From b4b0b464bdc1e7c27914badf1c1cb2e6a1c12f1a Mon Sep 17 00:00:00 2001
From: decentral1se <cellarspoon@riseup.net>
Date: Sat, 12 Mar 2022 09:39:30 +0100
Subject: [PATCH] fix: only delete secrets from specific app

See https://git.coopcloud.tech/coop-cloud/organising/issues/300.
---
 cli/app/secret.go | 68 ++++++++++++++++++++++++++++++-----------------
 1 file changed, 43 insertions(+), 25 deletions(-)

diff --git a/cli/app/secret.go b/cli/app/secret.go
index 84050c28..5b235467 100644
--- a/cli/app/secret.go
+++ b/cli/app/secret.go
@@ -10,10 +10,12 @@ import (
 	"coopcloud.tech/abra/cli/internal"
 	"coopcloud.tech/abra/pkg/autocomplete"
 	"coopcloud.tech/abra/pkg/client"
+	"coopcloud.tech/abra/pkg/config"
 	"coopcloud.tech/abra/pkg/formatter"
 	"coopcloud.tech/abra/pkg/secret"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
+	dockerClient "github.com/docker/docker/client"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
 )
@@ -150,6 +152,25 @@ Example:
 	},
 }
 
+// secretRm removes a secret.
+func secretRm(cl *dockerClient.Client, app config.App, secretName, parsed string) error {
+	if err := cl.SecretRemove(context.Background(), secretName); err != nil {
+		return err
+	}
+
+	logrus.Infof("deleted %s successfully from server", secretName)
+
+	if internal.Pass {
+		if err := secret.PassRmSecret(parsed, app.StackName(), app.Server); err != nil {
+			return err
+		}
+
+		logrus.Infof("deleted %s successfully from local pass store", secretName)
+	}
+
+	return nil
+}
+
 var appSecretRmCommand = cli.Command{
 	Name:    "remove",
 	Aliases: []string{"rm"},
@@ -172,6 +193,7 @@ Example:
 `,
 	Action: func(c *cli.Context) error {
 		app := internal.ValidateApp(c)
+		secrets := secret.ReadSecretEnvVars(app.Env)
 
 		if c.Args().Get(1) != "" && allSecrets {
 			internal.ShowSubcommandHelpAndError(c, errors.New("cannot use '<secret-name>' and '--all' together"))
@@ -193,37 +215,33 @@ Example:
 			logrus.Fatal(err)
 		}
 
-		secretToRm := c.Args().Get(1)
+		remoteSecretNames := make(map[string]bool)
 		for _, cont := range secretList {
-			secretName := cont.Spec.Annotations.Name
+			remoteSecretNames[cont.Spec.Annotations.Name] = true
+		}
+
+		secretToRm := c.Args().Get(1)
+		for sec := range secrets {
+			secretName := secret.ParseSecretEnvVarName(sec)
 			parsed := secret.ParseGeneratedSecretName(secretName, app)
-			if allSecrets {
-				if err := cl.SecretRemove(context.Background(), secretName); err != nil {
-					logrus.Fatal(err)
-				}
-				logrus.Infof("deleted %s successfully from server", secretName)
 
-				if internal.Pass {
-					if err := secret.PassRmSecret(parsed, app.StackName(), app.Server); err != nil {
-						logrus.Fatal(err)
-					}
+			secVal, err := secret.ParseSecretEnvVarValue(secrets[sec])
+			if err != nil {
+				logrus.Fatal(err)
+			}
 
-					logrus.Infof("deleted %s successfully from local pass store", secretName)
-				}
-			} else {
-				if parsed == secretToRm {
-					if err := cl.SecretRemove(context.Background(), secretName); err != nil {
-						logrus.Fatal(err)
-					}
-
-					logrus.Infof("deleted %s successfully from server", secretName)
-
-					if internal.Pass {
-						if err := secret.PassRmSecret(parsed, app.StackName(), app.Server); err != nil {
+			secretRemoteName := fmt.Sprintf("%s_%s_%s", app.StackName(), secretName, secVal.Version)
+			if _, ok := remoteSecretNames[secretRemoteName]; ok {
+				if secretToRm != "" {
+					if parsed == secretToRm {
+						if err := secretRm(cl, app, secretRemoteName, parsed); err != nil {
 							logrus.Fatal(err)
 						}
-
-						logrus.Infof("deleted %s successfully from local pass store", secretName)
+						return nil
+					}
+				} else {
+					if err := secretRm(cl, app, secretRemoteName, parsed); err != nil {
+						logrus.Fatal(err)
 					}
 				}
 			}