Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix secrets adapters failing fetch on Windows #1350

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Fix secrets adapters failing fetch on Windows #1350

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
206795c
initial adjustment for password managers on windows, changing backtic…
Jan 10, 2025
c9d06f6
fixing bitwarden tests, combining system and backtick stubs into the …
Jan 10, 2025
2d623df
fixing up tests for other adapters, removing stdout nullification
Jan 10, 2025
659670d
removing shellescape, as it's also not supported on Windows, still ne…
Jan 11, 2025
56f1ec3
Revert previous commit, can unlock through CLI
Jan 11, 2025
cf650fb
swapping positions and defaults for stub_command_with to make more se…
Jan 13, 2025
160a521
Merge branch 'basecamp:main' into main
akumajoe Jan 18, 2025
7c86e94
Merge branch 'basecamp:main' into main
akumajoe Jan 24, 2025
65e2db2
fixing error in stub_command function, applying change to new secret …
Jan 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/kamal/secrets/adapters/aws_secrets_manager.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ def check_dependencies!
end

def cli_installed?
`aws --version 2> /dev/null`
system("aws --version", err: File::NULL)
$?.success?
end
end
2 changes: 1 addition & 1 deletion lib/kamal/secrets/adapters/bitwarden.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ def check_dependencies!
end

def cli_installed?
`bw --version 2> /dev/null`
system("bw --version", err: File::NULL)
$?.success?
end
end
2 changes: 1 addition & 1 deletion lib/kamal/secrets/adapters/bitwarden_secrets_manager.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ def check_dependencies!
end

def cli_installed?
`bws --version 2> /dev/null`
system("bws --version", err: File::NULL)
$?.success?
end
end
4 changes: 2 additions & 2 deletions lib/kamal/secrets/adapters/doppler.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ def login(*)
end

def loggedin?
`doppler me --json 2> /dev/null`
system("doppler me --json", err: File::NULL)
$?.success?
end

Expand Down Expand Up @@ -51,7 +51,7 @@ def check_dependencies!
end

def cli_installed?
`doppler --version 2> /dev/null`
system("doppler --version", err: File::NULL)
$?.success?
end
end
2 changes: 1 addition & 1 deletion lib/kamal/secrets/adapters/enpass.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ def check_dependencies!
end

def cli_installed?
`enpass-cli version 2> /dev/null`
system("enpass-cli version", err: File::NULL)
$?.success?
end

Expand Down
2 changes: 1 addition & 1 deletion lib/kamal/secrets/adapters/gcp_secret_manager.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ def check_dependencies!
end

def cli_installed?
`gcloud --version 2> /dev/null`
system("gcloud --version", err: File::NULL)
$?.success?
end

Expand Down
2 changes: 1 addition & 1 deletion lib/kamal/secrets/adapters/last_pass.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ def check_dependencies!
end

def cli_installed?
`lpass --version 2> /dev/null`
system("lpass --version", err: File::NULL)
$?.success?
end
end
4 changes: 2 additions & 2 deletions lib/kamal/secrets/adapters/one_password.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ def login(account)
end

def loggedin?(account)
`op account get --account #{account.shellescape} 2> /dev/null`
system("op account get --account #{account.shellescape}", err: File::NULL)
$?.success?
end

Expand Down Expand Up @@ -64,7 +64,7 @@ def check_dependencies!
end

def cli_installed?
`op --version 2> /dev/null`
system("op --version", err: File::NULL)
$?.success?
end
end
18 changes: 9 additions & 9 deletions test/secrets/aws_secrets_manager_adapter_test.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@

class AwsSecretsManagerAdapterTest < SecretAdapterTestCase
test "fails when errors are present" do
stub_ticks.with("aws --version 2> /dev/null")
stub_ticks
stub_command(:system).with("aws --version", err: File::NULL)
stub_command
.with("aws secretsmanager batch-get-secret-value --secret-id-list unknown1 unknown2 --profile default")
.returns(<<~JSON)
{
Expand Down Expand Up @@ -31,8 +31,8 @@ class AwsSecretsManagerAdapterTest < SecretAdapterTestCase
end

test "fetch" do
stub_ticks.with("aws --version 2> /dev/null")
stub_ticks
stub_command(:system).with("aws --version", err: File::NULL)
stub_command
.with("aws secretsmanager batch-get-secret-value --secret-id-list secret/KEY1 secret/KEY2 secret2/KEY3 --profile default")
.returns(<<~JSON)
{
Expand Down Expand Up @@ -74,8 +74,8 @@ class AwsSecretsManagerAdapterTest < SecretAdapterTestCase
end

