refactor(secrets): Rename Secret to SecretValue

Rename the value class `Secret` that stores the value of a secret to
`SecretValue` to avoid ambiguity with the `Secret` class that describes
the properties of a secret.

Signed-off-by: Martin Nonnenmacher <[email protected]>

Author: mnonnenmacher

components/secrets/backend/src/main/kotlin/SecretService.kt

@@ -31,8 +31,8 @@ import org.eclipse.apoapsis.ortserver.model.util.ListQueryParameters
 import org.eclipse.apoapsis.ortserver.model.util.ListQueryResult
 import org.eclipse.apoapsis.ortserver.model.util.OptionalValue
 import org.eclipse.apoapsis.ortserver.secrets.Path
-import org.eclipse.apoapsis.ortserver.secrets.Secret as SecretValue
 import org.eclipse.apoapsis.ortserver.secrets.SecretStorage
+import org.eclipse.apoapsis.ortserver.secrets.SecretValue
 
 import org.jetbrains.exposed.sql.Database
 

secrets/azure-keyvault/src/main/kotlin/AzureKeyvaultProvider.kt

@@ -26,7 +26,7 @@ import org.eclipse.apoapsis.ortserver.model.OrganizationId
 import org.eclipse.apoapsis.ortserver.model.ProductId
 import org.eclipse.apoapsis.ortserver.model.RepositoryId
 import org.eclipse.apoapsis.ortserver.secrets.Path
-import org.eclipse.apoapsis.ortserver.secrets.Secret
+import org.eclipse.apoapsis.ortserver.secrets.SecretValue
 import org.eclipse.apoapsis.ortserver.secrets.SecretsProvider
 
 // Regex for allowed object names in Azure Key Vault, see:
@@ -35,12 +35,12 @@ import org.eclipse.apoapsis.ortserver.secrets.SecretsProvider
 private val PATH_REGEX = Regex("^[0-9a-zA-Z\\-]{1,100}\$")
 
 class AzureKeyvaultProvider(private val secretClient: SecretClient) : SecretsProvider {
-    override fun readSecret(path: Path): Secret? =
+    override fun readSecret(path: Path): SecretValue? =
         runCatching {
-            secretClient.getSecret(path.path).value?.let { Secret(it) }
+            secretClient.getSecret(path.path).value?.let { SecretValue(it) }
         }.getOrNull()
 
-    override fun writeSecret(path: Path, secret: Secret) {
+    override fun writeSecret(path: Path, secret: SecretValue) {
         secretClient.setSecret(path.path, secret.value)
     }
 

secrets/file/src/main/kotlin/FileBasedSecretsProvider.kt

@@ -29,7 +29,7 @@ import kotlin.io.encoding.ExperimentalEncodingApi
 import kotlinx.serialization.json.Json
 
 import org.eclipse.apoapsis.ortserver.secrets.Path
-import org.eclipse.apoapsis.ortserver.secrets.Secret
+import org.eclipse.apoapsis.ortserver.secrets.SecretValue
 import org.eclipse.apoapsis.ortserver.secrets.SecretsProvider
 import org.eclipse.apoapsis.ortserver.secrets.file.model.FileBasedSecretsStorage
 import org.eclipse.apoapsis.ortserver.utils.config.getStringOrDefault
@@ -60,7 +60,7 @@ class FileBasedSecretsProvider(config: Config) : SecretsProvider {
      * Return a map representing all secrets stored in file-based secret storage.
      */
     @OptIn(ExperimentalEncodingApi::class)
-    private fun readSecrets(): MutableMap<Path, Secret> {
+    private fun readSecrets(): MutableMap<Path, SecretValue> {
         val file = getOrCreateStorageFile()
 
         val decodedSecrets = Base64.decode(file.readBytes())
@@ -69,7 +69,7 @@ class FileBasedSecretsProvider(config: Config) : SecretsProvider {
         return Json.decodeFromString(
             serializer,
             String(decodedSecrets)
-        ).secrets.map { (key, value) -> Path(key) to Secret(value) }.toMap().toMutableMap()
+        ).secrets.map { (key, value) -> Path(key) to SecretValue(value) }.toMap().toMutableMap()
     }
 
     private fun getOrCreateStorageFile(): File {
@@ -90,7 +90,7 @@ class FileBasedSecretsProvider(config: Config) : SecretsProvider {
      * Return a map representing all secrets stored in file-based secret storage.
      */
     @OptIn(ExperimentalEncodingApi::class)
-    private fun writeSecrets(secrets: MutableMap<Path, Secret>) {
+    private fun writeSecrets(secrets: MutableMap<Path, SecretValue>) {
         val serializer = FileBasedSecretsStorage.serializer()
         val secretsJson = Json.encodeToString(
             serializer,
@@ -103,12 +103,12 @@ class FileBasedSecretsProvider(config: Config) : SecretsProvider {
     }
 
