fix: secret name generation when secretId is not part of the secret name

Follows 9affda8a70

AUTHORS.md

@@ -11,6 +11,7 @@
 - kawaiipunk
 - knoflook
 - moritz
+- p4u1
 - rix
 - roxxers
 - vera

Makefile

@@ -2,6 +2,7 @@ ABRA         := ./cmd/abra
 KADABRA      := ./cmd/kadabra
 COMMIT       := $(shell git rev-list -1 HEAD)
 GOPATH       := $(shell go env GOPATH)
+GOVERSION    := 1.21
 LDFLAGS      := "-X 'main.Commit=$(COMMIT)'"
 DIST_LDFLAGS := $(LDFLAGS)" -s -w"
 
@@ -30,6 +31,12 @@ build-kadabra:
 
 build: build-abra build-kadabra
 
+build-docker-abra:
+	@docker run -it -v $(PWD):/abra golang:$(GOVERSION) \
+		bash -c 'cd /abra; ./scripts/docker/build.sh'
+
+build-docker: build-docker-abra
+
 clean:
 	@rm '$(GOPATH)/bin/abra'
 	@rm '$(GOPATH)/bin/kadabra'

cli/app/cmd.go

@@ -10,6 +10,7 @@ import (
 	"strings"
 
 	"coopcloud.tech/abra/cli/internal"
+	"coopcloud.tech/abra/pkg/app"
 	"coopcloud.tech/abra/pkg/autocomplete"
 	"coopcloud.tech/abra/pkg/client"
 	"coopcloud.tech/abra/pkg/config"
@@ -45,6 +46,17 @@ Example:
 	},
 	Before:      internal.SubCommandBefore,
 	Subcommands: []cli.Command{appCmdListCommand},
+	BashComplete: func(ctx *cli.Context) {
+		args := ctx.Args()
+		switch len(args) {
+		case 0:
+			autocomplete.AppNameComplete(ctx)
+		case 1:
+			autocomplete.ServiceNameComplete(args.Get(0))
+		case 2:
+			cmdNameComplete(args.Get(0))
+		}
+	},
 	Action: func(c *cli.Context) error {
 		app := internal.ValidateApp(c)
 
@@ -187,6 +199,20 @@ func parseCmdArgs(args []string, isLocal bool) (bool, string) {
 	return hasCmdArgs, parsedCmdArgs
 }
 
+func cmdNameComplete(appName string) {
+	app, err := app.Get(appName)
+	if err != nil {
+		return
+	}
+	cmdNames, _ := getShCmdNames(app)
+	if err != nil {
+		return
+	}
+	for _, n := range cmdNames {
+		fmt.Println(n)
+	}
+}
+
 var appCmdListCommand = cli.Command{
 	Name:      "list",
 	Aliases:   []string{"ls"},
@@ -222,13 +248,11 @@ var appCmdListCommand = cli.Command{
 			}
 		}
 
-		abraShPath := fmt.Sprintf("%s/%s/%s", config.RECIPES_DIR, app.Recipe, "abra.sh")
+		cmdNames, err := getShCmdNames(app)
-		cmdNames, err := config.ReadAbraShCmdNames(abraShPath)
 		if err != nil {
 			logrus.Fatal(err)
 		}
 
-		sort.Strings(cmdNames)
 		for _, cmdName := range cmdNames {
 			fmt.Println(cmdName)
 		}
@@ -236,3 +260,14 @@ var appCmdListCommand = cli.Command{
 		return nil
 	},
 }
+
+func getShCmdNames(app config.App) ([]string, error) {
+	abraShPath := fmt.Sprintf("%s/%s/%s", config.RECIPES_DIR, app.Recipe, "abra.sh")
+	cmdNames, err := config.ReadAbraShCmdNames(abraShPath)
+	if err != nil {
+		return nil, err
+	}
+
+	sort.Strings(cmdNames)
+	return cmdNames, nil
+}

cli/app/new.go

@@ -97,7 +97,7 @@ var appNewCommand = cli.Command{
 		var secrets AppSecrets
 		var secretTable *jsontable.JSONTable
 		if internal.Secrets {
-			sampleEnv, err := recipe.SampleEnv(config.ReadEnvOptions{})
+			sampleEnv, err := recipe.SampleEnv()
 			if err != nil {
 				logrus.Fatal(err)
 			}
@@ -108,7 +108,7 @@ var appNewCommand = cli.Command{
 			}
 
 			envSamplePath := path.Join(config.RECIPES_DIR, recipe.Name, ".env.sample")
-			secretsConfig, err := secret.ReadSecretsConfig(envSamplePath, composeFiles, recipe.Name)
+			secretsConfig, err := secret.ReadSecretsConfig(envSamplePath, composeFiles, config.StackName(internal.Domain))
 			if err != nil {
 				return err
 			}
@@ -168,14 +168,8 @@ var appNewCommand = cli.Command{
 type AppSecrets map[string]string
 
 // createSecrets creates all secrets for a new app.
-func createSecrets(cl *dockerClient.Client, secretsConfig map[string]string, sanitisedAppName string) (AppSecrets, error) {
+func createSecrets(cl *dockerClient.Client, secretsConfig map[string]secret.Secret, sanitisedAppName string) (AppSecrets, error) {
-	// NOTE(d1): trim to match app.StackName() implementation
+	secrets, err := secret.GenerateSecrets(cl, secretsConfig, internal.NewAppServer)
-	if len(sanitisedAppName) > 45 {
-		logrus.Debugf("trimming %s to %s to avoid runtime limits", sanitisedAppName, sanitisedAppName[:45])
-		sanitisedAppName = sanitisedAppName[:45]
-	}
-
-	secrets, err := secret.GenerateSecrets(cl, secretsConfig, sanitisedAppName, internal.NewAppServer)
 	if err != nil {
 		return nil, err
 	}
@@ -217,7 +211,7 @@ func ensureDomainFlag(recipe recipe.Recipe, server string) error {
 }
 
