From 95b081867c87059df953efe3d48deb267e19bab7 Mon Sep 17 00:00:00 2001 From: Rich M Date: Wed, 27 Sep 2023 18:58:07 +0100 Subject: [PATCH 01/13] Add warning for long secret names. --- pkg/lint/recipe.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/pkg/lint/recipe.go b/pkg/lint/recipe.go index cae797f3..d41ffa78 100644 --- a/pkg/lint/recipe.go +++ b/pkg/lint/recipe.go @@ -115,6 +115,13 @@ var LintRules = map[string][]LintRule{ HowToResolve: "upload your recipe to git.coopcloud.tech/coop-cloud/...", Function: LintHasRecipeRepo, }, + { + Ref: "R014", + Level: "warn", + Description: "Long secret names", + HowToResolve: "Reduce the lenght of secret names to 12 characters.", + Function: LintSecretLengths, + }, }, "error": { { @@ -401,6 +408,16 @@ func LintHasRecipeRepo(recipe recipe.Recipe) (bool, error) { return true, nil } +func LintSecretLengths(recipe recipe.Recipe) (bool, error) { + for name := range recipe.Config.Secrets { + if len(name) > 12 { + return false, fmt.Errorf("secret %s is longer than 12 characters", name) + } + } + + return true, nil +} + func LintValidTags(recipe recipe.Recipe) (bool, error) { recipeDir := path.Join(config.RECIPES_DIR, recipe.Name) -- 2.47.2 From 81d9e038003051891e8b9517e64ea72556eb25ed Mon Sep 17 00:00:00 2001 From: Rich M Date: Sat, 30 Sep 2023 11:42:01 +0100 Subject: [PATCH 02/13] Error when domain is too long for secret lengths. --- cli/app/new.go | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/cli/app/new.go b/cli/app/new.go index 34ee69ea..91d4d12b 100644 --- a/cli/app/new.go +++ b/cli/app/new.go @@ -2,6 +2,7 @@ package app import ( "fmt" + "strings" "coopcloud.tech/abra/cli/internal" "coopcloud.tech/abra/pkg/autocomplete" @@ -125,6 +126,10 @@ var appNewCommand = cli.Command{ logrus.Fatal(err) } + if err := ensureSecretLengths(secrets, internal.Domain); err != nil { + logrus.Fatal(err) + } + secretCols := []string{"Name", "Value"} secretTable = formatter.CreateTable(secretCols) for name, val := range secrets { @@ -256,3 +261,21 @@ func ensureServerFlag() error { return nil } + +func ensureSecretLengths(secrets AppSecrets, domain string) error { + domainLength := len(domain) + failingSecrets := []string{} + + for secretName := range secrets { + if len(secretName)+domainLength > 64 { + failingSecrets = append(failingSecrets, secretName) + } + } + + if len(failingSecrets) > 0 { + failedSecretsString := strings.Join(failingSecrets, ", ") + return fmt.Errorf("The following secrets are too long to work with the domain name %s, change their length or use a shorter domain name: %s", domain, failedSecretsString) + } + + return nil +} -- 2.47.2 From 22f1ffacaa018b5f4254ff579700cb9624f573a6 Mon Sep 17 00:00:00 2001 From: Rich M Date: Sun, 1 Oct 2023 11:52:06 +0100 Subject: [PATCH 03/13] Written secret length verification in the wrong place. --- cli/app/new.go | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/cli/app/new.go b/cli/app/new.go index 91d4d12b..5e4c88fe 100644 --- a/cli/app/new.go +++ b/cli/app/new.go @@ -126,7 +126,7 @@ var appNewCommand = cli.Command{ logrus.Fatal(err) } - if err := ensureSecretLengths(secrets, internal.Domain); err != nil { + if err := ensureSecretLengths(secrets, sanitisedAppName); err != nil { logrus.Fatal(err) } @@ -262,20 +262,35 @@ func ensureServerFlag() error { return nil } -func ensureSecretLengths(secrets AppSecrets, domain string) error { - domainLength := len(domain) +func ensureSecretLengths(secrets AppSecrets, sanitisedAppName string) error { + if len(sanitisedAppName) > 45 { + sanitisedAppName = sanitisedAppName[:45] + } + + domainLength := len(sanitisedAppName) failingSecrets := []string{} + maxSecretLength := 0 for secretName := range secrets { - if len(secretName)+domainLength > 64 { + + if len(secretName) > maxSecretLength { + maxSecretLength = len(secretName) + } + + if len(secretName+"_v1")+domainLength > 64 { failingSecrets = append(failingSecrets, secretName) } } if len(failingSecrets) > 0 { failedSecretsString := strings.Join(failingSecrets, ", ") - return fmt.Errorf("The following secrets are too long to work with the domain name %s, change their length or use a shorter domain name: %s", domain, failedSecretsString) + return fmt.Errorf("the following secrets are too long to work with the domain name %s, change their length or use a shorter domain name: %s", sanitisedAppName, failedSecretsString) } + logrus.Debugf( + `The longest secret name is %d +including 4 extra characters for format %s__v1 +fits with domain length of %d for max docker secret length of %d`, + maxSecretLength, sanitisedAppName, domainLength, domainLength+maxSecretLength+4) return nil } -- 2.47.2 From 0480235758a38a6082ac6d349107b73e03cc99c7 Mon Sep 17 00:00:00 2001 From: Rich M Date: Sun, 1 Oct 2023 11:53:45 +0100 Subject: [PATCH 04/13] Fix typo. --- pkg/lint/recipe.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/lint/recipe.go b/pkg/lint/recipe.go index d41ffa78..72e3b526 100644 --- a/pkg/lint/recipe.go +++ b/pkg/lint/recipe.go @@ -119,7 +119,7 @@ var LintRules = map[string][]LintRule{ Ref: "R014", Level: "warn", Description: "Long secret names", - HowToResolve: "Reduce the lenght of secret names to 12 characters.", + HowToResolve: "Reduce the length of secret names to 12 characters.", Function: LintSecretLengths, }, }, -- 2.47.2 From d78abfec2fbe63246b31f70872855928957b7bb2 Mon Sep 17 00:00:00 2001 From: Rich M Date: Tue, 3 Oct 2023 21:23:48 +0100 Subject: [PATCH 05/13] Fix where the secret check happens and fiddle with messages. --- cli/app/new.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/cli/app/new.go b/cli/app/new.go index 5e4c88fe..c31583ca 100644 --- a/cli/app/new.go +++ b/cli/app/new.go @@ -112,6 +112,10 @@ var appNewCommand = cli.Command{ return err } + if err := ensureSecretLengths(secretsConfig, internal.Domain, sanitisedAppName); err != nil { + logrus.Fatal(err) + } + if err := promptForSecrets(recipe.Name, secretsConfig); err != nil { logrus.Fatal(err) } @@ -126,10 +130,6 @@ var appNewCommand = cli.Command{ logrus.Fatal(err) } - if err := ensureSecretLengths(secrets, sanitisedAppName); err != nil { - logrus.Fatal(err) - } - secretCols := []string{"Name", "Value"} secretTable = formatter.CreateTable(secretCols) for name, val := range secrets { @@ -262,12 +262,12 @@ func ensureServerFlag() error { return nil } -func ensureSecretLengths(secrets AppSecrets, sanitisedAppName string) error { +func ensureSecretLengths(secrets map[string]string, domainName string, sanitisedAppName string) error { if len(sanitisedAppName) > 45 { sanitisedAppName = sanitisedAppName[:45] } - domainLength := len(sanitisedAppName) + domainAndFormatLength := len(sanitisedAppName) + 4 failingSecrets := []string{} maxSecretLength := 0 @@ -277,20 +277,20 @@ func ensureSecretLengths(secrets AppSecrets, sanitisedAppName string) error { maxSecretLength = len(secretName) } - if len(secretName+"_v1")+domainLength > 64 { + if len(secretName)+domainAndFormatLength > 64 { failingSecrets = append(failingSecrets, secretName) } } if len(failingSecrets) > 0 { failedSecretsString := strings.Join(failingSecrets, ", ") - return fmt.Errorf("the following secrets are too long to work with the domain name %s, change their length or use a shorter domain name: %s", sanitisedAppName, failedSecretsString) + return fmt.Errorf("the following secrets are too long to work with the domain name %s\n change their length or use a shorter domain name:\n %s", domainName, failedSecretsString) } logrus.Debugf( `The longest secret name is %d including 4 extra characters for format %s__v1 fits with domain length of %d for max docker secret length of %d`, - maxSecretLength, sanitisedAppName, domainLength, domainLength+maxSecretLength+4) + maxSecretLength, sanitisedAppName, domainAndFormatLength, domainAndFormatLength+maxSecretLength) return nil } -- 2.47.2 From 2583fe2861ba0700aaf7fc3ed5b0cbf934c0921c Mon Sep 17 00:00:00 2001 From: Rich M Date: Wed, 4 Oct 2023 18:51:13 +0100 Subject: [PATCH 06/13] Drop debug logging and fail on first secret that is too long. --- cli/app/new.go | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/cli/app/new.go b/cli/app/new.go index c31583ca..7a3d6970 100644 --- a/cli/app/new.go +++ b/cli/app/new.go @@ -2,7 +2,6 @@ package app import ( "fmt" - "strings" "coopcloud.tech/abra/cli/internal" "coopcloud.tech/abra/pkg/autocomplete" @@ -268,29 +267,12 @@ func ensureSecretLengths(secrets map[string]string, domainName string, sanitised } domainAndFormatLength := len(sanitisedAppName) + 4 - failingSecrets := []string{} - maxSecretLength := 0 - for secretName := range secrets { - if len(secretName) > maxSecretLength { - maxSecretLength = len(secretName) - } - if len(secretName)+domainAndFormatLength > 64 { - failingSecrets = append(failingSecrets, secretName) + return fmt.Errorf("%s is too long (> 64 chars when combined with %s)", secretName, sanitisedAppName) } } - if len(failingSecrets) > 0 { - failedSecretsString := strings.Join(failingSecrets, ", ") - return fmt.Errorf("the following secrets are too long to work with the domain name %s\n change their length or use a shorter domain name:\n %s", domainName, failedSecretsString) - } - - logrus.Debugf( - `The longest secret name is %d -including 4 extra characters for format %s__v1 -fits with domain length of %d for max docker secret length of %d`, - maxSecretLength, sanitisedAppName, domainAndFormatLength, domainAndFormatLength+maxSecretLength) return nil } -- 2.47.2 From f85a3e40aaee6e980d019f80172bbe63d3284eaf Mon Sep 17 00:00:00 2001 From: Rich M Date: Wed, 4 Oct 2023 18:58:20 +0100 Subject: [PATCH 07/13] Switch to using const for max sanitised app length. --- cli/app/new.go | 10 +++++----- pkg/config/app.go | 6 +++--- pkg/config/env.go | 2 ++ 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/cli/app/new.go b/cli/app/new.go index 7a3d6970..4c3d4243 100644 --- a/cli/app/new.go +++ b/cli/app/new.go @@ -172,9 +172,9 @@ type AppSecrets map[string]string // createSecrets creates all secrets for a new app. func createSecrets(cl *dockerClient.Client, secretsConfig map[string]string, sanitisedAppName string) (AppSecrets, error) { // NOTE(d1): trim to match app.StackName() implementation - if len(sanitisedAppName) > 45 { - logrus.Debugf("trimming %s to %s to avoid runtime limits", sanitisedAppName, sanitisedAppName[:45]) - sanitisedAppName = sanitisedAppName[:45] + if len(sanitisedAppName) > config.MAX_SANITISED_APP_NAME_LENGTH { + logrus.Debugf("trimming %s to %s to