Skip to content

Commit 756d8c8

Browse files
jahvonjahvon
authored
refactor!: remove deprecated v1 vault implementation (#293)
1 parent f1a0ab2 commit 756d8c8

File tree

20 files changed

+634
-1687
lines changed

20 files changed

+634
-1687
lines changed

cmd/internal/exec.go

Lines changed: 0 additions & 102 deletions
Original file line numberDiff line numberDiff line change
@@ -28,8 +28,6 @@ import (
2828
"github.com/flowexec/flow/internal/runner/serial"
2929
"github.com/flowexec/flow/internal/services/store"
3030
"github.com/flowexec/flow/internal/utils/env"
31-
"github.com/flowexec/flow/internal/vault"
32-
vaultV2 "github.com/flowexec/flow/internal/vault/v2"
3331
"github.com/flowexec/flow/types/executable"
3432
"github.com/flowexec/flow/types/workspace"
3533
)
@@ -169,9 +167,6 @@ func execFunc(ctx *context.Context, cmd *cobra.Command, verb executable.Verb, ar
169167
}
170168
}
171169

172-
if ctx.Config.CurrentVault == nil || *ctx.Config.CurrentVault == vaultV2.LegacyVaultReservedName {
173-
setAuthEnv(ctx, cmd, e, false)
174-
}
175170
startTime := time.Now()
176171
eng := engine.NewExecEngine()
177172

@@ -236,103 +231,6 @@ func runByRef(ctx *context.Context, cmd *cobra.Command, argsStr string) error {
236231
return nil
237232
}
238233

239-
func setAuthEnv(ctx *context.Context, _ *cobra.Command, executable *executable.Executable, force bool) {
240-
if authRequired(ctx, executable) || force {
241-
form, err := views.NewForm(
242-
io.Theme(ctx.Config.Theme.String()),
243-
ctx.StdIn(),
244-
ctx.StdOut(),
245-
&views.FormField{
246-
Key: vault.EncryptionKeyEnvVar,
247-
Title: "Enter vault encryption key",
248-
Type: views.PromptTypeMasked,
249-
})
250-
if err != nil {
251-
logger.Log().FatalErr(err)
252-
}
253-
if err := form.Run(ctx); err != nil {
254-
logger.Log().FatalErr(err)
255-
}
256-
val := form.FindByKey(vault.EncryptionKeyEnvVar).Value()
257-
if val == "" {
258-
logger.Log().FatalErr(fmt.Errorf("vault encryption key required"))
259-
}
260-
if err := os.Setenv(vault.EncryptionKeyEnvVar, val); err != nil {
261-
logger.Log().FatalErr(fmt.Errorf("failed to set vault encryption key\n%w", err))
262-
}
263-
}
264-
}
265-
266-
// TODO: refactor this function to simplify the logic
267-
//
268-
//nolint:all
269-
func authRequired(ctx *context.Context, rootExec *executable.Executable) bool {
270-
if os.Getenv(vault.EncryptionKeyEnvVar) != "" {
271-
return false
272-
}
273-
switch {
274-
case rootExec.Exec != nil:
275-
for _, param := range rootExec.Exec.Params {
276-
if param.SecretRef != "" {
277-
return true
278-
}
279-
}
280-
case rootExec.Launch != nil:
281-
for _, param := range rootExec.Launch.Params {
282-
if param.SecretRef != "" {
283-
return true
284-
}
285-
}
286-
case rootExec.Request != nil:
287-
for _, param := range rootExec.Request.Params {
288-
if param.SecretRef != "" {
289-
return true
290-
}
291-
}
292-
case rootExec.Render != nil:
293-
for _, param := range rootExec.Render.Params {
294-
if param.SecretRef != "" {
295-
return true
296-
}
297-
}
298-
case rootExec.Serial != nil:
299-
for _, param := range rootExec.Serial.Params {
300-
if param.SecretRef != "" {
301-
return true
302-
}
303-
}
304-
for _, e := range rootExec.Serial.Execs {
305-
if e.Ref != "" {
306-
childExec, err := ctx.ExecutableCache.GetExecutableByRef(e.Ref)
307-
if err != nil {
308-
continue
309-
}
310-
if authRequired(ctx, childExec) {
311-
return true
312-
}
313-
}
314-
}
315-
case rootExec.Parallel != nil:
316-
for _, param := range rootExec.Parallel.Params {
317-
if param.SecretRef != "" {
318-
return true
319-
}
320-
}
321-
for _, e := range rootExec.Parallel.Execs {
322-
if e.Ref != "" {
323-
childExec, err := ctx.ExecutableCache.GetExecutableByRef(e.Ref)
324-
if err != nil {
325-
continue
326-
}
327-
if authRequired(ctx, childExec) {
328-
return true
329-
}
330-
}
331-
}
332-
}
333-
return false
334-
}
335-
336234
//nolint:gocognit
337235
func pendingFormFields(
338236
ctx *context.Context, rootExec *executable.Executable, envMap map[string]string,

