Deprecate "secrets notes set" config flag

Notes have always been set at the project level so it is more accurate to not provide a config. Use the project note API endpoint if config is not provided. You must still have write access to a config with the secret in order to set its note.
DopplerHQ · Feb 22, 2024 · 1b44c32 · 1b44c32
1 parent 2522b47
commit 1b44c32
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 8 deletions.
diff --git a/pkg/cmd/secrets_notes.go b/pkg/cmd/secrets_notes.go
@@ -61,13 +61,25 @@ func setSecretNote(cmd *cobra.Command, args []string) {
 		note = *noteString
 	}
 
-	response, httpErr := http.SetSecretNote(localConfig.APIHost.Value, utils.GetBool(localConfig.VerifyTLS.Value, true), localConfig.Token.Value, localConfig.EnclaveProject.Value, localConfig.EnclaveConfig.Value, secret, note)
-	if !httpErr.IsNil() {
-		utils.HandleError(httpErr.Unwrap(), httpErr.Message)
-	}
+	if !cmd.Flags().Changed("config") {
+		response, httpErr := http.SetSecretNoteViaProject(localConfig.APIHost.Value, utils.GetBool(localConfig.VerifyTLS.Value, true), localConfig.Token.Value, localConfig.EnclaveProject.Value, secret, note)
+		if !httpErr.IsNil() {
+			utils.HandleError(httpErr.Unwrap(), httpErr.Message)
+		}
 
-	if !utils.Silent {
-		printer.SecretNote(response, jsonFlag)
+		if !utils.Silent {
+			printer.SecretNote(response, jsonFlag)
+		}
+	} else {
+		// deprecated method of using config
+		response, httpErr := http.SetSecretNoteViaConfig(localConfig.APIHost.Value, utils.GetBool(localConfig.VerifyTLS.Value, true), localConfig.Token.Value, localConfig.EnclaveProject.Value, localConfig.EnclaveConfig.Value, secret, note)
+		if !httpErr.IsNil() {
+			utils.HandleError(httpErr.Unwrap(), httpErr.Message)
+		}
+
+		if !utils.Silent {
+			printer.SecretNote(response, jsonFlag)
+		}
 	}
 }
 
@@ -80,6 +92,9 @@ func init() {
 	if err := secretsNotesSetCmd.RegisterFlagCompletionFunc("config", configNamesValidArgs); err != nil {
 		utils.HandleError(err)
 	}
+	if err := secretsNotesSetCmd.Flags().MarkDeprecated("config", "config is no longer required as notes have always been set at the project level"); err != nil {
+		utils.HandleError(err)
+	}
 	secretsNotesCmd.AddCommand(secretsNotesSetCmd)
 
 	secretsCmd.AddCommand(secretsNotesCmd)

diff --git a/pkg/http/api.go b/pkg/http/api.go
@@ -291,8 +291,9 @@ func SetSecrets(host string, verifyTLS bool, apiKey string, project string, conf
 	return models.ConvertAPIToComputedSecrets(result.Secrets), Error{}
 }
 
-// SetSecretNote for specified project and config
-func SetSecretNote(host string, verifyTLS bool, apiKey string, project string, config string, secret string, note string) (models.SecretNote, Error) {
+// Set Secret Note for specified project and config
+// This is deprecated in favor of SetSecretNoteViaProject
+func SetSecretNoteViaConfig(host string, verifyTLS bool, apiKey string, project string, config string, secret string, note string) (models.SecretNote, Error) {
 	body, err := json.Marshal(models.SecretNote{Secret: secret, Note: note})
 	if err != nil {
 		return models.SecretNote{}, Error{Err: err, Message: "Invalid secret note"}
@@ -321,6 +322,35 @@ func SetSecretNote(host string, verifyTLS bool, apiKey string, project string, c
 	return secretNote, Error{}
 }
 
+// Set Secret Note for specified project
+func SetSecretNoteViaProject(host string, verifyTLS bool, apiKey string, project string, secret string, note string) (models.SecretNote, Error) {
+	body, err := json.Marshal(models.SecretNote{Secret: secret, Note: note})
+	if err != nil {
+		return models.SecretNote{}, Error{Err: err, Message: "Invalid secret note"}
+	}
+
+	var params []queryParam
+	params = append(params, queryParam{Key: "project", Value: project})
+
+	url, err := generateURL(host, "/v3/projects/project/note", params)
+	if err != nil {
+		return models.SecretNote{}, Error{Err: err, Message: "Unable to generate url"}
+	}
+
+	statusCode, _, response, err := PostRequest(url, verifyTLS, apiKeyHeader(apiKey), body)
+	if err != nil {
+		return models.SecretNote{}, Error{Err: err, Message: "Unable to set secret note", Code: statusCode}
+	}
+
+	var secretNote models.SecretNote
+	err = json.Unmarshal(response, &secretNote)
+	if err != nil {
+		return models.SecretNote{}, Error{Err: err, Message: "Unable to parse API response", Code: statusCode}
+	}
+
+	return secretNote, Error{}
+}
+
 // GetSecretNames for specified project and config
 func GetSecretNames(host string, verifyTLS bool, apiKey string, project string, config string, includeDynamicSecrets bool) ([]string, Error) {
 	var params []queryParam