avoid runtime limits", sanitisedAppName, sanitisedAppName[:config.MAX_SANITISED_APP_NAME_LENGTH]) + sanitisedAppName = sanitisedAppName[:config.MAX_SANITISED_APP_NAME_LENGTH] } secrets, err := secret.GenerateSecrets(cl, secretsConfig, sanitisedAppName, internal.NewAppServer) @@ -262,8 +262,8 @@ func ensureServerFlag() error { } func ensureSecretLengths(secrets map[string]string, domainName string, sanitisedAppName string) error { - if len(sanitisedAppName) > 45 { - sanitisedAppName = sanitisedAppName[:45] + if len(sanitisedAppName) > config.MAX_SANITISED_APP_NAME_LENGTH { + sanitisedAppName = sanitisedAppName[:config.MAX_SANITISED_APP_NAME_LENGTH] } domainAndFormatLength := len(sanitisedAppName) + 4 diff --git a/pkg/config/app.go b/pkg/config/app.go index 95dc7784..15e7d972 100644 --- a/pkg/config/app.go +++ b/pkg/config/app.go @@ -57,9 +57,9 @@ func (a App) StackName() string { stackName := SanitiseAppName(a.Name) - if len(stackName) > 45 { - logrus.Debugf("trimming %s to %s to avoid runtime limits", stackName, stackName[:45]) - stackName = stackName[:45] + if len(stackName) > MAX_SANITISED_APP_NAME_LENGTH { + logrus.Debugf("trimming %s to %s to avoid runtime limits", stackName, stackName[:MAX_SANITISED_APP_NAME_LENGTH]) + stackName = stackName[:MAX_SANITISED_APP_NAME_LENGTH] } a.Env["STACK_NAME"] = stackName diff --git a/pkg/config/env.go b/pkg/config/env.go index 0874fb57..98891880 100644 --- a/pkg/config/env.go +++ b/pkg/config/env.go @@ -34,6 +34,8 @@ var REPOS_BASE_URL = "https://git.coopcloud.tech/coop-cloud" var CATALOGUE_JSON_REPO_NAME = "recipes-catalogue-json" var SSH_URL_TEMPLATE = "ssh://git@git.coopcloud.tech:2222/coop-cloud/%s.git" +const MAX_SANITISED_APP_NAME_LENGTH = 45 + // GetServers retrieves all servers. func GetServers() ([]string, error) { var servers []string -- 2.47.2 From 344590b19b4068d3aebfcbdd8b305270370e5e71 Mon Sep 17 00:00:00 2001 From: Rich M Date: Wed, 4 Oct 2023 19:07:08 +0100 Subject: [PATCH 08/13] Switch to using const for max docker secret length. --- cli/app/new.go | 4 ++-- pkg/config/env.go | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/cli/app/new.go b/cli/app/new.go index 4c3d4243..e357a9f3 100644 --- a/cli/app/new.go +++ b/cli/app/new.go @@ -269,8 +269,8 @@ func ensureSecretLengths(secrets map[string]string, domainName string, sanitised domainAndFormatLength := len(sanitisedAppName) + 4 for secretName := range secrets { - if len(secretName)+domainAndFormatLength > 64 { - return fmt.Errorf("%s is too long (> 64 chars when combined with %s)", secretName, sanitisedAppName) + if len(secretName)+domainAndFormatLength > config.MAX_DOCKER_SECRET_LENGTH { + return fmt.Errorf("%s is too long (> %d chars when combined with %s)", secretName, config.MAX_DOCKER_SECRET_LENGTH, sanitisedAppName) } } diff --git a/pkg/config/env.go b/pkg/config/env.go index 98891880..c351b77f 100644 --- a/pkg/config/env.go +++ b/pkg/config/env.go @@ -35,6 +35,7 @@ var CATALOGUE_JSON_REPO_NAME = "recipes-catalogue-json" var SSH_URL_TEMPLATE = "ssh://git@git.coopcloud.tech:2222/coop-cloud/%s.git" const MAX_SANITISED_APP_NAME_LENGTH = 45 +const MAX_DOCKER_SECRET_LENGTH = 64 // GetServers retrieves all servers. func GetServers() ([]string, error) { -- 2.47.2 From 2abb7264b8016511d18249a43df717e05a52ce46 Mon Sep 17 00:00:00 2001 From: Rich M Date: Wed, 4 Oct 2023 19:10:18 +0100 Subject: [PATCH 09/13] Added 'secret' before error to make it clear it's a secret. --- cli/app/new.