feat: re-architecturing

.github/workflows/engine.yml → .github/workflows/runtime.yml

@@ -1,39 +1,39 @@
-name: Engine (cross platform)
+name: Runtime (cross platform)
 on:
   push:
     branches:
       - main
     tags:
       - 'v*'
   pull_request:
     paths:
-      - 'engine/**'
+      - 'runtime/**'
 jobs:
   tests-windows:
     permissions:
       id-token: write
       contents: read
-    name: WindowsEngineTests
+    name: WindowsRuntimeTests
     runs-on: windows-latest
     steps:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/go
         with:
           app_id: ${{ vars.DOCKER_READ_APP_ID }}
           app_private_key: ${{ secrets.DOCKER_READ_APP_PRIVATE_KEY }}
-      - name: Test engine
-        run: make engine-unit-tests
+      - name: Test runtime
+        run: make runtime-unit-tests
   tests-macos:
     permissions:
       id-token: write
       contents: read
-    name: MacOSEngineTests
+    name: MacOSRuntimeTests
     runs-on: macos-latest
     steps:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/go
         with:
           app_id: ${{ vars.DOCKER_READ_APP_ID }}
           app_private_key: ${{ secrets.DOCKER_READ_APP_PRIVATE_KEY }}
-      - name: Test engine
-        run: CGO_ENABLED=1 make engine-unit-tests
+      - name: Test runtime
+        run: CGO_ENABLED=1 make runtime-unit-tests

Makefile

@@ -81,8 +81,8 @@ keychain-linux-unit-tests:
 keychain-unit-tests:
 	CGO_ENABLED=1 go test -trimpath -race -v $$(go list ./store/keychain/...)
 
-engine-unit-tests:
-	go test -trimpath -race -v $$(go list ./engine/...)
+runtime-unit-tests:
+	go test -trimpath -race -v $$(go list ./runtime/...)
 
 proto-generate:
 	@docker buildx build $(DOCKER_BUILD_ARGS) -o . --target=proto-generate .

client/.gomodguard.yaml

@@ -1,7 +1,7 @@
 ---
 blocked:
   modules:
-    - github.com/docker/secrets-engine/engine:
+    - github.com/docker/secrets-engine/runtime:
         reason: "Forbidden dependency"
     - github.com/docker/secrets-engine/injector:
         reason: "Forbidden dependency"

client/client.go

@@ -102,7 +102,7 @@ func New(options ...Option) (Client, error) {
 	}
 	c := &http.Client{
 		Transport: &http.Transport{
-			// re-use the same connection to the engine, this speeds up subsequent
+			// re-use the same connection to the runtime, this speeds up subsequent
 			// calls.
 			MaxConnsPerHost:     api.DefaultClientMaxConnsPerHost,
 			MaxIdleConnsPerHost: api.DefaultClientMaxIdleConnsPerHost,

go.work

@@ -2,10 +2,10 @@ go 1.25.0
 
 use (
 	./client
-	./engine
 	./plugin
 	./plugins/credentialhelper
 	./plugins/pass
+	./runtime
 	./store
 	./x
 )

go.work.sum

@@ -46,6 +46,7 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/fvbommel/sortorder v1.1.0 h1:fUmoe+HLsBTctBDoaBwpQo5N+nrCp8g/BjKb/6ZQmYw=
 github.com/fvbommel/sortorder v1.1.0/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0=
+github.com/go-chi/chi/v5 v5.2.3/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
 github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA=
 github.com/go-jose/go-jose/v4 v4.1.1/go.mod h1:BdsZGqgdO3b6tTc6LSE56wcDbMMLuPsw5d4ZD5f94kA=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=

plugin/.gomodguard.yaml

@@ -3,7 +3,7 @@ blocked:
   modules:
     - github.com/docker/secrets-engine/client:
         reason: "Forbidden dependency"
-    - github.com/docker/secrets-engine/engine:
+    - github.com/docker/secrets-engine/runtime:
         reason: "Forbidden dependency"
     - github.com/docker/secrets-engine/injector:
         reason: "Forbidden dependency"

plugin/config.go

@@ -16,7 +16,7 @@ import (
 const hijackTimeout = 2 * time.Second
 
 // ManualLaunchOption to apply to a plugin during its creation
-// when it's manually launched (not by the secrets engine).
+// when it's manually launched (not by the secrets runtime).
 type ManualLaunchOption func(c *cfg) error
 
 // WithPluginName sets the name to use in plugin registration.
@@ -38,7 +38,7 @@ func WithRegistrationTimeout(timeout time.Duration) ManualLaunchOption {
 	}
 }
 
