♻️ refactor: extract encrypt config into dedicated module

- Move encryption configuration files from proxy/config/ to proxy/encrypt_config/
- Rename EncryptConfig to ColumnEncryptionConfig for clarity
- Create new EncryptConfig wrapper struct in manager for better encapsulation
- Update module structure and imports throughout codebase

Author: tobyhede

packages/cipherstash-proxy/src/proxy/config/mod.rs

@@ -1,15 +1,20 @@
 use crate::{
     eql,
     error::{ConfigError, Error},
-    log::KEYSET,
 };
 use cipherstash_client::schema::{
     column::{Index, IndexType, TokenFilter, Tokenizer},
     ColumnConfig, ColumnType,
 };
 use serde::{Deserialize, Serialize};
 use std::{collections::HashMap, str::FromStr};
-use tracing::debug;
+
+#[derive(Debug, Deserialize, Serialize, Clone, Default)]
+pub struct ColumnEncryptionConfig {
+    #[serde(rename = "v")]
+    pub version: u32,
+    pub tables: Tables,
+}
 
 #[derive(Debug, Deserialize, Serialize, Clone, Default)]
 pub struct Tables(HashMap<String, Table>);
@@ -35,13 +40,6 @@ impl IntoIterator for Table {
     }
 }
 
-#[derive(Debug, Deserialize, Serialize, Clone, Default)]
-pub struct EncryptConfig {
-    #[serde(rename = "v")]
-    pub version: u32,
-    pub tables: Tables,
-}
-
 #[derive(Debug, Default, Deserialize, Serialize, Clone, PartialEq)]
 pub struct Column {
     #[serde(default)]
@@ -133,7 +131,7 @@ impl From<CastAs> for ColumnType {
     }
 }
 
-impl FromStr for EncryptConfig {
+impl FromStr for ColumnEncryptionConfig {
     type Err = Error;
 
     fn from_str(data: &str) -> Result<Self, Self::Err> {
@@ -142,7 +140,7 @@ impl FromStr for EncryptConfig {
     }
 }
 
-impl EncryptConfig {
+impl ColumnEncryptionConfig {
     pub fn is_empty(&self) -> bool {
         self.tables.0.is_empty()
     }
@@ -151,7 +149,6 @@ impl EncryptConfig {
         let mut map = HashMap::new();
         for (table_name, columns) in self.tables.into_iter() {
             for (column_name, column) in columns.into_iter() {
-                debug!(target: KEYSET, msg = "Configured column", table = table_name, column = column_name);
                 let column_config = column.into_column_config(&column_name);
                 let key = eql::Identifier::new(&table_name, &column_name);
                 map.insert(key, column_config);
@@ -201,7 +198,7 @@ mod tests {
     use super::*;
 
     fn parse(json: serde_json::Value) -> HashMap<eql::Identifier, ColumnConfig> {
-        serde_json::from_value::<EncryptConfig>(json)
+        serde_json::from_value::<ColumnEncryptionConfig>(json)
             .map(|config| config.into_config_map())
             .expect("Error ok")
     }

…proxy/src/proxy/config/encrypt_config.rs …proxy/src/proxy/encrypt_config/config.rspackages/cipherstash-proxy/src/proxy/config/encrypt_config.rs renamed to packages/cipherstash-proxy/src/proxy/encrypt_config/config.rs packages/cipherstash-proxy/src/proxy/config/encrypt_config.rs renamed to packages/cipherstash-proxy/src/proxy/encrypt_config/config.rs

@@ -12,18 +12,49 @@ use std::{collections::HashMap, sync::Arc, time::Duration};
 use tokio::{task::JoinHandle, time};
 use tracing::{debug, error, info, warn};
 
-use super::encrypt_config::EncryptConfig;
+use super::config::ColumnEncryptionConfig;
 
 ///
 /// Column configuration keyed by table name and column name
 ///    - key: `{table_name}.{column_name}`
 ///
 type EncryptConfigMap = HashMap<eql::Identifier, ColumnConfig>;
 
+#[derive(Clone, Debug)]
+pub struct EncryptConfig {
+    config: EncryptConfigMap,
+}
+
+impl EncryptConfig {
+    pub fn new_from_config(config: EncryptConfigMap) -> Self {
+        Self { config }
+    }
+
+    pub fn new() -> Self {
+        Self {
+            config: HashMap::new(),
+        }
+    }
+
+    pub fn is_empty(&self) -> bool {
+        self.config.is_empty()
+    }
+
+    pub fn get_column_config(&self, identifier: &eql::Identifier) -> Option<ColumnConfig> {
+        self.config.get(identifier).cloned()
+    }
+}
+
+impl Default for EncryptConfig {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
 #[derive(Clone, Debug)]
 pub struct EncryptConfigManager {
     config: DatabaseConfig,
-    encrypt_config: Arc<ArcSwap<EncryptConfigMap>>,
+    encrypt_config: Arc<ArcSwap<EncryptConfig>>,
     _reload_handle: Arc<JoinHandle<()>>,
 }
 
