Merge pull request #1466 from basecamp/env-secrets-tidy

Tidy up the env secrets handling
2025-03-24 09:38:22 +00:00
parent 3aef9303c3 fb95b38e73
commit 8fe2f92164
2 changed files with 9 additions and 18 deletions
--- a/lib/kamal/configuration/env.rb
+++ b/lib/kamal/configuration/env.rb
@@ -1,8 +1,7 @@
 class Kamal::Configuration::Env
  include Kamal::Configuration::Validation

-  attr_reader :context
-  attr_reader :clear, :secret_keys
+  attr_reader :context, :clear, :secret_keys
  delegate :argumentize, to: Kamal::Utils

  def initialize(config:, secrets:, context: "env")
@@ -11,19 +10,14 @@ class Kamal::Configuration::Env
    @secret_keys = config.fetch("secret", [])
    @context = context
    validate! config, context: context, with: Kamal::Configuration::Validator::Env
-    @secret_map = build_secret_map(@secret_keys)
  end

  def clear_args
    argumentize("--env", clear)
  end

-  def secrets
-    @resolved_secrets ||= resolve_secrets
-  end
-
  def secrets_io
-    Kamal::EnvFile.new(secrets).to_io
+    Kamal::EnvFile.new(aliased_secrets).to_io
  end

  def merge(other)
@@ -33,15 +27,12 @@ class Kamal::Configuration::Env
  end

  private
-    def build_secret_map(secret_keys)
-      Array(secret_keys).to_h do |key|
-        key_name, key_aliased_to = key.split(":", 2)
-        key_aliased_to ||= key_name
-        [ key_name, key_aliased_to ]
-      end
+    def aliased_secrets
+      secret_keys.to_h { |key| extract_alias(key) }.transform_values { |secret_key| @secrets[secret_key] }
    end

-    def resolve_secrets
-      @secret_map.transform_values { |secret_key| @secrets[secret_key] }
+    def extract_alias(key)
+      key_name, key_aliased_to = key.split(":", 2)
+      [ key_name, key_aliased_to || key_name ]
    end
 end
--- a/test/configuration/env/tags_test.rb
+++ b/test/configuration/env/tags_test.rb
@@ -92,7 +92,7 @@ class ConfigurationEnvTagsTest < ActiveSupport::TestCase
      }

      config = Kamal::Configuration.new(deploy)
-      assert_equal "hello", config.role("web").env("1.1.1.1").secrets["PASSWORD"]
+      assert_equal "PASSWORD=hello\n", config.role("web").env("1.1.1.1").secrets_io.string
    end
  end

@@ -110,7 +110,7 @@ class ConfigurationEnvTagsTest < ActiveSupport::TestCase
      }

      config = Kamal::Configuration.new(deploy)
-      assert_equal "aliased_hello", config.role("web").env("1.1.1.1").secrets["PASSWORD"]
+      assert_equal "PASSWORD=aliased_hello\n", config.role("web").env("1.1.1.1").secrets_io.string
    end
  end