-// WithConnection sets an existing secrets engine connection to use.
+// WithConnection sets an existing secrets runtime connection to use.
 func WithConnection(conn net.Conn) ManualLaunchOption {
 	return func(s *cfg) error {
 		if s.conn != nil {

plugin/config_test.go

@@ -113,14 +113,14 @@ func Test_restoreConfig(t *testing.T) {
 		test func(t *testing.T)
 	}{
 		{
-			name: "no config from the engine",
+			name: "no config from the runtime",
 			test: func(t *testing.T) {
 				_, err := restoreConfig(&mockPlugin{})
 				assert.ErrorIs(t, err, errPluginNotLaunchedByEngine)
 			},
 		},
 		{
-			name: "invalid config from the engine",
+			name: "invalid config from the runtime",
 			test: func(t *testing.T) {
 				t.Setenv(api.PluginLaunchedByEngineVar, "test-plugin")
 				_, err := restoreConfig(&mockPlugin{})

plugin/setup.go

@@ -48,7 +48,7 @@ func setup(ctx context.Context, config cfg, onClose func(err error)) (io.Closer,
 		<-closed
 		ipc.Close()
 	}()
-	config.Logger.Printf("Started plugin (engine: %s@%s) %s...", runtimeCfg.Engine, runtimeCfg.Version, config.name)
+	config.Logger.Printf("Started plugin (runtime: %s@%s) %s...", runtimeCfg.Engine, runtimeCfg.Version, config.name)
 	close(setupCompleted)
 	return ipc, nil
 }

plugin/stub.go

@@ -46,7 +46,7 @@ func (c *Config) Valid() error {
 
 // New creates a stub with the given plugin and options.
 // ManualLaunchOption only apply when the plugin is launched manually.
-// If launched by the secrets engine, they are ignored.
+// If launched by the secrets runtime, they are ignored.
 // If logger is nil, a default logger will be created and used.
 func New(p ExternalPlugin, config Config, opts ...ManualLaunchOption) (Stub, error) {
 	if err := config.Valid(); err != nil {

engine/engine.go → runtime/engine.go

@@ -1,4 +1,4 @@
-package engine
+package runtime
 
 import (
 	"context"
@@ -17,12 +17,12 @@ import (
 	"go.opentelemetry.io/otel/attribute"
 	"go.opentelemetry.io/otel/trace"
 
-	"github.com/docker/secrets-engine/engine/internal/config"
-	"github.com/docker/secrets-engine/engine/internal/plugin"
-	"github.com/docker/secrets-engine/engine/internal/registry"
-	"github.com/docker/secrets-engine/engine/internal/routes"
-	"github.com/docker/secrets-engine/engine/internal/runtime"
-	"github.com/docker/secrets-engine/engine/internal/runtime/builtin"
+	"github.com/docker/secrets-engine/runtime/internal/config"
+	"github.com/docker/secrets-engine/runtime/internal/plugin"
+	"github.com/docker/secrets-engine/runtime/internal/registry"
+	"github.com/docker/secrets-engine/runtime/internal/routes"
+	"github.com/docker/secrets-engine/runtime/internal/runtime"
+	"github.com/docker/secrets-engine/runtime/internal/runtime/builtin"
 	"github.com/docker/secrets-engine/x/ipc"
 	"github.com/docker/secrets-engine/x/logging"
 )
@@ -74,7 +74,7 @@ func newEngine(ctx context.Context, cfg config.Engine) (engine, error) {
 		close: sync.OnceValue(func() error {
 			defer cfg.Listener().Close()
 			stopErr := shutdownManagedPlugins()
-			// Close() has its own context that's derived from the initial context passed to the engine
+			// Close() has its own context that's derived from the initial context passed to the runtime
 			ctx, cancel := context.WithTimeout(context.WithoutCancel(ctx), engineShutdownTimeout)
 			defer cancel()
 			shutdownErr := server.Shutdown(ctx)