@@ -33,7 +64,7 @@ impl EncryptConfigManager {
         init_reloader(config).await
     }
 
-    pub fn load(&self) -> Arc<EncryptConfigMap> {
+    pub fn load(&self) -> Arc<EncryptConfig> {
         self.encrypt_config.load().clone()
     }
 
@@ -79,7 +110,7 @@ async fn init_reloader(config: DatabaseConfig) -> Result<EncryptConfigManager, E
                     return Err(err);
                 }
             }
-            HashMap::new()
+            EncryptConfig::new()
         }
     };
 
@@ -136,9 +167,7 @@ async fn init_reloader(config: DatabaseConfig) -> Result<EncryptConfigManager, E
 /// When databases and the proxy start up at the same time they might not be ready to accept connections before the
 /// proxy tries to query the schema. To give the proxy the best chance of initialising correctly this method will
 /// retry the query a few times before passing on the error.
-async fn load_encrypt_config_with_retry(
-    config: &DatabaseConfig,
-) -> Result<EncryptConfigMap, Error> {
+async fn load_encrypt_config_with_retry(config: &DatabaseConfig) -> Result<EncryptConfig, Error> {
     let mut retry_count = 0;
     let max_retry_count = 10;
     let max_backoff = Duration::from_secs(2);
@@ -170,21 +199,23 @@ async fn load_encrypt_config_with_retry(
     }
 }
 
-pub async fn load_encrypt_config(config: &DatabaseConfig) -> Result<EncryptConfigMap, Error> {
+pub async fn load_encrypt_config(config: &DatabaseConfig) -> Result<EncryptConfig, Error> {
     let client = connect::database(config).await?;
 
     match client.query(ENCRYPT_CONFIG_QUERY, &[]).await {
         Ok(rows) => {
             if rows.is_empty() {
-                return Ok(EncryptConfigMap::new());
+                return Ok(EncryptConfig::new());
             };
 
             // We know there is at least one row
             let row = rows.first().unwrap();
 
             let json_value: Value = row.get("data");
-            let encrypt_config: EncryptConfig = serde_json::from_value(json_value)?;
-            Ok(encrypt_config.into_config_map())
+            let encrypt_config: ColumnEncryptionConfig = serde_json::from_value(json_value)?;
+            let encrypt_config = EncryptConfig::new_from_config(encrypt_config.into_config_map());
+
+            Ok(encrypt_config)
         }
         Err(err) => {
             if configuration_table_not_found(&err) {

…rstash-proxy/src/proxy/config/manager.rs …roxy/src/proxy/encrypt_config/manager.rspackages/cipherstash-proxy/src/proxy/config/manager.rs renamed to packages/cipherstash-proxy/src/proxy/encrypt_config/manager.rs packages/cipherstash-proxy/src/proxy/config/manager.rs renamed to packages/cipherstash-proxy/src/proxy/encrypt_config/manager.rs

@@ -0,0 +1,4 @@
+mod config;
+mod manager;
+
+pub use manager::{EncryptConfig, EncryptConfigManager};

packages/cipherstash-proxy/src/proxy/encrypt_config/mod.rs

@@ -4,15 +4,17 @@ use crate::{
     error::Error,
     log::PROXY,
     postgresql::{Column, KeysetIdentifier},
-    proxy::{config::EncryptConfigManager, schema::SchemaManager, zerokms::ZeroKms},
+    proxy::{encrypt_config::EncryptConfigManager, schema::SchemaManager, zerokms::ZeroKms},
 };
 use cipherstash_client::{encryption::Plaintext, schema::ColumnConfig};
 use tracing::{debug, warn};
 
-mod config;
+mod encrypt_config;
 mod schema;
 mod zerokms;
 
+pub use encrypt_config::EncryptConfig;
+
 /// SQL Statement for loading encrypt configuration from database
 const ENCRYPT_CONFIG_QUERY: &str = include_str!("./sql/select_config.sql");
 
@@ -118,7 +120,7 @@ impl Proxy {
 
     pub fn get_column_config(&self, identifier: &eql::Identifier) -> Option<ColumnConfig> {
         let encrypt_config = self.encrypt_config.load();
-        encrypt_config.get(identifier).cloned()
+        encrypt_config.get_column_config(identifier)
     }
 
     pub async fn reload_schema(&self) {