 // promptForSecrets asks if we should generate secrets for a new app.
-func promptForSecrets(recipeName string, secretsConfig map[string]string) error {
+func promptForSecrets(recipeName string, secretsConfig map[string]secret.Secret) error {
 	if len(secretsConfig) == 0 {
 		logrus.Debugf("%s has no secrets to generate, skipping...", recipeName)
 		return nil

cli/app/secret.go

@@ -20,19 +20,23 @@ import (
 	"github.com/urfave/cli"
 )
 
-var allSecrets bool
+var (
-var allSecretsFlag = &cli.BoolFlag{
+	allSecrets     bool
+	allSecretsFlag = &cli.BoolFlag{
 		Name:        "all, a",
 		Destination: &allSecrets,
 		Usage:       "Generate all secrets",
 	}
+)
 
-var rmAllSecrets bool
+var (
-var rmAllSecretsFlag = &cli.BoolFlag{
+	rmAllSecrets     bool
+	rmAllSecretsFlag = &cli.BoolFlag{
 		Name:        "all, a",
 		Destination: &rmAllSecrets,
 		Usage:       "Remove all secrets",
 	}
+)
 
 var appSecretGenerateCommand = cli.Command{
 	Name:      "generate",
@@ -87,28 +91,22 @@ var appSecretGenerateCommand = cli.Command{
 			logrus.Fatal(err)
 		}
 
-		secretsConfig, err := secret.ReadSecretsConfig(app.Path, composeFiles, app.Recipe)
+		secrets, err := secret.ReadSecretsConfig(app.Path, composeFiles, app.StackName())
 		if err != nil {
 			logrus.Fatal(err)
 		}
 
-		secretsToCreate := make(map[string]string)
+		if !allSecrets {
-		if allSecrets {
-			secretsToCreate = secretsConfig
-		} else {
 			secretName := c.Args().Get(1)
 			secretVersion := c.Args().Get(2)
-			matches := false
+			s, ok := secrets[secretName]
-			for name := range secretsConfig {
+			if !ok {
-				if secretName == name {
-					secretsToCreate[name] = secretVersion
-					matches = true
-				}
-			}
-
-			if !matches {
 				logrus.Fatalf("%s doesn't exist in the env config?", secretName)
 			}
+			s.Version = secretVersion
+			secrets = map[string]secret.Secret{
+				secretName: s,
+			}
 		}
 
 		cl, err := client.New(app.Server)
@@ -116,7 +114,7 @@ var appSecretGenerateCommand = cli.Command{
 			logrus.Fatal(err)
 		}
 
-		secretVals, err := secret.GenerateSecrets(cl, secretsToCreate, app.StackName(), app.Server)
+		secretVals, err := secret.GenerateSecrets(cl, secrets, app.Server)
 		if err != nil {
 			logrus.Fatal(err)
 		}
@@ -276,7 +274,7 @@ Example:
 			logrus.Fatal(err)
 		}
 
-		secretsConfig, err := secret.ReadSecretsConfig(app.Path, composeFiles, app.Recipe)
+		secrets, err := secret.ReadSecretsConfig(app.Path, composeFiles, app.StackName())
 		if err != nil {
 			logrus.Fatal(err)
 		}
@@ -311,12 +309,7 @@ Example:
 
 		match := false
 		secretToRm := c.Args().Get(1)
-		for secretName, secretValue := range secretsConfig {
+		for secretName, val := range secrets {
-			val, err := secret.ParseSecretValue(secretValue)
-			if err != nil {
-				logrus.Fatal(err)
-			}
-
 			secretRemoteName := fmt.Sprintf("%s_%s_%s", app.StackName(), secretName, val.Version)
 			if _, ok := remoteSecretNames[secretRemoteName]; ok {
 				if secretToRm != "" {

go.mod

@@ -4,8 +4,8 @@ go 1.21
 
 require (
 	coopcloud.tech/tagcmp v0.0.0-20211103052201-885b22f77d52
+	git.coopcloud.tech/coop-cloud/godotenv v1.5.2-0.20231130100509-01bff8284355
 	github.com/AlecAivazis/survey/v2 v2.3.7
-	github.com/Autonomic-Cooperative/godotenv v1.3.1-0.20210731094149-b031ea1211e7
 	github.com/Gurpartap/logrus-stack v0.0.0-20170710170904-89c00d8a28f4
 	github.com/docker/cli v24.0.7+incompatible
 	github.com/docker/distribution v2.8.3+incompatible
@@ -16,7 +16,7 @@ require (
 	github.com/moby/term v0.5.0
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/pkg/errors v0.9.1
-	github.com/schollz/progressbar/v3 v3.14.0
+	github.com/schollz/progressbar/v3 v3.14.1
 	github.com/sirupsen/logrus v1.9.3
 	gotest.tools/v3 v3.5.1
 )
@@ -56,7 +56,7 @@ require (
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
 	github.com/klauspost/compress v1.14.2 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
-	github.com/mattn/go-isatty v0.0.17 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
@@ -71,7 +71,7 @@ require (
 	github.com/prometheus/client_model v0.3.0 // indirect
 	github.com/prometheus/common v0.42.0 // indirect
 	github.com/prometheus/procfs v0.10.1 // indirect
-	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/skeema/knownhosts v1.2.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
@@ -82,7 +82,7 @@ require (
 	golang.org/x/mod v0.12.0 // indirect
 	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/sync v0.3.0 // indirect
-	golang.org/x/term v0.13.0 // indirect
+	golang.org/x/term v0.14.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect
 	golang.org/x/tools v0.13.0 // indirect

