mirror of
https://github.com/Infisical/infisical.git
synced 2025-07-18 01:29:25 +00:00
Compare commits
37 Commits
daniel/upd
...
feat/add-r
| Author | SHA1 | Date | |
|---|---|---|---|
| d0c01755fe | |||
| 41e65775ab | |||
| f6e6bdb691 | |||
| 1f1fb3f3d1 | |||
| d35331b0a8 | |||
| ff6d94cbd0 | |||
| 59ac14380a | |||
| 7b5c86f4ef | |||
| a745be2546 | |||
| e8cb3f8b4a | |||
| 6a9b2d3d48 | |||
| 0a39e138a1 | |||
| 0dce2045ec | |||
| b4c118d246 | |||
| 90e675de1e | |||
| 741e0ec78f | |||
| 3f654e115d | |||
| 1921346b4f | |||
| 76c95ace63 | |||
| 796d6bfc85 | |||
| 6eaa16bd07 | |||
| 149f98a1b7 | |||
| 14745b560c | |||
| dcfa0a2386 | |||
| 199339ac32 | |||
| 2aeb02b74a | |||
| fe75627ab7 | |||
| da5f054a65 | |||
| ed1100bc90 | |||
| dabe7e42ec | |||
| c8ca6710ba | |||
| 4ecb2eb383 | |||
| e51278c276 | |||
| c014c12ecb | |||
| 097b04afee | |||
| 63ccfc40ac | |||
| f9c012387c |
@ -0,0 +1,21 @@
|
|||||||
|
import { Knex } from "knex";
|
||||||
|
|
||||||
|
import { TableName } from "../schemas";
|
||||||
|
|
||||||
|
export async function up(knex: Knex): Promise<void> {
|
||||||
|
const hasColumn = await knex.schema.hasColumn(TableName.IdentityAwsAuth, "allowedPrincipalArns");
|
||||||
|
if (hasColumn) {
|
||||||
|
await knex.schema.alterTable(TableName.IdentityAwsAuth, (t) => {
|
||||||
|
t.string("allowedPrincipalArns", 2048).notNullable().alter();
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
export async function down(knex: Knex): Promise<void> {
|
||||||
|
const hasColumn = await knex.schema.hasColumn(TableName.IdentityAwsAuth, "allowedPrincipalArns");
|
||||||
|
if (hasColumn) {
|
||||||
|
await knex.schema.alterTable(TableName.IdentityAwsAuth, (t) => {
|
||||||
|
t.string("allowedPrincipalArns", 255).notNullable().alter();
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -211,6 +211,11 @@ export type SecretFolderSubjectFields = {
|
|||||||
secretPath: string;
|
secretPath: string;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
export type SecretSyncSubjectFields = {
|
||||||
|
environment: string;
|
||||||
|
secretPath: string;
|
||||||
|
};
|
||||||
|
|
||||||
export type DynamicSecretSubjectFields = {
|
export type DynamicSecretSubjectFields = {
|
||||||
environment: string;
|
environment: string;
|
||||||
secretPath: string;
|
secretPath: string;
|
||||||
@ -267,6 +272,10 @@ export type ProjectPermissionSet =
|
|||||||
| (ForcedSubject<ProjectPermissionSub.DynamicSecrets> & DynamicSecretSubjectFields)
|
| (ForcedSubject<ProjectPermissionSub.DynamicSecrets> & DynamicSecretSubjectFields)
|
||||||
)
|
)
|
||||||
]
|
]
|
||||||
|
| [
|
||||||
|
ProjectPermissionSecretSyncActions,
|
||||||
|
ProjectPermissionSub.SecretSyncs | (ForcedSubject<ProjectPermissionSub.SecretSyncs> & SecretSyncSubjectFields)
|
||||||
|
]
|
||||||
| [
|
| [
|
||||||
ProjectPermissionActions,
|
ProjectPermissionActions,
|
||||||
(
|
(
|
||||||
@ -323,7 +332,6 @@ export type ProjectPermissionSet =
|
|||||||
| [ProjectPermissionActions, ProjectPermissionSub.SshHostGroups]
|
| [ProjectPermissionActions, ProjectPermissionSub.SshHostGroups]
|
||||||
| [ProjectPermissionActions, ProjectPermissionSub.PkiAlerts]
|
| [ProjectPermissionActions, ProjectPermissionSub.PkiAlerts]
|
||||||
| [ProjectPermissionActions, ProjectPermissionSub.PkiCollections]
|
| [ProjectPermissionActions, ProjectPermissionSub.PkiCollections]
|
||||||
| [ProjectPermissionSecretSyncActions, ProjectPermissionSub.SecretSyncs]
|
|
||||||
| [ProjectPermissionKmipActions, ProjectPermissionSub.Kmip]
|
| [ProjectPermissionKmipActions, ProjectPermissionSub.Kmip]
|
||||||
| [ProjectPermissionCmekActions, ProjectPermissionSub.Cmek]
|
| [ProjectPermissionCmekActions, ProjectPermissionSub.Cmek]
|
||||||
| [ProjectPermissionActions.Delete, ProjectPermissionSub.Project]
|
| [ProjectPermissionActions.Delete, ProjectPermissionSub.Project]
|
||||||
@ -412,6 +420,23 @@ const DynamicSecretConditionV2Schema = z
|
|||||||
})
|
})
|
||||||
.partial();
|
.partial();
|
||||||
|
|
||||||
|
const SecretSyncConditionV2Schema = z
|
||||||
|
.object({
|
||||||
|
environment: z.union([
|
||||||
|
z.string(),
|
||||||
|
z
|
||||||
|
.object({
|
||||||
|
[PermissionConditionOperators.$EQ]: PermissionConditionSchema[PermissionConditionOperators.$EQ],
|
||||||
|
[PermissionConditionOperators.$NEQ]: PermissionConditionSchema[PermissionConditionOperators.$NEQ],
|
||||||
|
[PermissionConditionOperators.$IN]: PermissionConditionSchema[PermissionConditionOperators.$IN],
|
||||||
|
[PermissionConditionOperators.$GLOB]: PermissionConditionSchema[PermissionConditionOperators.$GLOB]
|
||||||
|
})
|
||||||
|
.partial()
|
||||||
|
]),
|
||||||
|
secretPath: SECRET_PATH_PERMISSION_OPERATOR_SCHEMA
|
||||||
|
})
|
||||||
|
.partial();
|
||||||
|
|
||||||
const SecretImportConditionSchema = z
|
const SecretImportConditionSchema = z
|
||||||
.object({
|
.object({
|
||||||
environment: z.union([
|
environment: z.union([
|
||||||
@ -671,12 +696,6 @@ const GeneralPermissionSchema = [
|
|||||||
"Describe what action an entity can take."
|
"Describe what action an entity can take."
|
||||||
)
|
)
|
||||||
}),
|
}),
|
||||||
z.object({
|
|
||||||
subject: z.literal(ProjectPermissionSub.SecretSyncs).describe("The entity this permission pertains to."),
|
|
||||||
action: CASL_ACTION_SCHEMA_NATIVE_ENUM(ProjectPermissionSecretSyncActions).describe(
|
|
||||||
"Describe what action an entity can take."
|
|
||||||
)
|
|
||||||
}),
|
|
||||||
z.object({
|
z.object({
|
||||||
subject: z.literal(ProjectPermissionSub.Kmip).describe("The entity this permission pertains to."),
|
subject: z.literal(ProjectPermissionSub.Kmip).describe("The entity this permission pertains to."),
|
||||||
action: CASL_ACTION_SCHEMA_NATIVE_ENUM(ProjectPermissionKmipActions).describe(
|
action: CASL_ACTION_SCHEMA_NATIVE_ENUM(ProjectPermissionKmipActions).describe(
|
||||||
@ -836,6 +855,16 @@ export const ProjectPermissionV2Schema = z.discriminatedUnion("subject", [
|
|||||||
"When specified, only matching conditions will be allowed to access given resource."
|
"When specified, only matching conditions will be allowed to access given resource."
|
||||||
).optional()
|
).optional()
|
||||||
}),
|
}),
|
||||||
|
z.object({
|
||||||
|
subject: z.literal(ProjectPermissionSub.SecretSyncs).describe("The entity this permission pertains to."),
|
||||||
|
inverted: z.boolean().optional().describe("Whether rule allows or forbids."),
|
||||||
|
action: CASL_ACTION_SCHEMA_NATIVE_ENUM(ProjectPermissionSecretSyncActions).describe(
|
||||||
|
"Describe what action an entity can take."
|
||||||
|
),
|
||||||
|
conditions: SecretSyncConditionV2Schema.describe(
|
||||||
|
"When specified, only matching conditions will be allowed to access given resource."
|
||||||
|
).optional()
|
||||||
|
}),
|
||||||
|
|
||||||
...GeneralPermissionSchema
|
...GeneralPermissionSchema
|
||||||
]);
|
]);
|
||||||
|
|||||||
@ -2225,6 +2225,9 @@ export const AppConnections = {
|
|||||||
ONEPASS: {
|
ONEPASS: {
|
||||||
instanceUrl: "The URL of the 1Password Connect Server instance to authenticate with.",
|
instanceUrl: "The URL of the 1Password Connect Server instance to authenticate with.",
|
||||||
apiToken: "The API token used to access the 1Password Connect Server."
|
apiToken: "The API token used to access the 1Password Connect Server."
|
||||||
|
},
|
||||||
|
FLYIO: {
|
||||||
|
accessToken: "The Access Token used to access fly.io."
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
@ -2386,6 +2389,14 @@ export const SecretSyncs = {
|
|||||||
},
|
},
|
||||||
ONEPASS: {
|
ONEPASS: {
|
||||||
vaultId: "The ID of the 1Password vault to sync secrets to."
|
vaultId: "The ID of the 1Password vault to sync secrets to."
|
||||||
|
},
|
||||||
|
RENDER: {
|
||||||
|
serviceId: "The ID of the Render service to sync secrets to.",
|
||||||
|
scope: "The Render scope that secrets should be synced to.",
|
||||||
|
type: "The Render resource type to sync secrets to."
|
||||||
|
},
|
||||||
|
FLYIO: {
|
||||||
|
appId: "The ID of the Fly.io app to sync secrets to."
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|||||||
@ -39,6 +39,7 @@ import {
|
|||||||
DatabricksConnectionListItemSchema,
|
DatabricksConnectionListItemSchema,
|
||||||
SanitizedDatabricksConnectionSchema
|
SanitizedDatabricksConnectionSchema
|
||||||
} from "@app/services/app-connection/databricks";
|
} from "@app/services/app-connection/databricks";
|
||||||
|
import { FlyioConnectionListItemSchema, SanitizedFlyioConnectionSchema } from "@app/services/app-connection/flyio";
|
||||||
import { GcpConnectionListItemSchema, SanitizedGcpConnectionSchema } from "@app/services/app-connection/gcp";
|
import { GcpConnectionListItemSchema, SanitizedGcpConnectionSchema } from "@app/services/app-connection/gcp";
|
||||||
import { GitHubConnectionListItemSchema, SanitizedGitHubConnectionSchema } from "@app/services/app-connection/github";
|
import { GitHubConnectionListItemSchema, SanitizedGitHubConnectionSchema } from "@app/services/app-connection/github";
|
||||||
import {
|
import {
|
||||||
@ -60,6 +61,10 @@ import {
|
|||||||
PostgresConnectionListItemSchema,
|
PostgresConnectionListItemSchema,
|
||||||
SanitizedPostgresConnectionSchema
|
SanitizedPostgresConnectionSchema
|
||||||
} from "@app/services/app-connection/postgres";
|
} from "@app/services/app-connection/postgres";
|
||||||
|
import {
|
||||||
|
RenderConnectionListItemSchema,
|
||||||
|
SanitizedRenderConnectionSchema
|
||||||
|
} from "@app/services/app-connection/render/render-connection-schema";
|
||||||
import {
|
import {
|
||||||
SanitizedTeamCityConnectionSchema,
|
SanitizedTeamCityConnectionSchema,
|
||||||
TeamCityConnectionListItemSchema
|
TeamCityConnectionListItemSchema
|
||||||
@ -100,7 +105,9 @@ const SanitizedAppConnectionSchema = z.union([
|
|||||||
...SanitizedTeamCityConnectionSchema.options,
|
...SanitizedTeamCityConnectionSchema.options,
|
||||||
...SanitizedOCIConnectionSchema.options,
|
...SanitizedOCIConnectionSchema.options,
|
||||||
...SanitizedOracleDBConnectionSchema.options,
|
...SanitizedOracleDBConnectionSchema.options,
|
||||||
...SanitizedOnePassConnectionSchema.options
|
...SanitizedOnePassConnectionSchema.options,
|
||||||
|
...SanitizedRenderConnectionSchema.options,
|
||||||
|
...SanitizedFlyioConnectionSchema.options
|
||||||
]);
|
]);
|
||||||
|
|
||||||
const AppConnectionOptionsSchema = z.discriminatedUnion("app", [
|
const AppConnectionOptionsSchema = z.discriminatedUnion("app", [
|
||||||
@ -127,7 +134,9 @@ const AppConnectionOptionsSchema = z.discriminatedUnion("app", [
|
|||||||
TeamCityConnectionListItemSchema,
|
TeamCityConnectionListItemSchema,
|
||||||
OCIConnectionListItemSchema,
|
OCIConnectionListItemSchema,
|
||||||
OracleDBConnectionListItemSchema,
|
OracleDBConnectionListItemSchema,
|
||||||
OnePassConnectionListItemSchema
|
OnePassConnectionListItemSchema,
|
||||||
|
RenderConnectionListItemSchema,
|
||||||
|
FlyioConnectionListItemSchema
|
||||||
]);
|
]);
|
||||||
|
|
||||||
export const registerAppConnectionRouter = async (server: FastifyZodProvider) => {
|
export const registerAppConnectionRouter = async (server: FastifyZodProvider) => {
|
||||||
|
|||||||
@ -0,0 +1,51 @@
|
|||||||
|
import z from "zod";
|
||||||
|
|
||||||
|
import { readLimit } from "@app/server/config/rateLimiter";
|
||||||
|
import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
|
||||||
|
import { AppConnection } from "@app/services/app-connection/app-connection-enums";
|
||||||
|
import {
|
||||||
|
CreateFlyioConnectionSchema,
|
||||||
|
SanitizedFlyioConnectionSchema,
|
||||||
|
UpdateFlyioConnectionSchema
|
||||||
|
} from "@app/services/app-connection/flyio";
|
||||||
|
import { AuthMode } from "@app/services/auth/auth-type";
|
||||||
|
|
||||||
|
import { registerAppConnectionEndpoints } from "./app-connection-endpoints";
|
||||||
|
|
||||||
|
export const registerFlyioConnectionRouter = async (server: FastifyZodProvider) => {
|
||||||
|
registerAppConnectionEndpoints({
|
||||||
|
app: AppConnection.Flyio,
|
||||||
|
server,
|
||||||
|
sanitizedResponseSchema: SanitizedFlyioConnectionSchema,
|
||||||
|
createSchema: CreateFlyioConnectionSchema,
|
||||||
|
updateSchema: UpdateFlyioConnectionSchema
|
||||||
|
});
|
||||||
|
|
||||||
|
// The following endpoints are for internal Infisical App use only and not part of the public API
|
||||||
|
server.route({
|
||||||
|
method: "GET",
|
||||||
|
url: `/:connectionId/apps`,
|
||||||
|
config: {
|
||||||
|
rateLimit: readLimit
|
||||||
|
},
|
||||||
|
schema: {
|
||||||
|
params: z.object({
|
||||||
|
connectionId: z.string().uuid()
|
||||||
|
}),
|
||||||
|
response: {
|
||||||
|
200: z
|
||||||
|
.object({
|
||||||
|
id: z.string(),
|
||||||
|
name: z.string()
|
||||||
|
})
|
||||||
|
.array()
|
||||||
|
}
|
||||||
|
},
|
||||||
|
onRequest: verifyAuth([AuthMode.JWT]),
|
||||||
|
handler: async (req) => {
|
||||||
|
const { connectionId } = req.params;
|
||||||
|
const apps = await server.services.appConnection.flyio.listApps(connectionId, req.permission);
|
||||||
|
return apps;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
};
|
||||||
@ -11,6 +11,7 @@ import { registerAzureDevOpsConnectionRouter } from "./azure-devops-connection-r
|
|||||||
import { registerAzureKeyVaultConnectionRouter } from "./azure-key-vault-connection-router";
|
import { registerAzureKeyVaultConnectionRouter } from "./azure-key-vault-connection-router";
|
||||||
import { registerCamundaConnectionRouter } from "./camunda-connection-router";
|
import { registerCamundaConnectionRouter } from "./camunda-connection-router";
|
||||||
import { registerDatabricksConnectionRouter } from "./databricks-connection-router";
|
import { registerDatabricksConnectionRouter } from "./databricks-connection-router";
|
||||||
|
import { registerFlyioConnectionRouter } from "./flyio-connection-router";
|
||||||
import { registerGcpConnectionRouter } from "./gcp-connection-router";
|
import { registerGcpConnectionRouter } from "./gcp-connection-router";
|
||||||
import { registerGitHubConnectionRouter } from "./github-connection-router";
|
import { registerGitHubConnectionRouter } from "./github-connection-router";
|
||||||
import { registerGitHubRadarConnectionRouter } from "./github-radar-connection-router";
|
import { registerGitHubRadarConnectionRouter } from "./github-radar-connection-router";
|
||||||
@ -20,6 +21,7 @@ import { registerLdapConnectionRouter } from "./ldap-connection-router";
|
|||||||
import { registerMsSqlConnectionRouter } from "./mssql-connection-router";
