-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SM-1129] Run command with secrets #621
Conversation
No New Or Fixed Issues Found |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #621 +/- ##
==========================================
- Coverage 58.43% 58.01% -0.43%
==========================================
Files 195 196 +1
Lines 13406 13556 +150
==========================================
+ Hits 7834 7864 +30
- Misses 5572 5692 +120 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
crates/bws/src/cli.rs
Outdated
@@ -144,3 +166,12 @@ pub(crate) enum ProjectCommand { | |||
}, | |||
List, | |||
} | |||
|
|||
#[derive(Subcommand, Debug)] | |||
pub(crate) enum RunCommand { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we use this. Should we ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch. I think I missed this when refectoring the command at some point. Removed in f9c9946.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
87fc76d
a0f78a3
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work!
Type of change
Objective
Add a
run
command to allow running processes with secrets injected.Example:
bws run 'docker compose up -d'
,bws run -- docker compose up -d
, or from stdin:echo 'docker compose up -d' | bws run
Where the compose file is expecting secrets:
Other examples:
bws run -- npm run start
,bws run -- 'echo $SECRET_BY_NAME_FROM_SM'
, etc.A
--shell
option is provided to override the default shell (sh
on UNIX-like OSes, andpowershell
on Windows) where the process is executed.A
--no-inherit-env
option is provided for additional safety in cases where you want to pass the minimum amount of values into a process.$PATH
is always passed though, as omitting it would cause nearly every command to fail.If duplicate keynames are detected, the
run
command will error-out and suggest using the--uuids-as-keynames
argument. This argument (and equivalent environment variableBWS_UUIDS_AS_KEYNAMES
) will use the secret UUID (in POSIX-compliant form; ex_36527bf9_ed6c_41ad_ba49_b11d00b371f4
).Code changes
run
command and associated args--shell
,--no-inherit-env
, and--uuids-as-keynames
; add environment variable forBWS_UUIDS_AS_KEYNAMES
is_valid_posix_name
anduuid_to_posix
functionsis_valid_posix_name
fromutil
cratewhich
to detect presence of a shellBefore you submit