feat(secrets): update doppler adapter to use --from option and DOPPLER_TOKEN env

2024-11-04 19:00:38 -04:00
parent 77cd29f5ad
commit 3069552315
2 changed files with 130 additions and 19 deletions
--- a/lib/kamal/secrets/adapters/doppler.rb
+++ b/lib/kamal/secrets/adapters/doppler.rb
@@ -1,28 +1,53 @@
 class Kamal::Secrets::Adapters::Doppler < Kamal::Secrets::Adapters::Base
+  def requires_account?
+    false
+  end
+
  private
-    def login(account)
-      unless loggedin?(account)
+    def login(*)
+      unless loggedin?
        `doppler login -y`
        raise RuntimeError, "Failed to login to Doppler" unless $?.success?
      end
    end

-    def loggedin?(account)
+    def loggedin?
      `doppler me --json 2> /dev/null`
      $?.success?
    end

-    def fetch_secrets(secrets, account:, session:)
-      project, config = account.split("/")
+    def fetch_secrets(secrets, **)
+      project_and_config_flags = ""
+      unless service_token_set?
+        project, config, _ = secrets.first.split("/")

-      raise RuntimeError, "Missing project or config from --acount=project/config option" unless project && config
-      raise RuntimeError, "Using --from option or FOLDER/SECRET is not supported by Doppler" if secrets.any?(/\//)
+        unless project && config
+          raise RuntimeError, "Missing project or config from '--from=project/config' option"
+        end

-      items = `doppler secrets get #{secrets.map(&:shellescape).join(" ")} --json -p #{project} -c #{config}`
+        project_and_config_flags = "-p #{project.shellescape} -c #{config.shellescape}"
+      end
+
+      secret_names = secrets.collect { |s| s.split("/").last }
+
+      items = `doppler secrets get #{secret_names.map(&:shellescape).join(" ")} --json #{project_and_config_flags}`
      raise RuntimeError, "Could not read #{secrets} from Doppler" unless $?.success?

      items = JSON.parse(items)

      items.transform_values { |value| value["computed"] }
    end
+
+    def service_token_set?
+      ENV["DOPPLER_TOKEN"] && ENV["DOPPLER_TOKEN"][0, 5] == "dp.st"
+    end
+
+    def check_dependencies!
+      raise RuntimeError, "Doppler CLI is not installed" unless cli_installed?
+    end
+
+    def cli_installed?
+      `doppler --version 2> /dev/null`
+      $?.success?
+    end
 end