Skip to content

Commit 0e4a815

Browse files
liamstevensliamstevens
committed
fix: add required secret-files prefix to secret location
1 parent 6e9c6f9 commit 0e4a815

File tree

2 files changed

+8
-7
lines changed

2 files changed

+8
-7
lines changed

s3secrets-helper/secrets/secrets.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -140,7 +140,8 @@ func getSecrets(conf Config, results chan<- getResult) {
140140
"_TOKEN",
141141
"_ACCESS_KEY",
142142
}...)
143-
keys, err := conf.Client.ListSuffix(conf.Prefix, suffixes)
143+
secretPrefix := conf.Prefix + "/secret-files"
144+
keys, err := conf.Client.ListSuffix(secretPrefix, suffixes)
144145
if err != nil {
145146
fmt.Errorf("listing matching secrets: %w", err)
146147
}

s3secrets-helper/secrets/secrets_test.go

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ func (c *FakeClient) Bucket() string {
4646
}
4747

4848
func (c *FakeClient) ListSuffix(prefix string, suffix []string) ([]string, error) {
49-
fakeSecrets := []string{"pipeline/BUILDKITE_ACCESS_KEY", "pipeline/DATABASE_SECRET", "pipeline/EXTERNAL_API_SECRET_KEY", "pipeline/PRIVILEGED_PASSWORD", "pipeline/SERVICE_TOKEN"}
49+
fakeSecrets := []string{"pipeline/secret-files/BUILDKITE_ACCESS_KEY", "pipeline/secret-files/DATABASE_SECRET", "pipeline/secret-files/EXTERNAL_API_SECRET_KEY", "pipeline/secret-files/PRIVILEGED_PASSWORD", "pipeline/secret-files/SERVICE_TOKEN"}
5050
return fakeSecrets, nil
5151
}
5252

@@ -106,11 +106,11 @@ func TestRun(t *testing.T) {
106106
"bkt/git-credentials": {[]byte("general git key"), nil},
107107
"bkt/pipeline/git-credentials": {[]byte("pipeline git key"), nil},
108108

109-
"bkt/pipeline/BUILDKITE_ACCESS_KEY": {[]byte("buildkite access key"), nil},
110-
"bkt/pipeline/DATABASE_SECRET": {[]byte("database secret"), nil},
111-
"bkt/pipeline/EXTERNAL_API_SECRET_KEY": {[]byte("external api secret"), nil},
112-
"bkt/pipeline/PRIVILEGED_PASSWORD": {[]byte("privileged password"), nil},
113-
"bkt/pipeline/SERVICE_TOKEN": {[]byte("service token"), nil},
109+
"bkt/pipeline/secret-files/BUILDKITE_ACCESS_KEY": {[]byte("buildkite access key"), nil},
110+
"bkt/pipeline/secret-files/DATABASE_SECRET": {[]byte("database secret"), nil},
111+
"bkt/pipeline/secret-files/EXTERNAL_API_SECRET_KEY": {[]byte("external api secret"), nil},
112+
"bkt/pipeline/secret-files/PRIVILEGED_PASSWORD": {[]byte("privileged password"), nil},
113+
"bkt/pipeline/secret-files/SERVICE_TOKEN": {[]byte("service token"), nil},
114114
}
115115
logbuf := &bytes.Buffer{}
116116
fakeAgent := &FakeAgent{t: t}

0 commit comments

Comments
 (0)