go.sum

@@ -51,12 +51,12 @@ coopcloud.tech/tagcmp v0.0.0-20211103052201-885b22f77d52/go.mod h1:ESVm0wQKcbcFi
 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+git.coopcloud.tech/coop-cloud/godotenv v1.5.2-0.20231130100509-01bff8284355 h1:tCv2B4qoN6RMheKDnCzIafOkWS5BB1h7hwhmo+9bVeE=
+git.coopcloud.tech/coop-cloud/godotenv v1.5.2-0.20231130100509-01bff8284355/go.mod h1:Q8V1zbtPAlzYSr/Dvky3wS6x58IQAl3rot2me1oSO2Q=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0=
 github.com/AlecAivazis/survey/v2 v2.3.7 h1:6I/u8FvytdGsgonrYsVn2t8t4QiRnh6QSTqkkhIiSjQ=
 github.com/AlecAivazis/survey/v2 v2.3.7/go.mod h1:xUTIdE4KCOIjsBAE1JYsUPoCqYdZ1reCfTwbto0Fduo=
-github.com/Autonomic-Cooperative/godotenv v1.3.1-0.20210731094149-b031ea1211e7 h1:asQtdXYbxEYWcwAQqJTVYC/RltB4eqoWKvqWg/LFPOg=
-github.com/Autonomic-Cooperative/godotenv v1.3.1-0.20210731094149-b031ea1211e7/go.mod h1:oZRCMMRS318l07ei4DTqbZoOawfJlJ4yyo8juk2v4Rk=
 github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
@@ -590,8 +590,8 @@ github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHh
 github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
-github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA=
+github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=
-github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
+github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
 github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
 github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
@@ -705,8 +705,8 @@ github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcME
 github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
-github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
-github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
@@ -885,8 +885,9 @@ github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1
 github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg=
 github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
+github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
@@ -900,8 +901,8 @@ github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb
 github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
 github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
-github.com/schollz/progressbar/v3 v3.13.1 h1:o8rySDYiQ59Mwzy2FELeHY5ZARXZTVJC7iHD6PEFUiE=
+github.com/schollz/progressbar/v3 v3.14.1 h1:VD+MJPCr4s3wdhTc7OEJ/Z3dAeBzJ7yKH/P4lC5yRTI=
-github.com/schollz/progressbar/v3 v3.13.1/go.mod h1:xvrbki8kfT1fzWzBT/UZd9L6GA+jdL7HAgq2RFnO6fQ=
+github.com/schollz/progressbar/v3 v3.14.1/go.mod h1:Zc9xXneTzWXF81TGoqL71u0sBPjULtEHYtj/WVgVy8E=
 github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
@@ -1310,21 +1311,20 @@ golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
+golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8=
-golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
+golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

pkg/autocomplete/autocomplete.go

@@ -25,6 +25,16 @@ func AppNameComplete(c *cli.Context) {
 	}
 }
 
+func ServiceNameComplete(appName string) {
+	serviceNames, err := config.GetAppServiceNames(appName)
+	if err != nil {
+		return
+	}
+	for _, s := range serviceNames {
+		fmt.Println(s)
+	}
+}
+
 // RecipeNameComplete completes recipe names.
 func RecipeNameComplete(c *cli.Context) {
 	catl, err := recipe.ReadRecipeCatalogue(false)

pkg/compose/compose.go

@@ -29,7 +29,7 @@ func UpdateTag(pattern, image, tag, recipeName string) (bool, error) {
 		opts := stack.Deploy{Composefiles: []string{composeFile}}
 
 		envSamplePath := path.Join(config.RECIPES_DIR, recipeName, ".env.sample")
-		sampleEnv, err := config.ReadEnv(envSamplePath, config.ReadEnvOptions{})
+		sampleEnv, err := config.ReadEnv(envSamplePath)
 		if err != nil {
 			return false, err
 		}
@@ -97,7 +97,7 @@ func UpdateLabel(pattern, serviceName, label, recipeName string) error {
 		opts := stack.Deploy{Composefiles: []string{composeFile}}
 
 		envSamplePath := path.Join(config.RECIPES_DIR, recipeName, ".env.sample")
-		sampleEnv, err := config.ReadEnv(envSamplePath, config.ReadEnvOptions{})
+		sampleEnv, err := config.ReadEnv(envSamplePath)
 		if err != nil {
 			return err
 		}

pkg/config/app.go

@@ -25,6 +25,9 @@ import (
 // AppEnv is a map of the values in an apps env config
 type AppEnv = map[string]string
 
+// AppModifiers is a map of modifiers in an apps env config
+type AppModifiers = map[string]map[string]string
+
 // AppName is AppName
 type AppName = string
 
@@ -47,23 +50,30 @@ type App struct {
 	Path   string
 }
 
-// StackName gets whatever the docker safe (uses the right delimiting
+// See documentation of config.StackName
-// character, e.g. "_") stack name is for the app. In general, you don't want
-// to use this to show anything to end-users, you want use a.Name instead.
 func (a App) StackName() string {
 	if _, exists := a.Env["STACK_NAME"]; exists {
 		return a.Env["STACK_NAME"]
 	}
 
