feat: Multi-cloud provider support (Google Cloud, Azure) #128
Description
Summary
Add support for Google Cloud and Azure secret/config management services, making suve a truly unified tool across cloud providers.
Target Services
| Provider | Parameter Store | Secrets Manager | E2E Emulator |
|---|---|---|---|
| AWS | SSM Parameter Store | Secrets Manager | LocalStack |
| Google Cloud | - | Secret Manager | gcp-secret-manager-emulator |
| Azure | App Configuration | Key Vault | Official / KV Emulator |
Implementation Roadmap
Phase A: Foundation (Complete ✅)
- feat: A.1 - Define Scope type for multi-cloud support #132 - A.1: Define Scope type
- feat: A.2 - Define Model types (Parameter, Secret) #134 - A.2: Define Model types (Parameter, Secret) + AWS-specific field migration
- feat: A.3 - Define Provider interfaces #137 - A.3: Define Provider interfaces
- feat: B.2 - Add Scope support to Store #138 - B.2: Add Scope support to Store
- feat(provider): add model types and provider interfaces for multi-cloud support #145 - Model types and Provider interfaces for multi-cloud
- refactor(usecase): migrate tag operations to provider interfaces #147 - Tag operations migrated to provider interfaces
Phase B: AWS Refactoring (In Progress)
Migrate UseCase/Staging layers from paramapi.*/secretapi.* to provider.* interfaces.
- feat: B.1 - Implement AWS Adapter #133 - B.1: Implement AWS Adapter
- PR refactor: move output package to cli/output #2 - Read UseCase Migration (
show,log,list,diff) - PR refactor: add usecase layer for staging operations #3 - Write UseCase Migration (
create,update,delete,restore) - PR refactor: add usecase layer for param operations #4 - Staging Strategy Migration
- PR Add usecase layer for secret operations #5 - Version Resolution Abstraction
- refactor: move internal/api to provider-specific location #148 - Move/cleanup
internal/api
Phase C: Multi-cloud (Future)
- feat: C.1 - Add Google Cloud Secret Manager support #135 - C.1: Add Google Cloud Secret Manager support
- feat: C.2 - Add Azure support (Key Vault + App Configuration) #136 - C.2: Add Azure support (Key Vault + App Configuration)
PR Plan Details
PR #2: Read UseCase Migration
Files:
internal/usecase/param/show.go,log.go,list.go,diff.gointernal/usecase/secret/show.go,log.go,list.go,diff.go
Interface mapping:
| Old | New |
|---|---|
paramapi.GetParameterAPI |
provider.ParameterReader.GetParameter |
paramapi.GetParameterHistoryAPI |
provider.ParameterReader.GetParameterHistory |
paramapi.DescribeParametersAPI |
provider.ParameterReader.ListParameters |
secretapi.GetSecretValueAPI |
provider.SecretReader.GetSecret |
secretapi.ListSecretVersionIDsAPI |
provider.SecretReader.GetSecretVersions |
secretapi.ListSecretsAPI |
provider.SecretReader.ListSecrets |
secretapi.DescribeSecretAPI |
provider.SecretDescriber.DescribeSecret |
PR #3: Write UseCase Migration
Files:
internal/usecase/param/create.go,update.go,delete.gointernal/usecase/secret/create.go,update.go,delete.go,restore.go
PR #4: Staging Strategy Migration
Files:
internal/staging/param.go,secret.gointernal/staging/cli/*.gointernal/cli/commands/stage/param/,secret/
PR #5: Version Resolution Abstraction
Provider-agnostic version resolution interface:
type VersionSpec interface {
Name() string
HasAbsolute() bool
Shift() int
}
type VersionResolver interface {
ResolveVersion(ctx context.Context, spec VersionSpec) (string, error)
}Dependency Graph
[Phase A: Complete] ✅
|
+---> PR #2 (Read UseCase)
| |
| +---> PR #5 (Version Resolution)
|
+---> PR #3 (Write UseCase)
|
+---> PR #4 (Staging Strategy)
|
+---> Phase C (Multi-cloud)
CLI Structure (Future)
# AWS: --region required
suve aws --region=ap-northeast-1 param show /my/param
suve aws --region=ap-northeast-1 secret show my-secret
# Google Cloud: --project required
suve gcloud --project=my-project secret show my-secret
# Azure: --resource-group, --vault/--store required
suve azure --resource-group=my-rg keyvault --vault=my-vault show my-secret
suve azure --resource-group=my-rg appconfig --store=my-store show my-key