cmd/internal/secret.go

Lines changed: 59 additions & 122 deletions
Original file line numberDiff line numberDiff line change
@@ -15,12 +15,10 @@ import (
1515
"github.com/flowexec/flow/internal/context"
1616
"github.com/flowexec/flow/internal/io"
1717
"github.com/flowexec/flow/internal/io/secret"
18-
secretV2 "github.com/flowexec/flow/internal/io/secret/v2"
1918
"github.com/flowexec/flow/internal/logger"
2019
"github.com/flowexec/flow/internal/utils"
2120
envUtils "github.com/flowexec/flow/internal/utils/env"
2221
"github.com/flowexec/flow/internal/vault"
23-
vaultV2 "github.com/flowexec/flow/internal/vault/v2"
2422
"github.com/flowexec/flow/types/config"
2523
)
2624

@@ -72,22 +70,14 @@ func removeSecretFunc(ctx *context.Context, _ *cobra.Command, args []string) {
7270
return
7371
}
7472

75-
if currentVault(ctx.Config) == vaultV2.LegacyVaultReservedName {
76-
logger.Log().Warnf("Using deprecated vault. Consider creating a new vault with 'flow vault create' command.")
77-
v := vault.NewVault()
78-
if err = v.DeleteSecret(reference); err != nil {
79-
logger.Log().FatalErr(err)
80-
}
81-
} else {
82-
_, v, err := vaultV2.VaultFromName(currentVault(ctx.Config))
83-
defer v.Close()
73+
_, v, err := vault.VaultFromName(currentVault(ctx.Config))
74+
defer v.Close()
8475

85-
if err != nil {
86-
logger.Log().FatalErr(err)
87-
}
88-
if err = v.DeleteSecret(reference); err != nil {
89-
logger.Log().FatalErr(err)
90-
}
76+
if err != nil {
77+
logger.Log().FatalErr(err)
78+
}
79+
if err = v.DeleteSecret(reference); err != nil {
80+
logger.Log().FatalErr(err)
9181
}
9282

9383
logger.Log().PlainTextSuccess(fmt.Sprintf("Secret '%s' deleted from vault", reference))
@@ -148,28 +138,15 @@ func setSecretFunc(ctx *context.Context, cmd *cobra.Command, args []string) {
148138
value = strings.Join(args[1:], " ")
149139
}
150140

151-
sv := vault.SecretValue(value)
152141
vaultName := currentVault(ctx.Config)
153-
if vaultName == vaultV2.LegacyVaultReservedName {
154-
logger.Log().Warnf(
155-
"Using deprecated vault '%s'. Consider creating a new vault with 'flow vault create' command.",
156-
vaultName,
157-
)
158-
v := vault.NewVault()
159-
err := v.SetSecret(reference, sv)
160-
if err != nil {
161-
logger.Log().FatalErr(err)
162-
}
163-
} else {
164-
_, v, err := vaultV2.VaultFromName(vaultName)
165-
defer v.Close()
142+
_, v, err := vault.VaultFromName(vaultName)
143+
defer v.Close()
166144

167-
if err != nil {
168-
logger.Log().FatalErr(err)
169-
}
170-
if err = v.SetSecret(reference, vaultV2.NewSecretValue([]byte(value))); err != nil {
171-
logger.Log().FatalErr(err)
172-
}
145+
if err != nil {
146+
logger.Log().FatalErr(err)
147+
}
148+
if err = v.SetSecret(reference, vault.NewSecretValue([]byte(value))); err != nil {
149+
logger.Log().FatalErr(err)
173150
}
174151

175152
logger.Log().PlainTextSuccess(fmt.Sprintf("Secret %s set in vault", reference))
@@ -194,45 +171,29 @@ func listSecretFunc(ctx *context.Context, cmd *cobra.Command, _ []string) {
194171
asPlainText := flags.ValueFor[bool](cmd, *flags.OutputSecretAsPlainTextFlag, false)
195172
outputFormat := flags.ValueFor[string](cmd, *flags.OutputFormatFlag, false)
196173

197-
//nolint:nestif
198-
if currentVault(ctx.Config) == vaultV2.LegacyVaultReservedName {
199-
v := vault.NewVault()
200-
secrets, err := v.GetAllSecrets()
201-
if err != nil {
202-
logger.Log().FatalErr(err)
203-
}
204-
205-
interactiveUI := TUIEnabled(ctx, cmd)
206-
if interactiveUI {
207-
secret.LoadSecretListView(ctx, asPlainText)
208-
} else {
209-
secret.PrintSecrets(ctx, secrets, outputFormat, asPlainText)
210-
}
211-
} else {
212-
name := currentVault(ctx.Config)
213-
interactiveUI := TUIEnabled(ctx, cmd)
174+
name := currentVault(ctx.Config)
175+
interactiveUI := TUIEnabled(ctx, cmd)
214176

