#![cfg_attr(docsrs, feature(doc_cfg))]

#![doc = include_str!("../README.md")]

// @@ begin lint list maintained by maint/add_warning @@

#![allow(renamed_and_removed_lints)] // @@REMOVE_WHEN(ci_arti_stable)

#![allow(unknown_lints)] // @@REMOVE_WHEN(ci_arti_nightly)

#![warn(missing_docs)]

#![warn(noop_method_call)]

#![warn(unreachable_pub)]

#![warn(clippy::all)]

#![deny(clippy::await_holding_lock)]

#![deny(clippy::cargo_common_metadata)]

#![deny(clippy::cast_lossless)]

#![deny(clippy::checked_conversions)]

#![warn(clippy::cognitive_complexity)]

#![deny(clippy::debug_assert_with_mut_call)]

#![deny(clippy::exhaustive_enums)]

#![deny(clippy::exhaustive_structs)]

#![deny(clippy::expl_impl_clone_on_copy)]

#![deny(clippy::fallible_impl_from)]

#![deny(clippy::implicit_clone)]

#![deny(clippy::large_stack_arrays)]

#![warn(clippy::manual_ok_or)]

#![deny(clippy::missing_docs_in_private_items)]

#![warn(clippy::needless_borrow)]

#![warn(clippy::needless_pass_by_value)]

#![warn(clippy::option_option)]

#![deny(clippy::print_stderr)]

#![deny(clippy::print_stdout)]

#![warn(clippy::rc_buffer)]

#![deny(clippy::ref_option_ref)]

#![warn(clippy::semicolon_if_nothing_returned)]

#![warn(clippy::trait_duplication_in_bounds)]

#![deny(clippy::unchecked_time_subtraction)]

#![deny(clippy::unnecessary_wraps)]

#![warn(clippy::unseparated_literal_suffix)]

#![deny(clippy::unwrap_used)]

#![deny(clippy::mod_module_files)]

#![allow(clippy::let_unit_value)] // This can reasonably be done for explicitness

#![allow(clippy::uninlined_format_args)]

#![allow(clippy::significant_drop_in_scrutinee)] // arti/-/merge_requests/588/#note_2812945

#![allow(clippy::result_large_err)] // temporary workaround for arti#587

#![allow(clippy::needless_raw_string_hashes)] // complained-about code is fine, often best

#![allow(clippy::needless_lifetimes)] // See arti#1765

#![allow(mismatched_lifetime_syntaxes)] // temporary workaround for arti#2060

#![allow(clippy::collapsible_if)] // See arti#2342

#![deny(clippy::unused_async)]

//! <!-- @@ end lint list maintained by maint/add_warning @@ -->

pub mod cmdline;

pub mod derive;

mod err;

#[macro_use]

pub mod extend_builder;

pub mod file_watcher;

mod flatten;

pub mod list_builder;

mod listen;

pub mod load;

pub mod map_builder;

mod misc;

pub mod mistrust;

mod mut_cfg;

pub mod setter_traits;

pub mod sources;

#[cfg(feature = "testing")]

pub mod testing;

#[doc(hidden)]

pub mod deps {

    pub use educe;

    pub use figment;

    pub use itertools::Itertools;

    pub use paste::paste;

    pub use serde;

    pub use serde_value;

    pub use tor_basic_utils::macro_first_nonempty;

}

pub use cmdline::CmdLine;

pub use err::{ConfigBuildError, ConfigError, ReconfigureError};

pub use flatten::{Flatten, Flattenable};

pub use list_builder::{MultilineListBuilder, MultilineListBuilderError};

pub use listen::*;

pub use load::{resolve, resolve_ignore_warnings, resolve_return_results};

pub use misc::*;

pub use mut_cfg::MutCfg;

pub use sources::{ConfigurationSource, ConfigurationSources};

#[doc(hidden)]

pub use derive_deftly;

#[doc(hidden)]

pub use flatten::flattenable_extract_fields;

derive_deftly::template_export_semver_check! { "0.12.1" }

/// A set of configuration fields, represented as a set of nested K=V

/// mappings.

///

/// (This is a wrapper for an underlying type provided by the library that

/// actually does our configuration.)

#[derive(Clone, Debug)]

pub struct ConfigurationTree(figment::Figment);

#[cfg(test)]

impl ConfigurationTree {

    #[cfg(test)]

        use figment::value::Value as V;

        })

}

/// Rules for reconfiguring a running Arti instance.

