44648e3206
- Remove KCL ecosystem (~220 files deleted) - Migrate all infrastructure to Nickel schema system - Consolidate documentation: legacy docs → provisioning/docs/src/ - Add CI/CD workflows (.github/) and Rust build config (.cargo/) - Update core system for Nickel schema parsing - Update README.md and CHANGES.md for v5.0.0 release - Fix pre-commit hooks: end-of-file, trailing-whitespace - Breaking changes: KCL workspaces require migration - Migration bridge available in docs/src/development/
32 lines
1.5 KiB
Plaintext
32 lines
1.5 KiB
Plaintext
# Vault Service Validator
|
|
|
|
let vault_schema = import "../schemas/vault-service.ncl" in
|
|
let constraints = import "../constraints/constraints.toml" in
|
|
|
|
{
|
|
validate_vault_config | vault_schema.VaultServiceConfig -> Array String = fun config =>
|
|
let errors = [] in
|
|
let errors = if config.server.port < constraints.vault_service.port.min
|
|
then errors @ ["Server port below minimum (#{constraints.vault_service.port.min})"]
|
|
else if config.server.port > constraints.vault_service.port.max
|
|
then errors @ ["Server port above maximum (#{constraints.vault_service.port.max})"]
|
|
else errors in
|
|
let errors = if std.array.length config.vault.mount_point == 0
|
|
then errors @ ["Mount point cannot be empty"]
|
|
else errors in
|
|
let errors = if config.vault.key_name |> std.array.length < 1
|
|
then errors @ ["Key name is required"]
|
|
else errors in
|
|
let errors = if config.vault.storage_backend == "surrealdb"
|
|
then if std.is_null (std.string.contains ":" config.vault.server_url)
|
|
then errors @ ["SurrealDB mode requires valid server URL"]
|
|
else errors
|
|
else errors in
|
|
let errors = if config.vault.tls_verify == true
|
|
then if std.is_null config.vault.tls_ca_cert
|
|
then errors @ ["TLS verification enabled but CA cert not provided"]
|
|
else errors
|
|
else errors in
|
|
errors,
|
|
}
|