|
import { registerMsSqlConnectionRouter } from "./mssql-connection-router";
|
||||||
import { registerMySqlConnectionRouter } from "./mysql-connection-router";
|
import { registerMySqlConnectionRouter } from "./mysql-connection-router";
|
||||||
import { registerPostgresConnectionRouter } from "./postgres-connection-router";
|
import { registerPostgresConnectionRouter } from "./postgres-connection-router";
|
||||||
|
import { registerRenderConnectionRouter } from "./render-connection-router";
|
||||||
import { registerTeamCityConnectionRouter } from "./teamcity-connection-router";
|
import { registerTeamCityConnectionRouter } from "./teamcity-connection-router";
|
||||||
import { registerTerraformCloudConnectionRouter } from "./terraform-cloud-router";
|
import { registerTerraformCloudConnectionRouter } from "./terraform-cloud-router";
|
||||||
import { registerVercelConnectionRouter } from "./vercel-connection-router";
|
import { registerVercelConnectionRouter } from "./vercel-connection-router";
|
||||||
@ -52,5 +54,7 @@ export const APP_CONNECTION_REGISTER_ROUTER_MAP: Record<AppConnection, (server:
|
|||||||
[AppConnection.TeamCity]: registerTeamCityConnectionRouter,
|
[AppConnection.TeamCity]: registerTeamCityConnectionRouter,
|
||||||
[AppConnection.OCI]: registerOCIConnectionRouter,
|
[AppConnection.OCI]: registerOCIConnectionRouter,
|
||||||
[AppConnection.OracleDB]: registerOracleDBConnectionRouter,
|
[AppConnection.OracleDB]: registerOracleDBConnectionRouter,
|
||||||
[AppConnection.OnePass]: registerOnePassConnectionRouter
|
[AppConnection.OnePass]: registerOnePassConnectionRouter,
|
||||||
|
[AppConnection.Render]: registerRenderConnectionRouter,
|
||||||
|
[AppConnection.Flyio]: registerFlyioConnectionRouter
|
||||||
};
|
};
|
||||||
|
|||||||
@ -0,0 +1,52 @@
|
|||||||
|
import z from "zod";
|
||||||
|
|
||||||
|
import { readLimit } from "@app/server/config/rateLimiter";
|
||||||
|
import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
|
||||||
|
import { AppConnection } from "@app/services/app-connection/app-connection-enums";
|
||||||
|
import {
|
||||||
|
CreateRenderConnectionSchema,
|
||||||
|
SanitizedRenderConnectionSchema,
|
||||||
|
UpdateRenderConnectionSchema
|
||||||
|
} from "@app/services/app-connection/render/render-connection-schema";
|
||||||
|
import { AuthMode } from "@app/services/auth/auth-type";
|
||||||
|
|
||||||
|
import { registerAppConnectionEndpoints } from "./app-connection-endpoints";
|
||||||
|
|
||||||
|
export const registerRenderConnectionRouter = async (server: FastifyZodProvider) => {
|
||||||
|
registerAppConnectionEndpoints({
|
||||||
|
app: AppConnection.Render,
|
||||||
|
server,
|
||||||
|
sanitizedResponseSchema: SanitizedRenderConnectionSchema,
|
||||||
|
createSchema: CreateRenderConnectionSchema,
|
||||||
|
updateSchema: UpdateRenderConnectionSchema
|
||||||
|
});
|
||||||
|
|
||||||
|
// The below endpoints are not exposed and for Infisical App use
|
||||||
|
server.route({
|
||||||
|
method: "GET",
|
||||||
|
url: `/:connectionId/services`,
|
||||||
|
config: {
|
||||||
|
rateLimit: readLimit
|
||||||
|
},
|
||||||
|
schema: {
|
||||||
|
params: z.object({
|
||||||
|
connectionId: z.string().uuid()
|
||||||
|
}),
|
||||||
|
response: {
|
||||||
|
200: z
|
||||||
|
.object({
|
||||||
|
id: z.string(),
|
||||||
|
name: z.string()
|
||||||
|
})
|
||||||
|
.array()
|
||||||
|
}
|
||||||
|
},
|
||||||
|
onRequest: verifyAuth([AuthMode.JWT]),
|
||||||
|
handler: async (req) => {
|
||||||
|
const { connectionId } = req.params;
|
||||||
|
const services = await server.services.appConnection.render.listServices(connectionId, req.permission);
|
||||||
|
|
||||||
|
return services;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
};
|
||||||
@ -0,0 +1,13 @@
|
|||||||
|
import { CreateFlyioSyncSchema, FlyioSyncSchema, UpdateFlyioSyncSchema } from "@app/services/secret-sync/flyio";
|
||||||
|
import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
|
||||||
|
|
||||||
|
import { registerSyncSecretsEndpoints } from "./secret-sync-endpoints";
|
||||||
|
|
||||||
|
export const registerFlyioSyncRouter = async (server: FastifyZodProvider) =>
|
||||||
|
registerSyncSecretsEndpoints({
|
||||||
|
destination: SecretSync.Flyio,
|
||||||
|
server,
|
||||||
|
responseSchema: FlyioSyncSchema,
|
||||||
|
createSchema: CreateFlyioSyncSchema,
|
||||||
|
updateSchema: UpdateFlyioSyncSchema
|
||||||
|
});
|
||||||
@ -9,10 +9,12 @@ import { registerAzureDevOpsSyncRouter } from "./azure-devops-sync-router";
|
|||||||
import { registerAzureKeyVaultSyncRouter } from "./azure-key-vault-sync-router";
|
import { registerAzureKeyVaultSyncRouter } from "./azure-key-vault-sync-router";
|
||||||
import { registerCamundaSyncRouter } from "./camunda-sync-router";
|
import { registerCamundaSyncRouter } from "./camunda-sync-router";
|
||||||
import { registerDatabricksSyncRouter } from "./databricks-sync-router";
|
import { registerDatabricksSyncRouter } from "./databricks-sync-router";
|
||||||
|
import { registerFlyioSyncRouter } from "./flyio-sync-router";
|
||||||
import { registerGcpSyncRouter } from "./gcp-sync-router";
|
import { registerGcpSyncRouter } from "./gcp-sync-router";
|
||||||
import { registerGitHubSyncRouter } from "./github-sync-router";
|
import { registerGitHubSyncRouter } from "./github-sync-router";
|
||||||
import { registerHCVaultSyncRouter } from "./hc-vault-sync-router";
|
import { registerHCVaultSyncRouter } from "./hc-vault-sync-router";
|
||||||
import { registerHumanitecSyncRouter } from "./humanitec-sync-router";
|
import { registerHumanitecSyncRouter } from "./humanitec-sync-router";
|
||||||
|
import { registerRenderSyncRouter } from "./render-sync-router";
|
||||||
import { registerTeamCitySyncRouter } from "./teamcity-sync-router";
|
import { registerTeamCitySyncRouter } from "./teamcity-sync-router";
|
||||||
import { registerTerraformCloudSyncRouter } from "./terraform-cloud-sync-router";
|
import { registerTerraformCloudSyncRouter } from "./terraform-cloud-sync-router";
|
||||||
import { registerVercelSyncRouter } from "./vercel-sync-router";
|
import { registerVercelSyncRouter } from "./vercel-sync-router";
|
||||||
@ -37,5 +39,7 @@ export const SECRET_SYNC_REGISTER_ROUTER_MAP: Record<SecretSync, (server: Fastif
|
|||||||
[SecretSync.HCVault]: registerHCVaultSyncRouter,
|
[SecretSync.HCVault]: registerHCVaultSyncRouter,
|
||||||
[SecretSync.TeamCity]: registerTeamCitySyncRouter,
|
[SecretSync.TeamCity]: registerTeamCitySyncRouter,
|
||||||
[SecretSync.OCIVault]: registerOCIVaultSyncRouter,
|
[SecretSync.OCIVault]: registerOCIVaultSyncRouter,
|
||||||
[SecretSync.OnePass]: registerOnePassSyncRouter
|
[SecretSync.OnePass]: registerOnePassSyncRouter,
|
||||||
|
[SecretSync.Render]: registerRenderSyncRouter,
|
||||||
|
[SecretSync.Flyio]: registerFlyioSyncRouter
|
||||||
};
|
};
|
||||||
|
|||||||
@ -0,0 +1,17 @@
|
|||||||
|
import {
|
||||||
|
CreateRenderSyncSchema,
|
||||||
|
RenderSyncSchema,
|
||||||
|
UpdateRenderSyncSchema
|
||||||
|
} from "@app/services/secret-sync/render/render-sync-schemas";
|
||||||
|
import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
|
||||||
|
|
||||||
|
import { registerSyncSecretsEndpoints } from "./secret-sync-endpoints";
|
||||||
|
|
||||||
|
export const registerRenderSyncRouter = async (server: FastifyZodProvider) =>
|
||||||
|
registerSyncSecretsEndpoints({
|
||||||
|
destination: SecretSync.Render,
|
||||||
|
server,
|
||||||
|
responseSchema: RenderSyncSchema,
|
||||||
|
createSchema: CreateRenderSyncSchema,
|
||||||
|
updateSchema: UpdateRenderSyncSchema
|
||||||
|
});
|
||||||
@ -23,10 +23,12 @@ import { AzureDevOpsSyncListItemSchema, AzureDevOpsSyncSchema } from "@app/servi
|
|||||||
import { AzureKeyVaultSyncListItemSchema, AzureKeyVaultSyncSchema } from "@app/services/secret-sync/azure-key-vault";
|
import { AzureKeyVaultSyncListItemSchema, AzureKeyVaultSyncSchema } from "@app/services/secret-sync/azure-key-vault";
|
||||||
import { CamundaSyncListItemSchema, CamundaSyncSchema } from "@app/services/secret-sync/camunda";
|
import { CamundaSyncListItemSchema, CamundaSyncSchema } from "@app/services/secret-sync/camunda";
|
||||||
import { DatabricksSyncListItemSchema, DatabricksSyncSchema } from "@app/services/secret-sync/databricks";
|
import { DatabricksSyncListItemSchema, DatabricksSyncSchema } from "@app/services/secret-sync/databricks";
|
||||||
|
import { FlyioSyncListItemSchema, FlyioSyncSchema } from "@app/services/secret-sync/flyio";
|
||||||
import { GcpSyncListItemSchema, GcpSyncSchema } from "@app/services/secret-sync/gcp";
|
import { GcpSyncListItemSchema, GcpSyncSchema } from "@app/services/secret-sync/gcp";
|
||||||
import { GitHubSyncListItemSchema, GitHubSyncSchema } from "@app/services/secret-sync/github";
|
import { GitHubSyncListItemSchema, GitHubSyncSchema } from "@app/services/secret-sync/github";
|
||||||
import { HCVaultSyncListItemSchema, HCVaultSyncSchema } from "@app/services/secret-sync/hc-vault";
|
import { HCVaultSyncListItemSchema, HCVaultSyncSchema } from "@app/services/secret-sync/hc-vault";
|
||||||
import { HumanitecSyncListItemSchema, HumanitecSyncSchema } from "@app/services/secret-sync/humanitec";
|
import { HumanitecSyncListItemSchema, HumanitecSyncSchema } from "@app/services/secret-sync/humanitec";
|
||||||
|
import { RenderSyncListItemSchema, RenderSyncSchema } from "@app/services/secret-sync/render/render-sync-schemas";
|
||||||
import { TeamCitySyncListItemSchema, TeamCitySyncSchema } from "@app/services/secret-sync/teamcity";
|
import { TeamCitySyncListItemSchema, TeamCitySyncSchema } from "@app/services/secret-sync/teamcity";
|
||||||
import { TerraformCloudSyncListItemSchema, TerraformCloudSyncSchema } from "@app/services/secret-sync/terraform-cloud";
|
import { TerraformCloudSyncListItemSchema, TerraformCloudSyncSchema } from "@app/services/secret-sync/terraform-cloud";
|
||||||
import { VercelSyncListItemSchema, VercelSyncSchema } from "@app/services/secret-sync/vercel";
|
import { VercelSyncListItemSchema, VercelSyncSchema } from "@app/services/secret-sync/vercel";
|
||||||
@ -49,7 +51,9 @@ const SecretSyncSchema = z.discriminatedUnion("destination", [
|
|||||||
HCVaultSyncSchema,
|
HCVaultSyncSchema,
|
||||||
TeamCitySyncSchema,
|
TeamCitySyncSchema,
|
||||||
OCIVaultSyncSchema,
|
OCIVaultSyncSchema,
|
||||||
OnePassSyncSchema
|
OnePassSyncSchema,
|
||||||
|
RenderSyncSchema,
|
||||||
|
FlyioSyncSchema
|
||||||
]);
|
]);
|
||||||
|
|
||||||
const SecretSyncOptionsSchema = z.discriminatedUnion("destination", [
|
const SecretSyncOptionsSchema = z.discriminatedUnion("destination", [
|
||||||
@ -69,7 +73,9 @@ const SecretSyncOptionsSchema = z.discriminatedUnion("destination", [
|
|||||||
HCVaultSyncListItemSchema,
|
HCVaultSyncListItemSchema,
|
||||||
TeamCitySyncListItemSchema,
|
TeamCitySyncListItemSchema,
|
||||||
OCIVaultSyncListItemSchema,
|
OCIVaultSyncListItemSchema,
|
||||||
OnePassSyncListItemSchema
|
OnePassSyncListItemSchema,
|
||||||
|
RenderSyncListItemSchema,
|
||||||
|
FlyioSyncListItemSchema
|
||||||
]);
|
]);
|
||||||
|
|
||||||
export const registerSecretSyncRouter = async (server: FastifyZodProvider) => {
|
export const registerSecretSyncRouter = async (server: FastifyZodProvider) => {
|
||||||
|
|||||||
@ -22,7 +22,9 @@ export enum AppConnection {
|
|||||||
TeamCity = "teamcity",
|
TeamCity = "teamcity",
|
||||||
OCI = "oci",
|
OCI = "oci",
|
||||||
OracleDB = "oracledb",
|
OracleDB = "oracledb",
|
||||||
OnePass = "1password"
|
OnePass = "1password",
|
||||||
|
Render = "render",
|
||||||
|
Flyio = "flyio"
|
||||||
}
|
}
|
||||||
|
|
||||||
export enum AWSRegion {
|
export enum AWSRegion {
|
||||||
|
|||||||
@ -56,6 +56,7 @@ import {
|
|||||||
getDatabricksConnectionListItem,
|
getDatabricksConnectionListItem,
|
||||||
validateDatabricksConnectionCredentials
|
validateDatabricksConnectionCredentials
|
||||||
} from "./databricks";
|
} from "./databricks";
|
||||||
|
import { FlyioConnectionMethod, getFlyioConnectionListItem, validateFlyioConnectionCredentials } from "./flyio";
|
||||||
import { GcpConnectionMethod, getGcpConnectionListItem, validateGcpConnectionCredentials } from "./gcp";
|
import { GcpConnectionMethod, getGcpConnectionListItem, validateGcpConnectionCredentials } from "./gcp";
|
||||||
import { getGitHubConnectionListItem, GitHubConnectionMethod, validateGitHubConnectionCredentials } from "./github";
|
import { getGitHubConnectionListItem, GitHubConnectionMethod, validateGitHubConnectionCredentials } from "./github";
|
||||||
import {
|
import {
|
||||||
@ -78,6 +79,8 @@ import { getMsSqlConnectionListItem, MsSqlConnectionMethod } from "./mssql";
|
|||||||
import { MySqlConnectionMethod } from "./mysql/mysql-connection-enums";
|
import { MySqlConnectionMethod } from "./mysql/mysql-connection-enums";
|
||||||
import { getMySqlConnectionListItem } from "./mysql/mysql-connection-fns";
|
import { getMySqlConnectionListItem } from "./mysql/mysql-connection-fns";
|
||||||
import { getPostgresConnectionListItem, PostgresConnectionMethod } from "./postgres";
|
import { getPostgresConnectionListItem, PostgresConnectionMethod } from "./postgres";
|
||||||
|
import { RenderConnectionMethod } from "./render/render-connection-enums";
|
||||||
|
import { getRenderConnectionListItem, validateRenderConnectionCredentials } from "./render/render-connection-fns";
|
||||||
import {
|
import {
|
||||||
getTeamCityConnectionListItem,
|
getTeamCityConnectionListItem,
|
||||||
TeamCityConnectionMethod,
|
TeamCityConnectionMethod,
|
||||||
@ -121,7 +124,9 @@ export const listAppConnectionOptions = () => {
|
|||||||
getTeamCityConnectionListItem(),
|
getTeamCityConnectionListItem(),
|
||||||
getOCIConnectionListItem(),
|
getOCIConnectionListItem(),
|
||||||
getOracleDBConnectionListItem(),
|
getOracleDBConnectionListItem(),
|
||||||
getOnePassConnectionListItem()
|
getOnePassConnectionListItem(),
|
||||||
|
getRenderConnectionListItem(),
|
||||||
|
getFlyioConnectionListItem()
|
||||||
].sort((a, b) => a.name.localeCompare(b.name));
|
].sort((a, b) => a.name.localeCompare(b.name));
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -196,7 +201,9 @@ export const validateAppConnectionCredentials = async (
|
|||||||
[AppConnection.TeamCity]: validateTeamCityConnectionCredentials as TAppConnectionCredentialsValidator,
|
[AppConnection.TeamCity]: validateTeamCityConnectionCredentials as TAppConnectionCredentialsValidator,
|
||||||
