spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Escape secrets in inline command substitution

Browse Source 
Kamal "inlines" calls to `kamal secrets` in the dotenv file, but the
results of the calls were not being escaped properly. To "fix" this
`kamal secrets fetch` escaped the JSON string before returning it.

The two errors cancelled out, but it meant that the commands didn't
work from a shell.

To fix, we'll escape the inline command results and remove the escaping
from `kamal secrets fetch`.
This commit is contained in:
Donal McBreen
2024-09-30 10:45:11 +01:00
parent f331605efa
commit ff24fd9874
8 changed files with 22 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
test/secrets/bitwarden_adapter_test.rb
View File

@@ -6,7 +6,7 @@ class BitwardenAdapterTest < SecretAdapterTestCase
stub_ticks.with("bw sync").returns("")
stub_mypassword
json = JSON.parse(shellunescape(run_command("fetch", "mypassword")))
json = JSON.parse(run_command("fetch", "mypassword"))
expected_json = { "mypassword"=>"secret123" }
@@ -18,7 +18,7 @@ class BitwardenAdapterTest < SecretAdapterTestCase
stub_ticks.with("bw sync").returns("")
stub_myitem
json = JSON.parse(shellunescape(run_command("fetch", "--from", "myitem", "field1", "field2", "field3")))
json = JSON.parse(run_command("fetch", "--from", "myitem", "field1", "field2", "field3"))
expected_json = {
"myitem/field1"=>"secret1", "myitem/field2"=>"blam", "myitem/field3"=>"fewgrwjgk"
@@ -59,7 +59,7 @@ class BitwardenAdapterTest < SecretAdapterTestCase
JSON
json = JSON.parse(shellunescape(run_command("fetch", "mypassword", "myitem/field1", "myitem/field2", "myitem2/field3")))
json = JSON.parse(run_command("fetch", "mypassword", "myitem/field1", "myitem/field2", "myitem2/field3"))
expected_json = {
"mypassword"=>"secret123", "myitem/field1"=>"secret1", "myitem/field2"=>"blam", "myitem2/field3"=>"fewgrwjgk"
@@ -82,7 +82,7 @@ class BitwardenAdapterTest < SecretAdapterTestCase
stub_ticks.with("bw sync").returns("")
stub_mypassword
json = JSON.parse(shellunescape(run_command("fetch", "mypassword")))
json = JSON.parse(run_command("fetch", "mypassword"))
expected_json = { "mypassword"=>"secret123" }
@@ -107,7 +107,7 @@ class BitwardenAdapterTest < SecretAdapterTestCase
stub_ticks.with("bw sync").returns("")
stub_mypassword
json = JSON.parse(shellunescape(run_command("fetch", "mypassword")))
json = JSON.parse(run_command("fetch", "mypassword"))
expected_json = { "mypassword"=>"secret123" }
@@ -132,7 +132,7 @@ class BitwardenAdapterTest < SecretAdapterTestCase
stub_ticks.with("BW_SESSION=0987654321 bw sync").returns("")
stub_mypassword(session: "0987654321")
json = JSON.parse(shellunescape(run_command("fetch", "mypassword")))
json = JSON.parse(run_command("fetch", "mypassword"))
expected_json = { "mypassword"=>"secret123" }