test "fetch with string value" do
stub_ticks.with("aws --version 2> /dev/null")
stub_ticks
stub_command(:system).with("aws --version", err: File::NULL)
stub_command
.with("aws secretsmanager batch-get-secret-value --secret-id-list secret secret2/KEY1 --profile default")
.returns(<<~JSON)
{
Expand Down Expand Up @@ -116,8 +116,8 @@ class AwsSecretsManagerAdapterTest < SecretAdapterTestCase
end

test "fetch with secret names" do
stub_ticks.with("aws --version 2> /dev/null")
stub_ticks
stub_command(:system).with("aws --version", err: File::NULL)
stub_command
.with("aws secretsmanager batch-get-secret-value --secret-id-list secret/KEY1 secret/KEY2 --profile default")
.returns(<<~JSON)
{
Expand Down Expand Up @@ -148,7 +148,7 @@ class AwsSecretsManagerAdapterTest < SecretAdapterTestCase
end

test "fetch without CLI installed" do
stub_ticks_with("aws --version 2> /dev/null", succeed: false)
stub_command_with("aws --version", false, :system)

error = assert_raises RuntimeError do
JSON.parse(shellunescape(run_command("fetch", "SECRET1")))
Expand Down
69 changes: 35 additions & 34 deletions test/secrets/bitwarden_adapter_test.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@

class BitwardenAdapterTest < SecretAdapterTestCase
test "fetch" do
stub_ticks.with("bw --version 2> /dev/null")
stub_command(:system).with("bw --version", err: File::NULL)

stub_unlocked
stub_ticks.with("bw sync").returns("")
stub_command.with("bw sync").returns("")
stub_mypassword

json = JSON.parse(shellunescape(run_command("fetch", "mypassword")))
Expand All @@ -16,10 +16,10 @@ class BitwardenAdapterTest < SecretAdapterTestCase
end

test "fetch with no login" do
stub_ticks.with("bw --version 2> /dev/null")
stub_command(:system).with("bw --version", err: File::NULL)

stub_unlocked
stub_ticks.with("bw sync").returns("")
stub_command.with("bw sync").returns("")
stub_noteitem

error = assert_raises RuntimeError do
Expand All @@ -29,10 +29,10 @@ class BitwardenAdapterTest < SecretAdapterTestCase
end

test "fetch with from" do
stub_ticks.with("bw --version 2> /dev/null")
stub_command(:system).with("bw --version", err: File::NULL)

stub_unlocked
stub_ticks.with("bw sync").returns("")
stub_command.with("bw sync").returns("")
stub_myitem

json = JSON.parse(shellunescape(run_command("fetch", "--from", "myitem", "field1", "field2", "field3")))
Expand All @@ -45,10 +45,10 @@ class BitwardenAdapterTest < SecretAdapterTestCase
end

test "fetch all with from" do
stub_ticks.with("bw --version 2> /dev/null")
stub_command(:system).with("bw --version", err: File::NULL)

stub_unlocked
stub_ticks.with("bw sync").returns("")
stub_command.with("bw sync").returns("")
stub_noteitem_with_fields

json = JSON.parse(shellunescape(run_command("fetch", "mynotefields")))
Expand All @@ -62,15 +62,15 @@ class BitwardenAdapterTest < SecretAdapterTestCase
end

test "fetch with multiple items" do
stub_ticks.with("bw --version 2> /dev/null")
stub_command(:system).with("bw --version", err: File::NULL)

stub_unlocked

stub_ticks.with("bw sync").returns("")
stub_command.with("bw sync").returns("")
stub_mypassword
stub_myitem

stub_ticks
stub_command
.with("bw get item myitem2")
.returns(<<~JSON)
{
Expand Down Expand Up @@ -105,19 +105,19 @@ class BitwardenAdapterTest < SecretAdapterTestCase
end

test "fetch unauthenticated" do
stub_ticks.with("bw --version 2> /dev/null")
stub_command(:system).with("bw --version", err: File::NULL)

stub_ticks
stub_command
.with("bw status")
.returns(
'{"serverUrl":null,"lastSync":null,"status":"unauthenticated"}',
'{"serverUrl":null,"lastSync":"2024-09-04T10:11:12.433Z","userEmail":"email@example.com","userId":"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee","status":"locked"}',
'{"serverUrl":null,"lastSync":"2024-09-04T10:11:12.433Z","userEmail":"email@example.com","userId":"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee","status":"unlocked"}'
)