     @Synchronized
-    override fun readSecret(path: Path): Secret? {
+    override fun readSecret(path: Path): SecretValue? {
         return readSecrets()[path]
     }
 
     @Synchronized
-    override fun writeSecret(path: Path, secret: Secret) {
+    override fun writeSecret(path: Path, secret: SecretValue) {
         val secrets = readSecrets()
         secrets[path] = secret
         writeSecrets(secrets)

secrets/file/src/test/kotlin/FileBasedSecretStorageTest.kt

@@ -55,7 +55,7 @@ class FileBasedSecretStorageTest : WordSpec() {
             "return the value of an existing secret" {
                 val password = storage.readSecret(Path("password"))
 
-                password shouldBe Secret("securePassword123")
+                password shouldBe SecretValue("securePassword123")
             }
 
             "return null for a non-existing secret" {
@@ -68,7 +68,7 @@ class FileBasedSecretStorageTest : WordSpec() {
         "writeSecret" should {
             "create a new secret" {
                 val newSecretPath = Path("brandNewSecret")
-                val newSecretValue = Secret("You will never know...")
+                val newSecretValue = SecretValue("You will never know...")
 
                 storage.writeSecret(newSecretPath, newSecretValue)
 
@@ -77,8 +77,8 @@ class FileBasedSecretStorageTest : WordSpec() {
 
             "update an existing secret" {
                 val newSecretPath = Path("secretWithUpdates")
-                val firstValue = Secret("You will never know...")
-                val secondValue = Secret("Maybe time after time?")
+                val firstValue = SecretValue("You will never know...")
+                val secondValue = SecretValue("Maybe time after time?")
 
                 storage.writeSecret(newSecretPath, firstValue)
 
@@ -92,7 +92,7 @@ class FileBasedSecretStorageTest : WordSpec() {
             "remove an existing secret" {
                 val targetPath = Path("justWaste")
 
-                storage.writeSecret(targetPath, Secret("toBeDeleted"))
+                storage.writeSecret(targetPath, SecretValue("toBeDeleted"))
 
                 storage.removeSecret(targetPath)
 
@@ -102,9 +102,9 @@ class FileBasedSecretStorageTest : WordSpec() {
             "remove a secret with all its versions" {
                 val targetPath = Path("evenMoreWaste")
 
-                storage.writeSecret(targetPath, Secret("toBeOverwritten"))
-                storage.writeSecret(targetPath, Secret("toBeOverwrittenAgain"))
-                storage.writeSecret(targetPath, Secret("toBeDeleted"))
+                storage.writeSecret(targetPath, SecretValue("toBeOverwritten"))
+                storage.writeSecret(targetPath, SecretValue("toBeOverwrittenAgain"))
+                storage.writeSecret(targetPath, SecretValue("toBeDeleted"))
 
                 storage.removeSecret(targetPath)
 

secrets/scaleway/src/main/kotlin/ScalewaySecretsProvider.kt

@@ -48,7 +48,7 @@ import org.eclipse.apoapsis.ortserver.model.OrganizationId
 import org.eclipse.apoapsis.ortserver.model.ProductId
 import org.eclipse.apoapsis.ortserver.model.RepositoryId
 import org.eclipse.apoapsis.ortserver.secrets.Path
-import org.eclipse.apoapsis.ortserver.secrets.Secret
+import org.eclipse.apoapsis.ortserver.secrets.SecretValue
 import org.eclipse.apoapsis.ortserver.secrets.SecretsProvider
 import org.eclipse.apoapsis.ortserver.utils.logging.runBlocking
 
@@ -91,7 +91,7 @@ class ScalewaySecretsProvider(
     }
 
     @OptIn(ExperimentalEncodingApi::class)
-    override fun readSecret(path: Path): Secret? = runBlocking {
+    override fun readSecret(path: Path): SecretValue? = runBlocking {
         // See https://www.scaleway.com/en/developers/api/secret-manager/#path-secret-versions-access-a-secrets-version-using-the-secrets-name-and-path.
         val response = client.get("secrets-by-path/versions/$LATEST_REVISION/access") {
             parameter("project_id", config.projectId)
@@ -117,14 +117,14 @@ class ScalewaySecretsProvider(
 
                 logger.debug("Read a secret at $path.")
 
