spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1121 from kylerippey/adapter-cli-installation-checks

Browse Source 
Raise meaningful error messages when secret adapter CLIs are not installed
This commit is contained in:
Donal McBreen
2024-10-23 11:12:50 +01:00
committed by GitHub
parent 66f6e8b576 8cec17dd05
commit 53dad5f54f
8 changed files with 87 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/kamal/secrets/adapters/base.rb
View File

@@ -2,6 +2,7 @@ class Kamal::Secrets::Adapters::Base
delegate :optionize, to: Kamal::Utils
def fetch(secrets, account:, from: nil)
check_dependencies!
session = login(account)
full_secrets = secrets.map { |secret| [ from, secret ].compact.join("/") }
fetch_secrets(full_secrets, account: account, session: session)
@@ -15,4 +16,8 @@ class Kamal::Secrets::Adapters::Base
def fetch_secrets(...)
raise NotImplementedError
end
def check_dependencies!
raise NotImplementedError
end
end

9
lib/kamal/secrets/adapters/bitwarden.rb
View File

@@ -63,4 +63,13 @@ class Kamal::Secrets::Adapters::Bitwarden < Kamal::Secrets::Adapters::Base
result = `#{full_command}`.strip
raw ? result : JSON.parse(result)
end
def check_dependencies!
raise RuntimeError, "Bitwarden CLI is not installed" unless cli_installed?
end
def cli_installed?
`bw --version 2> /dev/null`
$?.success?
end
end

9
lib/kamal/secrets/adapters/last_pass.rb
View File

@@ -27,4 +27,13 @@ class Kamal::Secrets::Adapters::LastPass < Kamal::Secrets::Adapters::Base
end
end
end
def check_dependencies!
raise RuntimeError, "LastPass CLI is not installed" unless cli_installed?
end
def cli_installed?
`lpass --version 2> /dev/null`
$?.success?
end
end

9
lib/kamal/secrets/adapters/one_password.rb
View File

@@ -58,4 +58,13 @@ class Kamal::Secrets::Adapters::OnePassword < Kamal::Secrets::Adapters::Base
raise RuntimeError, "Could not read #{fields.join(", ")} from #{item} in the #{vault} 1Password vault" unless $?.success?
end
end
def check_dependencies!
raise RuntimeError, "1Password CLI is not installed" unless cli_installed?
end
def cli_installed?
`op --version 2> /dev/null`
$?.success?
end
end

4
lib/kamal/secrets/adapters/test.rb
View File

@@ -7,4 +7,8 @@ class Kamal::Secrets::Adapters::Test < Kamal::Secrets::Adapters::Base
def fetch_secrets(secrets, account:, session:)
secrets.to_h { |secret| [ secret, secret.reverse ] }
end
def check_dependencies!
# no op
end
end

23
test/secrets/bitwarden_adapter_test.rb
View File

@@ -2,6 +2,8 @@ require "test_helper"
class BitwardenAdapterTest < SecretAdapterTestCase
test "fetch" do
stub_ticks.with("bw --version 2> /dev/null")
stub_unlocked
stub_ticks.with("bw sync").returns("")
stub_mypassword
@@ -14,6 +16,8 @@ class BitwardenAdapterTest < SecretAdapterTestCase
end
test "fetch with no login" do
stub_ticks.with("bw --version 2> /dev/null")
stub_unlocked
stub_ticks.with("bw sync").returns("")
stub_noteitem
@@ -25,6 +29,8 @@ class BitwardenAdapterTest < SecretAdapterTestCase
end
test "fetch with from" do
stub_ticks.with("bw --version 2> /dev/null")
stub_unlocked
stub_ticks.with("bw sync").returns("")
stub_myitem
@@ -39,6 +45,8 @@ class BitwardenAdapterTest < SecretAdapterTestCase
end
test "fetch with multiple items" do
stub_ticks.with("bw --version 2> /dev/null")
stub_unlocked
stub_ticks.with("bw sync").returns("")
@@ -80,6 +88,8 @@ class BitwardenAdapterTest < SecretAdapterTestCase
end
test "fetch unauthenticated" do
stub_ticks.with("bw --version 2> /dev/null")
stub_ticks
.with("bw status")
.returns(
@@ -101,6 +111,8 @@ class BitwardenAdapterTest < SecretAdapterTestCase
end
test "fetch locked" do
stub_ticks.with("bw --version 2> /dev/null")
stub_ticks
.with("bw status")
.returns(
@@ -126,6 +138,8 @@ class BitwardenAdapterTest < SecretAdapterTestCase
end
test "fetch locked with session" do
stub_ticks.with("bw --version 2> /dev/null")
stub_ticks
.with("bw status")
.returns(
@@ -150,6 +164,15 @@ class BitwardenAdapterTest < SecretAdapterTestCase
assert_equal expected_json, json
end
test "fetch without CLI installed" do
stub_ticks_with("bw --version 2> /dev/null", succeed: false)
error = assert_raises RuntimeError do
JSON.parse(shellunescape(run_command("fetch", "mynote")))
end
assert_equal "Bitwarden CLI is not installed", error.message
end
private
def run_command(*command)
stdouted do