stub_ticks.with("bw login email@example.com").returns("1234567890")
stub_ticks.with("bw unlock --raw").returns("")
stub_ticks.with("bw sync").returns("")
stub_command.with("bw login email@example.com").returns("1234567890")
stub_command.with("bw unlock --raw").returns("")
stub_command.with("bw sync").returns("")
stub_mypassword

json = JSON.parse(shellunescape(run_command("fetch", "mypassword")))
Expand All @@ -128,23 +128,23 @@ class BitwardenAdapterTest < SecretAdapterTestCase
end

test "fetch locked" do
stub_ticks.with("bw --version 2> /dev/null")
stub_command(:system).with("bw --version", err: File::NULL)

stub_ticks
stub_command
.with("bw status")
.returns(
'{"serverUrl":null,"lastSync":"2024-09-04T10:11:12.433Z","userEmail":"email@example.com","userId":"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee","status":"locked"}'
)

stub_ticks
stub_command
.with("bw status")
.returns(
'{"serverUrl":null,"lastSync":"2024-09-04T10:11:12.433Z","userEmail":"email@example.com","userId":"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee","status":"unlocked"}'
)

stub_ticks.with("bw login email@example.com").returns("1234567890")
stub_ticks.with("bw unlock --raw").returns("")
stub_ticks.with("bw sync").returns("")
stub_command.with("bw login email@example.com").returns("1234567890")
stub_command.with("bw unlock --raw").returns("")
stub_command.with("bw sync").returns("")
stub_mypassword

json = JSON.parse(shellunescape(run_command("fetch", "mypassword")))
Expand All @@ -155,23 +155,24 @@ class BitwardenAdapterTest < SecretAdapterTestCase
end

test "fetch locked with session" do
stub_ticks.with("bw --version 2> /dev/null")
stub_command(:system).with("bw --version", err: File::NULL)

stub_ticks

stub_command
.with("bw status")
.returns(
'{"serverUrl":null,"lastSync":"2024-09-04T10:11:12.433Z","userEmail":"email@example.com","userId":"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee","status":"locked"}'
)

stub_ticks
stub_command
.with("BW_SESSION=0987654321 bw status")
.returns(
'{"serverUrl":null,"lastSync":"2024-09-04T10:11:12.433Z","userEmail":"email@example.com","userId":"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee","status":"unlocked"}'
)

stub_ticks.with("bw login email@example.com").returns("1234567890")
stub_ticks.with("bw unlock --raw").returns("0987654321")
stub_ticks.with("BW_SESSION=0987654321 bw sync").returns("")
stub_command.with("bw login email@example.com").returns("1234567890")
stub_command.with("bw unlock --raw").returns("0987654321")
stub_command.with("BW_SESSION=0987654321 bw sync").returns("")
stub_mypassword(session: "0987654321")

json = JSON.parse(shellunescape(run_command("fetch", "mypassword")))
Expand All @@ -182,7 +183,7 @@ class BitwardenAdapterTest < SecretAdapterTestCase
end

test "fetch without CLI installed" do
stub_ticks_with("bw --version 2> /dev/null", succeed: false)
stub_command_with("bw --version", false, :system)

error = assert_raises RuntimeError do
JSON.parse(shellunescape(run_command("fetch", "mynote")))
Expand All @@ -202,15 +203,15 @@ def run_command(*command)
end

def stub_unlocked
stub_ticks
stub_command
.with("bw status")
.returns(<<~JSON)
{"serverUrl":null,"lastSync":"2024-09-04T10:11:12.433Z","userEmail":"email@example.com","userId":"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee","status":"unlocked"}
JSON
end

def stub_mypassword(session: nil)
stub_ticks
stub_command
.with("#{"BW_SESSION=#{session} " if session}bw get item mypassword")
.returns(<<~JSON)
{
Expand All @@ -233,7 +234,7 @@ def stub_mypassword(session: nil)
end

def stub_noteitem(session: nil)
stub_ticks
stub_command
.with("#{"BW_SESSION=#{session} " if session}bw get item mynote")
.returns(<<~JSON)
{
Expand All @@ -257,7 +258,7 @@ def stub_noteitem(session: nil)
end

def stub_noteitem_with_fields(session: nil)
stub_ticks
stub_command
.with("#{"BW_SESSION=#{session} " if session}bw get item mynotefields")
.returns(<<~JSON)
{
Expand Down Expand Up @@ -287,7 +288,7 @@ def stub_noteitem_with_fields(session: nil)
end

def stub_myitem
stub_ticks
stub_command
.with("bw get item myitem")
.returns(<<~JSON)
{
Expand Down
Loading