feat: [#243] convert HTTP API admin token and SSH test password to secret types

josecelano · josecelano · commit fa2438714ca5 · 2025-12-18T11:26:24.000Z
diff --git a/src/application/command_handlers/create/config/tracker/http_api_section.rs b/src/application/command_handlers/create/config/tracker/http_api_section.rs
@@ -5,11 +5,12 @@ use serde::{Deserialize, Serialize};
 
 use crate::application::command_handlers::create::config::errors::CreateConfigError;
 use crate::domain::tracker::HttpApiConfig;
+use crate::shared::secrets::PlainApiToken;
 
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, JsonSchema)]
 pub struct HttpApiSection {
     pub bind_address: String,
-    pub admin_token: String,
+    pub admin_token: PlainApiToken,
 }
 
 impl HttpApiSection {
@@ -38,7 +39,7 @@ impl HttpApiSection {
         // Domain type now uses SocketAddr (Step 0.7 completed)
         Ok(HttpApiConfig {
             bind_address,
-            admin_token: self.admin_token.clone(),
+            admin_token: self.admin_token.clone().into(),
         })
     }
 }
@@ -62,7 +63,7 @@ mod tests {
             config.bind_address,
             "0.0.0.0:1212".parse::<SocketAddr>().unwrap()
         );
-        assert_eq!(config.admin_token, "MyAccessToken");
+        assert_eq!(config.admin_token.expose_secret(), "MyAccessToken");
     }
 
     #[test]
diff --git a/src/domain/environment/context.rs b/src/domain/environment/context.rs
@@ -328,7 +328,11 @@ impl EnvironmentContext {
     /// Returns the admin token
     #[must_use]
     pub fn admin_token(&self) -> &str {
-        &self.user_inputs.tracker.http_api.admin_token
+        self.user_inputs
+            .tracker
+            .http_api
+            .admin_token
+            .expose_secret()
     }
 
     /// Returns the Prometheus configuration if enabled
diff --git a/src/domain/tracker/config.rs b/src/domain/tracker/config.rs
@@ -8,6 +8,7 @@ use std::net::SocketAddr;
 use serde::{Deserialize, Serialize};
 
 use super::{DatabaseConfig, SqliteConfig};
+use crate::shared::ApiToken;
 
 /// Tracker deployment configuration
 ///
@@ -37,7 +38,7 @@ use super::{DatabaseConfig, SqliteConfig};
 ///     ],
 ///     http_api: HttpApiConfig {
 ///         bind_address: "0.0.0.0:1212".parse().unwrap(),
-///         admin_token: "MyAccessToken".to_string(),
+///         admin_token: "MyAccessToken".to_string().into(),
 ///     },
 /// };
 /// ```
@@ -99,7 +100,7 @@ pub struct HttpApiConfig {
     pub bind_address: SocketAddr,
 
     /// Admin access token for HTTP API authentication
-    pub admin_token: String,
+    pub admin_token: ApiToken,
 }
 
 impl Default for TrackerConfig {
@@ -129,7 +130,7 @@ impl Default for TrackerConfig {
             }],
             http_api: HttpApiConfig {
                 bind_address: "0.0.0.0:1212".parse().expect("valid address"),
-                admin_token: "MyAccessToken".to_string(),
+                admin_token: "MyAccessToken".to_string().into(),
             },
         }
     }
@@ -171,7 +172,7 @@ mod tests {
             }],
             http_api: HttpApiConfig {
                 bind_address: "0.0.0.0:1212".parse().unwrap(),
-                admin_token: "test_token".to_string(),
+                admin_token: "test_token".to_string().into(),
             },
         };
 
@@ -194,7 +195,7 @@ mod tests {
             http_trackers: vec![],
             http_api: HttpApiConfig {
                 bind_address: "0.0.0.0:1212".parse().unwrap(),
-                admin_token: "token123".to_string(),
+                admin_token: "token123".to_string().into(),
             },
         };
 
@@ -233,6 +234,6 @@ mod tests {
             config.http_api.bind_address,
             "0.0.0.0:1212".parse::<SocketAddr>().unwrap()
         );
-        assert_eq!(config.http_api.admin_token, "MyAccessToken");
+        assert_eq!(config.http_api.admin_token.expose_secret(), "MyAccessToken");
     }
 }
diff --git a/src/domain/tracker/mod.rs b/src/domain/tracker/mod.rs
@@ -37,7 +37,7 @@
 //!     ],
 //!     http_api: HttpApiConfig {
 //!         bind_address: "0.0.0.0:1212".parse().unwrap(),
-//!         admin_token: "MyToken".to_string(),
+//!         admin_token: "MyToken".to_string().into(),
 //!     },
 //! };
 //! ```
diff --git a/src/infrastructure/templating/ansible/template/wrappers/variables/context.rs b/src/infrastructure/templating/ansible/template/wrappers/variables/context.rs
@@ -201,7 +201,7 @@ mod tests {
             }],
             http_api: HttpApiConfig {
                 bind_address: "0.0.0.0:1212".parse().unwrap(),
-                admin_token: "MyAccessToken".to_string(),
+                admin_token: "MyAccessToken".to_string().into(),
             },
         };
 
@@ -229,7 +229,7 @@ mod tests {
             http_trackers: vec![],
             http_api: HttpApiConfig {
                 bind_address: "0.0.0.0:1212".parse().unwrap(),
-                admin_token: "Token123".to_string(),
+                admin_token: "Token123".to_string().into(),
             },
         };
 
