Merge pull request #56 from godaddy/fix/server-flag-parity

Match Rust gRPC server CLI flags to Go server

Author: jgowdy

asherah-server/src/main.rs

@@ -10,7 +10,7 @@ use tonic::transport::Server;
     about = "gRPC sidecar server for Asherah envelope encryption"
 )]
 struct Cli {
-    /// Unix domain socket path
+    /// The unix domain socket the server will listen on
     #[arg(
         short = 's',
         long,
@@ -19,84 +19,108 @@ struct Cli {
     )]
     socket_file: String,
 
-    /// Service name
+    /// The name of this service
     #[arg(long, env = "ASHERAH_SERVICE_NAME")]
     service: String,
 
-    /// Product ID
+    /// The name of the product that owns this service
     #[arg(long, env = "ASHERAH_PRODUCT_NAME")]
     product: String,
 
-    /// Metastore type: memory, rdbms, dynamodb
-    #[arg(long, default_value = "memory", env = "ASHERAH_METASTORE_MODE")]
+    /// Determines the type of metastore to use for persisting keys
+    #[arg(long, value_parser = ["rdbms", "dynamodb", "memory"], env = "ASHERAH_METASTORE_MODE")]
     metastore: String,
 
-    /// Database connection string (required for rdbms metastore)
+    /// The database connection string (required if --metastore=rdbms)
     #[arg(long, env = "ASHERAH_CONNECTION_STRING")]
     conn: Option<String>,
 
-    /// KMS type: static, aws
-    #[arg(long, default_value = "static", env = "ASHERAH_KMS_MODE")]
+    /// Configures the master key management service
+    #[arg(long, value_parser = ["aws", "static"], default_value = "aws", env = "ASHERAH_KMS_MODE")]
     kms: String,
 
-    /// AWS region-to-ARN mapping as JSON (required for aws KMS)
+    /// A comma separated list of key-value pairs in the form of REGION1=ARN1[,REGION2=ARN2] (required if --kms=aws)
     #[arg(long, env = "ASHERAH_REGION_MAP")]
     region_map: Option<String>,
 
-    /// Preferred AWS region (required for aws KMS)
+    /// The preferred AWS region (required if --kms=aws)
     #[arg(long, env = "ASHERAH_PREFERRED_REGION")]
     preferred_region: Option<String>,
 
-    /// Key expiration duration (e.g., 90m, 2h, 5400s, or 5400)
+    /// The amount of time a key is considered valid
     #[arg(long, value_parser = parse_go_duration, env = "ASHERAH_EXPIRE_AFTER")]
     expire_after: Option<i64>,
 
-    /// Key revocation check interval (e.g., 10m, 1h, 600s, or 600)
+    /// The amount of time before cached keys are considered stale
     #[arg(long, value_parser = parse_go_duration, env = "ASHERAH_CHECK_INTERVAL")]
     check_interval: Option<i64>,
 
-    /// Enable session caching
+    /// Enable shared session caching
     #[arg(long, env = "ASHERAH_ENABLE_SESSION_CACHING")]
-    session_cache: Option<bool>,
+    enable_session_caching: bool,
 
-    /// Maximum sessions in cache
-    #[arg(long, env = "ASHERAH_SESSION_CACHE_MAX_SIZE")]
-    session_cache_max_size: Option<u32>,
+    /// Define the maximum number of sessions to cache
+    #[arg(long, default_value = "1000", env = "ASHERAH_SESSION_CACHE_MAX_SIZE")]
+    session_cache_max_size: u32,
 
-    /// Session cache TTL (e.g., 2h, 120m, 7200s, or 7200)
-    #[arg(long, value_parser = parse_go_duration, env = "ASHERAH_SESSION_CACHE_DURATION")]
-    session_cache_duration: Option<i64>,
+    /// The amount of time a session will remain cached
+    #[arg(long, value_parser = parse_go_duration, default_value = "2h", env = "ASHERAH_SESSION_CACHE_DURATION")]
+    session_cache_duration: i64,
 
-    /// Custom DynamoDB endpoint
+    /// An optional endpoint URL (hostname only or fully qualified URI) (only supported by --metastore=dynamodb)
     #[arg(long, env = "ASHERAH_DYNAMODB_ENDPOINT")]
     dynamodb_endpoint: Option<String>,
 
-    /// DynamoDB region
+    /// The AWS region for DynamoDB requests (defaults to globally configured region) (only supported by --metastore=dynamodb)
     #[arg(long, env = "ASHERAH_DYNAMODB_REGION")]
     dynamodb_region: Option<String>,
 
