tweak: Don't emit information about secrets

SierraSoftworks · Sep 25, 2021 · 1decd89 · 1decd89
1 parent 00d04e2
commit 1decd89
Show file tree

Hide file tree

Showing 7 changed files with 66 additions and 22 deletions.
diff --git a/src/commands/apply.rs b/src/commands/apply.rs
@@ -38,13 +38,17 @@ impl CommandRunnable for ApplyCommand {
         .map(|p| p.into())
         .ok_or(errors::user("No configuration directory provided.", "Provide the --config directory when running this command."))?;
 
-        let config = crate::core::config::load_all_config(&config_dir.join("config"))?;
-
         let mut output = crate::core::output::output();
 
+        let config = crate::core::config::load_all_config(&config_dir.join("config"))?;
         for (key, val) in config.iter() {
             writeln!(output, " = config {}={}", key, val)?;
         }
+
+        let secrets = crate::core::config::load_all_config(&config_dir.join("secrets"))?;
+        for (key, _val) in secrets.iter() {
+            writeln!(output, " = secret {}=******", key)?;
+        }
 
         let packages = crate::core::package::get_all_packages(&config_dir.join("packages"))?;
 
@@ -60,19 +64,25 @@ impl CommandRunnable for ApplyCommand {
                 config.insert(key, val);
             }
 
+            let mut secrets = secrets.clone();
+            for (key, val) in package.get_secrets()? {
+                writeln!(output, "   = secret {}=******", key)?;
+                secrets.insert(key, val);
+            }
+
             let root_path = PathBuf::from("/");
             let files = package.get_files()?;
             for file in files {
                 let target_path = package.files.get(&file.group).map(|f| f.as_path()).unwrap_or(&root_path);
                 writeln!(output, "   + {} '{}'", if file.is_template { "template" } else { "file" }, target_path.join(&file.relative_path).display())?;
 
-                file.apply(target_path, &config)?;
+                file.apply(target_path, &config, &secrets)?;
             }
 
             let tasks = package.get_tasks()?;
             for task in tasks {
                 writeln!(output, "   + task '{}'", &task.name)?;
-                task.run(&config)?;
+                task.run(&config, &secrets)?;
             }
         }
         Ok(0)
@@ -99,10 +109,10 @@ mod tests {
         let output = crate::core::output::mock();
 
         let temp_path = temp.path().to_owned();
-        crate::core::file::File::apply.mock_safe(move |f, target, config| {
+        crate::core::file::File::apply.mock_safe(move |f, target, config, secrets| {
             let target = Box::leak(Box::new(temp_path.join(target.strip_prefix("/").unwrap())));
 
-            MockResult::Continue((f, target, config))
+            MockResult::Continue((f, target, config, secrets))
         });
 
         crate::core::config::load_script_config.mock_safe(|interpreter, _file| {

diff --git a/src/commands/plan.rs b/src/commands/plan.rs
@@ -38,13 +38,17 @@ impl CommandRunnable for PlanCommand {
             .map(|p| p.into())
             .ok_or(errors::user("No configuration directory provided.", "Provide the --config directory when running this command."))?;
 
-        let config = crate::core::config::load_all_config(&config_dir.join("config"))?;
-
         let mut output = crate::core::output::output();
-
+
+        let config = crate::core::config::load_all_config(&config_dir.join("config"))?;
         for (key, val) in config {
             writeln!(output, " = config {}={}", key, val)?;
         }
+
+        let secrets = crate::core::config::load_all_config(&config_dir.join("secrets"))?;
+        for (key, _val) in secrets {
+            writeln!(output, " = secret {}=******", key)?;
+        }
 
         let packages = crate::core::package::get_all_packages(&config_dir.join("packages"))?;
 
@@ -58,6 +62,11 @@ impl CommandRunnable for PlanCommand {
                 writeln!(output, "   = config {}={}", key, val)?;
             }
 
+            let secrets = package.get_secrets()?;
+            for (key, _val) in secrets {
+                writeln!(output, "   = secret {}=******", key)?;
+            }
+
             let root_path = PathBuf::from("/");
             let files = package.get_files()?;
             for file in files {
@@ -90,7 +99,7 @@ mod tests {
 
         let output = crate::core::output::mock();
 
-        crate::core::file::File::apply.mock_safe(|_f, _target, _config| {
+        crate::core::file::File::apply.mock_safe(|_f, _target, _config, _secrets| {
             panic!("The file should not have been written during the planning phase.");
         });
 

diff --git a/src/core/file.rs b/src/core/file.rs
@@ -99,24 +99,26 @@ pub fn get_files(dir: &Path) -> Result<Vec<File>, errors::Error> {
 