215-
_, v, err := vaultV2.VaultFromName(name)
216-
defer func() {
217-
// Don't close the vault prematurely if we're in interactive mode
218-
go func() {
219-
if interactiveUI {
220-
ctx.TUIContainer.WaitForExit()
221-
}
222-
_ = v.Close()
223-
}()
177+
_, v, err := vault.VaultFromName(name)
178+
defer func() {
179+
// Don't close the vault prematurely if we're in interactive mode
180+
go func() {
181+
if interactiveUI {
182+
ctx.TUIContainer.WaitForExit()
183+
}
184+
_ = v.Close()
224185
}()
186+
}()
225187

226-
if err != nil {
227-
logger.Log().FatalErr(err)
228-
}
188+
if err != nil {
189+
logger.Log().FatalErr(err)
190+
}
229191

230-
if interactiveUI {
231-
view := secretV2.NewSecretListView(ctx, v, asPlainText)
232-
SetView(ctx, cmd, view)
233-
} else {
234-
secretV2.PrintSecrets(ctx, name, v, outputFormat, asPlainText)
235-
}
192+
if interactiveUI {
193+
view := secret.NewSecretListView(ctx, v, asPlainText)
194+
SetView(ctx, cmd, view)
195+
} else {
196+
secret.PrintSecrets(ctx, name, v, outputFormat, asPlainText)
236197
}
237198
}
238199

@@ -254,65 +215,41 @@ func getSecretFunc(ctx *context.Context, cmd *cobra.Command, args []string) {
254215
asPlainText := flags.ValueFor[bool](cmd, *flags.OutputSecretAsPlainTextFlag, false)
255216
copyValue := flags.ValueFor[bool](cmd, *flags.CopyFlag, false)
256217

257-
//nolint:nestif
258-
if currentVault(ctx.Config) == vaultV2.LegacyVaultReservedName {
259-
logger.Log().Warnf("Using deprecated vault. Consider creating a new vault with 'flow vault create' command.")
260-
v := vault.NewVault()
261-
s, err := v.GetSecret(reference)
262-
if err != nil {
263-
logger.Log().FatalErr(err)
264-
}
218+
rVault, key, err := vault.RefToParts(vault.SecretRef(reference))
219+
if err != nil {
220+
logger.Log().FatalErr(err)
221+
}
222+
if rVault == "" {
223+
rVault = currentVault(ctx.Config)
224+
}
225+
_, v, err := vault.VaultFromName(rVault)
226+
defer v.Close()
265227

266-
if asPlainText {
267-
logger.Log().PlainTextInfo(s.PlainTextString())
268-
} else {
269-
logger.Log().PlainTextInfo(s.String())
270-
}
228+
if err != nil {
229+
logger.Log().FatalErr(err)
230+
}
231+
s, err := v.GetSecret(key)
232+
if err != nil {
233+
logger.Log().FatalErr(err)
234+
}
271235

272-
if copyValue {
273-
if err := clipboard.WriteAll(s.PlainTextString()); err != nil {
274-
logger.Log().Error(err, "\nunable to copy secret value to clipboard")
275-
} else {
276-
logger.Log().PlainTextSuccess("\ncopied secret value to clipboard")
277-
}
278-
}
236+
if asPlainText {
237+
logger.Log().PlainTextInfo(s.PlainTextString())
279238
} else {
280-
rVault, key, err := vaultV2.RefToParts(vaultV2.SecretRef(reference))
281-
if err != nil {
282-
logger.Log().FatalErr(err)
283-
}
284-
if rVault == "" {
285-
rVault = currentVault(ctx.Config)
286-
}
287-
_, v, err := vaultV2.VaultFromName(rVault)
288-
defer v.Close()
289-
290-
if err != nil {
291-
logger.Log().FatalErr(err)
292-
}
293-
s, err := v.GetSecret(key)
294-
if err != nil {
295-
logger.Log().FatalErr(err)
296-
}
297-
298-
if asPlainText {
299-
logger.Log().PlainTextInfo(s.PlainTextString())
239+
logger.Log().PlainTextInfo(s.String())
240+
}
241+
if copyValue {
242+
if err := clipboard.WriteAll(s.PlainTextString()); err != nil {
243+
logger.Log().Error(err, "\nunable to copy secret value to clipboard")
300244
} else {
301-
logger.Log().PlainTextInfo(s.String())
302-
}
303-
if copyValue {
304-
if err := clipboard.WriteAll(s.PlainTextString()); err != nil {
305-
logger.Log().Error(err, "\nunable to copy secret value to clipboard")
306-
} else {
307-
logger.Log().PlainTextSuccess("\ncopied secret value to clipboard")
308-
}
245+
logger.Log().PlainTextSuccess("\ncopied secret value to clipboard")
309246
}
310247
}
311248
}
312249

313250
func currentVault(cfg *config.Config) string {
314-
if cfg.CurrentVault == nil || *cfg.CurrentVault == "" {
315-
return vaultV2.LegacyVaultReservedName
251+
if cfg.CurrentVault == nil {
252+
return ""
316253
}
317254
return *cfg.CurrentVault
318255
}

0 commit comments

Comments
 (0)