-	stackName := SanitiseAppName(a.Name)
+	stackName := StackName(a.Name)
+
+	a.Env["STACK_NAME"] = stackName
+
+	return stackName
+}
+
+// StackName gets whatever the docker safe (uses the right delimiting
+// character, e.g. "_") stack name is for the app. In general, you don't want
+// to use this to show anything to end-users, you want use a.Name instead.
+func StackName(appName string) string {
+	stackName := SanitiseAppName(appName)
 
 	if len(stackName) > 45 {
 		logrus.Debugf("trimming %s to %s to avoid runtime limits", stackName, stackName[:45])
 		stackName = stackName[:45]
 	}
 
-	a.Env["STACK_NAME"] = stackName
-
 	return stackName
 }
 
@@ -150,7 +160,7 @@ func (a ByName) Less(i, j int) bool {
 }
 
 func ReadAppEnvFile(appFile AppFile, name AppName) (App, error) {
-	env, err := ReadEnv(appFile.Path, ReadEnvOptions{})
+	env, err := ReadEnv(appFile.Path)
 	if err != nil {
 		return App{}, fmt.Errorf("env file for %s couldn't be read: %s", name, err.Error())
 	}

pkg/config/env.go

@@ -12,7 +12,7 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/Autonomic-Cooperative/godotenv"
+	"git.coopcloud.tech/coop-cloud/godotenv"
 	"github.com/sirupsen/logrus"
 )
 
@@ -55,45 +55,34 @@ func GetServers() ([]string, error) {
 	return servers, nil
 }
 
-// ReadEnvOptions modifies the ReadEnv processing of env vars.
-type ReadEnvOptions struct {
-	IncludeModifiers bool
-}
-
-// ContainsEnvVarModifier determines if an env var contains a modifier.
-func ContainsEnvVarModifier(envVar string) bool {
-	for _, mod := range envVarModifiers {
-		if strings.Contains(envVar, fmt.Sprintf("%s=", mod)) {
-			return true
-		}
-	}
-	return false
-}
-
 // ReadEnv loads an app envivornment into a map.
-func ReadEnv(filePath string, opts ReadEnvOptions) (AppEnv, error) {
+func ReadEnv(filePath string) (AppEnv, error) {
 	var envVars AppEnv
 
-	envVars, err := godotenv.Read(filePath)
+	envVars, _, err := godotenv.Read(filePath)
 	if err != nil {
 		return nil, err
 	}
 
-	//	for idx, envVar := range envVars {
-	//		if strings.Contains(envVar, "#") {
-	//			if opts.IncludeModifiers && ContainsEnvVarModifier(envVar) {
-	//				continue
-	//			}
-	//			vals := strings.Split(envVar, "#")
-	//			envVars[idx] = strings.TrimSpace(vals[0])
-	//		}
-	//	}
-
 	logrus.Debugf("read %s from %s", envVars, filePath)
 
 	return envVars, nil
 }
 
+// ReadEnv loads an app envivornment and their modifiers in two different maps.
+func ReadEnvWithModifiers(filePath string) (AppEnv, AppModifiers, error) {
+	var envVars AppEnv
+
+	envVars, mods, err := godotenv.Read(filePath)
+	if err != nil {
+		return nil, mods, err
+	}
+
+	logrus.Debugf("read %s from %s", envVars, filePath)
+
+	return envVars, mods, nil
+}
+
 // ReadServerNames retrieves all server names.
 func ReadServerNames() ([]string, error) {
 	serverNames, err := GetAllFoldersInDirectory(SERVERS_DIR)
@@ -227,7 +216,7 @@ func CheckEnv(app App) ([]EnvVar, error) {
 		return envVars, err
 	}
 
-	envSample, err := ReadEnv(envSamplePath, ReadEnvOptions{})
+	envSample, err := ReadEnv(envSamplePath)
 	if err != nil {
 		return envVars, err
 	}

pkg/config/env_test.go

@@ -13,15 +13,21 @@ import (
 	"coopcloud.tech/abra/pkg/recipe"
 )
 
-var TestFolder = os.ExpandEnv("$PWD/../../tests/resources/test_folder")
+var (
-var ValidAbraConf = os.ExpandEnv("$PWD/../../tests/resources/valid_abra_config")
+	TestFolder    = os.ExpandEnv("$PWD/../../tests/resources/test_folder")
+	ValidAbraConf = os.ExpandEnv("$PWD/../../tests/resources/valid_abra_config")
+)
 
 // make sure these are in alphabetical order
-var TFolders = []string{"folder1", "folder2"}
+var (
-var TFiles = []string{"bar.env", "foo.env"}
+	TFolders = []string{"folder1", "folder2"}
+	TFiles   = []string{"bar.env", "foo.env"}
+)
 
-var AppName = "ecloud"
+var (
-var ServerName = "evil.corp"
+	AppName    = "ecloud"
+	ServerName = "evil.corp"
+)
 
 var ExpectedAppEnv = config.AppEnv{
 	"DOMAIN": "ecloud.evil.corp",
@@ -71,7 +77,7 @@ func TestGetAllFilesInDirectory(t *testing.T) {
 }
 
 func TestReadEnv(t *testing.T) {
-	env, err := config.ReadEnv(ExpectedAppFile.Path, config.ReadEnvOptions{})
+	env, err := config.ReadEnv(ExpectedAppFile.Path)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -149,7 +155,7 @@ func TestCheckEnv(t *testing.T) {
 	}
 
 	envSamplePath := path.Join(config.RECIPES_DIR, r.Name, ".env.sample")
-	envSample, err := config.ReadEnv(envSamplePath, config.ReadEnvOptions{})
+	envSample, err := config.ReadEnv(envSamplePath)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -183,7 +189,7 @@ func TestCheckEnvError(t *testing.T) {
 	}
 
 	envSamplePath := path.Join(config.RECIPES_DIR, r.Name, ".env.sample")
-	envSample, err := config.ReadEnv(envSamplePath, config.ReadEnvOptions{})
+	envSample, err := config.ReadEnv(envSamplePath)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -211,16 +217,6 @@ func TestCheckEnvError(t *testing.T) {
 	}
 }
 