[AppConnection.OCI]: validateOCIConnectionCredentials as TAppConnectionCredentialsValidator,
|
[AppConnection.OCI]: validateOCIConnectionCredentials as TAppConnectionCredentialsValidator,
|
||||||
[AppConnection.OracleDB]: validateSqlConnectionCredentials as TAppConnectionCredentialsValidator,
|
[AppConnection.OracleDB]: validateSqlConnectionCredentials as TAppConnectionCredentialsValidator,
|
||||||
[AppConnection.OnePass]: validateOnePassConnectionCredentials as TAppConnectionCredentialsValidator
|
[AppConnection.OnePass]: validateOnePassConnectionCredentials as TAppConnectionCredentialsValidator,
|
||||||
|
[AppConnection.Render]: validateRenderConnectionCredentials as TAppConnectionCredentialsValidator,
|
||||||
|
[AppConnection.Flyio]: validateFlyioConnectionCredentials as TAppConnectionCredentialsValidator
|
||||||
};
|
};
|
||||||
|
|
||||||
return VALIDATE_APP_CONNECTION_CREDENTIALS_MAP[appConnection.app](appConnection);
|
return VALIDATE_APP_CONNECTION_CREDENTIALS_MAP[appConnection.app](appConnection);
|
||||||
@ -238,6 +245,7 @@ export const getAppConnectionMethodName = (method: TAppConnection["method"]) =>
|
|||||||
case HCVaultConnectionMethod.AccessToken:
|
case HCVaultConnectionMethod.AccessToken:
|
||||||
case TeamCityConnectionMethod.AccessToken:
|
case TeamCityConnectionMethod.AccessToken:
|
||||||
case AzureDevOpsConnectionMethod.AccessToken:
|
case AzureDevOpsConnectionMethod.AccessToken:
|
||||||
|
case FlyioConnectionMethod.AccessToken:
|
||||||
return "Access Token";
|
return "Access Token";
|
||||||
case Auth0ConnectionMethod.ClientCredentials:
|
case Auth0ConnectionMethod.ClientCredentials:
|
||||||
return "Client Credentials";
|
return "Client Credentials";
|
||||||
@ -245,6 +253,8 @@ export const getAppConnectionMethodName = (method: TAppConnection["method"]) =>
|
|||||||
return "App Role";
|
return "App Role";
|
||||||
case LdapConnectionMethod.SimpleBind:
|
case LdapConnectionMethod.SimpleBind:
|
||||||
return "Simple Bind";
|
return "Simple Bind";
|
||||||
|
case RenderConnectionMethod.ApiKey:
|
||||||
|
return "API Key";
|
||||||
default:
|
default:
|
||||||
// eslint-disable-next-line @typescript-eslint/restrict-template-expressions
|
// eslint-disable-next-line @typescript-eslint/restrict-template-expressions
|
||||||
throw new Error(`Unhandled App Connection Method: ${method}`);
|
throw new Error(`Unhandled App Connection Method: ${method}`);
|
||||||
@ -299,7 +309,9 @@ export const TRANSITION_CONNECTION_CREDENTIALS_TO_PLATFORM: Record<
|
|||||||
[AppConnection.TeamCity]: platformManagedCredentialsNotSupported,
|
[AppConnection.TeamCity]: platformManagedCredentialsNotSupported,
|
||||||
[AppConnection.OCI]: platformManagedCredentialsNotSupported,
|
[AppConnection.OCI]: platformManagedCredentialsNotSupported,
|
||||||
[AppConnection.OracleDB]: transferSqlConnectionCredentialsToPlatform as TAppConnectionTransitionCredentialsToPlatform,
|
[AppConnection.OracleDB]: transferSqlConnectionCredentialsToPlatform as TAppConnectionTransitionCredentialsToPlatform,
|
||||||
[AppConnection.OnePass]: platformManagedCredentialsNotSupported
|
[AppConnection.OnePass]: platformManagedCredentialsNotSupported,
|
||||||
|
[AppConnection.Render]: platformManagedCredentialsNotSupported,
|
||||||
|
[AppConnection.Flyio]: platformManagedCredentialsNotSupported
|
||||||
};
|
};
|
||||||
|
|
||||||
export const enterpriseAppCheck = async (
|
export const enterpriseAppCheck = async (
|
||||||
|
|||||||
@ -24,7 +24,9 @@ export const APP_CONNECTION_NAME_MAP: Record<AppConnection, string> = {
|
|||||||
[AppConnection.TeamCity]: "TeamCity",
|
[AppConnection.TeamCity]: "TeamCity",
|
||||||
[AppConnection.OCI]: "OCI",
|
[AppConnection.OCI]: "OCI",
|
||||||
[AppConnection.OracleDB]: "OracleDB",
|
[AppConnection.OracleDB]: "OracleDB",
|
||||||
[AppConnection.OnePass]: "1Password"
|
[AppConnection.OnePass]: "1Password",
|
||||||
|
[AppConnection.Render]: "Render",
|
||||||
|
[AppConnection.Flyio]: "Fly.io"
|
||||||
};
|
};
|
||||||
|
|
||||||
export const APP_CONNECTION_PLAN_MAP: Record<AppConnection, AppConnectionPlanType> = {
|
export const APP_CONNECTION_PLAN_MAP: Record<AppConnection, AppConnectionPlanType> = {
|
||||||
@ -51,5 +53,7 @@ export const APP_CONNECTION_PLAN_MAP: Record<AppConnection, AppConnectionPlanTyp
|
|||||||
[AppConnection.OCI]: AppConnectionPlanType.Enterprise,
|
[AppConnection.OCI]: AppConnectionPlanType.Enterprise,
|
||||||
[AppConnection.OracleDB]: AppConnectionPlanType.Enterprise,
|
[AppConnection.OracleDB]: AppConnectionPlanType.Enterprise,
|
||||||
[AppConnection.OnePass]: AppConnectionPlanType.Regular,
|
[AppConnection.OnePass]: AppConnectionPlanType.Regular,
|
||||||
[AppConnection.MySql]: AppConnectionPlanType.Regular
|
[AppConnection.MySql]: AppConnectionPlanType.Regular,
|
||||||
|
[AppConnection.Render]: AppConnectionPlanType.Regular,
|
||||||
|
[AppConnection.Flyio]: AppConnectionPlanType.Regular
|
||||||
};
|
};
|
||||||
|
|||||||
@ -49,6 +49,8 @@ import { ValidateCamundaConnectionCredentialsSchema } from "./camunda";
|
|||||||
import { camundaConnectionService } from "./camunda/camunda-connection-service";
|
import { camundaConnectionService } from "./camunda/camunda-connection-service";
|
||||||
import { ValidateDatabricksConnectionCredentialsSchema } from "./databricks";
|
import { ValidateDatabricksConnectionCredentialsSchema } from "./databricks";
|
||||||
import { databricksConnectionService } from "./databricks/databricks-connection-service";
|
import { databricksConnectionService } from "./databricks/databricks-connection-service";
|
||||||
|
import { ValidateFlyioConnectionCredentialsSchema } from "./flyio";
|
||||||
|
import { flyioConnectionService } from "./flyio/flyio-connection-service";
|
||||||
import { ValidateGcpConnectionCredentialsSchema } from "./gcp";
|
import { ValidateGcpConnectionCredentialsSchema } from "./gcp";
|
||||||
import { gcpConnectionService } from "./gcp/gcp-connection-service";
|
import { gcpConnectionService } from "./gcp/gcp-connection-service";
|
||||||
import { ValidateGitHubConnectionCredentialsSchema } from "./github";
|
import { ValidateGitHubConnectionCredentialsSchema } from "./github";
|
||||||
@ -62,6 +64,8 @@ import { ValidateLdapConnectionCredentialsSchema } from "./ldap";
|
|||||||
import { ValidateMsSqlConnectionCredentialsSchema } from "./mssql";
|
import { ValidateMsSqlConnectionCredentialsSchema } from "./mssql";
|
||||||
import { ValidateMySqlConnectionCredentialsSchema } from "./mysql";
|
import { ValidateMySqlConnectionCredentialsSchema } from "./mysql";
|
||||||
import { ValidatePostgresConnectionCredentialsSchema } from "./postgres";
|
import { ValidatePostgresConnectionCredentialsSchema } from "./postgres";
|
||||||
|
import { ValidateRenderConnectionCredentialsSchema } from "./render/render-connection-schema";
|
||||||
|
import { renderConnectionService } from "./render/render-connection-service";
|
||||||
import { ValidateTeamCityConnectionCredentialsSchema } from "./teamcity";
|
import { ValidateTeamCityConnectionCredentialsSchema } from "./teamcity";
|
||||||
import { teamcityConnectionService } from "./teamcity/teamcity-connection-service";
|
import { teamcityConnectionService } from "./teamcity/teamcity-connection-service";
|
||||||
import { ValidateTerraformCloudConnectionCredentialsSchema } from "./terraform-cloud";
|
import { ValidateTerraformCloudConnectionCredentialsSchema } from "./terraform-cloud";
|
||||||
@ -104,7 +108,9 @@ const VALIDATE_APP_CONNECTION_CREDENTIALS_MAP: Record<AppConnection, TValidateAp
|
|||||||
[AppConnection.TeamCity]: ValidateTeamCityConnectionCredentialsSchema,
|
[AppConnection.TeamCity]: ValidateTeamCityConnectionCredentialsSchema,
|
||||||
[AppConnection.OCI]: ValidateOCIConnectionCredentialsSchema,
|
[AppConnection.OCI]: ValidateOCIConnectionCredentialsSchema,
|
||||||
[AppConnection.OracleDB]: ValidateOracleDBConnectionCredentialsSchema,
|
[AppConnection.OracleDB]: ValidateOracleDBConnectionCredentialsSchema,
|
||||||
[AppConnection.OnePass]: ValidateOnePassConnectionCredentialsSchema
|
[AppConnection.OnePass]: ValidateOnePassConnectionCredentialsSchema,
|
||||||
|
[AppConnection.Render]: ValidateRenderConnectionCredentialsSchema,
|
||||||
|
[AppConnection.Flyio]: ValidateFlyioConnectionCredentialsSchema
|
||||||
};
|
};
|
||||||
|
|
||||||
export const appConnectionServiceFactory = ({
|
export const appConnectionServiceFactory = ({
|
||||||
@ -509,6 +515,8 @@ export const appConnectionServiceFactory = ({
|
|||||||
windmill: windmillConnectionService(connectAppConnectionById),
|
windmill: windmillConnectionService(connectAppConnectionById),
|
||||||
teamcity: teamcityConnectionService(connectAppConnectionById),
|
teamcity: teamcityConnectionService(connectAppConnectionById),
|
||||||
oci: ociConnectionService(connectAppConnectionById, licenseService),
|
oci: ociConnectionService(connectAppConnectionById, licenseService),
|
||||||
onepass: onePassConnectionService(connectAppConnectionById)
|
onepass: onePassConnectionService(connectAppConnectionById),
|
||||||
|
render: renderConnectionService(connectAppConnectionById),
|
||||||
|
flyio: flyioConnectionService(connectAppConnectionById)
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
@ -68,6 +68,12 @@ import {
|
|||||||
TDatabricksConnectionInput,
|
TDatabricksConnectionInput,
|
||||||
TValidateDatabricksConnectionCredentialsSchema
|
TValidateDatabricksConnectionCredentialsSchema
|
||||||
} from "./databricks";
|
} from "./databricks";
|
||||||
|
import {
|
||||||
|
TFlyioConnection,
|
||||||
|
TFlyioConnectionConfig,
|
||||||
|
TFlyioConnectionInput,
|
||||||
|
TValidateFlyioConnectionCredentialsSchema
|
||||||
|
} from "./flyio";
|
||||||
import {
|
import {
|
||||||
TGcpConnection,
|
TGcpConnection,
|
||||||
TGcpConnectionConfig,
|
TGcpConnectionConfig,
|
||||||
@ -111,6 +117,12 @@ import {
|
|||||||
TPostgresConnectionInput,
|
TPostgresConnectionInput,
|
||||||
TValidatePostgresConnectionCredentialsSchema
|
TValidatePostgresConnectionCredentialsSchema
|
||||||
} from "./postgres";
|
} from "./postgres";
|
||||||
|
import {
|
||||||
|
TRenderConnection,
|
||||||
|
TRenderConnectionConfig,
|
||||||
|
TRenderConnectionInput,
|
||||||
|
TValidateRenderConnectionCredentialsSchema
|
||||||
|
} from "./render/render-connection-types";
|
||||||
import {
|
import {
|
||||||
TTeamCityConnection,
|
TTeamCityConnection,
|
||||||
TTeamCityConnectionConfig,
|
TTeamCityConnectionConfig,
|
||||||
@ -161,6 +173,8 @@ export type TAppConnection = { id: string } & (
|
|||||||
| TOCIConnection
|
| TOCIConnection
|
||||||
| TOracleDBConnection
|
| TOracleDBConnection
|
||||||
| TOnePassConnection
|
| TOnePassConnection
|
||||||
|
| TRenderConnection
|
||||||
|
| TFlyioConnection
|
||||||
);
|
);
|
||||||
|
|
||||||
export type TAppConnectionRaw = NonNullable<Awaited<ReturnType<TAppConnectionDALFactory["findById"]>>>;
|
export type TAppConnectionRaw = NonNullable<Awaited<ReturnType<TAppConnectionDALFactory["findById"]>>>;
|
||||||
@ -192,6 +206,8 @@ export type TAppConnectionInput = { id: string } & (
|
|||||||
| TOCIConnectionInput
|
| TOCIConnectionInput
|
||||||
| TOracleDBConnectionInput
|
| TOracleDBConnectionInput
|
||||||
| TOnePassConnectionInput
|
| TOnePassConnectionInput
|
||||||
|
| TRenderConnectionInput
|
||||||
|
| TFlyioConnectionInput
|
||||||
);
|
);
|
||||||
|
|
||||||
export type TSqlConnectionInput =
|
export type TSqlConnectionInput =
|
||||||
@ -230,7 +246,9 @@ export type TAppConnectionConfig =
|
|||||||
| TLdapConnectionConfig
|
| TLdapConnectionConfig
|
||||||
| TTeamCityConnectionConfig
|
| TTeamCityConnectionConfig
|
||||||
| TOCIConnectionConfig
|
| TOCIConnectionConfig
|
||||||
| TOnePassConnectionConfig;
|
| TOnePassConnectionConfig
|
||||||
|
| TRenderConnectionConfig
|
||||||
|
| TFlyioConnectionConfig;
|
||||||
|
|
||||||
export type TValidateAppConnectionCredentialsSchema =
|
export type TValidateAppConnectionCredentialsSchema =
|
||||||
| TValidateAwsConnectionCredentialsSchema
|
| TValidateAwsConnectionCredentialsSchema
|
||||||
@ -256,7 +274,9 @@ export type TValidateAppConnectionCredentialsSchema =
|
|||||||
| TValidateTeamCityConnectionCredentialsSchema
|
| TValidateTeamCityConnectionCredentialsSchema
|
||||||
| TValidateOCIConnectionCredentialsSchema
|
| TValidateOCIConnectionCredentialsSchema
|
||||||
| TValidateOracleDBConnectionCredentialsSchema
|
| TValidateOracleDBConnectionCredentialsSchema
|
||||||
| TValidateOnePassConnectionCredentialsSchema;
|
| TValidateOnePassConnectionCredentialsSchema
|
||||||
|
| TValidateRenderConnectionCredentialsSchema
|
||||||
|
| TValidateFlyioConnectionCredentialsSchema;
|
||||||
|
|
||||||
export type TListAwsConnectionKmsKeys = {
|
export type TListAwsConnectionKmsKeys = {
|
||||||
connectionId: string;
|
connectionId: string;
|
||||||
|
|||||||
@ -0,0 +1,3 @@
|
|||||||
|
export enum FlyioConnectionMethod {
|
||||||
|
AccessToken = "access-token"
|
||||||
|
}
|
||||||
@ -0,0 +1,72 @@
|
|||||||
|
import { AxiosError } from "axios";
|
||||||
|
|
||||||
|
import { request } from "@app/lib/config/request";
|
||||||
|
import { BadRequestError } from "@app/lib/errors";
|
||||||
|
import { AppConnection } from "@app/services/app-connection/app-connection-enums";
|
||||||
|
import { IntegrationUrls } from "@app/services/integration-auth/integration-list";
|
||||||
|
|
||||||
|
import { FlyioConnectionMethod } from "./flyio-connection-enums";
|
||||||
|
import { TFlyioApp, TFlyioConnection, TFlyioConnectionConfig } from "./flyio-connection-types";
|
||||||
|
|
||||||
|
export const getFlyioConnectionListItem = () => {
|
||||||
|
return {
|
||||||
|
name: "Fly.io" as const,
|
||||||
|
app: AppConnection.Flyio as const,
|
||||||
|
methods: Object.values(FlyioConnectionMethod) as [FlyioConnectionMethod.AccessToken]
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
export const validateFlyioConnectionCredentials = async (config: TFlyioConnectionConfig) => {
|
||||||
|
const { accessToken } = config.credentials;
|
||||||
|
|
||||||
|
try {
|
||||||
|
const resp = await request.post<{ data: { viewer: { id: string | null; email: string } } | null }>(
|
||||||
|
IntegrationUrls.FLYIO_API_URL,
|
||||||
|
{ query: "query { viewer { id email } }" },
|
||||||
|
{
|
||||||
|
headers: {
|
||||||
|
Authorization: `Bearer ${accessToken}`,
|
||||||
|
"Content-Type": "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
|
if (resp.data.data === null) {
|
||||||
|
throw new BadRequestError({
|
||||||
|
message: "Unable to validate connection: Invalid access token provided."
