-
-
Notifications
You must be signed in to change notification settings - Fork 9.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SecretsRevealCommand
#53466
Add SecretsRevealCommand
#53466
Conversation
src/Symfony/Bundle/FrameworkBundle/Command/SecretsListCommand.php
Outdated
Show resolved
Hide resolved
name
argument to SecretsListCommand
name
argument to SecretsListCommand
name
argument to SecretsListCommand
name
argument to SecretsListCommand
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a great PR. Thank you.
src/Symfony/Bundle/FrameworkBundle/Command/SecretsListCommand.php
Outdated
Show resolved
Hide resolved
should the command fail when passing a name and there is no secret with that name ? |
src/Symfony/Bundle/FrameworkBundle/Command/SecretsListCommand.php
Outdated
Show resolved
Hide resolved
Thats one way to do it. I just reused the current behavior when the secret store is empty. If we go your way, we should refactor a bit so that the comments about how to reference/reveal a secret are not displayed when an invalid name is passed. protected function execute(InputInterface $input, OutputInterface $output): int
{
$io = new SymfonyStyle($input, $output instanceof ConsoleOutputInterface ? $output->getErrorOutput() : $output);
$reveal = $input->getOption('reveal');
$secrets = $this->vault->list($reveal);
if (null !== $name = $input->getArgument('name')) {
if (!\array_key_exists($name, $secrets)) {
$io->error(\sprintf('The secret "%s" does not exist.', $name));
return self::INVALID;
}
$secrets = [$name => $secrets[$name]];
}
$localSecrets = $this->localVault?->list($reveal);
$io->comment('Use <info>"%env(<name>)%"</info> to reference a secret in a config file.');
if (!$reveal) {
$io->comment(\sprintf('To reveal the secrets run <info>php %s %s --reveal</info>', $_SERVER['PHP_SELF'], $this->getName()));
} |
Sounds good to me |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would allowing more than one name to get a subset of the list make sense? It would be more consistent with the command name.
I agree that this would fit better with the command name, but how would you handle passing a valid AND an invalid secret name? Only return an error? Return the valid secret and an error message? Would this result in exit code 0, 1 or 2? |
Good point. Given the number of questions that supporting multiple names raise, what about adding a |
That's maybe a better option indeed. |
Or |
👍 for |
@danielburger1337 Are you still interested in moving this PR forward? |
Yes I am. Just to make sure, you guys want to add the new SecretsRevealCommand. This would entail removing the added "name" argument from the SecretsListCommand again and then the "-r" option will be deprecated? |
I wouldn't deprecated -r, but yes for the rest |
name
argument to SecretsListCommand
SecretsRevealCommand
Updated title and description to match new proposed idea. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice one, small comments regarding desc
src/Symfony/Bundle/FrameworkBundle/Command/SecretsRevealCommand.php
Outdated
Show resolved
Hide resolved
src/Symfony/Bundle/FrameworkBundle/Command/SecretsRevealCommand.php
Outdated
Show resolved
Hide resolved
src/Symfony/Bundle/FrameworkBundle/Command/SecretsRevealCommand.php
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you rebase to get rid of the merge commit?
src/Symfony/Bundle/FrameworkBundle/Tests/Command/SecretsRevealCommandTest.php
Outdated
Show resolved
Hide resolved
src/Symfony/Bundle/FrameworkBundle/Tests/Command/SecretsRevealCommandTest.php
Outdated
Show resolved
Hide resolved
src/Symfony/Bundle/FrameworkBundle/Tests/Command/SecretsRevealCommandTest.php
Outdated
Show resolved
Hide resolved
src/Symfony/Bundle/FrameworkBundle/Tests/Command/SecretsRevealCommandTest.php
Outdated
Show resolved
Hide resolved
76c00d0
to
a550232
Compare
2a73565
to
776875d
Compare
Thank you @danielburger1337. |
@fabpot All done. Sorry for the extra work on your part. Is there any particular reason why you guys don't add the "void" return type to test cases? |
use Symfony\Component\Console\Style\SymfonyStyle; | ||
|
||
/** | ||
* @internal |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this needed when the class is final?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have no idea. I just copied it from SecretsListCommand (as this command is based on it).
I don't think it makes much sense on either.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@OskarStark That gives us more flexibility 👍 as there is no need to use that class from userland, only the command itself (via CLI) matters
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry I don't get what you mean.
I can do absolutely the same without the internal tag, the class is final and I can only execute the command in userland
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess what @chalasr means is that we could also rename this class or move it to another namespace without having to worry about consumers of it. Not sure if we really need that flexibility though tbh.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah ok got it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure if we really need that flexibility though tbh.
👍 Thinking about it, I agree we should not fall in being too much defensive in general.
This PR was squashed before being merged into the 7.1 branch. Discussion ---------- Document `secrets:reveal` command Document the new `secrets:reveal` command. Docs Issue: #19481 Feature PR: symfony/symfony#53466 Commits ------- 22ad2d9 Document `secrets:reveal` command
Add a new command to reveal a specific secrets value. The output is able to be piped into other commands.
Docs PR will be submitted if this is a desired feature.