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli/app/new.go b/cli/app/new.go index e357a9f3..8d1e1d79 100644 --- a/cli/app/new.go +++ b/cli/app/new.go @@ -270,7 +270,7 @@ func ensureSecretLengths(secrets map[string]string, domainName string, sanitised for secretName := range secrets { if len(secretName)+domainAndFormatLength > config.MAX_DOCKER_SECRET_LENGTH { - return fmt.Errorf("%s is too long (> %d chars when combined with %s)", secretName, config.MAX_DOCKER_SECRET_LENGTH, sanitisedAppName) + return fmt.Errorf("secret %s is too long (> %d chars when combined with %s)", secretName, config.MAX_DOCKER_SECRET_LENGTH, sanitisedAppName) } } -- 2.47.2 From 66cf63a665edd26c07d4c4f46b20ac3e5c57d8e3 Mon Sep 17 00:00:00 2001 From: Rich M Date: Thu, 5 Oct 2023 18:13:37 +0100 Subject: [PATCH 10/13] Move secret checking to a shared location. --- cli/app/new.go | 18 +----------------- pkg/secret/secret.go | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/cli/app/new.go b/cli/app/new.go index 8d1e1d79..cfa40b65 100644 --- a/cli/app/new.go +++ b/cli/app/new.go @@ -111,7 +111,7 @@ var appNewCommand = cli.Command{ return err } - if err := ensureSecretLengths(secretsConfig, internal.Domain, sanitisedAppName); err != nil { + if err := secret.EnsureSecretLengths(secretsConfig, internal.Domain, sanitisedAppName); err != nil { logrus.Fatal(err) } @@ -260,19 +260,3 @@ func ensureServerFlag() error { return nil } - -func ensureSecretLengths(secrets map[string]string, domainName string, sanitisedAppName string) error { - if len(sanitisedAppName) > config.MAX_SANITISED_APP_NAME_LENGTH { - sanitisedAppName = sanitisedAppName[:config.MAX_SANITISED_APP_NAME_LENGTH] - } - - domainAndFormatLength := len(sanitisedAppName) + 4 - for secretName := range secrets { - - if len(secretName)+domainAndFormatLength > config.MAX_DOCKER_SECRET_LENGTH { - return fmt.Errorf("secret %s is too long (> %d chars when combined with %s)", secretName, config.MAX_DOCKER_SECRET_LENGTH, sanitisedAppName) - } - } - - return nil -} diff --git a/pkg/secret/secret.go b/pkg/secret/secret.go index aea8391a..45cd94e7 100644 --- a/pkg/secret/secret.go +++ b/pkg/secret/secret.go @@ -11,6 +11,7 @@ import ( "sync" "coopcloud.tech/abra/pkg/client" + "coopcloud.tech/abra/pkg/config" "coopcloud.tech/abra/pkg/upstream/stack" loader "coopcloud.tech/abra/pkg/upstream/stack" "github.com/decentral1se/passgen" @@ -209,3 +210,19 @@ func GenerateSecrets(cl *dockerClient.Client, secretsFromConfig map[string]strin return secrets, nil } + +func EnsureSecretLengths(secrets map[string]string, domainName string, sanitisedAppName string) error { + if len(sanitisedAppName) > config.MAX_SANITISED_APP_NAME_LENGTH { + sanitisedAppName = sanitisedAppName[:config.MAX_SANITISED_APP_NAME_LENGTH] + } + + domainAndFormatLength := len(sanitisedAppName) + 4 + for secretName := range secrets { + + if len(secretName)+domainAndFormatLength > config.MAX_DOCKER_SECRET_LENGTH { + return fmt.Errorf("secret %s is too long (> %d chars when combined with %s)", secretName, config.MAX_DOCKER_SECRET_LENGTH, sanitisedAppName) + } + } + + return nil +} -- 2.47.2 From 29bd0574602386a359b08c01b91f0b657d755647 Mon Sep 17 00:00:00 2001 From: Rich M Date: Thu, 5 Oct 2023 18:25:02 +0100 Subject: [PATCH 11/13] Add common check to generate secrets command. --- cli/app/secret.