|
||||||
|
});
|
||||||
|
}
|
||||||
|
} catch (error: unknown) {
|
||||||
|
if (error instanceof AxiosError) {
|
||||||
|
throw new BadRequestError({
|
||||||
|
message: `Failed to validate credentials: ${error.message || "Unknown error"}`
|
||||||
|
});
|
||||||
|
}
|
||||||
|
throw new BadRequestError({
|
||||||
|
message: "Unable to validate connection: verify credentials"
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
return config.credentials;
|
||||||
|
};
|
||||||
|
|
||||||
|
export const listFlyioApps = async (appConnection: TFlyioConnection) => {
|
||||||
|
const { accessToken } = appConnection.credentials;
|
||||||
|
|
||||||
|
const resp = await request.post<{ data: { apps: { nodes: TFlyioApp[] } } }>(
|
||||||
|
IntegrationUrls.FLYIO_API_URL,
|
||||||
|
{
|
||||||
|
query:
|
||||||
|
"query GetApps { apps { nodes { id name hostname status organization { id slug } currentRelease { version status createdAt } } } }"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
headers: {
|
||||||
|
Authorization: `Bearer ${accessToken}`,
|
||||||
|
"Content-Type": "application/json",
|
||||||
|
Accept: "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
|
return resp.data.data.apps.nodes;
|
||||||
|
};
|
||||||
@ -0,0 +1,62 @@
|
|||||||
|
import z from "zod";
|
||||||
|
|
||||||
|
import { AppConnections } from "@app/lib/api-docs";
|
||||||
|
import { AppConnection } from "@app/services/app-connection/app-connection-enums";
|
||||||
|
import {
|
||||||
|
BaseAppConnectionSchema,
|
||||||
|
GenericCreateAppConnectionFieldsSchema,
|
||||||
|
GenericUpdateAppConnectionFieldsSchema
|
||||||
|
} from "@app/services/app-connection/app-connection-schemas";
|
||||||
|
|
||||||
|
import { FlyioConnectionMethod } from "./flyio-connection-enums";
|
||||||
|
|
||||||
|
export const FlyioConnectionAccessTokenCredentialsSchema = z.object({
|
||||||
|
accessToken: z
|
||||||
|
.string()
|
||||||
|
.trim()
|
||||||
|
.min(1, "Access Token required")
|
||||||
|
.max(1000)
|
||||||
|
.startsWith("FlyV1", "Token must start with 'FlyV1'")
|
||||||
|
.describe(AppConnections.CREDENTIALS.FLYIO.accessToken)
|
||||||
|
});
|
||||||
|
|
||||||
|
const BaseFlyioConnectionSchema = BaseAppConnectionSchema.extend({ app: z.literal(AppConnection.Flyio) });
|
||||||
|
|
||||||
|
export const FlyioConnectionSchema = BaseFlyioConnectionSchema.extend({
|
||||||
|
method: z.literal(FlyioConnectionMethod.AccessToken),
|
||||||
|
credentials: FlyioConnectionAccessTokenCredentialsSchema
|
||||||
|
});
|
||||||
|
|
||||||
|
export const SanitizedFlyioConnectionSchema = z.discriminatedUnion("method", [
|
||||||
|
BaseFlyioConnectionSchema.extend({
|
||||||
|
method: z.literal(FlyioConnectionMethod.AccessToken),
|
||||||
|
credentials: FlyioConnectionAccessTokenCredentialsSchema.pick({})
|
||||||
|
})
|
||||||
|
]);
|
||||||
|
|
||||||
|
export const ValidateFlyioConnectionCredentialsSchema = z.discriminatedUnion("method", [
|
||||||
|
z.object({
|
||||||
|
method: z.literal(FlyioConnectionMethod.AccessToken).describe(AppConnections.CREATE(AppConnection.Flyio).method),
|
||||||
|
credentials: FlyioConnectionAccessTokenCredentialsSchema.describe(
|
||||||
|
AppConnections.CREATE(AppConnection.Flyio).credentials
|
||||||
|
)
|
||||||
|
})
|
||||||
|
]);
|
||||||
|
|
||||||
|
export const CreateFlyioConnectionSchema = ValidateFlyioConnectionCredentialsSchema.and(
|
||||||
|
GenericCreateAppConnectionFieldsSchema(AppConnection.Flyio)
|
||||||
|
);
|
||||||
|
|
||||||
|
export const UpdateFlyioConnectionSchema = z
|
||||||
|
.object({
|
||||||
|
credentials: FlyioConnectionAccessTokenCredentialsSchema.optional().describe(
|
||||||
|
AppConnections.UPDATE(AppConnection.Flyio).credentials
|
||||||
|
)
|
||||||
|
})
|
||||||
|
.and(GenericUpdateAppConnectionFieldsSchema(AppConnection.Flyio));
|
||||||
|
|
||||||
|
export const FlyioConnectionListItemSchema = z.object({
|
||||||
|
name: z.literal("Fly.io"),
|
||||||
|
app: z.literal(AppConnection.Flyio),
|
||||||
|
methods: z.nativeEnum(FlyioConnectionMethod).array()
|
||||||
|
});
|
||||||
@ -0,0 +1,30 @@
|
|||||||
|
import { logger } from "@app/lib/logger";
|
||||||
|
import { OrgServiceActor } from "@app/lib/types";
|
||||||
|
|
||||||
|
import { AppConnection } from "../app-connection-enums";
|
||||||
|
import { listFlyioApps } from "./flyio-connection-fns";
|
||||||
|
import { TFlyioConnection } from "./flyio-connection-types";
|
||||||
|
|
||||||
|
type TGetAppConnectionFunc = (
|
||||||
|
app: AppConnection,
|
||||||
|
connectionId: string,
|
||||||
|
actor: OrgServiceActor
|
||||||
|
) => Promise<TFlyioConnection>;
|
||||||
|
|
||||||
|
export const flyioConnectionService = (getAppConnection: TGetAppConnectionFunc) => {
|
||||||
|
const listApps = async (connectionId: string, actor: OrgServiceActor) => {
|
||||||
|
const appConnection = await getAppConnection(AppConnection.Flyio, connectionId, actor);
|
||||||
|
|
||||||
|
try {
|
||||||
|
const apps = await listFlyioApps(appConnection);
|
||||||
|
return apps;
|
||||||
|
} catch (error) {
|
||||||
|
logger.error(error, "Failed to establish connection with fly.io");
|
||||||
|
return [];
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
return {
|
||||||
|
listApps
|
||||||
|
};
|
||||||
|
};
|
||||||
@ -0,0 +1,27 @@
|
|||||||
|
import z from "zod";
|
||||||
|
|
||||||
|
import { DiscriminativePick } from "@app/lib/types";
|
||||||
|
|
||||||
|
import { AppConnection } from "../app-connection-enums";
|
||||||
|
import {
|
||||||
|
CreateFlyioConnectionSchema,
|
||||||
|
FlyioConnectionSchema,
|
||||||
|
ValidateFlyioConnectionCredentialsSchema
|
||||||
|
} from "./flyio-connection-schemas";
|
||||||
|
|
||||||
|
export type TFlyioConnection = z.infer<typeof FlyioConnectionSchema>;
|
||||||
|
|
||||||
|
export type TFlyioConnectionInput = z.infer<typeof CreateFlyioConnectionSchema> & {
|
||||||
|
app: AppConnection.Flyio;
|
||||||
|
};
|
||||||
|
|
||||||
|
export type TValidateFlyioConnectionCredentialsSchema = typeof ValidateFlyioConnectionCredentialsSchema;
|
||||||
|
|
||||||
|
export type TFlyioConnectionConfig = DiscriminativePick<TFlyioConnectionInput, "method" | "app" | "credentials"> & {
|
||||||
|
orgId: string;
|
||||||
|
};
|
||||||
|
|
||||||
|
export type TFlyioApp = {
|
||||||
|
id: string;
|
||||||
|
name: string;
|
||||||
|
};
|
||||||
4
backend/src/services/app-connection/flyio/index.ts
Normal file
4
backend/src/services/app-connection/flyio/index.ts
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
export * from "./flyio-connection-enums";
|
||||||
|
export * from "./flyio-connection-fns";
|
||||||
|
export * from "./flyio-connection-schemas";
|
||||||
|
export * from "./flyio-connection-types";
|
||||||
@ -0,0 +1,3 @@
|
|||||||
|
export enum RenderConnectionMethod {
|
||||||
|
ApiKey = "api-key"
|
||||||
|
}
|
||||||
@ -0,0 +1,88 @@
|
|||||||
|
/* eslint-disable no-await-in-loop */
|
||||||
|
import { AxiosError } from "axios";
|
||||||
|
|
||||||
|
import { request } from "@app/lib/config/request";
|
||||||
|
import { BadRequestError } from "@app/lib/errors";
|
||||||
|
import { IntegrationUrls } from "@app/services/integration-auth/integration-list";
|
||||||
|
|
||||||
|
import { AppConnection } from "../app-connection-enums";
|
||||||
|
import { RenderConnectionMethod } from "./render-connection-enums";
|
||||||
|
import {
|
||||||
|
TRawRenderService,
|
||||||
|
TRenderConnection,
|
||||||
|
TRenderConnectionConfig,
|
||||||
|
TRenderService
|
||||||
|
} from "./render-connection-types";
|
||||||
|
|
||||||
|
export const getRenderConnectionListItem = () => {
|
||||||
|
return {
|
||||||
|
name: "Render" as const,
|
||||||
|
app: AppConnection.Render as const,
|
||||||
|
methods: Object.values(RenderConnectionMethod) as [RenderConnectionMethod.ApiKey]
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
export const listRenderServices = async (appConnection: TRenderConnection): Promise<TRenderService[]> => {
|
||||||
|
const {
|
||||||
|
credentials: { apiKey }
|
||||||
|
} = appConnection;
|
||||||
|
|
||||||
|
const services: TRenderService[] = [];
|
||||||
|
let hasMorePages = true;
|
||||||
|
const perPage = 100;
|
||||||
|
let cursor;
|
||||||
|
|
||||||
|
while (hasMorePages) {
|
||||||
|
const res: TRawRenderService[] = (
|
||||||
|
await request.get<TRawRenderService[]>(`${IntegrationUrls.RENDER_API_URL}/v1/services`, {
|
||||||
|
params: new URLSearchParams({
|
||||||
|
...(cursor ? { cursor: String(cursor) } : {}),
|
||||||
|
limit: String(perPage)
|
||||||
|
}),
|
||||||
|
headers: {
|
||||||
|
Authorization: `Bearer ${apiKey}`,
|
||||||
|
Accept: "application/json",
|
||||||
|
"Accept-Encoding": "application/json"
|
||||||
|
}
|
||||||
|
})
|
||||||
|
).data;
|
||||||
|
|
||||||
|
res.forEach((item) => {
|
||||||
|
services.push({
|
||||||
|
name: item.service.name,
|
||||||
|
id: item.service.id
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
if (res.length < perPage) {
|
||||||
|
hasMorePages = false;
|
||||||
|
} else {
|
||||||
|
cursor = res[res.length - 1].cursor;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return services;
|
||||||
|
};
|
||||||
|
|
||||||
|
export const validateRenderConnectionCredentials = async (config: TRenderConnectionConfig) => {
|
||||||
|
const { credentials: inputCredentials } = config;
|
||||||
|
|
||||||
|
try {
|
||||||
|
await request.get(`${IntegrationUrls.RENDER_API_URL}/v1/users`, {
|
||||||
|
headers: {
|
||||||
|
Authorization: `Bearer ${inputCredentials.apiKey}`
|
||||||
|
}
|
||||||
|
});
|
||||||
|
} catch (error: unknown) {
|
||||||
|
if (error instanceof AxiosError) {
|
||||||
|
throw new BadRequestError({
|
||||||
|
message: `Failed to validate credentials: ${error.message || "Unknown error"}`
|
||||||
|
});
|
||||||
|
}
|
||||||
|
throw new BadRequestError({
|
||||||
|
message: "Unable to validate connection: verify credentials"
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
return inputCredentials;
|
||||||
|
};
|
||||||
@ -0,0 +1,56 @@
|
|||||||
|
import z from "zod";
|
||||||
|
|
||||||
|
import { AppConnections } from "@app/lib/api-docs";
|
||||||
|
import { AppConnection } from "@app/services/app-connection/app-connection-enums";
|
||||||
|
import {
|
||||||
|
BaseAppConnectionSchema,
|
||||||
|
GenericCreateAppConnectionFieldsSchema,
|
||||||
|
GenericUpdateAppConnectionFieldsSchema
|
||||||
|
} from "@app/services/app-connection/app-connection-schemas";
|
||||||
|
|
||||||
|
import { RenderConnectionMethod } from "./render-connection-enums";
|
||||||
|
|
||||||
|
export const RenderConnectionApiKeyCredentialsSchema = z.object({
|
||||||
|
apiKey: z.string().trim().min(1, "API key required").max(256, "API key cannot exceed 256 characters")
|
||||||
|
});
|
||||||
|
|
||||||
|
const BaseRenderConnectionSchema = BaseAppConnectionSchema.extend({ app: z.literal(AppConnection.Render) });
|
||||||
|
|
||||||
|
export const RenderConnectionSchema = BaseRenderConnectionSchema.extend({
|
||||||
|
method: z.literal(RenderConnectionMethod.ApiKey),
|
||||||
|
credentials: RenderConnectionApiKeyCredentialsSchema
|
||||||
|
});
|
||||||
|
|
||||||
|
export const SanitizedRenderConnectionSchema = z.discriminatedUnion("method", [
|
||||||
|
BaseRenderConnectionSchema.extend({
|
||||||
|
method: z.literal(RenderConnectionMethod.ApiKey),
|
||||||
|
credentials: RenderConnectionApiKeyCredentialsSchema.pick({})
|
||||||
|
})
|
||||||
|
]);
|
||||||
|
|
||||||
|
export const ValidateRenderConnectionCredentialsSchema = z.discriminatedUnion("method", [
|
||||||
|
z.object({
|
||||||
|
method: z.literal(RenderConnectionMethod.ApiKey).describe(AppConnections.CREATE(AppConnection.Render).method),
|
||||||
|
credentials: RenderConnectionApiKeyCredentialsSchema.describe(
|
||||||
|
AppConnections.CREATE(AppConnection.Render).credentials
|
||||||
|
)
|
||||||
|
})
|
||||||
|
]);
|
||||||
|
|
||||||
|
export const CreateRenderConnectionSchema = ValidateRenderConnectionCredentialsSchema.and(
|
||||||
|
GenericCreateAppConnectionFieldsSchema(AppConnection.Render)
|
||||||
|
);
|
||||||
|
|
||||||
|
export const UpdateRenderConnectionSchema = z
|
||||||
|
.object({
|
||||||
|
credentials: RenderConnectionApiKeyCredentialsSchema.optional().describe(
|
||||||
|
AppConnections.UPDATE(AppConnection.Render).credentials
|
||||||
|
)
|
||||||
|
})
|
||||||
|
.and(GenericUpdateAppConnectionFieldsSchema(AppConnection.Render));
|
||||||
|
|
||||||
|
export const RenderConnectionListItemSchema = z.object({
|
||||||
|
name: z.literal("Render"),
|
||||||
|
app: z.literal(AppConnection.Render),
|
||||||
|
methods: z.nativeEnum(RenderConnectionMethod).array()
|
||||||
|
});
|
||||||
@ -0,0 +1,30 @@
|
|||||||
|
import { logger } from "@app/lib/logger";
|
||||||
|
import { OrgServiceActor } from "@app/lib/types";
|
||||||
|
|
||||||
|
import { AppConnection } from "../app-connection-enums";
|
||||||
|
import { listRenderServices } from "./render-connection-fns";
|
||||||
|
import { TRenderConnection } from "./render-connection-types";
|
||||||
|
|
||||||
|
type TGetAppConnectionFunc = (
|
||||||
|
app: AppConnection,
|
||||||
|
connectionId: string,
|
||||||
|
actor: OrgServiceActor
|
||||||
|
) => Promise<TRenderConnection>;
|
||||||
|
|
||||||
|
export const renderConnectionService = (getAppConnection: TGetAppConnectionFunc) => {
|
||||||
|
const listServices = async (connectionId: string, actor: OrgServiceActor) => {
|
||||||
|
const appConnection = await getAppConnection(AppConnection.Render, connectionId, actor);
|
||||||
|
try {
|
||||||
|