#[derive(Debug, Clone, Copy, Eq, PartialEq)]

#[non_exhaustive]

pub enum Reconfigure {

    /// Perform no reconfiguration unless we can guarantee that all changes will be successful.

    AllOrNothing,

    /// Try to reconfigure as much as possible; warn on fields that we cannot reconfigure.

    WarnOnFailures,

    /// Don't reconfigure anything: Only check whether we can guarantee that all changes will be successful.

    CheckAllOrNothing,

}

impl Reconfigure {

    /// Called when we see a disallowed attempt to change `field`: either give a ReconfigureError,

    /// or warn and return `Ok(())`, depending on the value of `self`.

            Reconfigure::AllOrNothing | Reconfigure::CheckAllOrNothing => {

            }

            Reconfigure::WarnOnFailures => {

            }

        }

}

/// Resolves an `Option<Option<T>>` (in a builder) into an `Option<T>`

///

///  * If the input is `None`, this indicates that the user did not specify a value,

///    and we therefore use `def` to obtain the default value.

///

///  * If the input is `Some(None)`, or `Some(Some(Default::default()))`,

///    the user has explicitly specified that this config item should be null/none/nothing,

///    so we return `None`.

///

///  * Otherwise the user provided an actual value, and we return `Some` of it.

///

/// See <https://gitlab.torproject.org/tpo/core/arti/-/issues/488>

///

/// For consistency with other APIs in Arti, when using this,

/// do not pass `setter(strip_option)` to derive_builder.

///

/// # ⚠ Stability Warning ⚠

///

/// We may significantly change this so that it is an method in an extension trait.

//

// This is an annoying AOI right now because you have to write things like

//     #[builder(field(build = r#"tor_config::resolve_option(&self.dns_port, || None)"#))]

//     pub(crate) dns_port: Option<u16>,

// which recapitulates the field name.  That is very much a bug hazard (indeed, in an

// early version of some of this code I perpetrated precisely that bug).

// Fixing this involves a derive_builder feature.

{

    )

/// Resolves an `Option<Option<&T>>` (in a builder) into an `Option<T>`, more generally

///

/// Like [`resolve_option`], but:

///

///  * Doesn't rely on `T` being `Default + PartialEq`

///    to determine whether it's the sentinel value;

///    instead, takes `is_sentinel`.

///

///  * Takes `Option<Option<&T>>` which is more general, but less like the usual call sites.

///

/// # Behavior

///

///  * If the input is `None`, this indicates that the user did not specify a value,

///    and we therefore use `def` to obtain the default value.

///

///  * If the input is `Some(None)`, or `Some(Some(v))` where `is_sentinel(v)` returns true,

///    the user has explicitly specified that this config item should be null/none/nothing,

///    so we return `None`.

///

///  * Otherwise the user provided an actual value, and we return `Some` of it.

///

/// See <https://gitlab.torproject.org/tpo/core/arti/-/issues/488>

///

/// # ⚠ Stability Warning ⚠

///

/// We may significantly change this so that it is an method in an extension trait.

///

/// # Example

/// ```

/// use tor_config::resolve_option_general;

///

/// // Use 0 as a sentinel meaning "explicitly clear" in this example

/// let is_sentinel = |v: &i32| *v == 0;

///

/// // No value provided: use default

/// assert_eq!(

///     resolve_option_general(None, is_sentinel, || Some(10)),

///     Some(10),

/// );

///

/// // Explicitly None

/// assert_eq!(

///     resolve_option_general(Some(None), is_sentinel, || Some(10)),

///     None,

/// );

///

/// // Sentinel value (0) -> return None

/// assert_eq!(

///     resolve_option_general(Some(Some(&0)), is_sentinel, || Some(10)),

///     None,

/// );

///

/// // Set to actual value -> return that value

/// assert_eq!(

///     resolve_option_general(Some(Some(&5)), is_sentinel, || Some(10)),

///     Some(5),

/// );

/// ```

{

    }

/// Defines standard impls for a struct with a `Builder`, incl `Default`

///

/// **Use this.**  Do not `#[derive(Builder, Default)]`.  That latter approach would produce

/// wrong answers if builder attributes are used to specify non-`Default` default values.