 #[cfg_attr(test, mockable)]
 impl File {
-    #[instrument(level = "info", name = "file.apply", fields(file.path = %self.relative_path.display()), err, skip(self))]
+    #[instrument(level = "info", name = "file.apply", fields(file.path = %self.relative_path.display()), err, skip(self, secrets))]
     pub fn apply(
         &self,
         target: &Path,
         config: &HashMap<String, String>,
+        secrets: &HashMap<String, String>,
     ) -> Result<(), errors::Error> {
         if self.is_template {
-            self.template(target, config)
+            self.template(target, config, secrets)
         } else {
             self.copy(target)
         }
     }
 
-    #[instrument(level = "debug", name = "file.template", fields(file.path = %self.relative_path.display()), err, skip(self))]
+    #[instrument(level = "debug", name = "file.template", fields(file.path = %self.relative_path.display()), err, skip(self, secrets))]
     fn template(
         &self,
         target: &Path,
         config: &HashMap<String, String>,
+        secrets: &HashMap<String, String>,
     ) -> Result<(), errors::Error> {
         let output_path = target.join(&self.relative_path);
 
@@ -132,6 +134,10 @@ impl File {
             context.insert(key.clone(), Value::String(val.clone()));
         }
 
+        for (key, val) in secrets {
+            context.insert(key.clone(), Value::String(val.clone()));
+        }
+
         let context = Value::Object(context);
 
         let rendered = template(&template_content, context)

diff --git a/src/core/package.rs b/src/core/package.rs
@@ -45,6 +45,10 @@ impl Package {
         super::config::load_all_config(&self.path.join("config"))
     }
 
+    pub fn get_secrets(&self) -> Result<HashMap<String, String>, errors::Error> {
+        super::config::load_all_config(&self.path.join("secrets"))
+    }
+
     pub fn get_files(&self) -> Result<Vec<File>, errors::Error> {
         super::file::get_all_files(&self.path.join("files"))
     }

diff --git a/src/core/script.rs b/src/core/script.rs
@@ -47,8 +47,12 @@ pub fn get_all_scripts(dir: &Path) -> Result<Vec<Script>, errors::Error> {
 
 #[cfg_attr(test, mockable)]
 impl Script {
-    #[instrument(level = "info", name = "script.run", fields(task.name = %self.name, task.path = %self.path.display()), err, skip(self))]
-    pub fn run(&self, config: &HashMap<String, String>) -> Result<(), errors::Error> {
+    #[instrument(level = "info", name = "script.run", fields(task.name = %self.name, task.path = %self.path.display()), err, skip(self, secrets))]
+    pub fn run(
+        &self,
+        config: &HashMap<String, String>,
+        secrets: &HashMap<String, String>,
+    ) -> Result<(), errors::Error> {
         let extension = match self.path.extension() {
             Some(ext) => ext.to_str().ok_or(errors::user(
                 &format!("Unable to parse the file extension used by the task file '{}'", self.path.display()),
@@ -58,12 +62,17 @@ impl Script {
                 &format!("Could not determine how to run the task file '{}' because it did not have a file extension.", self.path.display()), 
                 "Use one of the supported file extensions to tell buckle how to execute this task file."))?
         };
+
+        let mut config = config.clone();
+        for (key, val) in secrets {
+            config.insert(key.clone(), val.into());
+        }
 
         match extension {
-            "ps1" => run_script_task("pwsh", config, &self.path)?,
-            "sh" => run_script_task("bash", config, &self.path)?,
-            "bat" => run_script_task("cmd.exe", config, &self.path)?,
-            "cmd" => run_script_task("cmd.exe", config, &self.path)?,
+            "ps1" => run_script_task("pwsh", &config, &self.path)?,
+            "sh" => run_script_task("bash", &config, &self.path)?,
+            "bat" => run_script_task("cmd.exe", &config, &self.path)?,
+            "cmd" => run_script_task("cmd.exe", &config, &self.path)?,
             _ => Err(errors::user(
                 &format!(
                     "The '{}' extension is not supported for task files.",
@@ -78,11 +87,15 @@ impl Script {
 }
 
 #[cfg_attr(test, mockable)]
-#[instrument(name = "command.run", fields(stdout, stderr), skip(config), err)]
-pub fn run_script_task(interpreter: &str, config: &HashMap<String, String>, file: &Path) -> Result<(), errors::Error> {
+#[instrument(name = "command.run", fields(stdout, stderr), skip(env), err)]
+pub fn run_script_task(
+    interpreter: &str,
+    env: &HashMap<String, String>,
+    file: &Path,
+) -> Result<(), errors::Error> {
     process::Command::new(interpreter)
         .arg(file)
-        .envs(config)
+        .envs(env)
         .output()
         .map_err(|err| errors::user_with_internal(
             &format!("Failed to execute the command '{} {}'.", interpreter, file.display()), 

diff --git a/src/test/data/packages/test2/secrets/magic.env b/src/test/data/packages/test2/secrets/magic.env
@@ -0,0 +1 @@
+MAGIC=flash
diff --git a/src/test/data/secrets/magic.env b/src/test/data/secrets/magic.env
@@ -0,0 +1 @@
+MAGIC=<><