const services = await listRenderServices(appConnection);
|
||||||
|
|
||||||
|
return services;
|
||||||
|
} catch (error) {
|
||||||
|
logger.error(error, "Failed to list services for Render connection");
|
||||||
|
return [];
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
return {
|
||||||
|
listServices
|
||||||
|
};
|
||||||
|
};
|
||||||
@ -0,0 +1,35 @@
|
|||||||
|
import z from "zod";
|
||||||
|
|
||||||
|
import { DiscriminativePick } from "@app/lib/types";
|
||||||
|
|
||||||
|
import { AppConnection } from "../app-connection-enums";
|
||||||
|
import {
|
||||||
|
CreateRenderConnectionSchema,
|
||||||
|
RenderConnectionSchema,
|
||||||
|
ValidateRenderConnectionCredentialsSchema
|
||||||
|
} from "./render-connection-schema";
|
||||||
|
|
||||||
|
export type TRenderConnection = z.infer<typeof RenderConnectionSchema>;
|
||||||
|
|
||||||
|
export type TRenderConnectionInput = z.infer<typeof CreateRenderConnectionSchema> & {
|
||||||
|
app: AppConnection.Render;
|
||||||
|
};
|
||||||
|
|
||||||
|
export type TValidateRenderConnectionCredentialsSchema = typeof ValidateRenderConnectionCredentialsSchema;
|
||||||
|
|
||||||
|
export type TRenderConnectionConfig = DiscriminativePick<TRenderConnectionInput, "method" | "app" | "credentials"> & {
|
||||||
|
orgId: string;
|
||||||
|
};
|
||||||
|
|
||||||
|
export type TRenderService = {
|
||||||
|
name: string;
|
||||||
|
id: string;
|
||||||
|
};
|
||||||
|
|
||||||
|
export type TRawRenderService = {
|
||||||
|
cursor: string;
|
||||||
|
service: {
|
||||||
|
id: string;
|
||||||
|
name: string;
|
||||||
|
};
|
||||||
|
};
|
||||||
@ -9,6 +9,7 @@ const arnRegex = new RE2(/^arn:aws:iam::\d{12}:(user\/[a-zA-Z0-9_.@+*/-]+|role\/
|
|||||||
export const validateAccountIds = z
|
export const validateAccountIds = z
|
||||||
.string()
|
.string()
|
||||||
.trim()
|
.trim()
|
||||||
|
.max(2048)
|
||||||
.default("")
|
.default("")
|
||||||
// Custom validation to ensure each part is a 12-digit number
|
// Custom validation to ensure each part is a 12-digit number
|
||||||
.refine(
|
.refine(
|
||||||
@ -36,6 +37,7 @@ export const validateAccountIds = z
|
|||||||
export const validatePrincipalArns = z
|
export const validatePrincipalArns = z
|
||||||
.string()
|
.string()
|
||||||
.trim()
|
.trim()
|
||||||
|
.max(2048)
|
||||||
.default("")
|
.default("")
|
||||||
// Custom validation for ARN format
|
// Custom validation for ARN format
|
||||||
.refine(
|
.refine(
|
||||||
|
|||||||
@ -0,0 +1,10 @@
|
|||||||
|
import { AppConnection } from "@app/services/app-connection/app-connection-enums";
|
||||||
|
import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
|
||||||
|
import { TSecretSyncListItem } from "@app/services/secret-sync/secret-sync-types";
|
||||||
|
|
||||||
|
export const FLYIO_SYNC_LIST_OPTION: TSecretSyncListItem = {
|
||||||
|
name: "Fly.io",
|
||||||
|
destination: SecretSync.Flyio,
|
||||||
|
connection: AppConnection.Flyio,
|
||||||
|
canImportSecrets: false
|
||||||
|
};
|
||||||
133
backend/src/services/secret-sync/flyio/flyio-sync-fns.ts
Normal file
133
backend/src/services/secret-sync/flyio/flyio-sync-fns.ts
Normal file
@ -0,0 +1,133 @@
|
|||||||
|
import { request } from "@app/lib/config/request";
|
||||||
|
import { IntegrationUrls } from "@app/services/integration-auth/integration-list";
|
||||||
|
import {
|
||||||
|
TDeleteFlyioVariable,
|
||||||
|
TFlyioListVariables,
|
||||||
|
TFlyioSecret,
|
||||||
|
TFlyioSyncWithCredentials,
|
||||||
|
TPutFlyioVariable
|
||||||
|
} from "@app/services/secret-sync/flyio/flyio-sync-types";
|
||||||
|
import { SecretSyncError } from "@app/services/secret-sync/secret-sync-errors";
|
||||||
|
import { matchesSchema } from "@app/services/secret-sync/secret-sync-fns";
|
||||||
|
import { TSecretMap } from "@app/services/secret-sync/secret-sync-types";
|
||||||
|
|
||||||
|
import { SECRET_SYNC_NAME_MAP } from "../secret-sync-maps";
|
||||||
|
|
||||||
|
const listFlyioSecrets = async ({ accessToken, appId }: TFlyioListVariables) => {
|
||||||
|
const { data } = await request.post<{ data: { app: { secrets: TFlyioSecret[] } } }>(
|
||||||
|
IntegrationUrls.FLYIO_API_URL,
|
||||||
|
{
|
||||||
|
query: "query GetAppSecrets($appId: String!) { app(id: $appId) { id name secrets { name createdAt } } }",
|
||||||
|
variables: { appId }
|
||||||
|
},
|
||||||
|
{
|
||||||
|
headers: {
|
||||||
|
Authorization: `Bearer ${accessToken}`,
|
||||||
|
"Content-Type": "application/json",
|
||||||
|
Accept: "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
|
return data.data.app.secrets.map((s) => s.name);
|
||||||
|
};
|
||||||
|
|
||||||
|
const putFlyioSecrets = async ({ accessToken, appId, secretMap }: TPutFlyioVariable) => {
|
||||||
|
return request.post(
|
||||||
|
IntegrationUrls.FLYIO_API_URL,
|
||||||
|
{
|
||||||
|
query:
|
||||||
|
"mutation SetAppSecrets($appId: ID!, $secrets: [SecretInput!]!) { setSecrets(input: { appId: $appId, secrets: $secrets }) { app { name } release { version } } }",
|
||||||
|
variables: {
|
||||||
|
appId,
|
||||||
|
secrets: Object.entries(secretMap).map(([key, { value }]) => ({ key, value }))
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
headers: {
|
||||||
|
Authorization: `Bearer ${accessToken}`,
|
||||||
|
"Content-Type": "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
);
|
||||||
|
};
|
||||||
|
|
||||||
|
const deleteFlyioSecrets = async ({ accessToken, appId, keys }: TDeleteFlyioVariable) => {
|
||||||
|
return request.post(
|
||||||
|
IntegrationUrls.FLYIO_API_URL,
|
||||||
|
{
|
||||||
|
query:
|
||||||
|
"mutation UnsetAppSecrets($appId: ID!, $keys: [String!]!) { unsetSecrets(input: { appId: $appId, keys: $keys }) { app { name } release { version } } }",
|
||||||
|
variables: {
|
||||||
|
appId,
|
||||||
|
keys
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
headers: {
|
||||||
|
Authorization: `Bearer ${accessToken}`,
|
||||||
|
"Content-Type": "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
);
|
||||||
|
};
|
||||||
|
|
||||||
|
export const FlyioSyncFns = {
|
||||||
|
syncSecrets: async (secretSync: TFlyioSyncWithCredentials, secretMap: TSecretMap) => {
|
||||||
|
const {
|
||||||
|
connection,
|
||||||
|
environment,
|
||||||
|
destinationConfig: { appId }
|
||||||
|
} = secretSync;
|
||||||
|
|
||||||
|
const { accessToken } = connection.credentials;
|
||||||
|
|
||||||
|
try {
|
||||||
|
await putFlyioSecrets({ accessToken, appId, secretMap });
|
||||||
|
} catch (error) {
|
||||||
|
throw new SecretSyncError({
|
||||||
|
error
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if (secretSync.syncOptions.disableSecretDeletion) return;
|
||||||
|
|
||||||
|
const secrets = await listFlyioSecrets({ accessToken, appId });
|
||||||
|
|
||||||
|
const keys = secrets.filter(
|
||||||
|
(secret) =>
|
||||||
|
matchesSchema(secret, environment?.slug || "", secretSync.syncOptions.keySchema) && !(secret in secretMap)
|
||||||
|
);
|
||||||
|
|
||||||
|
try {
|
||||||
|
await deleteFlyioSecrets({ accessToken, appId, keys });
|
||||||
|
} catch (error) {
|
||||||
|
throw new SecretSyncError({
|
||||||
|
error
|
||||||
|
});
|
||||||
|
}
|
||||||
|
},
|
||||||
|
removeSecrets: async (secretSync: TFlyioSyncWithCredentials, secretMap: TSecretMap) => {
|
||||||
|
const {
|
||||||
|
connection,
|
||||||
|
destinationConfig: { appId }
|
||||||
|
} = secretSync;
|
||||||
|
|
||||||
|
const { accessToken } = connection.credentials;
|
||||||
|
|
||||||
|
const secrets = await listFlyioSecrets({ accessToken, appId });
|
||||||
|
|
||||||
|
const keys = secrets.filter((secret) => secret in secretMap);
|
||||||
|
|
||||||
|
try {
|
||||||
|
await deleteFlyioSecrets({ accessToken, appId, keys });
|
||||||
|
} catch (error) {
|
||||||
|
throw new SecretSyncError({
|
||||||
|
error
|
||||||
|
});
|
||||||
|
}
|
||||||
|
},
|
||||||
|
getSecrets: async (secretSync: TFlyioSyncWithCredentials) => {
|
||||||
|
throw new Error(`${SECRET_SYNC_NAME_MAP[secretSync.destination]} does not support importing secrets.`);
|
||||||
|
}
|
||||||
|
};
|
||||||
43
backend/src/services/secret-sync/flyio/flyio-sync-schemas.ts
Normal file
43
backend/src/services/secret-sync/flyio/flyio-sync-schemas.ts
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
import { z } from "zod";
|
||||||
|
|
||||||
|
import { SecretSyncs } from "@app/lib/api-docs";
|
||||||
|
import { AppConnection } from "@app/services/app-connection/app-connection-enums";
|
||||||
|
import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
|
||||||
|
import {
|
||||||
|
BaseSecretSyncSchema,
|
||||||
|
GenericCreateSecretSyncFieldsSchema,
|
||||||
|
GenericUpdateSecretSyncFieldsSchema
|
||||||
|
} from "@app/services/secret-sync/secret-sync-schemas";
|
||||||
|
import { TSyncOptionsConfig } from "@app/services/secret-sync/secret-sync-types";
|
||||||
|
|
||||||
|
const FlyioSyncDestinationConfigSchema = z.object({
|
||||||
|
appId: z.string().trim().min(1, "App required").max(255).describe(SecretSyncs.DESTINATION_CONFIG.FLYIO.appId)
|
||||||
|
});
|
||||||
|
|
||||||
|
const FlyioSyncOptionsConfig: TSyncOptionsConfig = { canImportSecrets: false };
|
||||||
|
|
||||||
|
export const FlyioSyncSchema = BaseSecretSyncSchema(SecretSync.Flyio, FlyioSyncOptionsConfig).extend({
|
||||||
|
destination: z.literal(SecretSync.Flyio),
|
||||||
|
destinationConfig: FlyioSyncDestinationConfigSchema
|
||||||
|
});
|
||||||
|
|
||||||
|
export const CreateFlyioSyncSchema = GenericCreateSecretSyncFieldsSchema(
|
||||||
|
SecretSync.Flyio,
|
||||||
|
FlyioSyncOptionsConfig
|
||||||
|
).extend({
|
||||||
|
destinationConfig: FlyioSyncDestinationConfigSchema
|
||||||
|
});
|
||||||
|
|
||||||
|
export const UpdateFlyioSyncSchema = GenericUpdateSecretSyncFieldsSchema(
|
||||||
|
SecretSync.Flyio,
|
||||||
|
FlyioSyncOptionsConfig
|
||||||
|
).extend({
|
||||||
|
destinationConfig: FlyioSyncDestinationConfigSchema.optional()
|
||||||
|
});
|
||||||
|
|
||||||
|
export const FlyioSyncListItemSchema = z.object({
|
||||||
|
name: z.literal("Fly.io"),
|
||||||
|
connection: z.literal(AppConnection.Flyio),
|
||||||
|
destination: z.literal(SecretSync.Flyio),
|
||||||
|
canImportSecrets: z.literal(false)
|
||||||
|
});
|
||||||
32
backend/src/services/secret-sync/flyio/flyio-sync-types.ts
Normal file
32
backend/src/services/secret-sync/flyio/flyio-sync-types.ts
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
import { z } from "zod";
|
||||||
|
|
||||||
|
import { TFlyioConnection } from "@app/services/app-connection/flyio";
|
||||||
|
|
||||||
|
import { CreateFlyioSyncSchema, FlyioSyncListItemSchema, FlyioSyncSchema } from "./flyio-sync-schemas";
|
||||||
|
|
||||||
|
export type TFlyioSync = z.infer<typeof FlyioSyncSchema>;
|
||||||
|
|
||||||
|
export type TFlyioSyncInput = z.infer<typeof CreateFlyioSyncSchema>;
|
||||||
|
|
||||||
|
export type TFlyioSyncListItem = z.infer<typeof FlyioSyncListItemSchema>;
|
||||||
|
|
||||||
|
export type TFlyioSyncWithCredentials = TFlyioSync & {
|
||||||
|
connection: TFlyioConnection;
|
||||||
|
};
|
||||||
|
|
||||||
|
export type TFlyioSecret = {
|
||||||
|
name: string;
|
||||||
|
};
|
||||||
|
|
||||||
|
export type TFlyioListVariables = {
|
||||||
|
accessToken: string;
|
||||||
|
appId: string;
|
||||||
|
};
|
||||||
|
|
||||||
|
export type TPutFlyioVariable = TFlyioListVariables & {
|
||||||
|
secretMap: { [key: string]: { value: string } };
|
||||||
|
};
|
||||||
|
|
||||||
|
export type TDeleteFlyioVariable = TFlyioListVariables & {
|
||||||
|
keys: string[];
|
||||||
|
};
|
||||||
4
backend/src/services/secret-sync/flyio/index.ts
Normal file
4
backend/src/services/secret-sync/flyio/index.ts
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
export * from "./flyio-sync-constants";
|
||||||
|
export * from "./flyio-sync-fns";
|
||||||
|
export * from "./flyio-sync-schemas";
|
||||||
|
export * from "./flyio-sync-types";
|
||||||
4
backend/src/services/secret-sync/render/index.ts
Normal file
4
backend/src/services/secret-sync/render/index.ts
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
export * from "./render-sync-constants";
|
||||||
|
export * from "./render-sync-fns";
|
||||||
|
export * from "./render-sync-schemas";
|
||||||
|
export * from "./render-sync-types";
|
||||||
@ -0,0 +1,10 @@
|
|||||||
|
import { AppConnection } from "@app/services/app-connection/app-connection-enums";
|
||||||
|
import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
|
||||||
|
import { TSecretSyncListItem } from "@app/services/secret-sync/secret-sync-types";
|
||||||
|
|
||||||
|
export const RENDER_SYNC_LIST_OPTION: TSecretSyncListItem = {
|
||||||
|
name: "Render",
|
||||||
|
destination: SecretSync.Render,
|
||||||
|
connection: AppConnection.Render,
|
||||||
|
canImportSecrets: true
|
||||||
|
};
|
||||||
@ -0,0 +1,8 @@
|
|||||||
|
export enum RenderSyncScope {
|
||||||
|
Service = "service"
|
||||||
|
}
|
||||||
|
|
||||||
|
export enum RenderSyncType {
|
||||||
|
Env = "env",
|
||||||
|
File = "file"
|
||||||
|
}
|
||||||
134
backend/src/services/secret-sync/render/render-sync-fns.ts
Normal file
134
backend/src/services/secret-sync/render/render-sync-fns.ts
Normal file
@ -0,0 +1,134 @@
|
|||||||
|
/* eslint-disable no-await-in-loop */
|
||||||
|
import { request } from "@app/lib/config/request";
|
||||||
|
import { IntegrationUrls } from "@app/services/integration-auth/integration-list";
|
||||||
|
import { matchesSchema } from "@app/services/secret-sync/secret-sync-fns";
|
||||||
|
import { TSecretMap } from "@app/services/secret-sync/secret-sync-types";
|
||||||
|
|