@@ -267,7 +267,7 @@ mod tests {
             }],
             http_api: HttpApiConfig {
                 bind_address: "0.0.0.0:1212".parse().unwrap(),
-                admin_token: "Token".to_string(),
+                admin_token: "Token".to_string().into(),
             },
         };
 
diff --git a/src/infrastructure/templating/prometheus/template/renderer/project_generator.rs b/src/infrastructure/templating/prometheus/template/renderer/project_generator.rs
@@ -153,7 +153,11 @@ impl PrometheusProjectGenerator {
         tracker_config: &TrackerConfig,
     ) -> PrometheusContext {
         let scrape_interval = prometheus_config.scrape_interval;
-        let api_token = tracker_config.http_api.admin_token.clone();
+        let api_token = tracker_config
+            .http_api
+            .admin_token
+            .expose_secret()
+            .to_string();
 
         // Extract port from SocketAddr
         let api_port = tracker_config.http_api.bind_address.port();
@@ -204,7 +208,7 @@ scrape_configs:
         TrackerConfig {
             http_api: HttpApiConfig {
                 bind_address: "0.0.0.0:1212".parse().expect("valid address"),
-                admin_token: "test_admin_token".to_string(),
+                admin_token: "test_admin_token".to_string().into(),
             },
             ..Default::default()
         }
@@ -321,7 +325,7 @@ scrape_configs:
 
         let prometheus_config = PrometheusConfig::default();
         let mut tracker_config = create_test_tracker_config();
-        tracker_config.http_api.admin_token = "custom_admin_token_123".to_string();
+        tracker_config.http_api.admin_token = "custom_admin_token_123".to_string().into();
 
         generator
             .render(&prometheus_config, &tracker_config)
diff --git a/src/infrastructure/templating/tracker/template/renderer/project_generator.rs b/src/infrastructure/templating/tracker/template/renderer/project_generator.rs
@@ -227,7 +227,7 @@ mod tests {
             }],
             http_api: HttpApiConfig {
                 bind_address: "0.0.0.0:1212".parse().unwrap(),
-                admin_token: "test_token".to_string(),
+                admin_token: "test_token".to_string().into(),
             },
         };
 
@@ -274,7 +274,7 @@ mod tests {
             }],
             http_api: HttpApiConfig {
                 bind_address: "0.0.0.0:1212".parse().unwrap(),
-                admin_token: "test_token".to_string(),
+                admin_token: "test_token".to_string().into(),
             },
         };
 
diff --git a/src/infrastructure/templating/tracker/template/wrapper/tracker_config/context.rs b/src/infrastructure/templating/tracker/template/wrapper/tracker_config/context.rs
@@ -42,7 +42,7 @@ use crate::domain::environment::TrackerConfig;
 ///     ],
 ///     http_api: HttpApiConfig {
 ///         bind_address: "0.0.0.0:1212".parse().unwrap(),
-///         admin_token: "MyToken".to_string(),
+///         admin_token: "MyToken".to_string().into(),
 ///     },
 /// };
 /// let context = TrackerContext::from_config(&tracker_config);
@@ -220,7 +220,7 @@ mod tests {
             }],
             http_api: HttpApiConfig {
                 bind_address: "0.0.0.0:1212".parse().unwrap(),
-                admin_token: "test_admin_token".to_string(),
+                admin_token: "test_admin_token".to_string().into(),
             },
         }
     }
@@ -266,7 +266,7 @@ mod tests {
             }],
             http_api: HttpApiConfig {
                 bind_address: "0.0.0.0:1212".parse().unwrap(),
-                admin_token: "test_token".to_string(),
+                admin_token: "test_token".to_string().into(),
             },
         };
 
diff --git a/src/testing/integration/ssh_server/config.rs b/src/testing/integration/ssh_server/config.rs
@@ -2,6 +2,8 @@
 
 use std::path::PathBuf;
 
+use crate::shared::secrets::PlainPassword;
+
 use super::constants::{
     CONTAINER_STARTUP_WAIT_SECS, DEFAULT_TEST_PASSWORD, DEFAULT_TEST_USERNAME, DOCKERFILE_DIR,
     MOCK_SSH_PORT, SSH_SERVER_IMAGE_NAME, SSH_SERVER_IMAGE_TAG,
@@ -40,7 +42,7 @@ pub struct SshServerConfig {
     pub username: String,
 
     /// Test password configured in the SSH server
-    pub password: String,
+    pub password: PlainPassword,
 
     /// Container startup wait time in seconds
     pub startup_wait_secs: u64,
@@ -119,7 +121,7 @@ pub struct SshServerConfigBuilder {
     image_name: Option<String>,
     image_tag: Option<String>,
     username: Option<String>,
-    password: Option<String>,
+    password: Option<PlainPassword>,
     startup_wait_secs: Option<u64>,
     dockerfile_dir: Option<PathBuf>,
     mock_port: Option<u16>,
@@ -149,7 +151,7 @@ impl SshServerConfigBuilder {
 
     /// Set the test password
     #[must_use]
-    pub fn password(mut self, password: impl Into<String>) -> Self {
+    pub fn password(mut self, password: impl Into<PlainPassword>) -> Self {
         self.password = Some(password.into());
         self
     }
