Skip to content

Fix secrets adapters failing fetch on Windows #1350

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 13 commits into
base: main
Choose a base branch
from
Open

Fix secrets adapters failing fetch on Windows #1350

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
206795c
initial adjustment for password managers on windows, changing backtic…
Jan 10, 2025
c9d06f6
fixing bitwarden tests, combining system and backtick stubs into the …
Jan 10, 2025
2d623df
fixing up tests for other adapters, removing stdout nullification
Jan 10, 2025
659670d
removing shellescape, as it's also not supported on Windows, still ne…
Jan 11, 2025
56f1ec3
Revert previous commit, can unlock through CLI
Jan 11, 2025
cf650fb
swapping positions and defaults for stub_command_with to make more se…
Jan 13, 2025
160a521
Merge branch 'basecamp:main' into main
akumajoe Jan 18, 2025
7c86e94
Merge branch 'basecamp:main' into main
akumajoe Jan 24, 2025
65e2db2
fixing error in stub_command function, applying change to new secret …
Jan 29, 2025
c232cd6
merging in upstream, resolving conflicts
May 17, 2025
d631a8d
fixing additional issue referencing old function
May 17, 2025
e0eb7b5
fixing linting errors
May 17, 2025
45d4d57
Merge branch 'basecamp:main' into main
akumajoe May 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/kamal/secrets/adapters/aws_secrets_manager.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ def check_dependencies!
end

def cli_installed?
`aws --version 2> /dev/null`
system("aws --version", err: File::NULL)
$?.success?
end
end
2 changes: 1 addition & 1 deletion lib/kamal/secrets/adapters/bitwarden.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ def check_dependencies!
end

def cli_installed?
`bw --version 2> /dev/null`
system("bw --version", err: File::NULL)
$?.success?
end
end
2 changes: 1 addition & 1 deletion lib/kamal/secrets/adapters/bitwarden_secrets_manager.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ def check_dependencies!
end

def cli_installed?
`bws --version 2> /dev/null`
system("bws --version", err: File::NULL)
$?.success?
end
end
4 changes: 2 additions & 2 deletions lib/kamal/secrets/adapters/doppler.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ def login(*)
end

def loggedin?
`doppler me --json 2> /dev/null`
system("doppler me --json", err: File::NULL)
$?.success?
end

Expand Down Expand Up @@ -51,7 +51,7 @@ def check_dependencies!
end

def cli_installed?
`doppler --version 2> /dev/null`
system("doppler --version", err: File::NULL)
$?.success?
end
end
2 changes: 1 addition & 1 deletion lib/kamal/secrets/adapters/enpass.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ def check_dependencies!
end

def cli_installed?
`enpass-cli version 2> /dev/null`
system("enpass-cli version", err: File::NULL)
$?.success?
end

Expand Down
2 changes: 1 addition & 1 deletion lib/kamal/secrets/adapters/gcp_secret_manager.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ def check_dependencies!
end

def cli_installed?
`gcloud --version 2> /dev/null`
system("gcloud --version", err: File::NULL)
$?.success?
end

Expand Down
2 changes: 1 addition & 1 deletion lib/kamal/secrets/adapters/last_pass.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ def check_dependencies!
end

def cli_installed?
`lpass --version 2> /dev/null`
system("lpass --version", err: File::NULL)
$?.success?
end
end
4 changes: 2 additions & 2 deletions lib/kamal/secrets/adapters/one_password.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ def login(account)
end

def loggedin?(account)
`op account get --account #{account.shellescape} 2> /dev/null`
system("op account get --account #{account.shellescape}", err: File::NULL)
$?.success?
end

Expand Down Expand Up @@ -64,7 +64,7 @@ def check_dependencies!
end

def cli_installed?
`op --version 2> /dev/null`
system("op --version", err: File::NULL)
$?.success?
end
end
57 changes: 29 additions & 28 deletions test/secrets/aws_secrets_manager_adapter_test.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@

class AwsSecretsManagerAdapterTest < SecretAdapterTestCase
test "fails when errors are present" do
stub_ticks.with("aws --version 2> /dev/null")
stub_ticks
stub_command(:system).with("aws --version", err: File::NULL)
stub_command
.with("aws secretsmanager batch-get-secret-value --secret-id-list unknown1 unknown2 --profile default --output json")
.returns(<<~JSON)
{
Expand Down Expand Up @@ -31,8 +31,8 @@ class AwsSecretsManagerAdapterTest < SecretAdapterTestCase
end