||||||
|
import { TRenderSecret, TRenderSyncWithCredentials } from "./render-sync-types";
|
||||||
|
|
||||||
|
const getRenderEnvironmentSecrets = async (secretSync: TRenderSyncWithCredentials) => {
|
||||||
|
const {
|
||||||
|
destinationConfig,
|
||||||
|
connection: {
|
||||||
|
credentials: { apiKey }
|
||||||
|
}
|
||||||
|
} = secretSync;
|
||||||
|
|
||||||
|
const baseUrl = `${IntegrationUrls.RENDER_API_URL}/v1/services/${destinationConfig.serviceId}/env-vars`;
|
||||||
|
const allSecrets: TRenderSecret[] = [];
|
||||||
|
let cursor: string | undefined;
|
||||||
|
|
||||||
|
do {
|
||||||
|
const url = cursor ? `${baseUrl}?cursor=${cursor}` : baseUrl;
|
||||||
|
const { data } = await request.get<
|
||||||
|
{
|
||||||
|
envVar: {
|
||||||
|
key: string;
|
||||||
|
value: string;
|
||||||
|
};
|
||||||
|
cursor: string;
|
||||||
|
}[]
|
||||||
|
>(url, {
|
||||||
|
headers: {
|
||||||
|
Authorization: `Bearer ${apiKey}`,
|
||||||
|
Accept: "application/json"
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
const secrets = data.map((item) => ({
|
||||||
|
key: item.envVar.key,
|
||||||
|
value: item.envVar.value
|
||||||
|
}));
|
||||||
|
|
||||||
|
allSecrets.push(...secrets);
|
||||||
|
|
||||||
|
cursor = data[data.length - 1]?.cursor;
|
||||||
|
} while (cursor);
|
||||||
|
|
||||||
|
return allSecrets;
|
||||||
|
};
|
||||||
|
|
||||||
|
const putEnvironmentSecret = async (secretSync: TRenderSyncWithCredentials, secretMap: TSecretMap, key: string) => {
|
||||||
|
const {
|
||||||
|
destinationConfig,
|
||||||
|
connection: {
|
||||||
|
credentials: { apiKey }
|
||||||
|
}
|
||||||
|
} = secretSync;
|
||||||
|
|
||||||
|
await request.put(
|
||||||
|
`${IntegrationUrls.RENDER_API_URL}/v1/services/${destinationConfig.serviceId}/env-vars/${key}`,
|
||||||
|
{
|
||||||
|
key,
|
||||||
|
value: secretMap[key].value
|
||||||
|
},
|
||||||
|
{
|
||||||
|
headers: {
|
||||||
|
Authorization: `Bearer ${apiKey}`,
|
||||||
|
Accept: "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
);
|
||||||
|
};
|
||||||
|
|
||||||
|
const deleteEnvironmentSecret = async (secretSync: TRenderSyncWithCredentials, secret: TRenderSecret) => {
|
||||||
|
const {
|
||||||
|
destinationConfig,
|
||||||
|
connection: {
|
||||||
|
credentials: { apiKey }
|
||||||
|
}
|
||||||
|
} = secretSync;
|
||||||
|
|
||||||
|
await request.delete(
|
||||||
|
`${IntegrationUrls.RENDER_API_URL}/v1/services/${destinationConfig.serviceId}/env-vars/${secret.key}`,
|
||||||
|
{
|
||||||
|
headers: {
|
||||||
|
Authorization: `Bearer ${apiKey}`,
|
||||||
|
Accept: "application/json"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
);
|
||||||
|
};
|
||||||
|
|
||||||
|
const sleep = async () =>
|
||||||
|
new Promise((resolve) => {
|
||||||
|
setTimeout(resolve, 500);
|
||||||
|
});
|
||||||
|
|
||||||
|
export const RenderSyncFns = {
|
||||||
|
syncSecrets: async (secretSync: TRenderSyncWithCredentials, secretMap: TSecretMap) => {
|
||||||
|
const renderSecrets = await getRenderEnvironmentSecrets(secretSync);
|
||||||
|
for await (const key of Object.keys(secretMap)) {
|
||||||
|
await putEnvironmentSecret(secretSync, secretMap, key);
|
||||||
|
await sleep();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (secretSync.syncOptions.disableSecretDeletion) return;
|
||||||
|
|
||||||
|
for await (const renderSecret of renderSecrets) {
|
||||||
|
if (!matchesSchema(renderSecret.key, secretSync.environment?.slug || "", secretSync.syncOptions.keySchema))
|
||||||
|
// eslint-disable-next-line no-continue
|
||||||
|
continue;
|
||||||
|
|
||||||
|
if (!secretMap[renderSecret.key]) {
|
||||||
|
await deleteEnvironmentSecret(secretSync, renderSecret);
|
||||||
|
await sleep();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
getSecrets: async (secretSync: TRenderSyncWithCredentials): Promise<TSecretMap> => {
|
||||||
|
const renderSecrets = await getRenderEnvironmentSecrets(secretSync);
|
||||||
|
return Object.fromEntries(renderSecrets.map((secret) => [secret.key, { value: secret.value ?? "" }]));
|
||||||
|
},
|
||||||
|
|
||||||
|
removeSecrets: async (secretSync: TRenderSyncWithCredentials, secretMap: TSecretMap) => {
|
||||||
|
const encryptedSecrets = await getRenderEnvironmentSecrets(secretSync);
|
||||||
|
|
||||||
|
for await (const encryptedSecret of encryptedSecrets) {
|
||||||
|
if (encryptedSecret.key in secretMap) {
|
||||||
|
await deleteEnvironmentSecret(secretSync, encryptedSecret);
|
||||||
|
await sleep();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
@ -0,0 +1,49 @@
|
|||||||
|
import { z } from "zod";
|
||||||
|
|
||||||
|
import { SecretSyncs } from "@app/lib/api-docs";
|
||||||
|
import { AppConnection } from "@app/services/app-connection/app-connection-enums";
|
||||||
|
import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
|
||||||
|
import {
|
||||||
|
BaseSecretSyncSchema,
|
||||||
|
GenericCreateSecretSyncFieldsSchema,
|
||||||
|
GenericUpdateSecretSyncFieldsSchema
|
||||||
|
} from "@app/services/secret-sync/secret-sync-schemas";
|
||||||
|
import { TSyncOptionsConfig } from "@app/services/secret-sync/secret-sync-types";
|
||||||
|
|
||||||
|
import { RenderSyncScope, RenderSyncType } from "./render-sync-enums";
|
||||||
|
|
||||||
|
const RenderSyncDestinationConfigSchema = z.discriminatedUnion("scope", [
|
||||||
|
z.object({
|
||||||
|
scope: z.literal(RenderSyncScope.Service).describe(SecretSyncs.DESTINATION_CONFIG.RENDER.scope),
|
||||||
|
serviceId: z.string().min(1, "Service ID is required").describe(SecretSyncs.DESTINATION_CONFIG.RENDER.serviceId),
|
||||||
|
type: z.nativeEnum(RenderSyncType).describe(SecretSyncs.DESTINATION_CONFIG.RENDER.type)
|
||||||
|
})
|
||||||
|
]);
|
||||||
|
|
||||||
|
const RenderSyncOptionsConfig: TSyncOptionsConfig = { canImportSecrets: true };
|
||||||
|
|
||||||
|
export const RenderSyncSchema = BaseSecretSyncSchema(SecretSync.Render, RenderSyncOptionsConfig).extend({
|
||||||
|
destination: z.literal(SecretSync.Render),
|
||||||
|
destinationConfig: RenderSyncDestinationConfigSchema
|
||||||
|
});
|
||||||
|
|
||||||
|
export const CreateRenderSyncSchema = GenericCreateSecretSyncFieldsSchema(
|
||||||
|
SecretSync.Render,
|
||||||
|
RenderSyncOptionsConfig
|
||||||
|
).extend({
|
||||||
|
destinationConfig: RenderSyncDestinationConfigSchema
|
||||||
|
});
|
||||||
|
|
||||||
|
export const UpdateRenderSyncSchema = GenericUpdateSecretSyncFieldsSchema(
|
||||||
|
SecretSync.Render,
|
||||||
|
RenderSyncOptionsConfig
|
||||||
|
).extend({
|
||||||
|
destinationConfig: RenderSyncDestinationConfigSchema.optional()
|
||||||
|
});
|
||||||
|
|
||||||
|
export const RenderSyncListItemSchema = z.object({
|
||||||
|
name: z.literal("Render"),
|
||||||
|
connection: z.literal(AppConnection.Render),
|
||||||
|
destination: z.literal(SecretSync.Render),
|
||||||
|
canImportSecrets: z.literal(true)
|
||||||
|
});
|
||||||
20
backend/src/services/secret-sync/render/render-sync-types.ts
Normal file
20
backend/src/services/secret-sync/render/render-sync-types.ts
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
import z from "zod";
|
||||||
|
|
||||||
|
import { TRenderConnection } from "@app/services/app-connection/render/render-connection-types";
|
||||||
|
|
||||||
|
import { CreateRenderSyncSchema, RenderSyncListItemSchema, RenderSyncSchema } from "./render-sync-schemas";
|
||||||
|
|
||||||
|
export type TRenderSyncListItem = z.infer<typeof RenderSyncListItemSchema>;
|
||||||
|
|
||||||
|
export type TRenderSync = z.infer<typeof RenderSyncSchema>;
|
||||||
|
|
||||||
|
export type TRenderSyncInput = z.infer<typeof CreateRenderSyncSchema>;
|
||||||
|
|
||||||
|
export type TRenderSyncWithCredentials = TRenderSync & {
|
||||||
|
connection: TRenderConnection;
|
||||||
|
};
|
||||||
|
|
||||||
|
export type TRenderSecret = {
|
||||||
|
key: string;
|
||||||
|
value: string;
|
||||||
|
};
|
||||||
@ -15,7 +15,9 @@ export enum SecretSync {
|
|||||||
HCVault = "hashicorp-vault",
|
HCVault = "hashicorp-vault",
|
||||||
TeamCity = "teamcity",
|
TeamCity = "teamcity",
|
||||||
OCIVault = "oci-vault",
|
OCIVault = "oci-vault",
|
||||||
OnePass = "1password"
|
OnePass = "1password",
|
||||||
|
Render = "render",
|
||||||
|
Flyio = "flyio"
|
||||||
}
|
}
|
||||||
|
|
||||||
export enum SecretSyncInitialSyncBehavior {
|
export enum SecretSyncInitialSyncBehavior {
|
||||||
|
|||||||
@ -29,11 +29,13 @@ import { AZURE_APP_CONFIGURATION_SYNC_LIST_OPTION, azureAppConfigurationSyncFact
|
|||||||
import { AZURE_DEVOPS_SYNC_LIST_OPTION, azureDevOpsSyncFactory } from "./azure-devops";
|
import { AZURE_DEVOPS_SYNC_LIST_OPTION, azureDevOpsSyncFactory } from "./azure-devops";
|
||||||
import { AZURE_KEY_VAULT_SYNC_LIST_OPTION, azureKeyVaultSyncFactory } from "./azure-key-vault";
|
import { AZURE_KEY_VAULT_SYNC_LIST_OPTION, azureKeyVaultSyncFactory } from "./azure-key-vault";
|
||||||
import { CAMUNDA_SYNC_LIST_OPTION, camundaSyncFactory } from "./camunda";
|
import { CAMUNDA_SYNC_LIST_OPTION, camundaSyncFactory } from "./camunda";
|
||||||
|
import { FLYIO_SYNC_LIST_OPTION, FlyioSyncFns } from "./flyio";
|
||||||
import { GCP_SYNC_LIST_OPTION } from "./gcp";
|
import { GCP_SYNC_LIST_OPTION } from "./gcp";
|
||||||
import { GcpSyncFns } from "./gcp/gcp-sync-fns";
|
import { GcpSyncFns } from "./gcp/gcp-sync-fns";
|
||||||
import { HC_VAULT_SYNC_LIST_OPTION, HCVaultSyncFns } from "./hc-vault";
|
import { HC_VAULT_SYNC_LIST_OPTION, HCVaultSyncFns } from "./hc-vault";
|
||||||
import { HUMANITEC_SYNC_LIST_OPTION } from "./humanitec";
|
import { HUMANITEC_SYNC_LIST_OPTION } from "./humanitec";
|
||||||
import { HumanitecSyncFns } from "./humanitec/humanitec-sync-fns";
|
import { HumanitecSyncFns } from "./humanitec/humanitec-sync-fns";
|
||||||
|
import { RENDER_SYNC_LIST_OPTION, RenderSyncFns } from "./render";
|
||||||
import { SECRET_SYNC_PLAN_MAP } from "./secret-sync-maps";
|
import { SECRET_SYNC_PLAN_MAP } from "./secret-sync-maps";
|
||||||
import { TEAMCITY_SYNC_LIST_OPTION, TeamCitySyncFns } from "./teamcity";
|
import { TEAMCITY_SYNC_LIST_OPTION, TeamCitySyncFns } from "./teamcity";
|
||||||
import { TERRAFORM_CLOUD_SYNC_LIST_OPTION, TerraformCloudSyncFns } from "./terraform-cloud";
|
import { TERRAFORM_CLOUD_SYNC_LIST_OPTION, TerraformCloudSyncFns } from "./terraform-cloud";
|
||||||
@ -57,7 +59,9 @@ const SECRET_SYNC_LIST_OPTIONS: Record<SecretSync, TSecretSyncListItem> = {
|
|||||||
[SecretSync.HCVault]: HC_VAULT_SYNC_LIST_OPTION,
|
[SecretSync.HCVault]: HC_VAULT_SYNC_LIST_OPTION,
|
||||||
[SecretSync.TeamCity]: TEAMCITY_SYNC_LIST_OPTION,
|
[SecretSync.TeamCity]: TEAMCITY_SYNC_LIST_OPTION,
|
||||||
[SecretSync.OCIVault]: OCI_VAULT_SYNC_LIST_OPTION,
|
[SecretSync.OCIVault]: OCI_VAULT_SYNC_LIST_OPTION,
|
||||||
[SecretSync.OnePass]: ONEPASS_SYNC_LIST_OPTION
|
[SecretSync.OnePass]: ONEPASS_SYNC_LIST_OPTION,
|
||||||
|
[SecretSync.Render]: RENDER_SYNC_LIST_OPTION,
|
||||||
|
[SecretSync.Flyio]: FLYIO_SYNC_LIST_OPTION
|
||||||
};
|
};
|
||||||
|
|
||||||
export const listSecretSyncOptions = () => {
|
export const listSecretSyncOptions = () => {
|
||||||
@ -215,6 +219,10 @@ export const SecretSyncFns = {
|
|||||||
return OCIVaultSyncFns.syncSecrets(secretSync, schemaSecretMap);
|
return OCIVaultSyncFns.syncSecrets(secretSync, schemaSecretMap);
|
||||||
case SecretSync.OnePass:
|
case SecretSync.OnePass:
|
||||||
return OnePassSyncFns.syncSecrets(secretSync, schemaSecretMap);
|
return OnePassSyncFns.syncSecrets(secretSync, schemaSecretMap);
|
||||||
|
case SecretSync.Render:
|
||||||
|
return RenderSyncFns.syncSecrets(secretSync, schemaSecretMap);
|
||||||
|
case SecretSync.Flyio:
|
||||||
|
return FlyioSyncFns.syncSecrets(secretSync, schemaSecretMap);
|
||||||
default:
|
default:
|
||||||
throw new Error(
|
throw new Error(
|
||||||
`Unhandled sync destination for sync secrets fns: ${(secretSync as TSecretSyncWithCredentials).destination}`
|
`Unhandled sync destination for sync secrets fns: ${(secretSync as TSecretSyncWithCredentials).destination}`
|
||||||
@ -292,6 +300,12 @@ export const SecretSyncFns = {
|
|||||||
case SecretSync.OnePass:
|
case SecretSync.OnePass:
|
||||||
secretMap = await OnePassSyncFns.getSecrets(secretSync);
|
secretMap = await OnePassSyncFns.getSecrets(secretSync);
|
||||||
break;
|
break;
|
||||||
|
case SecretSync.Render:
|
||||||
|
secretMap = await RenderSyncFns.getSecrets(secretSync);
|
||||||
|
break;
|
||||||
|
case SecretSync.Flyio:
|
||||||
|
secretMap = await FlyioSyncFns.getSecrets(secretSync);
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
throw new Error(
|
throw new Error(
|
||||||
`Unhandled sync destination for get secrets fns: ${(secretSync as TSecretSyncWithCredentials).destination}`
|
`Unhandled sync destination for get secrets fns: ${(secretSync as TSecretSyncWithCredentials).destination}`
|
||||||
@ -359,6 +373,10 @@ export const SecretSyncFns = {
|
|||||||
return OCIVaultSyncFns.removeSecrets(secretSync, schemaSecretMap);
|
return OCIVaultSyncFns.removeSecrets(secretSync, schemaSecretMap);
|
||||||
case SecretSync.OnePass:
|
case SecretSync.OnePass:
|
||||||
return OnePassSyncFns.removeSecrets(secretSync, schemaSecretMap);
|
return OnePassSyncFns.removeSecrets(secretSync, schemaSecretMap);
|
||||||
|
case SecretSync.Render:
|
||||||
|
return RenderSyncFns.removeSecrets(secretSync, schemaSecretMap);
|
||||||
|
case SecretSync.Flyio:
|
||||||
|
return FlyioSyncFns.removeSecrets(secretSync, schemaSecretMap);
|
||||||
default:
|
default:
|
||||||
throw new Error(
|
throw new Error(
|
||||||
