patch secret override for run/export command

2025-03-25 14:05:03 +00:00 · 2023-01-19 17:05:18 -08:00
parent 0613e1115d
commit 3fc68ffc50
3 changed files with 46 additions and 19 deletions
--- a/cli/packages/cmd/export.go
+++ b/cli/packages/cmd/export.go
@ -51,11 +51,22 @@ var exportCmd = &cobra.Command{
 			util.HandleError(err)
 		}

+		secretOverriding, err := cmd.Flags().GetBool("secret-overriding")
+		if err != nil {
+			util.HandleError(err, "Unable to parse flag")
+		}
+
 		secrets, err := util.GetAllEnvironmentVariables(envName)
 		if err != nil {
 			util.HandleError(err, "Unable to fetch secrets")
 		}

+		if secretOverriding {
+			secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_PERSONAL)
+		} else {
+			secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_SHARED)
+		}
+
 		var output string
 		if shouldExpandSecrets {
 			substitutions := util.SubstituteSecrets(secrets)
@ -79,6 +90,7 @@ func init() {
 	exportCmd.Flags().StringP("env", "e", "dev", "Set the environment (dev, prod, etc.) from which your secrets should be pulled from")
 	exportCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
 	exportCmd.Flags().StringP("format", "f", "dotenv", "Set the format of the output file (dotenv, json, csv)")
+	exportCmd.Flags().Bool("secret-overriding", true, "Prioritizes personal secrets, if any, with the same name over shared secrets")
 }

 // Format according to the format flag
--- a/cli/packages/cmd/run.go
+++ b/cli/packages/cmd/run.go
@ -77,12 +77,14 @@ var runCmd = &cobra.Command{
 			util.HandleError(err, "Could not fetch secrets", "If you are using a service token to fetch secrets, please ensure it is valid")
 		}

-		if shouldExpandSecrets {
-			secrets = util.SubstituteSecrets(secrets)
+		if secretOverriding {
+			secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_PERSONAL)
+		} else {
+			secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_SHARED)
 		}

-		if secretOverriding {
-			secrets = util.OverrideWithPersonalSecrets(secrets)
+		if shouldExpandSecrets {
+			secrets = util.SubstituteSecrets(secrets)
 		}

 		secretsByKey := getSecretsByKeys(secrets)
--- a/cli/packages/util/secrets.go
+++ b/cli/packages/util/secrets.go
@ -195,33 +195,46 @@ func SubstituteSecrets(secrets []models.SingleEnvironmentVariable) []models.Sing
 	return expandedSecrets
 }

-//
-
-// if two secrets with the same name are found, the one that has type `personal` will be in the returned list
-func OverrideWithPersonalSecrets(secrets []models.SingleEnvironmentVariable) []models.SingleEnvironmentVariable {
-	personalSecret := make(map[string]models.SingleEnvironmentVariable)
-	sharedSecret := make(map[string]models.SingleEnvironmentVariable)
+func OverrideSecrets(secrets []models.SingleEnvironmentVariable, secretType string) []models.SingleEnvironmentVariable {
+	personalSecrets := make(map[string]models.SingleEnvironmentVariable)
+	sharedSecrets := make(map[string]models.SingleEnvironmentVariable)
 	secretsToReturn := []models.SingleEnvironmentVariable{}
+	secretsToReturnMap := make(map[string]models.SingleEnvironmentVariable)

 	for _, secret := range secrets {
 		if secret.Type == PERSONAL_SECRET_TYPE_NAME {
-			personalSecret[secret.Key] = secret
+			personalSecrets[secret.Key] = secret
 		}
-
 		if secret.Type == SHARED_SECRET_TYPE_NAME {
-			sharedSecret[secret.Key] = secret
+			sharedSecrets[secret.Key] = secret
 		}
 	}

-	for _, secret := range sharedSecret {
-		personalValue, personalExists := personalSecret[secret.Key]
-		if personalExists {
-			secretsToReturn = append(secretsToReturn, personalValue)
-		} else {
-			secretsToReturn = append(secretsToReturn, secret)
+	if secretType == PERSONAL_SECRET_TYPE_NAME {
+		for _, secret := range secrets {
+			if personalSecret, exists := personalSecrets[secret.Key]; exists {
+				secretsToReturnMap[secret.Key] = personalSecret
+			} else {
+				if _, exists = secretsToReturnMap[secret.Key]; !exists {
+					secretsToReturnMap[secret.Key] = secret
+				}
+			}
+		}
+	} else if secretType == SHARED_SECRET_TYPE_NAME {
+		for _, secret := range secrets {
+			if sharedSecret, exists := sharedSecrets[secret.Key]; exists {
+				secretsToReturnMap[secret.Key] = sharedSecret
+			} else {
+				if _, exists := secretsToReturnMap[secret.Key]; !exists {
+					secretsToReturnMap[secret.Key] = secret
+				}
+			}
 		}
 	}

+	for _, secret := range secretsToReturnMap {
+		secretsToReturn = append(secretsToReturn, secret)
+	}
 	return secretsToReturn
 }