Fail the plugin if no secrets were specified

Signed-off-by: Christopher Maier <[email protected]>

Author: christophermaier

hooks/environment

@@ -45,10 +45,9 @@ if [[ -n "${secret_prefix}" && ! "${secret_prefix}" =~ /$ ]]; then
 fi
 readonly secret_prefix
 
+# Resolve secrets
 ########################################################################
 
-readonly container_name="vault-env-plugin-${BUILDKITE_JOB_ID}"
-
 # STOLEN FROM https://github.com/buildkite-plugins/docker-buildkite-plugin/blob/9f90d8ef742d9fa1eb3556720e16f2b842ff1cb2/hooks/command#L25-L47
 #
 # Reads a list from plugin config into a global result array
@@ -74,14 +73,22 @@ plugin_read_list_into_result() {
     [[ ${#result[@]} -gt 0 ]] || return 1
 }
 
-envconsul_env() {
-    # This populates a `result` array for later use
-    plugin_read_list_into_result BUILDKITE_PLUGIN_VAULT_ENV_SECRETS
+secrets=()
+if plugin_read_list_into_result BUILDKITE_PLUGIN_VAULT_ENV_SECRETS; then
+    secrets=("${result[@]}")
+else
+    raise_error "At least one secret must be specified!"
+fi
 
-    secrets=()
-    for secret in "${result[@]}"; do
+########################################################################
+
+readonly container_name="vault-env-plugin-${BUILDKITE_JOB_ID}"
+
+envconsul_env() {
+    args=()
+    for secret in "${secrets[@]}"; do
         # secret_prefix is guaranteed to end with a / if it is non-empty
-        secrets+=("-secret=${secret_prefix}${secret}")
+        args+=("-secret=${secret_prefix}${secret}")
     done
 
     # Explicitly *not* using `--rm` so we can output the container
@@ -91,7 +98,7 @@ envconsul_env() {
         --name="${container_name}" \
         -- \
         "${image}" \
-        "${secrets[@]}" \
+        "${args[@]}" \
         -once \
         -upcase \
         -pristine \