`Unhandled sync destination for remove secrets fns: ${(secretSync as TSecretSyncWithCredentials).destination}`
|
`Unhandled sync destination for remove secrets fns: ${(secretSync as TSecretSyncWithCredentials).destination}`
|
||||||
|
|||||||
@ -18,7 +18,9 @@ export const SECRET_SYNC_NAME_MAP: Record<SecretSync, string> = {
|
|||||||
[SecretSync.HCVault]: "Hashicorp Vault",
|
[SecretSync.HCVault]: "Hashicorp Vault",
|
||||||
[SecretSync.TeamCity]: "TeamCity",
|
[SecretSync.TeamCity]: "TeamCity",
|
||||||
[SecretSync.OCIVault]: "OCI Vault",
|
[SecretSync.OCIVault]: "OCI Vault",
|
||||||
[SecretSync.OnePass]: "1Password"
|
[SecretSync.OnePass]: "1Password",
|
||||||
|
[SecretSync.Render]: "Render",
|
||||||
|
[SecretSync.Flyio]: "Fly.io"
|
||||||
};
|
};
|
||||||
|
|
||||||
export const SECRET_SYNC_CONNECTION_MAP: Record<SecretSync, AppConnection> = {
|
export const SECRET_SYNC_CONNECTION_MAP: Record<SecretSync, AppConnection> = {
|
||||||
@ -38,7 +40,9 @@ export const SECRET_SYNC_CONNECTION_MAP: Record<SecretSync, AppConnection> = {
|
|||||||
[SecretSync.HCVault]: AppConnection.HCVault,
|
[SecretSync.HCVault]: AppConnection.HCVault,
|
||||||
[SecretSync.TeamCity]: AppConnection.TeamCity,
|
[SecretSync.TeamCity]: AppConnection.TeamCity,
|
||||||
[SecretSync.OCIVault]: AppConnection.OCI,
|
[SecretSync.OCIVault]: AppConnection.OCI,
|
||||||
[SecretSync.OnePass]: AppConnection.OnePass
|
[SecretSync.OnePass]: AppConnection.OnePass,
|
||||||
|
[SecretSync.Render]: AppConnection.Render,
|
||||||
|
[SecretSync.Flyio]: AppConnection.Flyio
|
||||||
};
|
};
|
||||||
|
|
||||||
export const SECRET_SYNC_PLAN_MAP: Record<SecretSync, SecretSyncPlanType> = {
|
export const SECRET_SYNC_PLAN_MAP: Record<SecretSync, SecretSyncPlanType> = {
|
||||||
@ -58,5 +62,7 @@ export const SECRET_SYNC_PLAN_MAP: Record<SecretSync, SecretSyncPlanType> = {
|
|||||||
[SecretSync.HCVault]: SecretSyncPlanType.Regular,
|
[SecretSync.HCVault]: SecretSyncPlanType.Regular,
|
||||||
[SecretSync.TeamCity]: SecretSyncPlanType.Regular,
|
[SecretSync.TeamCity]: SecretSyncPlanType.Regular,
|
||||||
[SecretSync.OCIVault]: SecretSyncPlanType.Enterprise,
|
[SecretSync.OCIVault]: SecretSyncPlanType.Enterprise,
|
||||||
[SecretSync.OnePass]: SecretSyncPlanType.Regular
|
[SecretSync.OnePass]: SecretSyncPlanType.Regular,
|
||||||
|
[SecretSync.Render]: SecretSyncPlanType.Regular,
|
||||||
|
[SecretSync.Flyio]: SecretSyncPlanType.Regular
|
||||||
};
|
};
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
import { ForbiddenError } from "@casl/ability";
|
import { ForbiddenError, subject } from "@casl/ability";
|
||||||
|
|
||||||
import { ActionProjectType } from "@app/db/schemas";
|
import { ActionProjectType } from "@app/db/schemas";
|
||||||
import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
|
import { TLicenseServiceFactory } from "@app/ee/services/license/license-service";
|
||||||
@ -89,7 +89,17 @@ export const secretSyncServiceFactory = ({
|
|||||||
projectId
|
projectId
|
||||||
});
|
});
|
||||||
|
|
||||||
return secretSyncs as TSecretSync[];
|
return secretSyncs.filter((secretSync) =>
|
||||||
|
permission.can(
|
||||||
|
ProjectPermissionSecretSyncActions.Read,
|
||||||
|
secretSync.environment && secretSync.folder
|
||||||
|
? subject(ProjectPermissionSub.SecretSyncs, {
|
||||||
|
environment: secretSync.environment.slug,
|
||||||
|
secretPath: secretSync.folder.path
|
||||||
|
})
|
||||||
|
: ProjectPermissionSub.SecretSyncs
|
||||||
|
)
|
||||||
|
) as TSecretSync[];
|
||||||
};
|
};
|
||||||
|
|
||||||
const listSecretSyncsBySecretPath = async (
|
const listSecretSyncsBySecretPath = async (
|
||||||
@ -105,7 +115,15 @@ export const secretSyncServiceFactory = ({
|
|||||||
projectId
|
projectId
|
||||||
});
|
});
|
||||||
|
|
||||||
if (permission.cannot(ProjectPermissionSecretSyncActions.Read, ProjectPermissionSub.SecretSyncs)) {
|
if (
|
||||||
|
permission.cannot(
|
||||||
|
ProjectPermissionSecretSyncActions.Read,
|
||||||
|
subject(ProjectPermissionSub.SecretSyncs, {
|
||||||
|
environment,
|
||||||
|
secretPath
|
||||||
|
})
|
||||||
|
)
|
||||||
|
) {
|
||||||
return [];
|
return [];
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -142,7 +160,12 @@ export const secretSyncServiceFactory = ({
|
|||||||
|
|
||||||
ForbiddenError.from(permission).throwUnlessCan(
|
ForbiddenError.from(permission).throwUnlessCan(
|
||||||
ProjectPermissionSecretSyncActions.Read,
|
ProjectPermissionSecretSyncActions.Read,
|
||||||
ProjectPermissionSub.SecretSyncs
|
secretSync.environment && secretSync.folder
|
||||||
|
? subject(ProjectPermissionSub.SecretSyncs, {
|
||||||
|
environment: secretSync.environment.slug,
|
||||||
|
secretPath: secretSync.folder.path
|
||||||
|
})
|
||||||
|
: ProjectPermissionSub.SecretSyncs
|
||||||
);
|
);
|
||||||
|
|
||||||
if (secretSync.connection.app !== SECRET_SYNC_CONNECTION_MAP[destination])
|
if (secretSync.connection.app !== SECRET_SYNC_CONNECTION_MAP[destination])
|
||||||
@ -179,7 +202,12 @@ export const secretSyncServiceFactory = ({
|
|||||||
|
|
||||||
ForbiddenError.from(permission).throwUnlessCan(
|
ForbiddenError.from(permission).throwUnlessCan(
|
||||||
ProjectPermissionSecretSyncActions.Read,
|
ProjectPermissionSecretSyncActions.Read,
|
||||||
ProjectPermissionSub.SecretSyncs
|
secretSync.environment && secretSync.folder
|
||||||
|
? subject(ProjectPermissionSub.SecretSyncs, {
|
||||||
|
environment: secretSync.environment.slug,
|
||||||
|
secretPath: secretSync.folder.path
|
||||||
|
})
|
||||||
|
: ProjectPermissionSub.SecretSyncs
|
||||||
);
|
);
|
||||||
|
|
||||||
if (secretSync.connection.app !== SECRET_SYNC_CONNECTION_MAP[destination])
|
if (secretSync.connection.app !== SECRET_SYNC_CONNECTION_MAP[destination])
|
||||||
@ -217,13 +245,17 @@ export const secretSyncServiceFactory = ({
|
|||||||
|
|
||||||
ForbiddenError.from(projectPermission).throwUnlessCan(
|
ForbiddenError.from(projectPermission).throwUnlessCan(
|
||||||
ProjectPermissionSecretSyncActions.Create,
|
ProjectPermissionSecretSyncActions.Create,
|
||||||
ProjectPermissionSub.SecretSyncs
|
subject(ProjectPermissionSub.SecretSyncs, { environment, secretPath })
|
||||||
);
|
);
|
||||||
|
|
||||||
throwIfMissingSecretReadValueOrDescribePermission(projectPermission, ProjectPermissionSecretActions.ReadValue, {
|
throwIfMissingSecretReadValueOrDescribePermission(
|
||||||
environment,
|
projectPermission,
|
||||||
secretPath
|
ProjectPermissionSecretActions.DescribeSecret,
|
||||||
});
|
{
|
||||||
|
environment,
|
||||||
|
secretPath
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
const folder = await folderDAL.findBySecretPath(projectId, environment, secretPath);
|
const folder = await folderDAL.findBySecretPath(projectId, environment, secretPath);
|
||||||
|
|
||||||
@ -286,10 +318,38 @@ export const secretSyncServiceFactory = ({
|
|||||||
projectId: secretSync.projectId
|
projectId: secretSync.projectId
|
||||||
});
|
});
|
||||||
|
|
||||||
ForbiddenError.from(permission).throwUnlessCan(
|
// we always check the permission against the existing environment / secret path
|
||||||
ProjectPermissionSecretSyncActions.Edit,
|
// if no secret path / environment is present on the secret sync, we need to check without conditions
|
||||||
ProjectPermissionSub.SecretSyncs
|
if (secretSync.environment?.slug && secretSync.folder?.path) {
|
||||||
);
|
ForbiddenError.from(permission).throwUnlessCan(
|
||||||
|
ProjectPermissionSecretSyncActions.Edit,
|
||||||
|
subject(ProjectPermissionSub.SecretSyncs, {
|
||||||
|
environment: secretSync.environment.slug,
|
||||||
|
secretPath: secretSync.folder.path
|
||||||
|
})
|
||||||
|
);
|
||||||
|
} else {
|
||||||
|
ForbiddenError.from(permission).throwUnlessCan(
|
||||||
|
ProjectPermissionSecretSyncActions.Edit,
|
||||||
|
ProjectPermissionSub.SecretSyncs
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
// if the user is updating the secret path or environment, we need to check the permission against the new values
|
||||||
|
if (secretPath || environment) {
|
||||||
|
const environmentToCheck = environment || secretSync.environment?.slug || "";
|
||||||
|
const secretPathToCheck = secretPath || secretSync.folder?.path || "";
|
||||||
|
|
||||||
|
if (environmentToCheck && secretPathToCheck) {
|
||||||
|
ForbiddenError.from(permission).throwUnlessCan(
|
||||||
|
ProjectPermissionSecretSyncActions.Edit,
|
||||||
|
subject(ProjectPermissionSub.SecretSyncs, {
|
||||||
|
environment: environmentToCheck,
|
||||||
|
secretPath: secretPathToCheck
|
||||||
|
})
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (secretSync.connection.app !== SECRET_SYNC_CONNECTION_MAP[destination])
|
if (secretSync.connection.app !== SECRET_SYNC_CONNECTION_MAP[destination])
|
||||||
throw new BadRequestError({
|
throw new BadRequestError({
|
||||||
@ -315,7 +375,7 @@ export const secretSyncServiceFactory = ({
|
|||||||
if (!updatedEnvironment || !updatedSecretPath)
|
if (!updatedEnvironment || !updatedSecretPath)
|
||||||
throw new BadRequestError({ message: "Must specify both source environment and secret path" });
|
throw new BadRequestError({ message: "Must specify both source environment and secret path" });
|
||||||
|
|
||||||
throwIfMissingSecretReadValueOrDescribePermission(permission, ProjectPermissionSecretActions.ReadValue, {
|
throwIfMissingSecretReadValueOrDescribePermission(permission, ProjectPermissionSecretActions.DescribeSecret, {
|
||||||
environment: updatedEnvironment,
|
environment: updatedEnvironment,
|
||||||
secretPath: updatedSecretPath
|
secretPath: updatedSecretPath
|
||||||
});
|
});
|
||||||
@ -374,10 +434,20 @@ export const secretSyncServiceFactory = ({
|
|||||||
projectId: secretSync.projectId
|
projectId: secretSync.projectId
|
||||||
});
|
});
|
||||||
|
|
||||||
ForbiddenError.from(permission).throwUnlessCan(
|
if (secretSync.environment?.slug && secretSync.folder?.path) {
|
||||||
ProjectPermissionSecretSyncActions.Delete,
|
ForbiddenError.from(permission).throwUnlessCan(
|
||||||
ProjectPermissionSub.SecretSyncs
|
ProjectPermissionSecretSyncActions.Delete,
|
||||||
);
|
subject(ProjectPermissionSub.SecretSyncs, {
|
||||||
|
environment: secretSync.environment.slug,
|
||||||
|
secretPath: secretSync.folder.path
|
||||||
|
})
|
||||||
|
);
|
||||||
|
} else {
|
||||||
|
ForbiddenError.from(permission).throwUnlessCan(
|
||||||
|
ProjectPermissionSecretSyncActions.Delete,
|
||||||
|
ProjectPermissionSub.SecretSyncs
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
if (secretSync.connection.app !== SECRET_SYNC_CONNECTION_MAP[destination])
|
if (secretSync.connection.app !== SECRET_SYNC_CONNECTION_MAP[destination])
|
||||||
throw new BadRequestError({
|
throw new BadRequestError({
|
||||||
@ -441,10 +511,20 @@ export const secretSyncServiceFactory = ({
|
|||||||
projectId: secretSync.projectId
|
projectId: secretSync.projectId
|
||||||
});
|
});
|
||||||
|
|
||||||
ForbiddenError.from(permission).throwUnlessCan(
|
if (secretSync.environment?.slug && secretSync.folder?.path) {
|
||||||
ProjectPermissionSecretSyncActions.SyncSecrets,
|
ForbiddenError.from(permission).throwUnlessCan(
|
||||||
ProjectPermissionSub.SecretSyncs
|
ProjectPermissionSecretSyncActions.SyncSecrets,
|
||||||
);
|
subject(ProjectPermissionSub.SecretSyncs, {
|
||||||
|
environment: secretSync.environment.slug,
|
||||||
|
secretPath: secretSync.folder.path
|
||||||
|
})
|
||||||
|
);
|
||||||
|
} else {
|
||||||
|
ForbiddenError.from(permission).throwUnlessCan(
|
||||||
|
ProjectPermissionSecretSyncActions.SyncSecrets,
|
||||||
|
ProjectPermissionSub.SecretSyncs
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
if (secretSync.connection.app !== SECRET_SYNC_CONNECTION_MAP[destination])
|
if (secretSync.connection.app !== SECRET_SYNC_CONNECTION_MAP[destination])
|
||||||
throw new BadRequestError({
|
throw new BadRequestError({
|
||||||
@ -503,10 +583,20 @@ export const secretSyncServiceFactory = ({
|
|||||||
projectId: secretSync.projectId
|
projectId: secretSync.projectId
|
||||||
});
|
});
|
||||||
|
|
||||||
ForbiddenError.from(permission).throwUnlessCan(
|
if (secretSync.environment?.slug && secretSync.folder?.path) {
|
||||||
ProjectPermissionSecretSyncActions.ImportSecrets,
|
ForbiddenError.from(permission).throwUnlessCan(
|
||||||
ProjectPermissionSub.SecretSyncs
|
ProjectPermissionSecretSyncActions.ImportSecrets,
|
||||||
);
|
subject(ProjectPermissionSub.SecretSyncs, {
|
||||||
|
environment: secretSync.environment.slug,
|
||||||
|
secretPath: secretSync.folder.path
|
||||||
|
})
|
||||||
|
);
|
||||||
|
} else {
|
||||||
|
ForbiddenError.from(permission).throwUnlessCan(
|
||||||
|
ProjectPermissionSecretSyncActions.ImportSecrets,
|
||||||
|
ProjectPermissionSub.SecretSyncs
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
if (secretSync.connection.app !== SECRET_SYNC_CONNECTION_MAP[destination])
|
if (secretSync.connection.app !== SECRET_SYNC_CONNECTION_MAP[destination])
|
||||||
throw new BadRequestError({
|
throw new BadRequestError({
|
||||||
@ -559,10 +649,20 @@ export const secretSyncServiceFactory = ({
|
|||||||
projectId: secretSync.projectId
|
projectId: secretSync.projectId
|
||||||
});
|
});
|
||||||
|
|
||||||
ForbiddenError.from(permission).throwUnlessCan(
|
if (secretSync.environment?.slug && secretSync.folder?.path) {
|
||||||
ProjectPermissionSecretSyncActions.RemoveSecrets,
|
ForbiddenError.from(permission).throwUnlessCan(
|
||||||
ProjectPermissionSub.SecretSyncs
|
ProjectPermissionSecretSyncActions.RemoveSecrets,
|
||||||
);
|
subject(ProjectPermissionSub.SecretSyncs, {
|
||||||
|
environment: secretSync.environment.slug,