engine/engine_test.go → runtime/engine_test.go

@@ -1,4 +1,4 @@
-package engine
+package runtime
 
 import (
 	"context"
@@ -14,11 +14,11 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/docker/secrets-engine/engine/internal/mocks"
-	"github.com/docker/secrets-engine/engine/internal/plugin"
-	"github.com/docker/secrets-engine/engine/internal/registry"
-	"github.com/docker/secrets-engine/engine/internal/testdummy"
-	et "github.com/docker/secrets-engine/engine/internal/testhelper"
+	"github.com/docker/secrets-engine/runtime/internal/mocks"
+	"github.com/docker/secrets-engine/runtime/internal/plugin"
+	"github.com/docker/secrets-engine/runtime/internal/registry"
+	"github.com/docker/secrets-engine/runtime/internal/testdummy"
+	et "github.com/docker/secrets-engine/runtime/internal/testhelper"
 	"github.com/docker/secrets-engine/x/api"
 	"github.com/docker/secrets-engine/x/secrets"
 	"github.com/docker/secrets-engine/x/testhelper"
@@ -204,7 +204,7 @@ func Test_newEngine(t *testing.T) {
 		dir := testdummy.CreateDummyPlugins(t, testdummy.Plugins{Plugins: plugins})
 		socketPath := testhelper.RandomShortSocketName()
 		cfg := et.NewEngineConfig(t,
-			et.WithName("test-engine"),
+			et.WithName("test-runtime"),
 			et.WithVersion("v6"),
 			et.WithPluginPath(dir),
 			et.WithPluginLaunchMaxRetries(1),
@@ -226,7 +226,7 @@ func Test_newEngine(t *testing.T) {
 		dir := testdummy.CreateDummyPlugins(t, testdummy.Plugins{Plugins: plugins})
 		socketPath := testhelper.RandomShortSocketName()
 		cfg := et.NewEngineConfig(t,
-			et.WithName("test-engine"),
+			et.WithName("test-runtime"),
 			et.WithVersion("v8"),
 			et.WithPluginPath(dir),
 			et.WithListener(newListener(t, socketPath)),
@@ -264,7 +264,7 @@ func Test_newEngine(t *testing.T) {
 		require.NoError(t, err)
 
 		cfg := et.NewEngineConfig(t,
-			et.WithName("test-engine"),
+			et.WithName("test-runtime"),
 			et.WithVersion("v9"),
 			et.WithPluginsDisabled(true),
 			et.WithListener(newListener(t, socketPath)),
@@ -300,7 +300,7 @@ func Test_newEngine(t *testing.T) {
 		dir := testdummy.CreateDummyPlugins(t, testdummy.Plugins{Plugins: plugins})
 		socketPath := testhelper.RandomShortSocketName()
 		cfg := et.NewEngineConfig(t,
-			et.WithName("test-engine"),
+			et.WithName("test-runtime"),
 			et.WithVersion("v99"),
 			et.WithPluginPath(dir),
 			et.WithListener(newListener(t, socketPath)),
@@ -334,7 +334,7 @@ func Test_newEngine(t *testing.T) {
 		require.NoError(t, err)
 
 		cfg := et.NewEngineConfig(t,
-			et.WithName("test-engine"),
+			et.WithName("test-runtime"),
 			et.WithVersion("v1"),
 			et.WithPluginsDisabled(true),
 			et.WithListener(newListener(t, socketPath)),

engine/engine_unix.go → runtime/engine_unix.go

@@ -1,6 +1,6 @@
 //go:build !windows
 
-package engine
+package runtime
 
 import (
 	"io/fs"

engine/engine_windows.go → runtime/engine_windows.go

@@ -1,6 +1,6 @@
 //go:build windows
 
-package engine
+package runtime
 
 import (
 	"os"

engine/exports.go → runtime/exports.go

@@ -1,4 +1,4 @@
-package engine
+package runtime
 
 import (
 	"context"
@@ -12,11 +12,11 @@ import (
 	"go.opentelemetry.io/otel/codes"
 	"go.opentelemetry.io/otel/trace"
 
-	"github.com/docker/secrets-engine/engine/internal/runtime"
+	"github.com/docker/secrets-engine/runtime/internal/runtime"
 
-	"github.com/docker/secrets-engine/engine/internal/config"
-	"github.com/docker/secrets-engine/engine/internal/plugin"
-	"github.com/docker/secrets-engine/engine/internal/services/resolver"
+	"github.com/docker/secrets-engine/runtime/internal/config"
+	"github.com/docker/secrets-engine/runtime/internal/plugin"
+	"github.com/docker/secrets-engine/runtime/internal/services/resolver"
 	"github.com/docker/secrets-engine/x/api"
 	"github.com/docker/secrets-engine/x/logging"
 	"github.com/docker/secrets-engine/x/oshelper"
@@ -179,7 +179,7 @@ func WithListener(listener net.Listener) Option {
 	}
 }
 
-// WithPlugins sets a list of plugins that get bundled with the engine (batteries included plugins)
+// WithPlugins sets a list of plugins that get bundled with the runtime (batteries included plugins)
 func WithPlugins(plugins map[Config]plugin.Plugin) Option {
 	return func(r *engineConfig) error {
 		pluginsValidated := map[plugin.Metadata]plugin.Plugin{}
@@ -228,7 +228,7 @@ func WithMaxTries(maxTries uint) Option {
 	}
 }
 
