From e44139925544a8bcd3c43edccdb247e44a96e5a2 Mon Sep 17 00:00:00 2001 From: Donal McBreen Date: Mon, 30 Sep 2024 12:28:29 +0100 Subject: [PATCH] Add `kamal secrets print` for secret debugging Dotenv's variable substitution doesn't work the same way as commands run in the shell. It needs values to be escaped. ```sh $ cat /tmp/env SECRETS=$(cat /tmp/json) SECRETS2=$(echo $SECRETS | jq) $ cat /tmp/json \{\ \"foo\"\ :\ \"bar\" \} $ SECRETS=$(cat /tmp/json) $ SECRETS2=$(echo $SECRETS | jq) jq: parse error: Invalid numeric literal at line 1, column 2 $ ruby -e 'require "dotenv"; puts Dotenv.parse("/tmp/env")["SECRETS2"]' { "foo": "bar" } ``` Since you then can't use the shell to debug, `kamal secrets print` will allow you to see what the secrets will be set to. --- lib/kamal/cli/secrets.rb | 7 +++++++ test/cli/secrets_test.rb | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/lib/kamal/cli/secrets.rb b/lib/kamal/cli/secrets.rb index 8b919f9a3..b094be466 100644 --- a/lib/kamal/cli/secrets.rb +++ b/lib/kamal/cli/secrets.rb @@ -21,6 +21,13 @@ def extract(name, secrets) return_or_puts value, inline: options[:inline] end + desc "print", "Print the secrets (for debugging)" + def print + KAMAL.config.secrets.to_h.each do |key, value| + puts "#{key}=#{value}" + end + end + private def adapter(adapter) Kamal::Secrets::Adapters.lookup(adapter) diff --git a/test/cli/secrets_test.rb b/test/cli/secrets_test.rb index 35d205004..6014a7e72 100644 --- a/test/cli/secrets_test.rb +++ b/test/cli/secrets_test.rb @@ -15,6 +15,12 @@ class CliSecretsTest < CliTestCase assert_equal "oof", run_command("extract", "foo", "{\"abc/foo\":\"oof\", \"bar\":\"rab\", \"baz\":\"zab\"}") end + test "print" do + with_test_secrets("secrets" => "SECRET1=ABC\nSECRET2=${SECRET1}DEF\n") do + assert_equal "SECRET1=ABC\nSECRET2=ABCDEF", run_command("print") + end + end + private def run_command(*command) stdouted { Kamal::Cli::Secrets.start([ *command, "-c", "test/fixtures/deploy_with_accessories.yml" ]) }