codegod100/abra
0
0
Fork 0
forked from toolshed/abra
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: add warning for long secret names (!359)

Browse Source 
A start of a fix for coop-cloud/organising#463
Putting some code out to start a discussion.  I've added a linting rule for recipes to establish a general principal but I want to put some validation into cli/app/new.go as that's the point we have both the recipe and the domain and can say for sure whether or not the secret names lengths cause a problem but that will have to wait for a bit.  Let me know if I've missed the mark somewhere

Reviewed-on: coop-cloud/abra#359
Reviewed-by: decentral1se <decentral1se@noreply.git.coopcloud.tech>
Co-authored-by: Rich M <r.p.makepeace@gmail.com>
Co-committed-by: Rich M <r.p.makepeace@gmail.com>
This commit is contained in:
Rich M
2024-04-06 21:41:37 +00:00
committed by decentral1se
parent 63ea58ffaa
commit d21c35965d
6 changed files with 47 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/secret/secret.go
View File

@ -89,7 +89,7 @@ func ReadSecretsConfig(appEnvPath string, composeFiles []string, stackName strin
appEnv["STACK_NAME"] = stackName
opts := stack.Deploy{Composefiles: composeFiles}
config, err := loader.LoadComposefile(opts, appEnv)
composeConfig, err := loader.LoadComposefile(opts, appEnv)
if err != nil {
return nil, err
}
@ -100,7 +100,7 @@ func ReadSecretsConfig(appEnvPath string, composeFiles []string, stackName strin
}
var enabledSecrets []string
for _, service := range config.Services {
for _, service := range composeConfig.Services {
for _, secret := range service.Secrets {
enabledSecrets = append(enabledSecrets, secret.Source)
}
@ -112,7 +112,7 @@ func ReadSecretsConfig(appEnvPath string, composeFiles []string, stackName strin
}
secretValues := map[string]Secret{}
for secretId, secretConfig := range config.Secrets {
for secretId, secretConfig := range composeConfig.Secrets {
if string(secretConfig.Name[len(secretConfig.Name)-1]) == "_" {
return nil, fmt.Errorf("missing version for secret? (%s)", secretId)
}
@ -126,6 +126,10 @@ func ReadSecretsConfig(appEnvPath string, composeFiles []string, stackName strin
secretVersion := secretConfig.Name[lastIdx+1:]
value := Secret{Version: secretVersion, RemoteName: secretConfig.Name}
if len(value.RemoteName) > config.MAX_DOCKER_SECRET_LENGTH {
return nil, fmt.Errorf("secret %s is > %d chars when combined with %s", secretId, config.MAX_DOCKER_SECRET_LENGTH, stackName)
}
// Check if the length modifier is set for this secret.
for envName, modifierValues := range appModifiers {
// configWithoutEnv contains the raw name as defined in the compose.yaml

11
pkg/secret/secret_test.go
View File

@ -28,3 +28,14 @@ func TestReadSecretsConfig(t *testing.T) {
assert.Equal(t, "v2", secretsFromConfig["test_pass_three"].Version)
assert.Equal(t, 0, secretsFromConfig["test_pass_three"].Length)
}
func TestReadSecretsConfigWithLongDomain(t *testing.T) {
composeFiles := []string{"./testdir/compose.yaml"}
_, err := ReadSecretsConfig("./testdir/.env.sample", composeFiles, "should_break_on_forty_eight_char_stack_nameeeeee")
if err == nil {
t.Fatal("Expected to fail")
}
// Check error
assert.Equal(t, "secret test_pass_one is > 64 chars when combined with should_break_on_forty_eight_char_stack_nameeeeee", err.Error())
}