Secret storage for env (#3143)

* feat(secrets): support secret storages by variable groups

* fix: migrations

* fix: migrations

Author: fiftin

cli/cmd/migrate.go

@@ -12,7 +12,7 @@ var migrationArgs struct {
 
 func init() {
 	migrateCmd.PersistentFlags().StringVar(&migrationArgs.undoTo, "undo-to", "", "Undo to specific version")
-	migrateCmd.PersistentFlags().StringVar(&migrationArgs.undoTo, "apply-to", "", "Apply to specific version")
+	migrateCmd.PersistentFlags().StringVar(&migrationArgs.applyTo, "apply-to", "", "Apply to specific version")
 
 	rootCmd.AddCommand(migrateCmd)
 }

db/Environment.go

@@ -50,6 +50,9 @@ type Environment struct {
 
 	// Secrets is a field which used to update secrets associated with the environment.
 	Secrets []EnvironmentSecret `db:"-" json:"secrets" backup:"-"`
+
+	SecretStorageID        *int    `db:"secret_storage_id" json:"secret_storage_id,omitempty" backup:"-"`
+	SecretStorageKeyPrefix *string `db:"secret_storage_key_prefix" json:"secret_storage_key_prefix,omitempty"`
 }
 
 func (s *EnvironmentSecret) Validate() error {

db/Migration.go

@@ -26,7 +26,6 @@ func GetMigrations(dialect string) []Migration {
 	if dialect == util.DbDriverSQLite {
 		return []Migration{
 			{Version: "2.15.1.sqlite"},
-			{Version: "2.15.1"},
 			{Version: "2.15.2"},
 			{Version: "2.15.3"},
 			{Version: "2.15.4"},
@@ -131,7 +130,7 @@ func (m Migration) ParseVersion() (res MigrationVersion, err error) {
 
 	parts := strings.Split(m.Version, ".")
 
-	if len(parts) > 3 || len(parts) < 2 {
+	if len(parts) < 2 {
 		err = fmt.Errorf("invalid migration version format %s", m.Version)
 		return
 	}

db/Project.go

@@ -6,11 +6,12 @@ import (
 
 // Project is the top level structure in Semaphore
 type Project struct {
-	ID               int       `db:"id" json:"id" backup:"-"`
-	Name             string    `db:"name" json:"name" binding:"required"`
-	Created          time.Time `db:"created" json:"created" backup:"-"`
-	Alert            bool      `db:"alert" json:"alert,omitempty"`
-	AlertChat        *string   `db:"alert_chat" json:"alert_chat,omitempty"`
-	MaxParallelTasks int       `db:"max_parallel_tasks" json:"max_parallel_tasks,omitempty"`
-	Type             string    `db:"type" json:"type"`
+	ID                     int       `db:"id" json:"id" backup:"-"`
+	Name                   string    `db:"name" json:"name" binding:"required"`
+	Created                time.Time `db:"created" json:"created" backup:"-"`
+	Alert                  bool      `db:"alert" json:"alert,omitempty"`
+	AlertChat              *string   `db:"alert_chat" json:"alert_chat,omitempty"`
+	MaxParallelTasks       int       `db:"max_parallel_tasks" json:"max_parallel_tasks,omitempty"`
+	Type                   string    `db:"type" json:"type"`
+	DefaultSecretStorageID *int      `db:"default_secret_storage_id" json:"default_secret_storage_id,omitempty" backup:"-"`
 }

db/sql/environment.go

@@ -45,12 +45,16 @@ func (d *SqlDb) CreateEnvironment(env db.Environment) (newEnv db.Environment, er
 
 	insertID, err := d.insert(
 		"id",
-		"insert into project__environment (project_id, name, json, env, password) values (?, ?, ?, ?, ?)",
+		"insert into project__environment "+
+			"(project_id, name, json, env, password, secret_storage_id, secret_storage_key_prefix) values "+
+			"(?, ?, ?, ?, ?, ?, ?)",
 		env.ProjectID,
 		env.Name,
 		env.JSON,
 		env.ENV,
-		env.Password)
+		env.Password,
+		env.SecretStorageID,
+		env.SecretStorageKeyPrefix)
 
 	if err != nil {
 		return

db/sql/migrations/v2.16.0.err.sql

@@ -1,5 +1,6 @@
-alter table `project__environment` drop `source_storage_id`;
-alter table `project__environment` drop `source_storage_key`;
+alter table `project` drop `default_secret_storage_id`;
+alter table `project__environment` drop `secret_storage_id`;
+alter table `project__environment` drop `secret_storage_key_prefix`;
 alter table `access_key` drop `storage_id`;
 alter table `access_key` drop `source_storage_id`;
 alter table `access_key` drop `source_storage_key`;

db/sql/migrations/v2.16.0.sql

@@ -16,9 +16,10 @@ create table project__secret_storage (
 );
 
 alter table `access_key` add `storage_id` int null references `project__secret_storage`(`id`);
-
 alter table `access_key` add `source_storage_id` int null references `project__secret_storage`(`id`);
 alter table `access_key` add `source_storage_key` varchar(1000);
 
-alter table `project__environment` add `source_storage_id` int null references `project__secret_storage`(`id`);
-alter table `project__environment` add `source_storage_key` varchar(1000);
+alter table `project__environment` add `secret_storage_id` int null references `project__secret_storage`(`id`);
+alter table `project__environment` add `secret_storage_key_prefix` varchar(1000);
+
+alter table `project` add `default_secret_storage_id` int null references `project__secret_storage`(`id`);