feat(secrets): delete secrets when deleting var groups

Author: fiftin

api/projects/environment.go

@@ -1,6 +1,7 @@
 package projects
 
 import (
+	"errors"
 	"fmt"
 	"github.com/semaphoreui/semaphore/api/helpers"
 	"github.com/semaphoreui/semaphore/db"
@@ -10,20 +11,23 @@ import (
 )
 
 type EnvironmentController struct {
-	accessKeyRepo     db.AccessKeyManager
-	accessKeyService  server.AccessKeyService
-	encryptionService server.AccessKeyEncryptionService
+	accessKeyRepo      db.AccessKeyManager
+	accessKeyService   server.AccessKeyService
+	encryptionService  server.AccessKeyEncryptionService
+	environmentService server.EnvironmentService
 }
 
 func NewEnvironmentController(
 	accessKeyRepo db.AccessKeyManager,
 	encryptionService server.AccessKeyEncryptionService,
 	accessKeyService server.AccessKeyService,
+	environmentService server.EnvironmentService,
 ) *EnvironmentController {
 	return &EnvironmentController{
-		accessKeyRepo:     accessKeyRepo,
-		accessKeyService:  accessKeyService,
-		encryptionService: encryptionService,
+		accessKeyRepo:      accessKeyRepo,
+		accessKeyService:   accessKeyService,
+		encryptionService:  encryptionService,
+		environmentService: environmentService,
 	}
 }
 
@@ -262,11 +266,13 @@ func (c *EnvironmentController) AddEnvironment(w http.ResponseWriter, r *http.Re
 }
 
 // RemoveEnvironment deletes an environment from the database
-func RemoveEnvironment(w http.ResponseWriter, r *http.Request) {
+func (c *EnvironmentController) RemoveEnvironment(w http.ResponseWriter, r *http.Request) {
 	env := helpers.GetFromContext(r, "environment").(db.Environment)
 
-	err := helpers.Store(r).DeleteEnvironment(env.ProjectID, env.ID)
-	if err == db.ErrInvalidOperation {
+	err := c.environmentService.Delete(env.ProjectID, env.ID)
+	//err := helpers.Store(r).DeleteEnvironment(env.ProjectID, env.ID)
+
+	if errors.Is(err, db.ErrInvalidOperation) {
 		helpers.WriteJSON(w, http.StatusBadRequest, map[string]any{
 			"error": "Environment is in use by one or more templates",
 			"inUse": true,

api/router.go

@@ -86,12 +86,13 @@ func Route(
 	accessKeyInstallationService server.AccessKeyInstallationService,
 	secretStorageService server.SecretStorageService,
 	accessKeyService server.AccessKeyService,
+	environmentService server.EnvironmentService,
 ) *mux.Router {
 
 	projectController := &projects.ProjectController{ProjectService: projectService}
 	runnerController := runners.NewRunnerController(store, taskPool)
 	integrationController := NewIntegrationController(integrationService)
-	environmentController := projects.NewEnvironmentController(store, encryptionService, accessKeyService)
+	environmentController := projects.NewEnvironmentController(store, encryptionService, accessKeyService, environmentService)
 	secretStorageController := projects.NewSecretStorageController(store, secretStorageService)
 	repositoryController := projects.NewRepositoryController(accessKeyInstallationService)
 	keyController := projects.NewKeyController(accessKeyService)
@@ -391,7 +392,7 @@ func Route(
 	projectEnvManagement.HandleFunc("/{environment_id}", projects.GetEnvironment).Methods("GET", "HEAD")
 	projectEnvManagement.HandleFunc("/{environment_id}/refs", projects.GetEnvironmentRefs).Methods("GET", "HEAD")
 	projectEnvManagement.HandleFunc("/{environment_id}", environmentController.UpdateEnvironment).Methods("PUT")
-	projectEnvManagement.HandleFunc("/{environment_id}", projects.RemoveEnvironment).Methods("DELETE")
+	projectEnvManagement.HandleFunc("/{environment_id}", environmentController.RemoveEnvironment).Methods("DELETE")
 
 	projectTmplManagement := projectUserAPI.PathPrefix("/templates").Subrouter()
 	projectTmplManagement.Use(projects.TemplatesMiddleware)

cli/cmd/root.go

@@ -82,6 +82,7 @@ func runService() {
 	)
 	accessKeyService := server.NewAccessKeyService(store, encryptionService, store)
 	secretStorageService := server.NewSecretStorageService(store, accessKeyService)
+	environmentService := server.NewEnvironmentService(store, encryptionService)
 
 	taskPool := tasks.CreateTaskPool(
 		store,
@@ -125,6 +126,7 @@ func runService() {
 		accessKeyInstallationService,
 		secretStorageService,
 		accessKeyService,
+		environmentService,
 	)
 
 	route.Use(func(next http.Handler) http.Handler {

services/server/environment_svc.go

@@ -0,0 +1,60 @@
+package server
+
+import (
+	"fmt"
+	"github.com/semaphoreui/semaphore/db"
+)
+
+type EnvironmentService interface {
+	Delete(projectID int, environmentID int) error
+}
+
+func NewEnvironmentService(
+	environmentRepo db.EnvironmentManager,
+	encryptionService AccessKeyEncryptionService,
+) EnvironmentService {
+	return &EnvironmentServiceImpl{
+		environmentRepo:   environmentRepo,
+		encryptionService: encryptionService,
+	}
+}
+
+type EnvironmentServiceImpl struct {
+	environmentRepo   db.EnvironmentManager
+	encryptionService AccessKeyEncryptionService
+}
+
+func (s *EnvironmentServiceImpl) Delete(projectID int, environmentID int) (err error) {
+	// Implement the logic to delete an environment
+	// This is a placeholder implementation
+	if projectID <= 0 || environmentID <= 0 {
+		return fmt.Errorf("invalid project or environment ID")
+	}
+
+	secrets, err := s.environmentRepo.GetEnvironmentSecrets(projectID, environmentID)
+	if err != nil {
+		return
+	}
+
+	err = s.environmentRepo.DeleteEnvironment(projectID, environmentID)
+
+	if err != nil {
+		return
+	}
+
+	var errors []error
+
+	for _, secret := range secrets {
+		err = s.encryptionService.DeleteSecret(&secret)
+		if err != nil {
+			errors = append(errors, err)
+		}
+	}
+
+	if len(errors) > 0 {
+		err = fmt.Errorf("failed to delete some secrets: %v", errors)
+		return
+	}
+
+	return
+}