13
test/secrets/last_pass_adapter_test.rb
View File

@@ -6,6 +6,7 @@ class LastPassAdapterTest < SecretAdapterTestCase
end
test "fetch" do
stub_ticks.with("lpass --version 2> /dev/null")
stub_ticks.with("lpass status --color never").returns("Logged in as email@example.com.")
stub_ticks
@@ -63,6 +64,7 @@ class LastPassAdapterTest < SecretAdapterTestCase
end
test "fetch with from" do
stub_ticks.with("lpass --version 2> /dev/null")
stub_ticks.with("lpass status --color never").returns("Logged in as email@example.com.")
stub_ticks
@@ -107,6 +109,8 @@ class LastPassAdapterTest < SecretAdapterTestCase
end
test "fetch with signin" do
stub_ticks.with("lpass --version 2> /dev/null")
stub_ticks_with("lpass status --color never", succeed: false).returns("Not logged in.")
stub_ticks_with("lpass login email@example.com", succeed: true).returns("")
stub_ticks.with("lpass show SECRET1 --json").returns(single_item_json)
@@ -120,6 +124,15 @@ class LastPassAdapterTest < SecretAdapterTestCase
assert_equal expected_json, json
end
test "fetch without CLI installed" do
stub_ticks_with("lpass --version 2> /dev/null", succeed: false)
error = assert_raises RuntimeError do
JSON.parse(shellunescape(run_command("fetch", "SECRET1", "FOLDER1/FSECRET1", "FOLDER1/FSECRET2")))
end
assert_equal "LastPass CLI is not installed", error.message
end
private
def run_command(*command)
stdouted do

15
test/secrets/one_password_adapter_test.rb
View File

@@ -2,6 +2,7 @@ require "test_helper"
class SecretsOnePasswordAdapterTest < SecretAdapterTestCase
test "fetch" do
stub_ticks.with("op --version 2> /dev/null")
stub_ticks.with("op account get --account myaccount 2> /dev/null")
stub_ticks
@@ -56,6 +57,7 @@ class SecretsOnePasswordAdapterTest < SecretAdapterTestCase
end
test "fetch with multiple items" do
stub_ticks.with("op --version 2> /dev/null")
stub_ticks.with("op account get --account myaccount 2> /dev/null")
stub_ticks
@@ -115,6 +117,8 @@ class SecretsOnePasswordAdapterTest < SecretAdapterTestCase
end
test "fetch with signin, no session" do
stub_ticks.with("op --version 2> /dev/null")
stub_ticks_with("op account get --account myaccount 2> /dev/null", succeed: false)
stub_ticks_with("op signin --account \"myaccount\" --force --raw", succeed: true).returns("")
@@ -132,6 +136,8 @@ class SecretsOnePasswordAdapterTest < SecretAdapterTestCase
end
test "fetch with signin and session" do
stub_ticks.with("op --version 2> /dev/null")
stub_ticks_with("op account get --account myaccount 2> /dev/null", succeed: false)
stub_ticks_with("op signin --account \"myaccount\" --force --raw", succeed: true).returns("1234567890")
@@ -148,6 +154,15 @@ class SecretsOnePasswordAdapterTest < SecretAdapterTestCase
assert_equal expected_json, json
end
test "fetch without CLI installed" do
stub_ticks_with("op --version 2> /dev/null", succeed: false)
error = assert_raises RuntimeError do
JSON.parse(shellunescape(run_command("fetch", "--from", "op://myvault/myitem", "section/SECRET1", "section/SECRET2", "section2/SECRET3")))
end
assert_equal "1Password CLI is not installed", error.message
end
private
def run_command(*command)
stdouted do