refactor!: ensure insert/remove not arbitrary
This commit is contained in:
@ -145,6 +145,9 @@ var AppSecretInsertCommand = &cobra.Command{
|
|||||||
Short: "Insert secret",
|
Short: "Insert secret",
|
||||||
Long: `This command inserts a secret into an app environment.
|
Long: `This command inserts a secret into an app environment.
|
||||||
|
|
||||||
|
Arbitrary secret insertion is not supported. Secrets that are inserted must
|
||||||
|
match those configured in the recipe beforehand.
|
||||||
|
|
||||||
This can be useful when you want to manually generate secrets for an app
|
This can be useful when you want to manually generate secrets for an app
|
||||||
environment. Typically, you can let Abra generate them for you on app creation
|
environment. Typically, you can let Abra generate them for you on app creation
|
||||||
(see "abra app new --secrets/-S" for more).`,
|
(see "abra app new --secrets/-S" for more).`,
|
||||||
@ -188,6 +191,26 @@ environment. Typically, you can let Abra generate them for you on app creation
|
|||||||
version := args[2]
|
version := args[2]
|
||||||
data := args[3]
|
data := args[3]
|
||||||
|
|
||||||
|
composeFiles, err := app.Recipe.GetComposeFiles(app.Env)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
secrets, err := secret.ReadSecretsConfig(app.Path, composeFiles, app.StackName())
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
var isRecipeSecret bool
|
||||||
|
for secretName, _ := range secrets {
|
||||||
|
if secretName == name {
|
||||||
|
isRecipeSecret = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if !isRecipeSecret {
|
||||||
|
log.Fatalf("no secret %s available for recipe %s?", name, app.Recipe.Name)
|
||||||
|
}
|
||||||
|
|
||||||
if insertFromFile {
|
if insertFromFile {
|
||||||
raw, err := os.ReadFile(data)
|
raw, err := os.ReadFile(data)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -238,6 +261,10 @@ var AppSecretRmCommand = &cobra.Command{
|
|||||||
Use: "remove <domain> [[secret] | --all] [flags]",
|
Use: "remove <domain> [[secret] | --all] [flags]",
|
||||||
Aliases: []string{"rm"},
|
Aliases: []string{"rm"},
|
||||||
Short: "Remove a secret",
|
Short: "Remove a secret",
|
||||||
|
Long: `This command removes a secret from an app environment.
|
||||||
|
|
||||||
|
Arbitrary secret removal is not supported. Secrets that are removed must
|
||||||
|
match those configured in the recipe beforehand.`,
|
||||||
Example: " abra app secret rm 1312.net oauth_key",
|
Example: " abra app secret rm 1312.net oauth_key",
|
||||||
Args: cobra.RangeArgs(1, 2),
|
Args: cobra.RangeArgs(1, 2),
|
||||||
ValidArgsFunction: func(
|
ValidArgsFunction: func(
|
||||||
|
|||||||
@ -4,6 +4,7 @@ setup_file(){
|
|||||||
load "$PWD/tests/integration/helpers/common"
|
load "$PWD/tests/integration/helpers/common"
|
||||||
_common_setup
|
_common_setup
|
||||||
_add_server
|
_add_server
|
||||||
|
_fetch_recipe
|
||||||
|
|
||||||
# NOTE(d1): create new app without secrets
|
# NOTE(d1): create new app without secrets
|
||||||
run $ABRA app new "$TEST_RECIPE" \
|
run $ABRA app new "$TEST_RECIPE" \
|
||||||
@ -195,6 +196,12 @@ teardown(){
|
|||||||
assert_failure
|
assert_failure
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@test "insert: cannot insert unknown secret" {
|
||||||
|
run $ABRA app secret insert "$TEST_APP_DOMAIN" DOESNTEXIST v1 foo
|
||||||
|
assert_failure
|
||||||
|
assert_output --partial 'no secret'
|
||||||
|
}
|
||||||
|
|
||||||
@test "insert: create secret" {
|
@test "insert: create secret" {
|
||||||
run $ABRA app secret ls "$TEST_APP_DOMAIN"
|
run $ABRA app secret ls "$TEST_APP_DOMAIN"
|
||||||
assert_success
|
assert_success
|
||||||
|
|||||||
Reference in New Issue
Block a user