From a90e239547ee06c2cddc99b131568d4f7891b699 Mon Sep 17 00:00:00 2001
From: decentral1se <cellarspoon@riseup.net>
Date: Mon, 18 Aug 2025 09:25:31 +0200
Subject: [PATCH] refactor!: ensure insert/remove not arbitrary

---
 cli/app/secret.go                 | 27 +++++++++++++++++++++++++++
 tests/integration/app_secret.bats |  7 +++++++
 2 files changed, 34 insertions(+)

diff --git a/cli/app/secret.go b/cli/app/secret.go
index f6a90264..a1d4db17 100644
--- a/cli/app/secret.go
+++ b/cli/app/secret.go
@@ -145,6 +145,9 @@ var AppSecretInsertCommand = &cobra.Command{
 	Short:   "Insert secret",
 	Long: `This command inserts a secret into an app environment.
 
+Arbitrary secret insertion is not supported. Secrets that are inserted must
+match those configured in the recipe beforehand.
+
 This can be useful when you want to manually generate secrets for an app
 environment. Typically, you can let Abra generate them for you on app creation
 (see "abra app new --secrets/-S" for more).`,
@@ -188,6 +191,26 @@ environment. Typically, you can let Abra generate them for you on app creation
 		version := args[2]
 		data := args[3]
 
+		composeFiles, err := app.Recipe.GetComposeFiles(app.Env)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		secrets, err := secret.ReadSecretsConfig(app.Path, composeFiles, app.StackName())
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		var isRecipeSecret bool
+		for secretName, _ := range secrets {
+			if secretName == name {
+				isRecipeSecret = true
+			}
+		}
+		if !isRecipeSecret {
+			log.Fatalf("no secret %s available for recipe %s?", name, app.Recipe.Name)
+		}
+
 		if insertFromFile {
 			raw, err := os.ReadFile(data)
 			if err != nil {
@@ -238,6 +261,10 @@ var AppSecretRmCommand = &cobra.Command{
 	Use:     "remove <domain> [[secret] | --all] [flags]",
 	Aliases: []string{"rm"},
 	Short:   "Remove a secret",
+	Long: `This command removes a secret from an app environment.
+
+Arbitrary secret removal is not supported. Secrets that are removed must
+match those configured in the recipe beforehand.`,
 	Example: "  abra app secret rm 1312.net oauth_key",
 	Args:    cobra.RangeArgs(1, 2),
 	ValidArgsFunction: func(
diff --git a/tests/integration/app_secret.bats b/tests/integration/app_secret.bats
index 892cce22..fe3cf5c2 100644
--- a/tests/integration/app_secret.bats
+++ b/tests/integration/app_secret.bats
@@ -4,6 +4,7 @@ setup_file(){
   load "$PWD/tests/integration/helpers/common"
   _common_setup
   _add_server
+  _fetch_recipe
 
   # NOTE(d1): create new app without secrets
   run $ABRA app new "$TEST_RECIPE" \
@@ -195,6 +196,12 @@ teardown(){
   assert_failure
 }
 
+@test "insert: cannot insert unknown secret" {
+  run $ABRA app secret insert "$TEST_APP_DOMAIN" DOESNTEXIST v1 foo
+  assert_failure
+  assert_output --partial 'no secret'
+}
+
 @test "insert: create secret" {
   run $ABRA app secret ls "$TEST_APP_DOMAIN"
   assert_success