///

/// # Input syntax

///

/// ```

/// use derive_builder::Builder;

/// use serde::{Deserialize, Serialize};

/// use tor_config::impl_standard_builder;

/// use tor_config::ConfigBuildError;

///

/// #[derive(Debug, Builder, Clone, Eq, PartialEq)]

/// #[builder(derive(Serialize, Deserialize, Debug))]

/// #[builder(build_fn(error = "ConfigBuildError"))]

/// struct SomeConfigStruct { }

/// impl_standard_builder! { SomeConfigStruct }

///

/// #[derive(Debug, Builder, Clone, Eq, PartialEq)]

/// struct UnusualStruct { }

/// impl_standard_builder! { UnusualStruct: !Deserialize + !Builder }

/// ```

///

/// # Requirements

///

/// `$Config`'s builder must have default values for all the fields,

/// or this macro-generated self-test will fail.

/// This should be OK for all principal elements of our configuration.

///

/// `$ConfigBuilder` must have an appropriate `Deserialize` impl.

///

/// # Options

///

///  * `!Default` suppresses the `Default` implementation, and the corresponding tests.

///    This should be done within Arti's configuration only for sub-structures which

///    contain mandatory fields (and are themselves optional).

///

///  * `!Deserialize` suppresses the test case involving `Builder: Deserialize`.

///    This should not be done for structs which are part of Arti's configuration,

///    but can be appropriate for other types that use [`derive_builder`].

///

///  * `!Builder` suppresses the impl of the [`tor_config::load::Builder`](load::Builder) trait

///    This will be necessary if the error from the builder is not [`ConfigBuildError`].

///

/// # Generates

///

///  * `impl Default for $Config`

///  * `impl Builder for $ConfigBuilder`

///  * a self-test that the `Default` impl actually works

///  * a test that the `Builder` can be deserialized from an empty [`ConfigurationTree`],

///    and then built, and that the result is the same as the ordinary default.

//

// The implementation munches fake "trait bounds" (`: !Deserialize + !Wombat ...`) off the RHS.

// We're going to add at least one more option.

//

// When run with `!Default`, this only generates a `builder` impl and an impl of

// the `Resolvable` trait which probably won't be used anywhere.  That may seem

// like a poor tradeoff (much fiddly macro code to generate a trivial function in

// a handful of call sites).  However, this means that `impl_standard_builder!`

// can be used in more places.  That sets a good example: always use the macro.

//

// That is a good example because we want `impl_standard_builder!` to be

// used elsewhere because it generates necessary tests of properties

// which might otherwise be violated.  When adding code, people add according to the

// patterns they see.

//

// (We, sadly, don't have a good way to *ensure* use of `impl_standard_builder`.)

#[macro_export]

macro_rules! impl_standard_builder {

    // Convert the input into the "being processed format":

    {

        $Config:ty $(: $($options:tt)* )?

    } => { $crate::impl_standard_builder!{

        // ^Being processed format:

        @ ( Builder                    )

          ( default                    )

          ( extract                    ) $Config    :                 $( $( $options    )* )?

        //  ~~~~~~~~~~~~~~~              ^^^^^^^    ^   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

        // present iff not !Builder, !Default

        // present iff not !Default

        // present iff not !Deserialize  type      always present    options yet to be parsed

    } };

    // If !Deserialize is the next option, implement it by making $try_deserialize absent

    {

        @ ( $($Builder        :ident)? )

          ( $($default        :ident)? )

          ( $($try_deserialize:ident)? ) $Config:ty : $(+)? !Deserialize $( $options:tt )*

    } => {  $crate::impl_standard_builder!{

        @ ( $($Builder              )? )

          ( $($default              )? )

          (                            ) $Config    :                    $( $options    )*

    } };

    // If !Builder is the next option, implement it by making $Builder absent

    {

        @ ( $($Builder        :ident)? )

          ( $($default        :ident)? )

          ( $($try_deserialize:ident)? ) $Config:ty : $(+)? !Builder     $( $options:tt )*

    } => {  $crate::impl_standard_builder!{

        @ (                            )

          ( $($default              )? )

          ( $($try_deserialize      )? ) $Config    :                    $( $options    )*

    } };

    // If !Default is the next option, implement it by making $default absent

    {

        @ ( $($Builder        :ident)? )

          ( $($default        :ident)? )

          ( $($try_deserialize:ident)? ) $Config:ty : $(+)? !Default     $( $options:tt )*

    } => {  $crate::impl_standard_builder!{

        @ ( $($Builder              )? )

          (                            )

          ( $($try_deserialize      )? ) $Config    :                    $( $options    )*

    } };

    // Having parsed all options, produce output:

    {

        @ ( $($Builder        :ident)? )

          ( $($default        :ident)? )

          ( $($try_deserialize:ident)? ) $Config:ty : $(+)?

