From 061de37224914e20a4955523623b15d948766741 Mon Sep 17 00:00:00 2001 From: johnnyfish Date: Sun, 31 May 2026 16:10:29 +0300 Subject: [PATCH] fix: add codex secret type and --file flag for secrets create --- cmd/onecli/org_secrets.go | 27 ++++++++++++++++++++++----- cmd/onecli/secrets.go | 27 ++++++++++++++++++++++----- 2 files changed, 44 insertions(+), 10 deletions(-) diff --git a/cmd/onecli/org_secrets.go b/cmd/onecli/org_secrets.go index dde9805..d2608f5 100644 --- a/cmd/onecli/org_secrets.go +++ b/cmd/onecli/org_secrets.go @@ -3,6 +3,8 @@ package main import ( "encoding/json" "fmt" + "os" + "strings" "github.com/onecli/onecli-cli/internal/api" "github.com/onecli/onecli-cli/pkg/output" @@ -45,8 +47,9 @@ func (c *OrgSecretsListCmd) Run(out *output.Writer) error { // OrgSecretsCreateCmd is `onecli org secrets create`. type OrgSecretsCreateCmd struct { Name string `required:"" help:"Display name for the secret."` - Type string `required:"" help:"Secret type: 'anthropic', 'openai', or 'generic'."` - Value string `required:"" help:"Secret value (e.g. API key)."` + Type string `required:"" help:"Secret type: 'anthropic', 'openai', 'codex', or 'generic'."` + Value string `optional:"" help:"Secret value (e.g. API key). Required unless --file is provided."` + File string `optional:"" name:"file" type:"existingfile" help:"Read secret value from a file (e.g. ~/.codex/auth.json)."` HostPattern string `required:"" name:"host-pattern" help:"Host pattern to match (e.g. 'api.anthropic.com')."` PathPattern string `optional:"" name:"path-pattern" help:"Path pattern to match (e.g. '/v1/*')."` HeaderName string `optional:"" name:"header-name" help:"Header name for injection (e.g. 'Authorization')."` @@ -64,13 +67,27 @@ func (c *OrgSecretsCreateCmd) Run(out *output.Writer) error { return fmt.Errorf("invalid JSON payload: %w", err) } } else { + if c.Value != "" && c.File != "" { + return fmt.Errorf("--value and --file are mutually exclusive") + } if c.HeaderName != "" && c.ParamName != "" { return fmt.Errorf("--header-name and --param-name are mutually exclusive") } + value := c.Value + if c.File != "" { + data, err := os.ReadFile(c.File) + if err != nil { + return fmt.Errorf("reading file %s: %w", c.File, err) + } + value = strings.TrimSpace(string(data)) + } + if value == "" { + return fmt.Errorf("either --value or --file is required") + } input = api.CreateSecretInput{ Name: c.Name, Type: c.Type, - Value: c.Value, + Value: value, HostPattern: c.HostPattern, PathPattern: c.PathPattern, } @@ -87,8 +104,8 @@ func (c *OrgSecretsCreateCmd) Run(out *output.Writer) error { } } - if input.Type != "anthropic" && input.Type != "openai" && input.Type != "generic" { - return fmt.Errorf("invalid type %q: must be 'anthropic', 'openai', or 'generic'", input.Type) + if input.Type != "anthropic" && input.Type != "openai" && input.Type != "codex" && input.Type != "generic" { + return fmt.Errorf("invalid type %q: must be 'anthropic', 'openai', 'codex', or 'generic'", input.Type) } if c.DryRun { diff --git a/cmd/onecli/secrets.go b/cmd/onecli/secrets.go index ad233a4..87041e0 100644 --- a/cmd/onecli/secrets.go +++ b/cmd/onecli/secrets.go @@ -3,6 +3,8 @@ package main import ( "encoding/json" "fmt" + "os" + "strings" "github.com/onecli/onecli-cli/internal/api" "github.com/onecli/onecli-cli/pkg/output" @@ -51,8 +53,9 @@ func (c *SecretsListCmd) Run(out *output.Writer) error { type SecretsCreateCmd struct { Project string `optional:"" short:"p" help:"Project slug."` Name string `required:"" help:"Display name for the secret."` - Type string `required:"" help:"Secret type: 'anthropic', 'openai', or 'generic'."` - Value string `required:"" help:"Secret value (e.g. API key)."` + Type string `required:"" help:"Secret type: 'anthropic', 'openai', 'codex', or 'generic'."` + Value string `optional:"" help:"Secret value (e.g. API key). Required unless --file is provided."` + File string `optional:"" name:"file" type:"existingfile" help:"Read secret value from a file (e.g. ~/.codex/auth.json)."` HostPattern string `required:"" name:"host-pattern" help:"Host pattern to match (e.g. 'api.anthropic.com')."` PathPattern string `optional:"" name:"path-pattern" help:"Path pattern to match (e.g. '/v1/*')."` HeaderName string `optional:"" name:"header-name" help:"Header name for injection (e.g. 'Authorization')."` @@ -70,13 +73,27 @@ func (c *SecretsCreateCmd) Run(out *output.Writer) error { return fmt.Errorf("invalid JSON payload: %w", err) } } else { + if c.Value != "" && c.File != "" { + return fmt.Errorf("--value and --file are mutually exclusive") + } if c.HeaderName != "" && c.ParamName != "" { return fmt.Errorf("--header-name and --param-name are mutually exclusive") } + value := c.Value + if c.File != "" { + data, err := os.ReadFile(c.File) + if err != nil { + return fmt.Errorf("reading file %s: %w", c.File, err) + } + value = strings.TrimSpace(string(data)) + } + if value == "" { + return fmt.Errorf("either --value or --file is required") + } input = api.CreateSecretInput{ Name: c.Name, Type: c.Type, - Value: c.Value, + Value: value, HostPattern: c.HostPattern, PathPattern: c.PathPattern, } @@ -93,8 +110,8 @@ func (c *SecretsCreateCmd) Run(out *output.Writer) error { } } - if input.Type != "anthropic" && input.Type != "openai" && input.Type != "generic" { - return fmt.Errorf("invalid type %q: must be 'anthropic', 'openai', or 'generic'", input.Type) + if input.Type != "anthropic" && input.Type != "openai" && input.Type != "codex" && input.Type != "generic" { + return fmt.Errorf("invalid type %q: must be 'anthropic', 'openai', 'codex', or 'generic'", input.Type) } if c.DryRun {