0c01da9b14
SurrealDBBackend was backed by Arc<RwLock<HashMap>> — no connection to
SurrealDB whatsoever. Rewrite to a real Surreal<Any> connection:
- engine::any dispatch: mem:// (embedded, tests) and ws://wss:// (prod)
- All 11 StorageBackend methods: SurrealQL upsert/select/delete/query
- Vec<u8> fields base64-encoded; timestamps as RFC3339 UTC strings
- MVCC write-conflict retry: exponential backoff 5ms→80ms + uniform
jitter, 5 attempts — resolves SurrealDB optimistic-concurrency errors
under concurrent load without external locking
- Mirror ID fields in records to avoid RecordId enum parsing in lists
- 9 unit tests (mem://, no server) + 19 integration tests with UUID
database isolation; concurrent coverage: 16 secret + 8 key writers
60 lines
1.3 KiB
Docker
60 lines
1.3 KiB
Docker
# Multi-stage build for SecretumVault
|
|
# Stage 1: Builder
|
|
FROM rust:bookworm as builder
|
|
|
|
WORKDIR /build
|
|
|
|
# Install dependencies
|
|
RUN apt-get update && apt-get install -y \
|
|
libssl-dev \
|
|
pkg-config \
|
|
clang \
|
|
libclang-dev \
|
|
cmake \
|
|
build-essential \
|
|
protobuf-compiler \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Copy manifests
|
|
COPY Cargo.toml Cargo.lock ./
|
|
|
|
# Copy source code
|
|
COPY src ./src
|
|
|
|
# Build with full features
|
|
RUN cargo build --release --features "server cli surrealdb-storage etcd-storage postgresql-storage aws-lc pqc cedar"
|
|
|
|
# Stage 2: Runtime
|
|
FROM debian:bookworm
|
|
|
|
WORKDIR /app
|
|
|
|
# Install runtime dependencies
|
|
RUN apt-get update && apt-get install -y \
|
|
libssl3 \
|
|
ca-certificates \
|
|
curl \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Copy binary from builder
|
|
COPY --from=builder /build/target/release/svault /usr/local/bin/svault
|
|
|
|
# Create vault user
|
|
RUN useradd -m -u 1000 vault && chown -R vault:vault /app
|
|
|
|
USER vault
|
|
|
|
# Default config path
|
|
ENV VAULT_CONFIG=/etc/secretumvault/svault.toml
|
|
|
|
# Health check
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=10s --retries=3 \
|
|
CMD curl -f http://localhost:8200/v1/sys/health || exit 1
|
|
|
|
# Expose ports
|
|
EXPOSE 8200 9090
|
|
|
|
# Default command - use shell form to expand environment variables
|
|
ENTRYPOINT ["/bin/sh", "-c"]
|
|
CMD ["svault server --config ${VAULT_CONFIG}"]
|