-    /// DynamoDB table name
+    /// The table name for DynamoDB (only supported by --metastore=dynamodb)
     #[arg(long, env = "ASHERAH_DYNAMODB_TABLE_NAME")]
     dynamodb_table_name: Option<String>,
 
-    /// Replica read consistency (aurora, eventual, global, session)
-    #[arg(long, env = "ASHERAH_REPLICA_READ_CONSISTENCY")]
+    /// Required for Aurora sessions using write forwarding
+    #[arg(long, value_parser = ["eventual", "global", "session"], env = "ASHERAH_REPLICA_READ_CONSISTENCY")]
     replica_read_consistency: Option<String>,
 
-    /// Enable region suffix on system keys
+    /// Configure the metastore to use regional suffixes (only supported by --metastore=dynamodb)
     #[arg(long, env = "ASHERAH_ENABLE_REGION_SUFFIX")]
-    enable_region_suffix: Option<bool>,
+    enable_region_suffix: bool,
 
-    /// Enable debug logging
-    #[arg(long)]
+    /// Enable verbose logging output
+    #[arg(short = 'v', long, env = "ASHERAH_VERBOSE")]
     verbose: bool,
 }
 
+/// Parse region map from Go-style `REGION1=ARN1[,REGION2=ARN2]` or JSON format.
+fn parse_region_map(s: &str) -> Option<std::collections::HashMap<String, String>> {
+    let trimmed = s.trim();
+    if trimmed.is_empty() {
+        return None;
+    }
+    if let Ok(map) = serde_json::from_str(trimmed) {
+        return Some(map);
+    }
+    let mut map = std::collections::HashMap::new();
+    for pair in trimmed.split(',') {
+        let pair = pair.trim();
+        if pair.is_empty() {
+            continue;
+        }
+        let (k, v) = pair.split_once('=').unwrap_or((pair, ""));
+        if !v.is_empty() {
+            map.insert(k.to_string(), v.to_string());
+        }
+    }
+    if map.is_empty() {
+        None
+    } else {
+        Some(map)
+    }
+}
+
 fn cli_to_config(cli: &Cli) -> asherah_config::ConfigOptions {
-    let region_map = cli
-        .region_map
-        .as_ref()
-        .and_then(|s| serde_json::from_str(s).ok());
+    let region_map = cli.region_map.as_deref().and_then(parse_region_map);
 
     asherah_config::ConfigOptions {
         service_name: Some(cli.service.clone()),
@@ -108,14 +132,14 @@ fn cli_to_config(cli: &Cli) -> asherah_config::ConfigOptions {
         preferred_region: cli.preferred_region.clone(),
         expire_after: cli.expire_after,
         check_interval: cli.check_interval,
-        enable_session_caching: cli.session_cache,
-        session_cache_max_size: cli.session_cache_max_size,
-        session_cache_duration: cli.session_cache_duration,
+        enable_session_caching: Some(cli.enable_session_caching),
+        session_cache_max_size: Some(cli.session_cache_max_size),
+        session_cache_duration: Some(cli.session_cache_duration),
         dynamo_db_endpoint: cli.dynamodb_endpoint.clone(),
         dynamo_db_region: cli.dynamodb_region.clone(),
         dynamo_db_table_name: cli.dynamodb_table_name.clone(),
         replica_read_consistency: cli.replica_read_consistency.clone(),
-        enable_region_suffix: cli.enable_region_suffix,
+        enable_region_suffix: Some(cli.enable_region_suffix),
         verbose: Some(cli.verbose),
         ..Default::default()
     }
@@ -125,16 +149,9 @@ fn cli_to_config(cli: &Cli) -> asherah_config::ConfigOptions {
 async fn main() -> Result<()> {
     let cli = Cli::parse();
 
-    // Check ASHERAH_VERBOSE env var in addition to --verbose flag
-    let verbose = cli.verbose
-        || std::env::var("ASHERAH_VERBOSE")
-            .is_ok_and(|v| matches!(v.as_str(), "1" | "true" | "yes"));
-
-    env_logger::Builder::from_env(env_logger::Env::default().default_filter_or(if verbose {
-        "debug"
-    } else {
-        "info"
-    }))
+    env_logger::Builder::from_env(
+        env_logger::Env::default().default_filter_or(if cli.verbose { "debug" } else { "info" }),
+    )
     .init();
 
     let config = cli_to_config(&cli);