test "fetch" do
stub_ticks.with("aws --version 2> /dev/null")
stub_ticks
stub_command(:system).with("aws --version", err: File::NULL)
stub_command
.with("aws secretsmanager batch-get-secret-value --secret-id-list secret/KEY1 secret/KEY2 secret2/KEY3 --profile default --output json")
.returns(<<~JSON)
{
Expand Down Expand Up @@ -65,17 +65,17 @@ class AwsSecretsManagerAdapterTest < SecretAdapterTestCase
json = JSON.parse(shellunescape(run_command("fetch", "secret/KEY1", "secret/KEY2", "secret2/KEY3")))

expected_json = {
"secret/KEY1"=>"VALUE1",
"secret/KEY2"=>"VALUE2",
"secret2/KEY3"=>"VALUE3"
"secret/KEY1" => "VALUE1",
"secret/KEY2" => "VALUE2",
"secret2/KEY3" => "VALUE3"
}

assert_equal expected_json, json
end

test "fetch with string value" do
stub_ticks.with("aws --version 2> /dev/null")
stub_ticks
stub_command(:system).with("aws --version", err: File::NULL)
stub_command
.with("aws secretsmanager batch-get-secret-value --secret-id-list secret secret2/KEY1 --profile default --output json")
.returns(<<~JSON)
{
Expand Down Expand Up @@ -108,16 +108,16 @@ class AwsSecretsManagerAdapterTest < SecretAdapterTestCase
json = JSON.parse(shellunescape(run_command("fetch", "secret", "secret2/KEY1")))

expected_json = {
"secret"=>"a-string-secret",
"secret2/KEY2"=>"VALUE2"
"secret" => "a-string-secret",
"secret2/KEY2" => "VALUE2"
}

assert_equal expected_json, json
end

test "fetch with secret names" do
stub_ticks.with("aws --version 2> /dev/null")
stub_ticks
stub_command(:system).with("aws --version", err: File::NULL)
stub_command
.with("aws secretsmanager batch-get-secret-value --secret-id-list secret/KEY1 secret/KEY2 --profile default --output json")
.returns(<<~JSON)
{
Expand All @@ -140,15 +140,15 @@ class AwsSecretsManagerAdapterTest < SecretAdapterTestCase
json = JSON.parse(shellunescape(run_command("fetch", "--from", "secret", "KEY1", "KEY2")))

expected_json = {
"secret/KEY1"=>"VALUE1",
"secret/KEY2"=>"VALUE2"
"secret/KEY1" => "VALUE1",
"secret/KEY2" => "VALUE2"
}

assert_equal expected_json, json
end

test "fetch without CLI installed" do
stub_ticks_with("aws --version 2> /dev/null", succeed: false)
stub_command_with("aws --version", false, :system)

error = assert_raises RuntimeError do
JSON.parse(shellunescape(run_command("fetch", "SECRET1")))
Expand All @@ -157,8 +157,8 @@ class AwsSecretsManagerAdapterTest < SecretAdapterTestCase
end

test "fetch without account option omits --profile" do
stub_ticks.with("aws --version 2> /dev/null")
stub_ticks
stub_command(:system).with("aws --version", err: File::NULL)
stub_command
.with("aws secretsmanager batch-get-secret-value --secret-id-list secret/KEY1 secret/KEY2 --output json")
.returns(<<~JSON)
{
Expand All @@ -181,20 +181,21 @@ class AwsSecretsManagerAdapterTest < SecretAdapterTestCase
json = JSON.parse(shellunescape(run_command("fetch", "--from", "secret", "KEY1", "KEY2", account: nil)))

expected_json = {
"secret/KEY1"=>"VALUE1",
"secret/KEY2"=>"VALUE2"
"secret/KEY1" => "VALUE1",
"secret/KEY2" => "VALUE2"
}
assert_equal expected_json, json
end

private
def run_command(*command, account: "default")
stdouted do
args = [ *command,
"-c", "test/fixtures/deploy_with_accessories.yml",
"--adapter", "aws_secrets_manager" ]
args += [ "--account", account ] if account
Kamal::Cli::Secrets.start(args)
end

def run_command(*command, account: "default")
stdouted do
args = [ *command,
"-c", "test/fixtures/deploy_with_accessories.yml",
"--adapter", "aws_secrets_manager" ]
args += [ "--account", account ] if account
Kamal::Cli::Secrets.start(args)
end
end
end
Loading