-func TestContainsEnvVarModifier(t *testing.T) {
-	if ok := config.ContainsEnvVarModifier("FOO=bar # bing"); ok {
-		t.Fatal("FOO contains no env var modifier")
-	}
-
-	if ok := config.ContainsEnvVarModifier("FOO=bar # length=3"); !ok {
-		t.Fatal("FOO contains an env var modifier (length)")
-	}
-}
-
 func TestEnvVarCommentsRemoved(t *testing.T) {
 	offline := true
 	r, err := recipe.Get("abra-test-recipe", offline)
@@ -229,7 +225,7 @@ func TestEnvVarCommentsRemoved(t *testing.T) {
 	}
 
 	envSamplePath := path.Join(config.RECIPES_DIR, r.Name, ".env.sample")
-	envSample, err := config.ReadEnv(envSamplePath, config.ReadEnvOptions{})
+	envSample, err := config.ReadEnv(envSamplePath)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -261,12 +257,19 @@ func TestEnvVarModifiersIncluded(t *testing.T) {
 	}
 
 	envSamplePath := path.Join(config.RECIPES_DIR, r.Name, ".env.sample")
-	envSample, err := config.ReadEnv(envSamplePath, config.ReadEnvOptions{IncludeModifiers: true})
+	envSample, modifiers, err := config.ReadEnvWithModifiers(envSamplePath)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	if !strings.Contains(envSample["SECRET_TEST_PASS_TWO_VERSION"], "length") {
+	if !strings.Contains(envSample["SECRET_TEST_PASS_TWO_VERSION"], "v1") {
-		t.Fatal("comment from env var SECRET_TEST_PASS_TWO_VERSION should not be removed")
+		t.Errorf("value should be 'v1', got: '%s'", envSample["SECRET_TEST_PASS_TWO_VERSION"])
+	}
+	if modifiers == nil || modifiers["SECRET_TEST_PASS_TWO_VERSION"] == nil {
+		t.Errorf("no modifiers included")
+	} else {
+		if modifiers["SECRET_TEST_PASS_TWO_VERSION"]["length"] != "10" {
+			t.Errorf("length modifier should be '10', got: '%s'", modifiers["SECRET_TEST_PASS_TWO_VERSION"]["length"])
+		}
 	}
 }

pkg/lint/recipe.go

@@ -227,7 +227,7 @@ func LintAppService(recipe recipe.Recipe) (bool, error) {
 // therefore no matching traefik deploy label will be present.
 func LintTraefikEnabledSkipCondition(recipe recipe.Recipe) (bool, error) {
 	envSamplePath := path.Join(config.RECIPES_DIR, recipe.Name, ".env.sample")
-	sampleEnv, err := config.ReadEnv(envSamplePath, config.ReadEnvOptions{})
+	sampleEnv, err := config.ReadEnv(envSamplePath)
 	if err != nil {
 		return false, fmt.Errorf("Unable to discover .env.sample for %s", recipe.Name)
 	}

pkg/recipe/recipe.go

@@ -227,7 +227,7 @@ func Get(recipeName string, offline bool) (Recipe, error) {
 	}
 
 	envSamplePath := path.Join(config.RECIPES_DIR, recipeName, ".env.sample")
-	sampleEnv, err := config.ReadEnv(envSamplePath, config.ReadEnvOptions{})
+	sampleEnv, err := config.ReadEnv(envSamplePath)
 	if err != nil {
 		return Recipe{}, err
 	}
@@ -255,9 +255,9 @@ func Get(recipeName string, offline bool) (Recipe, error) {
 	}, nil
 }
 
-func (r Recipe) SampleEnv(opts config.ReadEnvOptions) (map[string]string, error) {
+func (r Recipe) SampleEnv() (map[string]string, error) {
 	envSamplePath := path.Join(config.RECIPES_DIR, r.Name, ".env.sample")
-	sampleEnv, err := config.ReadEnv(envSamplePath, opts)
+	sampleEnv, err := config.ReadEnv(envSamplePath)
 	if err != nil {
 		return sampleEnv, fmt.Errorf("unable to discover .env.sample for %s", r.Name)
 	}

pkg/secret/secret.go

@@ -21,11 +21,24 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-// secretValue represents a parsed `SECRET_FOO=v1 # length=bar` env var config
+// Secret represents a secret.
-// secret definition.
+type Secret struct {
-type secretValue struct {
+	// Version comes from the secret version environment variable.
+	// For example:
+	//  SECRET_FOO=v1
 	Version string
+	// Length comes from the length modifier at the secret version environment
+	// variable. For Example:
+	//   SECRET_FOO=v1 # length=12
 	Length int
+	// RemoteName is the name of the secret on the server. For example:
+	//   name: ${STACK_NAME}_test_pass_two_${SECRET_TEST_PASS_TWO_VERSION}
+	// With the following:
+	//   STACK_NAME=test_example_com
+	//   SECRET_TEST_PASS_TWO_VERSION=v2
+	// Will have this remote name:
+	//   test_example_com_test_pass_two_v2
+	RemoteName string
 }
 