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cli/app/secret.go b/cli/app/secret.go index 31b86c23..67643937 100644 --- a/cli/app/secret.go +++ b/cli/app/secret.go @@ -92,6 +92,10 @@ var appSecretGenerateCommand = cli.Command{ logrus.Fatal(err) } + if err := secret.EnsureSecretLengths(secretsConfig, internal.Domain, config.SanitiseAppName(app.Name)); err != nil { + logrus.Fatal(err) + } + secretsToCreate := make(map[string]string) if allSecrets { secretsToCreate = secretsConfig -- 2.47.2 From eea47f9099c6b7590bd4ee7fa1c7557ad05a11e9 Mon Sep 17 00:00:00 2001 From: Rich M Date: Sat, 6 Apr 2024 11:42:16 +0100 Subject: [PATCH 12/13] Attempt to fix post merge problems. --- cli/app/new.go | 2 +- cli/app/secret.go | 7 ++----- pkg/secret/secret.go | 2 +- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/cli/app/new.go b/cli/app/new.go index 5511ef67..97821037 100644 --- a/cli/app/new.go +++ b/cli/app/new.go @@ -193,7 +193,7 @@ func createSecrets(cl *dockerClient.Client, secretsConfig map[string]secret.Secr sanitisedAppName = sanitisedAppName[:config.MAX_SANITISED_APP_NAME_LENGTH] } - secrets, err := secret.GenerateSecrets(cl, secretsConfig, sanitisedAppName, internal.NewAppServer) + secrets, err := secret.GenerateSecrets(cl, secretsConfig, internal.NewAppServer) if err != nil { return nil, err } diff --git a/cli/app/secret.go b/cli/app/secret.go index 5f782f46..9002ef8c 100644 --- a/cli/app/secret.go +++ b/cli/app/secret.go @@ -96,14 +96,11 @@ var appSecretGenerateCommand = cli.Command{ logrus.Fatal(err) } - if err := secret.EnsureSecretLengths(secretsConfig, internal.Domain, config.SanitiseAppName(app.Name)); err != nil { + if err := secret.EnsureSecretLengths(secrets, internal.Domain, config.SanitiseAppName(app.Name)); err != nil { logrus.Fatal(err) } - secretsToCreate := make(map[string]string) - if allSecrets { - secretsToCreate = secretsConfig - } else { + if !allSecrets { secretName := c.Args().Get(1) secretVersion := c.Args().Get(2) s, ok := secrets[secretName] diff --git a/pkg/secret/secret.go b/pkg/secret/secret.go index d15f302d..fa73f812 100644 --- a/pkg/secret/secret.go +++ b/pkg/secret/secret.go @@ -283,7 +283,7 @@ func PollSecretsStatus(cl *dockerClient.Client, app config.App) (secretStatuses, return secStats, nil } -func EnsureSecretLengths(secrets map[string]string, domainName string, sanitisedAppName string) error { +func EnsureSecretLengths(secrets map[string]Secret, domainName string, sanitisedAppName string) error { if len(sanitisedAppName) > config.MAX_SANITISED_APP_NAME_LENGTH { sanitisedAppName = sanitisedAppName[:config.MAX_SANITISED_APP_NAME_LENGTH] } -- 2.47.2 From ba956f340ad1e31bf0b6d1a697f1f899cebe7d1c Mon Sep 17 00:00:00 2001 From: Rich M Date: Sat, 6 Apr 2024 21:11:31 +0100 Subject: [PATCH 13/13] Attempted rework to match new code. --- cli/app/new.go | 4 ---- cli/app/secret.go | 4 ---- pkg/secret/secret.go | 26 +++++++------------------- pkg/secret/secret_test.go | 11 +++++++++++ 4 files changed, 18 insertions(+), 27 deletions(-) diff --git a/cli/app/new.go b/cli/app/new.go index 97821037..cdc713ab 100644 --- a/cli/app/new.go +++ b/cli/app/new.go @@ -127,10 +127,6 @@ var appNewCommand = cli.Command{ return err } - if err := secret.EnsureSecretLengths(secretsConfig, internal.Domain, sanitisedAppName); err != nil { - logrus.Fatal(err) - } - if err := promptForSecrets(recipe.Name, secretsConfig); err != nil { logrus.Fatal(err) } diff --git a/cli/app/secret.go b/cli/app/secret.go index 9002ef8c..3b491055 100644 --- a/cli/app/secret.go +++ b/cli/app/secret.go @@ -96,10 +96,6 @@ var appSecretGenerateCommand = cli.Command{ logrus.Fatal(err) } - if err := secret.EnsureSecretLengths(secrets, internal.Domain, config.SanitiseAppName(app.Name)); err != nil { - logrus.Fatal(err) - } - if !allSecrets { secretName := c.Args().Get(1) secretVersion := c.Args().Get(2) diff --git a/pkg/secret/secret.go b/pkg/secret/secret.go index fa73f812..f574a033 100644 --- a/pkg/secret/secret.go +++ b/pkg/secret/secret.go @@ -89,7 +89,7 @@ func ReadSecretsConfig(appEnvPath string, composeFiles []string, stackName strin appEnv["STACK_NAME"] = stackName opts := stack.Deploy{Composefiles: composeFiles} - config, err := loader.LoadComposefile(opts, appEnv) + composeConfig, err := loader.LoadComposefile(opts, appEnv) if err != nil { return nil, err } @@ -100,7 +100,7 @@ func ReadSecretsConfig(appEnvPath string, composeFiles []string, stackName strin } var enabledSecrets []string - for _, service := range config.Services { + for _, service := range composeConfig.Services { for _, secret := range service.Secrets { enabledSecrets = append(enabledSecrets, secret.Source) } @@ -112,7 +112,7 @@ func ReadSecretsConfig(appEnvPath string, composeFiles []string, stackName strin } secretValues := map[string]Secret{} - for secretId, secretConfig := range config.Secrets { + for secretId, secretConfig := range composeConfig.Secrets { if string(secretConfig.Name[len(secretConfig.Name)-1]) == "_" { return nil, fmt.Errorf("missing version for secret? (%s)", secretId) } @@ -126,6 +126,10 @@ func ReadSecretsConfig(appEnvPath string, composeFiles []string, stackName strin secretVersion := secretConfig.Name[lastIdx+1:] value := Secret{Version: secretVersion, RemoteName: secretConfig.Name} + if len(value.RemoteName) > config.MAX_DOCKER_SECRET_LENGTH { + return nil, fmt.Errorf("secret %s is > %d chars when combined with %s", secretId, config.MAX_DOCKER_SECRET_LENGTH, stackName) + } + // Check if the length modifier is set for this secret. for envName, modifierValues := range appModifiers { // configWithoutEnv contains the raw name as defined in the compose.yaml @@ -282,19 +286,3 @@ func PollSecretsStatus(cl *dockerClient.Client, app config.App) (secretStatuses, return secStats, nil } - -func EnsureSecretLengths(secrets map[string]Secret, domainName string, sanitisedAppName string) error { - if len(sanitisedAppName) > config.MAX_SANITISED_APP_NAME_LENGTH { - sanitisedAppName = sanitisedAppName[:config.MAX_SANITISED_APP_NAME_LENGTH] - } - - domainAndFormatLength := len(sanitisedAppName) + 4 - for secretName := range secrets { - - if len(secretName)+domainAndFormatLength > config.MAX_DOCKER_SECRET_LENGTH { - return fmt.Errorf("secret %s is too long (> %d chars when combined with %s)", secretName, config.MAX_DOCKER_SECRET_LENGTH, sanitisedAppName) - } - } - - return nil -} diff --git a/pkg/secret/secret_test.go b/pkg/secret/secret_test.go index fc10c098..f2830d2e 100644 --- a/pkg/secret/secret_test.go +++ b/pkg/secret/secret_test.go @@ -28,3 +28,14 @@ func TestReadSecretsConfig(t *testing.T) { assert.Equal(t, "v2", secretsFromConfig["test_pass_three"].Version) assert.Equal(t, 0, secretsFromConfig["test_pass_three"].Length) } + +func TestReadSecretsConfigWithLongDomain(t *testing.T) { + composeFiles := []string{"./testdir/compose.yaml"} + _, err := ReadSecretsConfig("./testdir/.env.sample", composeFiles, "should_break_on_forty_eight_char_stack_nameeeeee") + if err == nil { + t.Fatal("Expected to fail") + } + + // Check error + assert.Equal(t, "secret test_pass_one is > 64 chars when combined with should_break_on_forty_eight_char_stack_nameeeeee", err.Error()) +} -- 2.47.2