(self, key: str) -> str:
+        """Get a value from memory.
+
+        Args:
+            key: The key to retrieve the value for
+
+        Returns:
+            The stored value
+
+        Raises:
+            ValueError: If the key doesn't exist
+        """
+        if key not in self._values:
+            raise ValueError(f"Key not found: {key}")
+
+        return self._values[key]
+
+    def set_value(self, key: str, value: str) -> None:
+        """Set a value in memory.
+
+        Args:
+            key: The key to store the value under
+            value: The value to store
+        """
+        self._values[key] = value

pytest.ini

@@ -0,0 +1,5 @@
+[pytest]
+testpaths = tests
+python_files = test_*.py
+python_classes = Test*
+python_functions = test_*

tests/unit/__init__.py

@@ -0,0 +1 @@
+"""Unit tests for the helm-values-manager package."""

tests/unit/backends/__init__.py

@@ -0,0 +1 @@
+"""Unit tests for the value storage backends."""