 // GeneratePasswords generates passwords.
@@ -35,7 +48,6 @@ func GeneratePasswords(count, length uint) ([]string, error) {
 		length,
 		passgen.AlphabetDefault,
 	)
-
 	if err != nil {
 		return nil, err
 	}
@@ -54,7 +66,6 @@ func GeneratePassphrases(count uint) ([]string, error) {
 		passgen.PassphraseCasingDefault,
 		passgen.WordListDefault,
 	)
-
 	if err != nil {
 		return nil, err
 	}
@@ -69,18 +80,22 @@ func GeneratePassphrases(count uint) ([]string, error) {
 // and some times you don't (as the caller). We need to be able to handle the
 // "app new" case where we pass in the .env.sample and the "secret generate"
 // case where the app is created.
-func ReadSecretsConfig(appEnvPath string, composeFiles []string, recipeName string) (map[string]string, error) {
+func ReadSecretsConfig(appEnvPath string, composeFiles []string, stackName string) (map[string]Secret, error) {
-	secretConfigs := make(map[string]string)
+	appEnv, appModifiers, err := config.ReadEnvWithModifiers(appEnvPath)
-
-	appEnv, err := config.ReadEnv(appEnvPath, config.ReadEnvOptions{IncludeModifiers: true})
 	if err != nil {
-		return secretConfigs, err
+		return nil, err
 	}
+	// Set the STACK_NAME to be able to generate the remote name correctly.
+	appEnv["STACK_NAME"] = stackName
 
 	opts := stack.Deploy{Composefiles: composeFiles}
 	config, err := loader.LoadComposefile(opts, appEnv)
 	if err != nil {
-		return secretConfigs, err
+		return nil, err
+	}
+	configWithoutEnv, err := loader.LoadComposefile(opts, map[string]string{}, loader.SkipInterpolation)
+	if err != nil {
+		return nil, err
 	}
 
 	var enabledSecrets []string
@@ -92,12 +107,13 @@ func ReadSecretsConfig(appEnvPath string, composeFiles []string, recipeName stri
 
 	if len(enabledSecrets) == 0 {
 		logrus.Debugf("not generating app secrets, none enabled in recipe config")
-		return secretConfigs, nil
+		return nil, nil
 	}
 
+	secretValues := map[string]Secret{}
 	for secretId, secretConfig := range config.Secrets {
 		if string(secretConfig.Name[len(secretConfig.Name)-1]) == "_" {
-			return secretConfigs, fmt.Errorf("missing version for secret? (%s)", secretId)
+			return nil, fmt.Errorf("missing version for secret? (%s)", secretId)
 		}
 
 		if !(slices.Contains(enabledSecrets, secretId)) {
@@ -107,68 +123,54 @@ func ReadSecretsConfig(appEnvPath string, composeFiles []string, recipeName stri
 
 		lastIdx := strings.LastIndex(secretConfig.Name, "_")
 		secretVersion := secretConfig.Name[lastIdx+1:]
-		secretConfigs[secretId] = secretVersion
+		value := Secret{Version: secretVersion, RemoteName: secretConfig.Name}
-	}
 
-	return secretConfigs, nil
+		// Check if the length modifier is set for this secret.
+		for k, v := range appModifiers {
+			// configWithoutEnv contains the raw name as defined in the compose.yaml
+			if !strings.Contains(configWithoutEnv.Secrets[secretId].Name, k) {
+				continue
 			}
-
+			lengthRaw, ok := v["length"]
-func ParseSecretValue(secret string) (secretValue, error) {
+			if ok {
-	values := strings.Split(secret, "#")
+				length, err := strconv.Atoi(lengthRaw)
-	if len(values) == 0 {
-		return secretValue{}, fmt.Errorf("unable to parse %s", secret)
-	}
-
-	if len(values) == 1 {
-		return secretValue{Version: values[0], Length: 0}, nil
-	}
-
-	split := strings.Split(values[1], "=")
-	parsed := split[len(split)-1]
-	stripped := strings.ReplaceAll(parsed, " ", "")
-	length, err := strconv.Atoi(stripped)
 				if err != nil {
-		return secretValue{}, err
+					return nil, err
+				}
+				value.Length = length
+			}
+			break
+		}
+		secretValues[secretId] = value
 	}
-	version := strings.ReplaceAll(values[0], " ", "")
 
-	logrus.Debugf("parsed version %s and length '%v' from %s", version, length, secret)
+	return secretValues, nil
-
-	return secretValue{Version: version, Length: length}, nil
 }
 
 // GenerateSecrets generates secrets locally and sends them to a remote server for storage.
-func GenerateSecrets(cl *dockerClient.Client, secretsFromConfig map[string]string, appName, server string) (map[string]string, error) {
+func GenerateSecrets(cl *dockerClient.Client, secrets map[string]Secret, server string) (map[string]string, error) {
-	secrets := make(map[string]string)
+	secretsGenerated := map[string]string{}
-
 	var mutex sync.Mutex
 	var wg sync.WaitGroup
-	ch := make(chan error, len(secretsFromConfig))
+	ch := make(chan error, len(secrets))
-	for n, v := range secretsFromConfig {
+	for n, v := range secrets {
 		wg.Add(1)
 
-		go func(secretName, secretValue string) {
+		go func(secretName string, secret Secret) {
 			defer wg.Done()
 
-			parsedSecretValue, err := ParseSecretValue(secretValue)
+			logrus.Debugf("attempting to generate and store %s on %s", secret.RemoteName, server)
+
+			if secret.Length > 0 {
+				passwords, err := GeneratePasswords(1, uint(secret.Length))
 				if err != nil {
 					ch <- err
 					return
 				}
 
