Add a Provider Adapter
Add a Provider Adapter
Section titled “Add a Provider Adapter”Authoritative source: AetherCloud. This page is mirrored into the unified AetherIoT documentation.
This guide describes the implemented read-only provider discovery contract. It does not describe a generic cloud SDK wrapper. A Provider Adapter translates one explicit CloudConnection into provider observations while preserving provider-native identifiers and namespaced capabilities.
Implemented contract
Section titled “Implemented contract”The current foundation includes:
CloudProviderDescriptor,CloudConnection, andProviderRegiondomain values- the application-owned
ProviderAdapterport and dynamicProviderAdapterRegistry - the tenant/project-scoped
DiscoverProviderRegionsquery with thecloud-connections:readpermission - typed authentication, configuration, permission, rate-limit, and availability failures
- application-boundary checks for provider identity, connection identity, observation time, duplicate regions, and undeclared capabilities
providerAdapterConformance, a reusable adapter test suiteMemoryProviderAdapter, a deterministic test adapter
No provider SDK, credential resolver, persistence adapter, public discovery endpoint, or infrastructure mutation is implemented yet.
Adapter workflow
Section titled “Adapter workflow”- Define one descriptor with a stable lower-case provider identity, provider kind, portable capabilities, and namespaced provider capabilities.
- Implement the application-owned
ProviderAdapterinterface outsidepackages/domainandpackages/application. - Accept only a CloudConnection resolved for the authorized tenant and project
scope. Its
credentialSourceis a workload identity or secret reference, never the credential value. - Resolve short-lived access inside the adapter boundary. Do not place tokens in a snapshot, error, log, fixture, prompt, or generated module.
- Map expected provider failures to the typed result. Do not leak an SDK error as an application contract or report rate limiting as an empty region list.
- Return canonical UTC observation time, the exact Provider and Connection identities, unique regions, and capabilities declared by the descriptor.
- Run the shared conformance suite and provider-specific fixtures.
- Register the adapter only in a composition root.
Minimal shape:
export class ExampleProviderAdapter implements ProviderAdapter { readonly descriptor = exampleProviderDescriptor;
async discoverRegions( request: ProviderRegionDiscoveryRequest, ): Promise<ProviderRegionDiscoveryResult> { // Resolve short-lived access from request.connection.credentialSource. // Decode the provider response and return typed domain observations. }}Required conformance
Section titled “Required conformance”Every adapter test imports providerAdapterConformance from
@aether-cloud/provider-conformance. Supply a fresh adapter and a
CloudConnection belonging to that provider. The shared suite checks the
provider and connection scope, canonical observation time, unique region
identities, declared capabilities, and rejection of a mismatched connection.
Provider-specific tests remain necessary for response decoding, pagination, authentication, throttling, quota behavior, and malformed upstream data. The default test path uses fixtures and must not call a real cloud account.
Separate lifecycle support
Section titled “Separate lifecycle support”Infrastructure planning is now implemented behind a separate plan-only
InfrastructureEngine port. Real local OpenTofu Plan process execution is
implemented; Terraform process execution and infrastructure mutation remain
planned. A future provider adapter may select
versioned provider modules and normalize provider observations, but do not add
plan, apply, destroy, import, or State repair to the read-only discovery
method.
Read multi-cloud fusion for State and authority rules and repository layout for dependency placement.