-                Secret(String(Base64.decode(secretResponse.data)))
+                SecretValue(String(Base64.decode(secretResponse.data)))
             }
 
             else -> throw ClientRequestException(response, response.body())
         }
     }
 
-    override fun writeSecret(path: Path, secret: Secret) = runBlocking {
+    override fun writeSecret(path: Path, secret: SecretValue) = runBlocking {
         val listResponse = listSecrets(path)
 
         val secretId = if (listResponse.totalCount < 1) {

secrets/scaleway/src/test/kotlin/ScalewaySecretsProviderTest.kt

@@ -25,7 +25,7 @@ import io.kotest.matchers.should
 import io.kotest.matchers.shouldBe
 
 import org.eclipse.apoapsis.ortserver.model.OrganizationId
-import org.eclipse.apoapsis.ortserver.secrets.Secret
+import org.eclipse.apoapsis.ortserver.secrets.SecretValue
 
 class ScalewaySecretsProviderTest : WordSpec({
     // Some test cases in this test spec actually connect to the real production Scaleway API. These tests are only
@@ -37,7 +37,7 @@ class ScalewaySecretsProviderTest : WordSpec({
 
     val provider = ScalewaySecretsProvider(config)
     val path = provider.createPath(OrganizationId(1), "This_is_a_29-chr._secret_name")
-    val secret = Secret("Ernie & Bert live at Sesame Street!")
+    val secret = SecretValue("Ernie & Bert live at Sesame Street!")
 
     "createPath()" should {
         "create an absolute path from the path prefix and path name" {

secrets/spi/src/main/kotlin/SecretStorage.kt

@@ -29,11 +29,11 @@ import org.eclipse.apoapsis.ortserver.model.HierarchyId
  * A class providing convenient access to secrets based on a [SecretsProvider].
  *
  * This class takes care of the instantiation of a [SecretsProvider] based on the application configuration via the
- * [createStorage] function. This provider is then wrapped, and a richer API to deal with [Secret]s is implemented on
- * top of it.
+ * [createStorage] function. This provider is then wrapped, and a richer API to deal with [SecretValue]s is implemented
+ * on top of it.
  *
- * The extended functionality compared to [SecretsProvider] is mainly related to the handling of missing [Secret]s
- * and exception handling. There are functions that require a [Secret] to exist or throw an exception otherwise.
+ * The extended functionality compared to [SecretsProvider] is mainly related to the handling of missing [SecretValue]s
+ * and exception handling. There are functions that require a [SecretValue] to exist or throw an exception otherwise.
  * With regard to exception handling, in general all exceptions thrown by the underlying [SecretsProvider] are caught
  * and wrapped in a [SecretStorageException]; so, it should be sufficient to catch this exception type. Alternatively,
  * consumers can choose to use functions that return [Result] objects.
@@ -80,35 +80,36 @@ class SecretStorage(
     }
 
     /**
-     * Return the [Secret] at the given [path] or `null` if the path cannot be resolved.
+     * Return the [SecretValue] at the given [path] or `null` if the path cannot be resolved.
      */
-    fun readSecret(path: Path): Secret? = wrapExceptions { provider.readSecret(path) }
+    fun readSecret(path: Path): SecretValue? = wrapExceptions { provider.readSecret(path) }
 
     /**
-     * Return the [Secret] at the given [path] or fail with a [SecretStorageException] if the path cannot be resolved.
+     * Return the [SecretValue] at the given [path] or fail with a [SecretStorageException] if the path cannot be
+     * resolved.
      */
-    fun getSecret(path: Path): Secret =
+    fun getSecret(path: Path): SecretValue =
         readSecret(path) ?: throw SecretStorageException("No secret found at path '$path'.")
 
     /**
-     * Return a [Result] with a nullable [Secret] found at the given [path]. This function works like [readSecret],
+     * Return a [Result] with a nullable [SecretValue] found at the given [path]. This function works like [readSecret],
      * but wraps an occurring exception inside a [Result]. Exceptions from the underlying [SecretsProvider] are
      * wrapped in a [SecretStorageException].
      */
-    fun readSecretCatching(path: Path): Result<Secret?> = runCatching { readSecret(path) }
+    fun readSecretCatching(path: Path): Result<SecretValue?> = runCatching { readSecret(path) }
 
     /**
-     * Return a [Result] with the [Secret] found at the given [path]. This function works like [getSecret], but
+     * Return a [Result] with the [SecretValue] found at the given [path]. This function works like [getSecret], but
      * wraps an occurring exception inside a [Result]. Exceptions from the underlying [SecretsProvider] are wrapped
      * in a [SecretStorageException]. If the given [path] cannot be resolved, a failed [Result] is returned as well.
      */
-    fun getSecretCatching(path: Path): Result<Secret> = runCatching { getSecret(path) }
+    fun getSecretCatching(path: Path): Result<SecretValue> = runCatching { getSecret(path) }
 
     /**
      * Store the given [secret] under the given [path] in the underlying [SecretsProvider]. Throw a
      * [SecretStorageException] if this fails.
      */
-    fun writeSecret(path: Path, secret: Secret) {
+    fun writeSecret(path: Path, secret: SecretValue) {
         wrapExceptions { provider.writeSecret(path, secret) }
     }
 