-			secretRemoteName := fmt.Sprintf("%s_%s_%s", appName, secretName, parsedSecretValue.Version)
+				if err := client.StoreSecret(cl, secret.RemoteName, passwords[0], server); err != nil {
-			logrus.Debugf("attempting to generate and store %s on %s", secretRemoteName, server)
-
-			if parsedSecretValue.Length > 0 {
-				passwords, err := GeneratePasswords(1, uint(parsedSecretValue.Length))
-				if err != nil {
-					ch <- err
-					return
-				}
-
-				if err := client.StoreSecret(cl, secretRemoteName, passwords[0], server); err != nil {
 					if strings.Contains(err.Error(), "AlreadyExists") {
-						logrus.Warnf("%s already exists, moving on...", secretRemoteName)
+						logrus.Warnf("%s already exists, moving on...", secret.RemoteName)
 						ch <- nil
 					} else {
 						ch <- err
@@ -178,7 +180,7 @@ func GenerateSecrets(cl *dockerClient.Client, secretsFromConfig map[string]strin
 
 				mutex.Lock()
 				defer mutex.Unlock()
-				secrets[secretName] = passwords[0]
+				secretsGenerated[secretName] = passwords[0]
 			} else {
 				passphrases, err := GeneratePassphrases(1)
 				if err != nil {
@@ -186,9 +188,9 @@ func GenerateSecrets(cl *dockerClient.Client, secretsFromConfig map[string]strin
 					return
 				}
 
-				if err := client.StoreSecret(cl, secretRemoteName, passphrases[0], server); err != nil {
+				if err := client.StoreSecret(cl, secret.RemoteName, passphrases[0], server); err != nil {
 					if strings.Contains(err.Error(), "AlreadyExists") {
-						logrus.Warnf("%s already exists, moving on...", secretRemoteName)
+						logrus.Warnf("%s already exists, moving on...", secret.RemoteName)
 						ch <- nil
 					} else {
 						ch <- err
@@ -198,7 +200,7 @@ func GenerateSecrets(cl *dockerClient.Client, secretsFromConfig map[string]strin
 
 				mutex.Lock()
 				defer mutex.Unlock()
-				secrets[secretName] = passphrases[0]
+				secretsGenerated[secretName] = passphrases[0]
 			}
 			ch <- nil
 		}(n, v)
@@ -206,16 +208,16 @@ func GenerateSecrets(cl *dockerClient.Client, secretsFromConfig map[string]strin
 
 	wg.Wait()
 
-	for range secretsFromConfig {
+	for range secrets {
 		err := <-ch
 		if err != nil {
 			return nil, err
 		}
 	}
 
-	logrus.Debugf("generated and stored %s on %s", secrets, server)
+	logrus.Debugf("generated and stored %v on %s", secrets, server)
 
-	return secrets, nil
+	return secretsGenerated, nil
 }
 
 type secretStatus struct {
@@ -237,7 +239,7 @@ func PollSecretsStatus(cl *dockerClient.Client, app config.App) (secretStatuses,
 		return secStats, err
 	}
 
-	secretsConfig, err := ReadSecretsConfig(app.Path, composeFiles, app.Recipe)
+	secretsConfig, err := ReadSecretsConfig(app.Path, composeFiles, app.StackName())
 	if err != nil {
 		return secStats, err
 	}
@@ -257,14 +259,9 @@ func PollSecretsStatus(cl *dockerClient.Client, app config.App) (secretStatuses,
 		remoteSecretNames[cont.Spec.Annotations.Name] = true
 	}
 
-	for secretName, secretValue := range secretsConfig {
+	for secretName, val := range secretsConfig {
 		createdRemote := false
 
-		val, err := ParseSecretValue(secretValue)
-		if err != nil {
-			return secStats, err
-		}
-
 		secretRemoteName := fmt.Sprintf("%s_%s_%s", app.StackName(), secretName, val.Version)
 		if _, ok := remoteSecretNames[secretRemoteName]; ok {
 			createdRemote = true

pkg/secret/secret_test.go

@@ -1,42 +1,30 @@
 package secret
 
 import (
-	"path"
 	"testing"
 
-	"coopcloud.tech/abra/pkg/config"
-	"coopcloud.tech/abra/pkg/recipe"
-	"coopcloud.tech/abra/pkg/upstream/stack"
-	loader "coopcloud.tech/abra/pkg/upstream/stack"
 	"github.com/stretchr/testify/assert"
 )
 
 func TestReadSecretsConfig(t *testing.T) {
-	offline := true
+	composeFiles := []string{"./testdir/compose.yaml"}
-	recipe, err := recipe.Get("matrix-synapse", offline)
+	secretsFromConfig, err := ReadSecretsConfig("./testdir/.env.sample", composeFiles, "test_example_com")
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	sampleEnv, err := recipe.SampleEnv(config.ReadEnvOptions{})
+	// Simple secret
-	if err != nil {
+	assert.Equal(t, "test_example_com_test_pass_one_v2", secretsFromConfig["test_pass_one"].RemoteName)
-		t.Fatal(err)
+	assert.Equal(t, "v2", secretsFromConfig["test_pass_one"].Version)
-	}
+	assert.Equal(t, 0, secretsFromConfig["test_pass_one"].Length)
 
-	composeFiles := []string{path.Join(config.RECIPES_DIR, recipe.Name, "compose.yml")}
+	// Has a length modifier
-	envSamplePath := path.Join(config.RECIPES_DIR, recipe.Name, ".env.sample")
+	assert.Equal(t, "test_example_com_test_pass_two_v1", secretsFromConfig["test_pass_two"].RemoteName)
-	secretsFromConfig, err := ReadSecretsConfig(envSamplePath, composeFiles, recipe.Name)
+	assert.Equal(t, "v1", secretsFromConfig["test_pass_two"].Version)
-	if err != nil {
+	assert.Equal(t, 10, secretsFromConfig["test_pass_two"].Length)
-		t.Fatal(err)
-	}
 