    } => { $crate::deps::paste!{

        impl $Config {

            /// Returns a fresh, default, builder

        }

        $( // expands iff there was $default, which is always default

            impl Default for $Config {

                    // unwrap is good because one of the test cases above checks that it works!

            }

        )?

        $( // expands iff there was $Builder, which is always Builder

            impl $crate::load::$Builder for [< $Config Builder >] {

                type Built = $Config;

            }

        )?

        #[test]

        #[allow(non_snake_case)]

            #[allow(unused_variables)]

            $( // expands iff there was $default, which is always default

            )?

    } };

}

#[cfg(test)]

mod test {

    // @@ begin test lint list maintained by maint/add_warning @@

    #![allow(clippy::bool_assert_comparison)]

    #![allow(clippy::clone_on_copy)]

    #![allow(clippy::dbg_macro)]

    #![allow(clippy::mixed_attributes_style)]

    #![allow(clippy::print_stderr)]

    #![allow(clippy::print_stdout)]

    #![allow(clippy::single_char_pattern)]

    #![allow(clippy::unwrap_used)]

    #![allow(clippy::unchecked_time_subtraction)]

    #![allow(clippy::useless_vec)]

    #![allow(clippy::needless_pass_by_value)]

    //! <!-- @@ end test lint list maintained by maint/add_warning @@ -->

    use super::*;

    use crate as tor_config;

    use derive_builder::Builder;

    use serde::{Deserialize, Serialize};

    use serde_json::json;

    use tracing_test::traced_test;

    #[test]

    #[traced_test]

    fn reconfigure_helpers() {

        let how = Reconfigure::AllOrNothing;

        let err = how.cannot_change("the_laws_of_physics").unwrap_err();

        assert_eq!(

            err.to_string(),

            "Cannot change the_laws_of_physics on a running client.".to_owned()

        );

        let how = Reconfigure::WarnOnFailures;

        let ok = how.cannot_change("stuff");

        assert!(ok.is_ok());

        assert!(logs_contain("Cannot change stuff on a running client."));

    }

    #[test]

    #[rustfmt::skip] // autoformatting obscures the regular structure

    fn resolve_option_test() {

        #[derive(Debug, Clone, Builder, Eq, PartialEq)]

        #[builder(build_fn(error = "ConfigBuildError"))]

        #[builder(derive(Debug, Serialize, Deserialize, Eq, PartialEq))]

        struct TestConfig {

            #[builder(field(build = r#"tor_config::resolve_option(&self.none, || None)"#))]

            none: Option<u32>,

            #[builder(field(build = r#"tor_config::resolve_option(&self.four, || Some(4))"#))]

            four: Option<u32>,

        }

        // defaults

        {

            let builder_from_json: TestConfigBuilder = serde_json::from_value(

                json!{ { } }

            ).unwrap();

            let builder_from_methods = TestConfigBuilder::default();

            assert_eq!(builder_from_methods, builder_from_json);

            assert_eq!(builder_from_methods.build().unwrap(),

                        TestConfig { none: None, four: Some(4) });

        }

        // explicit positive values

        {

            let builder_from_json: TestConfigBuilder = serde_json::from_value(

                json!{ { "none": 123, "four": 456 } }

            ).unwrap();

            let mut builder_from_methods = TestConfigBuilder::default();

            builder_from_methods.none(Some(123));

            builder_from_methods.four(Some(456));

            assert_eq!(builder_from_methods, builder_from_json);

            assert_eq!(builder_from_methods.build().unwrap(),

                       TestConfig { none: Some(123), four: Some(456) });

        }

        // explicit "null" values

        {

            let builder_from_json: TestConfigBuilder = serde_json::from_value(

                json!{ { "none": 0, "four": 0 } }

            ).unwrap();

            let mut builder_from_methods = TestConfigBuilder::default();

            builder_from_methods.none(Some(0));

            builder_from_methods.four(Some(0));

            assert_eq!(builder_from_methods, builder_from_json);

            assert_eq!(builder_from_methods.build().unwrap(),

                       TestConfig { none: None, four: None });

        }

        // explicit None (API only, serde can't do this for Option)

        {

            let mut builder_from_methods = TestConfigBuilder::default();

            builder_from_methods.none(None);

            builder_from_methods.four(None);

            assert_eq!(builder_from_methods.build().unwrap(),

                       TestConfig { none: None, four: None });

        }

    }

}