toolshed/abra
4
2
Fork 18
Code Issues 22 Pull Requests Packages Releases 41 Activity

Merge remote-tracking branch 'upsteam/main' into insecrt-secret-from-stdin

Browse Source
This commit is contained in:
p4u1
2025-08-27 13:29:44 +02:00
parent c9e293bde2 b86cd2e85f
commit 474ab2de70
30 changed files with 1691 additions and 751 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cli/app/deploy.go
View File

@ -200,8 +200,6 @@ checkout as-is. Recipe commit hashes are also supported as values for
log.Fatal(err)
}
log.Debug(i18n.G("set waiting timeout to %d second(s)", stack.WaitTimeout))
serviceNames, err := appPkg.GetAppServiceNames(app.Name)
if err != nil {
log.Fatal(err)

2
cli/app/rollback.go
View File

@ -199,8 +199,6 @@ beforehand. See "abra app backup" for more.`),
log.Fatal(err)
}
log.Debug(i18n.G("set waiting timeout to %d second(s)", stack.WaitTimeout))
serviceNames, err := appPkg.GetAppServiceNames(app.Name)
if err != nil {
log.Fatal(err)

117
cli/app/secret.go
View File

@ -2,6 +2,7 @@ package app
import (
"context"
"errors"
"fmt"
"io"
"os"
@ -17,6 +18,7 @@ import (
"coopcloud.tech/abra/pkg/i18n"
"coopcloud.tech/abra/pkg/log"
"coopcloud.tech/abra/pkg/secret"
"github.com/AlecAivazis/survey/v2"
"github.com/docker/docker/api/types"
dockerClient "github.com/docker/docker/client"
"github.com/spf13/cobra"
@ -143,7 +145,7 @@ var AppSecretGenerateCommand = &cobra.Command{
}
var AppSecretInsertCommand = &cobra.Command{
Use: i18n.G("insert <domain> <secret> <version> <data> [flags]"),
Use: i18n.G("insert <domain> <secret> <version> [<data>] [flags]"),
Aliases: []string{i18n.G("i")},
Short: i18n.G("Insert secret"),
Long: i18n.G(`This command inserts a secret into an app environment.
@ -184,40 +186,20 @@ environment. Typically, you can let Abra generate them for you on app creation
Run: func(cmd *cobra.Command, args []string) {
app := internal.ValidateApp(args)
if err := app.Recipe.Ensure(internal.GetEnsureContext()); err != nil {
log.Fatal(err)
}
// if err := app.Recipe.Ensure(internal.GetEnsureContext()); err != nil {
// log.Fatal(err)
// }
cl, err := client.New(app.Server)
if err != nil {
log.Fatal(err)
}
// cl, err := client.New(app.Server)
// if err != nil {
// log.Fatal(err)
// }
name := args[1]
version := args[2]
var data string
if len(args) == 4 {
data = args[3]
} else if len(args) == 3 {
if insertFromFile {
log.Fatal("can not insert from file and read from stdin")
}
fi, err := os.Stdin.Stat()
if err != nil {
log.Fatal(err)
}
if fi.Mode()&os.ModeNamedPipe == 0 {
log.Fatal("need to provide secret data or stdin stream")
}
log.Debug("reading secret data from stdin")
bytes, err := io.ReadAll(os.Stdin)
if err != nil {
log.Fatalf("reading data from stdin: %s", err)
}
data = string(bytes)
// version := args[2]
data, err := readSecretData(args)
if err != nil {
log.Fatal(err)
}
composeFiles, err := app.Recipe.GetComposeFiles(app.Env)
@ -240,7 +222,7 @@ environment. Typically, you can let Abra generate them for you on app creation
log.Fatal(i18n.G("no secret %s available for recipe %s?", name, app.Recipe.Name))
}
if insertFromFile && len(args) == 4 {
if insertFromFile {
raw, err := os.ReadFile(data)
if err != nil {
log.Fatal(i18n.G("reading secret from file: %s", err))
@ -252,21 +234,70 @@ environment. Typically, you can let Abra generate them for you on app creation
data = strings.TrimSpace(data)
}
secretName := fmt.Sprintf("%s_%s_%s", app.StackName(), name, version)
if err := client.StoreSecret(cl, secretName, data, app.Server); err != nil {
log.Fatal(err)
}
// secretName := fmt.Sprintf("%s_%s_%s", app.StackName(), name, version)
// if err := client.StoreSecret(cl, secretName, dbats -Tp tests/integration/app_check.batsata, app.Server); err != nil {
// log.Fatal(err)
// }
log.Info(i18n.G("%s successfully stored on server", secretName))
// log.Info(i18n.G("%s successfully stored on server", secretName))
if storeInPass {
if err := secret.PassInsertSecret(data, name, app.Name, app.Server); err != nil {
log.Fatal(err)
}
}
// if storeInPass {
// if err := secret.PassInsertSecret(data, name, app.Name, app.Server); err != nil {
// log.Fatal(err)
// }
// }
},
}
func readSecretData(args []string) (string, error) {
if len(args) == 4 {
return args[3], nil
}
if len(args) != 3 {
return "", errors.New(i18n.G("need 3 or 4 arguments"))
}
// First check if data is provided by stdin
fi, err := os.Stdin.Stat()
if err != nil {
return "", err
}
if fi.Mode()&os.ModeNamedPipe != 0 {
// Can't insert from stdin and read from file
if insertFromFile {
return "", errors.New(i18n.G("can not insert from file and read from stdin"))
}
log.Debug(i18n.G("reading secret data from stdin"))
bytes, err := io.ReadAll(os.Stdin)
if err != nil {
return "", errors.New(i18n.G("reading data from stdin: %s", err))
}
return string(bytes), nil
}
if internal.NoInput {
return "", errors.New(i18n.G("must provide <data> argument if --no-input is passed"))
}
log.Debug(i18n.G("secret data not provided on command-line or stdin, prompting"))
var prompt survey.Prompt
if !insertFromFile {
prompt = &survey.Password{
Message: i18n.G("specify secret value"),
}
} else {
prompt = &survey.Input{
Message: i18n.G("specify secret file"),
}
}
var data string
if err := survey.AskOne(prompt, &data); err != nil {
return "", err
}
return data, nil
}
// secretRm removes a secret.
func secretRm(cl *dockerClient.Client, app appPkg.App, secretName, parsed string) error {
if err := cl.SecretRemove(context.Background(), secretName); err != nil {

2
cli/app/undeploy.go
View File

@ -85,8 +85,6 @@ Passing "--prune/-p" does not remove those volumes.`),
log.Fatal(err)
}
log.Info(i18n.G("initialising undeploy"))
rmOpts := stack.Remove{
Namespaces: []string{stackName},
Detach: false,

2
cli/app/upgrade.go
View File

@ -237,8 +237,6 @@ beforehand. See "abra app backup" for more.`),
log.Fatal(err)
}
log.Debug(i18n.G("set waiting timeout to %d second(s)", stack.WaitTimeout))
serviceNames, err := appPkg.GetAppServiceNames(app.Name)
if err != nil {
log.Fatal(err)