-// WithAfterHealthyHook set a callback that gets called once the engine is ready to accept requests.
+// WithAfterHealthyHook set a callback that gets called once the runtime is ready to accept requests.
 func WithAfterHealthyHook(cb func(ctx context.Context) error) Option {
 	return func(r *engineConfig) error {
 		r.upCb = cb
@@ -260,7 +260,7 @@ func Run(ctx context.Context, name, version string, opts ...Option) error {
 		cfg.tracker = telemetry.NoopTracker()
 	}
 	if cfg.logger == nil {
-		cfg.logger = logging.NewDefaultLogger("engine")
+		cfg.logger = logging.NewDefaultLogger("runtime")
 	}
 	ctx = logging.WithLogger(ctx, cfg.logger)
 	cfg.tracker.TrackEvent(EventSecretsEngineStarted{})

engine/go.mod → runtime/go.mod

@@ -1,16 +1,12 @@
-module github.com/docker/secrets-engine/engine
+module github.com/docker/secrets-engine/runtime
 
 go 1.25.0
 
 // This `replace` is only for CI to function.
 // The correct version will get resolved from below when this module is
 // retrieved using `go get`.
-replace github.com/docker/secrets-engine/client => ../client
-
 replace github.com/docker/secrets-engine/plugin => ../plugin
 
-replace github.com/docker/secrets-engine/store => ../store
-
 replace github.com/docker/secrets-engine/x => ../x
 
 require (

engine/integration_runtimes_test.go → runtime/integration_runtimes_test.go

@@ -1,4 +1,4 @@
-package engine
+package runtime
 
 import (
 	"context"
@@ -16,10 +16,10 @@ import (
 	"go.opentelemetry.io/otel/codes"
 	"go.opentelemetry.io/otel/sdk/trace"
 
-	"github.com/docker/secrets-engine/engine/internal/mocks"
-	"github.com/docker/secrets-engine/engine/internal/plugin"
-	"github.com/docker/secrets-engine/engine/internal/testdummy"
 	p "github.com/docker/secrets-engine/plugin"
+	"github.com/docker/secrets-engine/runtime/internal/mocks"
+	"github.com/docker/secrets-engine/runtime/internal/plugin"
+	"github.com/docker/secrets-engine/runtime/internal/testdummy"
 	"github.com/docker/secrets-engine/x/api"
 	"github.com/docker/secrets-engine/x/api/resolver"
 	"github.com/docker/secrets-engine/x/secrets"
@@ -44,7 +44,7 @@ func testEngine(t *testing.T) (secrets.Resolver, string) {
 	t.Helper()
 	dir := testdummy.CreateDummyPlugins(t, testdummy.Plugins{Plugins: []testdummy.PluginBehaviour{{Value: "foo"}, {Value: "bar"}}})
 	socketPath := testhelper.RandomShortSocketName()
-	runEngineAsync(t, "test-engine", "test-version",
+	runEngineAsync(t, "test-runtime", "test-version",
 		WithLogger(testhelper.TestLogger(t)),
 		WithSocketPath(socketPath),
 		WithPluginPath(dir),
@@ -157,7 +157,7 @@ func Test_SecretsEngine(t *testing.T) {
 
 func TestWithDynamicPluginsDisabled(t *testing.T) {
 	path := filepath.Join(t.TempDir(), "e.sock")
-	runEngineAsync(t, "test-engine", "test-version",
+	runEngineAsync(t, "test-runtime", "test-version",
 		WithSocketPath(path),
 		WithPluginPath(t.TempDir()),
 		WithExternallyLaunchedPluginsDisabled(),
@@ -200,7 +200,7 @@ func TestWithEnginePluginsDisabled(t *testing.T) {
 			if test.extraOption != nil {
 				options = append(options, test.extraOption)
 			}
-			runEngineAsync(t, "test-engine", "test-version", options...)
+			runEngineAsync(t, "test-runtime", "test-version", options...)
 			c := newMockClient(socketPath)
 			_, err := c.GetSecrets(t.Context(), secrets.MustParsePattern("foo"))
 			if test.shouldGetSecretFromExternalPlugin {
@@ -228,7 +228,7 @@ func TestTelemetry(t *testing.T) {
 	defer cancel()
 	tracker := testhelper.NewTestTracker()
 	go func() {
-		errEngine <- Run(ctx, "test-engine", "test-version",
+		errEngine <- Run(ctx, "test-runtime", "test-version",
 			WithSocketPath(socketPath),
 			WithExternallyLaunchedPluginsDisabled(),
 			WithEngineLaunchedPluginsDisabled(),