|
||||||
|
secretPath: secretSync.folder.path
|
||||||
|
})
|
||||||
|
);
|
||||||
|
} else {
|
||||||
|
ForbiddenError.from(permission).throwUnlessCan(
|
||||||
|
ProjectPermissionSecretSyncActions.RemoveSecrets,
|
||||||
|
ProjectPermissionSub.SecretSyncs
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
if (secretSync.connection.app !== SECRET_SYNC_CONNECTION_MAP[destination])
|
if (secretSync.connection.app !== SECRET_SYNC_CONNECTION_MAP[destination])
|
||||||
throw new BadRequestError({
|
throw new BadRequestError({
|
||||||
|
|||||||
@ -72,6 +72,7 @@ import {
|
|||||||
TAzureKeyVaultSyncListItem,
|
TAzureKeyVaultSyncListItem,
|
||||||
TAzureKeyVaultSyncWithCredentials
|
TAzureKeyVaultSyncWithCredentials
|
||||||
} from "./azure-key-vault";
|
} from "./azure-key-vault";
|
||||||
|
import { TFlyioSync, TFlyioSyncInput, TFlyioSyncListItem, TFlyioSyncWithCredentials } from "./flyio/flyio-sync-types";
|
||||||
import { TGcpSync, TGcpSyncInput, TGcpSyncListItem, TGcpSyncWithCredentials } from "./gcp";
|
import { TGcpSync, TGcpSyncInput, TGcpSyncListItem, TGcpSyncWithCredentials } from "./gcp";
|
||||||
import {
|
import {
|
||||||
THCVaultSync,
|
THCVaultSync,
|
||||||
@ -85,6 +86,12 @@ import {
|
|||||||
THumanitecSyncListItem,
|
THumanitecSyncListItem,
|
||||||
THumanitecSyncWithCredentials
|
THumanitecSyncWithCredentials
|
||||||
} from "./humanitec";
|
} from "./humanitec";
|
||||||
|
import {
|
||||||
|
TRenderSync,
|
||||||
|
TRenderSyncInput,
|
||||||
|
TRenderSyncListItem,
|
||||||
|
TRenderSyncWithCredentials
|
||||||
|
} from "./render/render-sync-types";
|
||||||
import {
|
import {
|
||||||
TTeamCitySync,
|
TTeamCitySync,
|
||||||
TTeamCitySyncInput,
|
TTeamCitySyncInput,
|
||||||
@ -116,7 +123,9 @@ export type TSecretSync =
|
|||||||
| THCVaultSync
|
| THCVaultSync
|
||||||
| TTeamCitySync
|
| TTeamCitySync
|
||||||
| TOCIVaultSync
|
| TOCIVaultSync
|
||||||
| TOnePassSync;
|
| TOnePassSync
|
||||||
|
| TRenderSync
|
||||||
|
| TFlyioSync;
|
||||||
|
|
||||||
export type TSecretSyncWithCredentials =
|
export type TSecretSyncWithCredentials =
|
||||||
| TAwsParameterStoreSyncWithCredentials
|
| TAwsParameterStoreSyncWithCredentials
|
||||||
@ -135,7 +144,9 @@ export type TSecretSyncWithCredentials =
|
|||||||
| THCVaultSyncWithCredentials
|
| THCVaultSyncWithCredentials
|
||||||
| TTeamCitySyncWithCredentials
|
| TTeamCitySyncWithCredentials
|
||||||
| TOCIVaultSyncWithCredentials
|
| TOCIVaultSyncWithCredentials
|
||||||
| TOnePassSyncWithCredentials;
|
| TOnePassSyncWithCredentials
|
||||||
|
| TRenderSyncWithCredentials
|
||||||
|
| TFlyioSyncWithCredentials;
|
||||||
|
|
||||||
export type TSecretSyncInput =
|
export type TSecretSyncInput =
|
||||||
| TAwsParameterStoreSyncInput
|
| TAwsParameterStoreSyncInput
|
||||||
@ -154,7 +165,9 @@ export type TSecretSyncInput =
|
|||||||
| THCVaultSyncInput
|
| THCVaultSyncInput
|
||||||
| TTeamCitySyncInput
|
| TTeamCitySyncInput
|
||||||
| TOCIVaultSyncInput
|
| TOCIVaultSyncInput
|
||||||
| TOnePassSyncInput;
|
| TOnePassSyncInput
|
||||||
|
| TRenderSyncInput
|
||||||
|
| TFlyioSyncInput;
|
||||||
|
|
||||||
export type TSecretSyncListItem =
|
export type TSecretSyncListItem =
|
||||||
| TAwsParameterStoreSyncListItem
|
| TAwsParameterStoreSyncListItem
|
||||||
@ -173,7 +186,9 @@ export type TSecretSyncListItem =
|
|||||||
| THCVaultSyncListItem
|
| THCVaultSyncListItem
|
||||||
| TTeamCitySyncListItem
|
| TTeamCitySyncListItem
|
||||||
| TOCIVaultSyncListItem
|
| TOCIVaultSyncListItem
|
||||||
| TOnePassSyncListItem;
|
| TOnePassSyncListItem
|
||||||
|
| TRenderSyncListItem
|
||||||
|
| TFlyioSyncListItem;
|
||||||
|
|
||||||
export type TSyncOptionsConfig = {
|
export type TSyncOptionsConfig = {
|
||||||
canImportSecrets: boolean;
|
canImportSecrets: boolean;
|
||||||
|
|||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Available"
|
||||||
|
openapi: "GET /api/v1/app-connections/flyio/available"
|
||||||
|
---
|
||||||
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
title: "Create"
|
||||||
|
openapi: "POST /api/v1/app-connections/flyio"
|
||||||
|
---
|
||||||
|
|
||||||
|
<Note>
|
||||||
|
Check out the configuration docs for [Fly.io Connections](/integrations/app-connections/flyio) to learn how to obtain the required credentials.
|
||||||
|
</Note>
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Delete"
|
||||||
|
openapi: "DELETE /api/v1/app-connections/flyio/{connectionId}"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Get by ID"
|
||||||
|
openapi: "GET /api/v1/app-connections/flyio/{connectionId}"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Get by Name"
|
||||||
|
openapi: "GET /api/v1/app-connections/flyio/connection-name/{connectionName}"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "List"
|
||||||
|
openapi: "GET /api/v1/app-connections/flyio"
|
||||||
|
---
|
||||||
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
title: "Update"
|
||||||
|
openapi: "PATCH /api/v1/app-connections/flyio/{connectionId}"
|
||||||
|
---
|
||||||
|
|
||||||
|
<Note>
|
||||||
|
Check out the configuration docs for [Fly.io Connections](/integrations/app-connections/flyio) to learn how to obtain the required credentials.
|
||||||
|
</Note>
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Available"
|
||||||
|
openapi: "GET /api/v1/app-connections/render/available"
|
||||||
|
---
|
||||||
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
title: "Create"
|
||||||
|
openapi: "POST /api/v1/app-connections/render"
|
||||||
|
---
|
||||||
|
|
||||||
|
<Note>
|
||||||
|
Check out the configuration docs for [Render
|
||||||
|
Connections](/integrations/app-connections/render) to learn how to obtain the
|
||||||
|
required credentials.
|
||||||
|
</Note>
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Delete"
|
||||||
|
openapi: "DELETE /api/v1/app-connections/render/{connectionId}"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Get by ID"
|
||||||
|
openapi: "GET /api/v1/app-connections/render/{connectionId}"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Get by Name"
|
||||||
|
openapi: "GET /api/v1/app-connections/render/connection-name/{connectionName}"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "List"
|
||||||
|
openapi: "GET /api/v1/app-connections/render"
|
||||||
|
---
|
||||||
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
title: "Update"
|
||||||
|
openapi: "PATCH /api/v1/app-connections/render/{connectionId}"
|
||||||
|
---
|
||||||
|
|
||||||
|
<Note>
|
||||||
|
Check out the configuration docs for [Render
|
||||||
|
Connections](/integrations/app-connections/render) to learn how to obtain the
|
||||||
|
required credentials.
|
||||||
|
</Note>
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Create"
|
||||||
|
openapi: "POST /api/v1/secret-syncs/flyio"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Delete"
|
||||||
|
openapi: "DELETE /api/v1/secret-syncs/flyio/{syncId}"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Get by ID"
|
||||||
|
openapi: "GET /api/v1/secret-syncs/flyio/{syncId}"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Get by Name"
|
||||||
|
openapi: "GET /api/v1/secret-syncs/flyio/sync-name/{syncName}"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Import Secrets"
|
||||||
|
openapi: "POST /api/v1/secret-syncs/flyio/{syncId}/import-secrets"
|
||||||
|
---
|
||||||
4
docs/api-reference/endpoints/secret-syncs/flyio/list.mdx
Normal file
4
docs/api-reference/endpoints/secret-syncs/flyio/list.mdx
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "List"
|
||||||
|
openapi: "GET /api/v1/secret-syncs/flyio"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Remove Secrets"
|
||||||
|
openapi: "POST /api/v1/secret-syncs/flyio/{syncId}/remove-secrets"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Sync Secrets"
|
||||||
|
openapi: "POST /api/v1/secret-syncs/flyio/{syncId}/sync-secrets"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Update"
|
||||||
|
openapi: "PATCH /api/v1/secret-syncs/flyio/{syncId}"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Create"
|
||||||
|
openapi: "POST /api/v1/secret-syncs/render"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Delete"
|
||||||
|
openapi: "DELETE /api/v1/secret-syncs/render/{syncId}"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Get by ID"
|
||||||
|
openapi: "GET /api/v1/secret-syncs/render/{syncId}"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Get by Name"
|
||||||
|
openapi: "GET /api/v1/secret-syncs/render/sync-name/{syncName}"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Import Secrets"
|
||||||
|
openapi: "POST /api/v1/secret-syncs/render/{syncId}/import-secrets"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "List"
|
||||||
|
openapi: "GET /api/v1/secret-syncs/render"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Remove Secrets"
|
||||||
|
openapi: "POST /api/v1/secret-syncs/render/{syncId}/remove-secrets"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Sync Secrets"
|
||||||
|
openapi: "POST /api/v1/secret-syncs/render/{syncId}/sync-secrets"
|
||||||
|
---
|
||||||
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
title: "Update"
|
||||||
|
openapi: "PATCH /api/v1/secret-syncs/render/{syncId}"
|
||||||
|
---
|
||||||
BIN
docs/images/app-connections/flyio/app-connection-created.png
Normal file
BIN
docs/images/app-connections/flyio/app-connection-created.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 1.0 MiB |
BIN
docs/images/app-connections/flyio/app-connection-modal.png
Normal file
BIN
docs/images/app-connections/flyio/app-connection-modal.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 794 KiB |
BIN
docs/images/app-connections/flyio/app-connection-option.png
Normal file
BIN
docs/images/app-connections/flyio/app-connection-option.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 796 KiB |
BIN
docs/images/app-connections/flyio/create-token-page.png
Normal file
BIN
docs/images/app-connections/flyio/create-token-page.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 537 KiB |
BIN
docs/images/app-connections/flyio/create-token.png
Normal file
BIN
docs/images/app-connections/flyio/create-token.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 502 KiB |
BIN
docs/images/app-connections/flyio/dashboard-page.png
Normal file
BIN
docs/images/app-connections/flyio/dashboard-page.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 642 KiB |
BIN
docs/images/app-connections/render/render-account-settings.png
Normal file
BIN
docs/images/app-connections/render/render-account-settings.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 473 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 969 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 534 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 703 KiB |
BIN
docs/images/app-connections/render/render-create-api-key.png
Normal file
BIN
docs/images/app-connections/render/render-create-api-key.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 338 KiB |
BIN
docs/images/app-connections/render/render-name-api-key.png
Normal file
BIN
docs/images/app-connections/render/render-name-api-key.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 341 KiB |
BIN
docs/images/secret-syncs/flyio/configure-destination.png
Normal file
BIN
docs/images/secret-syncs/flyio/configure-destination.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 628 KiB |
BIN
docs/images/secret-syncs/flyio/configure-details.png
Normal file
BIN
docs/images/secret-syncs/flyio/configure-details.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 632 KiB |
BIN
docs/images/secret-syncs/flyio/configure-source.png
Normal file
BIN
docs/images/secret-syncs/flyio/configure-source.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 615 KiB |
BIN
docs/images/secret-syncs/flyio/configure-sync-options.png
Normal file
BIN
docs/images/secret-syncs/flyio/configure-sync-options.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 680 KiB |
BIN
docs/images/secret-syncs/flyio/review-configuration.png
Normal file
BIN
docs/images/secret-syncs/flyio/review-configuration.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 651 KiB |
BIN
docs/images/secret-syncs/flyio/select-option.png
Normal file
BIN
docs/images/secret-syncs/flyio/select-option.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 710 KiB |
BIN
docs/images/secret-syncs/flyio/sync-created.png
Normal file
BIN
docs/images/secret-syncs/flyio/sync-created.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 1.0 MiB |
BIN
docs/images/secret-syncs/render/render-sync-created.png
Normal file
BIN
docs/images/secret-syncs/render/render-sync-created.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 994 KiB |
BIN
docs/images/secret-syncs/render/render-sync-destination.png
Normal file
BIN
docs/images/secret-syncs/render/render-sync-destination.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 627 KiB |
BIN
docs/images/secret-syncs/render/render-sync-details.png
Normal file
BIN
docs/images/secret-syncs/render/render-sync-details.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 622 KiB |
BIN
docs/images/secret-syncs/render/render-sync-options.png
Normal file
BIN
docs/images/secret-syncs/render/render-sync-options.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 661 KiB |
BIN
docs/images/secret-syncs/render/render-sync-review.png
Normal file
BIN
docs/images/secret-syncs/render/render-sync-review.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 648 KiB |
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user