toolshed/abra
4
2
Fork 18
Code Issues 25 Pull Requests 2 Packages Releases 41 Activity

refactor!: ensure insert/remove not arbitrary
All checks were successful
continuous-integration/drone/pr Build is passing
Details
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
decentral1se
2025-08-18 09:25:31 +02:00
parent 9ee094fcd7
commit a90e239547
2 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
cli/app/secret.go
View File

@ -145,6 +145,9 @@ var AppSecretInsertCommand = &cobra.Command{
Short: "Insert secret",
Long: `This command inserts a secret into an app environment.
Arbitrary secret insertion is not supported. Secrets that are inserted must
match those configured in the recipe beforehand.
This can be useful when you want to manually generate secrets for an app
environment. Typically, you can let Abra generate them for you on app creation
(see "abra app new --secrets/-S" for more).`,
@ -188,6 +191,26 @@ environment. Typically, you can let Abra generate them for you on app creation
version := args[2]
data := args[3]
composeFiles, err := app.Recipe.GetComposeFiles(app.Env)
if err != nil {
log.Fatal(err)
}
secrets, err := secret.ReadSecretsConfig(app.Path, composeFiles, app.StackName())
if err != nil {
log.Fatal(err)
}
var isRecipeSecret bool
for secretName, _ := range secrets {
if secretName == name {
isRecipeSecret = true
}
}
if !isRecipeSecret {
log.Fatalf("no secret %s available for recipe %s?", name, app.Recipe.Name)
}
if insertFromFile {
raw, err := os.ReadFile(data)
if err != nil {
@ -238,6 +261,10 @@ var AppSecretRmCommand = &cobra.Command{
Use: "remove <domain> [[secret] | --all] [flags]",
Aliases: []string{"rm"},
Short: "Remove a secret",
Long: `This command removes a secret from an app environment.
Arbitrary secret removal is not supported. Secrets that are removed must
match those configured in the recipe beforehand.`,
Example: " abra app secret rm 1312.net oauth_key",
Args: cobra.RangeArgs(1, 2),
ValidArgsFunction: func(

7
tests/integration/app_secret.bats
View File

@ -4,6 +4,7 @@ setup_file(){
load "$PWD/tests/integration/helpers/common"
_common_setup
_add_server
_fetch_recipe
# NOTE(d1): create new app without secrets
run $ABRA app new "$TEST_RECIPE" \
@ -195,6 +196,12 @@ teardown(){
assert_failure
}
@test "insert: cannot insert unknown secret" {
run $ABRA app secret insert "$TEST_APP_DOMAIN" DOESNTEXIST v1 foo
assert_failure
assert_output --partial 'no secret'
}
@test "insert: create secret" {
run $ABRA app secret ls "$TEST_APP_DOMAIN"
assert_success