-	opts := stack.Deploy{Composefiles: composeFiles}
+	// Secret name does not include the secret id
-	config, err := loader.LoadComposefile(opts, sampleEnv)
+	assert.Equal(t, "test_example_com_pass_three_v2", secretsFromConfig["test_pass_three"].RemoteName)
-	if err != nil {
+	assert.Equal(t, "v2", secretsFromConfig["test_pass_three"].Version)
-		t.Fatal(err)
+	assert.Equal(t, 0, secretsFromConfig["test_pass_three"].Length)
-	}
-
-	for secretId := range config.Secrets {
-		assert.Contains(t, secretsFromConfig, secretId)
-	}
 }

pkg/secret/testdir/.env.sample

@@ -0,0 +1,3 @@
+SECRET_TEST_PASS_ONE_VERSION=v2
+SECRET_TEST_PASS_TWO_VERSION=v1 # length=10
+SECRET_TEST_PASS_THREE_VERSION=v2

pkg/secret/testdir/compose.yaml

@@ -0,0 +1,21 @@
+---
+version: "3.8"
+
+services:
+  app:
+    image: nginx:1.21.0
+    secrets:
+      - test_pass_one
+      - test_pass_two
+      - test_pass_three
+
+secrets:
+  test_pass_one:
+    external: true
+    name: ${STACK_NAME}_test_pass_one_${SECRET_TEST_PASS_ONE_VERSION}  # should be removed
+  test_pass_two:
+    external: true
+    name: ${STACK_NAME}_test_pass_two_${SECRET_TEST_PASS_TWO_VERSION}
+  test_pass_three:
+    external: true
+    name: ${STACK_NAME}_pass_three_${SECRET_TEST_PASS_THREE_VERSION} # secretId and name don't match

pkg/upstream/commandconn/connection.go

@@ -18,7 +18,7 @@ import (
 //
 // ssh://<user>@<host> URL requires Docker 18.09 or later on the remote host.
 func GetConnectionHelper(daemonURL string) (*connhelper.ConnectionHelper, error) {
-	return getConnectionHelper(daemonURL, []string{"-o ConnectTimeout=5"})
+	return getConnectionHelper(daemonURL, []string{"-o ConnectTimeout=60"})
 }
 
 func getConnectionHelper(daemonURL string, sshFlags []string) (*connhelper.ConnectionHelper, error) {

pkg/upstream/stack/loader.go

@@ -18,15 +18,24 @@ func DontSkipValidation(opts *loader.Options) {
 	opts.SkipValidation = false
 }
 
+// SkipInterpolation skip interpolating environment variables.
+func SkipInterpolation(opts *loader.Options) {
+	opts.SkipInterpolation = true
+}
+
 // LoadComposefile parse the composefile specified in the cli and returns its Config and version.
-func LoadComposefile(opts Deploy, appEnv map[string]string) (*composetypes.Config, error) {
+func LoadComposefile(opts Deploy, appEnv map[string]string, options ...func(*loader.Options)) (*composetypes.Config, error) {
 	configDetails, err := getConfigDetails(opts.Composefiles, appEnv)
 	if err != nil {
 		return nil, err
 	}
 
+	if options == nil {
+		options = []func(*loader.Options){DontSkipValidation}
+	}
+
 	dicts := getDictsFrom(configDetails.ConfigFiles)
-	config, err := loader.Load(configDetails, DontSkipValidation)
+	config, err := loader.Load(configDetails, options...)
 	if err != nil {
 		if fpe, ok := err.(*loader.ForbiddenPropertiesError); ok {
 			return nil, fmt.Errorf("compose file contains unsupported options: %s",

scripts/docker/build.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+if [ ! -f .envrc ]; then
+    . .envrc.sample
+else
+    . .envrc
+fi
+
+git config --global --add safe.directory /abra  # work around funky file permissions
+
+make build

tests/integration/app_cmd.bats

@@ -25,6 +25,24 @@ teardown(){
   fi
 }
 
+# bats test_tags=slow
+@test "autocomplete" {
+  run $ABRA app cmd --generate-bash-completion
+  assert_success
+  assert_output "$TEST_APP_DOMAIN"
+
+  run $ABRA app cmd "$TEST_APP_DOMAIN" --generate-bash-completion
+  assert_success
+  assert_output "app"
+
+  run $ABRA app cmd "$TEST_APP_DOMAIN" app --generate-bash-completion
+  assert_success
+  assert_output "test_cmd
+test_cmd_arg
+test_cmd_args
+test_cmd_export"
+}
+
 @test "validate app argument" {
   run $ABRA app cmd
   assert_failure

tests/integration/helpers/common.bash

@@ -1,9 +1,9 @@
 #!/usr/bin/env bash
 
 _common_setup() {
-  load '/usr/lib/bats/bats-support/load'
+  bats_load_library bats-support
-  load '/usr/lib/bats/bats-assert/load'
+  bats_load_library bats-assert
-  load '/usr/lib/bats/bats-file/load'
+  bats_load_library bats-file
 
   load "$PWD/tests/integration/helpers/app"
   load "$PWD/tests/integration/helpers/git"

tests/integration/helpers/server.bash

@@ -1,7 +1,11 @@
 #!/usr/bin/env bash
 
 _add_server() {
+  if [[ "$TEST_SERVER" == "default" ]]; then
+      run $ABRA server add -l
+  else
       run $ABRA server add "$TEST_SERVER"
+  fi
   assert_success
   assert_exists "$ABRA_DIR/servers/$TEST_SERVER"
 }