@@ -117,18 +118,19 @@ class SecretStorage(
      * the outcome of the operation. Exceptions thrown by the [SecretsProvider] are wrapped in a
      * [SecretStorageException] and returned in the [Result].
      */
-    fun writeSecretCatching(path: Path, secret: Secret): Result<Unit> = runCatching { writeSecret(path, secret) }
+    fun writeSecretCatching(path: Path, secret: SecretValue): Result<Unit> = runCatching { writeSecret(path, secret) }
 
     /**
-     * Remove the [Secret] under the given [path]. Throw a [SecretStorageException] if this fails.
+     * Remove the [SecretValue] under the given [path]. Throw a [SecretStorageException] if this fails.
      */
     fun removeSecret(path: Path) {
         wrapExceptions { provider.removeSecret(path) }
     }
 
     /**
-     * Remove the [Secret] under the given [path] and return a [Result] for the outcome of the operation. Exceptions
-     * thrown by the [SecretsProvider] are wrapped in a [SecretStorageException] and returned in the [Result].
+     * Remove the [SecretValue] under the given [path] and return a [Result] for the outcome of the operation.
+     * Exceptions thrown by the [SecretsProvider] are wrapped in a [SecretStorageException] and returned in the
+     * [Result].
      */
     fun removeSecretCatching(path: Path): Result<Unit> = runCatching { removeSecret(path) }
 

secrets/spi/src/main/kotlin/Secret.kt renamed to secrets/spi/src/main/kotlin/SecretValue.kt

@@ -20,9 +20,9 @@
 package org.eclipse.apoapsis.ortserver.secrets
 
 /**
- * A class representing a secret.
+ * A class representing the value of a secret.
  *
  * This is a typically text-based secret that was obtained from or can be written into a secret storage.
  */
 @JvmInline
-value class Secret(val value: String)
+value class SecretValue(val value: String)

secrets/spi/src/main/kotlin/SecretsProvider.kt

@@ -36,20 +36,20 @@ import org.eclipse.apoapsis.ortserver.model.RepositoryId
  */
 interface SecretsProvider {
     /**
-     * Return the [Secret] associated with the given [Path] or `null` if no secret is associated with this path.
+     * Return the [SecretValue] associated with the given [Path] or `null` if no secret is associated with this path.
      * A concrete implementation may throw a proprietary exception if there was a problem when accessing the
      * underlying secret storage.
      */
-    fun readSecret(path: Path): Secret?
+    fun readSecret(path: Path): SecretValue?
 
     /**
      * Write the given [secret] under the given [path] into the underlying secret storage. An implementation may throw
      * a proprietary exception if it encounters a problem.
      */
-    fun writeSecret(path: Path, secret: Secret)
+    fun writeSecret(path: Path, secret: SecretValue)
 
     /**
-     * Remove the [Secret] associated with the given [path] from the underlying secret storage. An implementation
+     * Remove the [SecretValue] associated with the given [path] from the underlying secret storage. An implementation
      * should throw an exception if the operation failed.
      */
     fun removeSecret(path: Path)

secrets/spi/src/test/kotlin/SecretStorageTest.kt

@@ -146,7 +146,7 @@ class SecretStorageTest : WordSpec({
     "writeSecret" should {
         "write a secret successfully" {
             val newPath = Path("new-secret")
-            val newSecret = Secret("BrandNewSecret")
+            val newSecret = SecretValue("BrandNewSecret")
             val storage = createStorage()
 
             storage.writeSecret(newPath, newSecret)
@@ -156,7 +156,7 @@ class SecretStorageTest : WordSpec({
 
         "throw an exception if writing fails" {
             val exception = shouldThrow<SecretStorageException> {
-                createStorage().writeSecret(ERROR_PATH, Secret("will-fail"))
+                createStorage().writeSecret(ERROR_PATH, SecretValue("will-fail"))
             }
 
             exception.cause should beInstanceOf<IllegalArgumentException>()
@@ -166,7 +166,7 @@ class SecretStorageTest : WordSpec({
     "writeSecretCatching" should {
         "return a success result if the operation is successful" {
             val newPath = Path("new-secret")
-            val newSecret = Secret("BrandNewSecret")
+            val newSecret = SecretValue("BrandNewSecret")
             val storage = createStorage()
 
             val result = storage.writeSecretCatching(newPath, newSecret)
@@ -176,7 +176,7 @@ class SecretStorageTest : WordSpec({
         }
 
         "return a failure result for a failing operation" {
-            val result = createStorage().writeSecretCatching(ERROR_PATH, Secret("?"))
+            val result = createStorage().writeSecretCatching(ERROR_PATH, SecretValue("?"))
 
             result shouldBeFailure { exception ->
                 exception should beInstanceOf<SecretStorageException>()