feat userver: support yaml_config as secdist format

Testing: new unit test
commit_hash:0dc060332fc42727d10e291a5c63d2b49e8f5f5c

core/include/userver/storages/secdist/secdist.hpp

@@ -46,6 +46,7 @@ class SecdistModule final {
 enum class SecdistFormat {
     kJson,
     kYaml,
+    kYamlConfig,
 };
 
 // clang-format off

core/src/storages/secdist/provider_component.cpp

@@ -60,6 +60,14 @@ formats::json::Value DoLoadFromFile(const std::string& path, SecdistFormat forma
         } else if (format == SecdistFormat::kYaml) {
             const auto yaml_doc = formats::yaml::FromStream(stream);
             doc = yaml_doc.As<formats::json::Value>();
+        } else if (format == SecdistFormat::kYamlConfig) {
+            // yaml_config allows user to read from env variables and other useful
+            // features.
+            const auto yaml_doc = formats::yaml::FromStream(stream);
+            const auto yaml_cfg =
+                yaml_config::YamlConfig(yaml_doc, {}, yaml_config::YamlConfig::Mode::kEnvAndFileAllowed);
+            // finally, convert to JSON
+            doc = yaml_cfg.As<formats::json::Value>();
         }
     } catch (const std::exception& e) {
         if (missing_ok) {
@@ -147,6 +155,8 @@ storages::secdist::SecdistFormat FormatFromString(std::string_view str) {
         return storages::secdist::SecdistFormat::kJson;
     } else if (str == "yaml") {
         return storages::secdist::SecdistFormat::kYaml;
+    } else if (str == "yaml_config") {
+        return storages::secdist::SecdistFormat::kYamlConfig;
     }
 
     UINVARIANT(false, fmt::format("Unknown secdist format '{}' (must be one of 'json', 'yaml')", str));

core/src/storages/secdist/secdist_test.cpp

@@ -67,6 +67,12 @@ const std::string kSecdistYaml =
     another username: drowssap rehtona
   )~";  /// [Secdist Usage Sample - yaml]
 
+const std::string kSecdistYamlConfig =
+    /** [Secdist Usage Sample - yaml_config] */ R"~(
+  user-passwords:
+    username#env: PASSWORD_ENV
+    another username: drowssap rehtona
+  )~";  /// [Secdist Usage Sample - yaml_config]
 }  // namespace
 
 TEST(SecdistConfig, Sample) {
@@ -102,6 +108,34 @@ TEST(SecdistYamlConfig, Sample) {
     EXPECT_TRUE(user_passwords.IsMatching("another username", another_password));
 }
 
+UTEST(SecdistYamlConfigConfig, Sample) {
+    static const std::string kVarName = "PASSWORD_ENV";
+
+    // NOLINTNEXTLINE(concurrency-mt-unsafe)
+    ASSERT_EQ(setenv(kVarName.c_str(), "drowssap", 1), 0);
+    engine::subprocess::UpdateCurrentEnvironmentVariables();
+
+    auto temp_file = fs::blocking::TempFile::Create();
+    fs::blocking::RewriteFileContents(temp_file.GetPath(), kSecdistYamlConfig);
+
+    storages::secdist::DefaultLoader provider{
+        {temp_file.GetPath(), storages::secdist::SecdistFormat::kYamlConfig, false, std::nullopt}};
+    storages::secdist::SecdistConfig secdist_config{{&provider}};
+
+    const auto& user_passwords = secdist_config.Get<UserPasswords>();
+
+    const auto password = UserPasswords::Password{"drowssap"};
+    const auto another_password = UserPasswords::Password{"drowssap rehtona"};
+    EXPECT_TRUE(user_passwords.IsMatching("username", password));
+    EXPECT_FALSE(user_passwords.IsMatching("username2", password));
+    EXPECT_TRUE(user_passwords.IsMatching("another username", another_password));
+
+    // NOLINTNEXTLINE(concurrency-mt-unsafe)
+    ASSERT_EQ(unsetenv(kVarName.c_str()), 0);
+
+    engine::subprocess::UpdateCurrentEnvironmentVariables();
+}
+
 UTEST(SecdistConfig, EnvironmentVariable) {
     static const std::string kVarName = "SECRET";