Skip to content

Commit

Permalink
Merge pull request #15 from Conjur-Enterprise/CNJR-6093-fix-summon-no…
Browse files Browse the repository at this point in the history
…t-handling-errors-properly

CNJR-6093: Fix the issue where summon incorrectly populates secrets
  • Loading branch information
imheresamir authored and GitHub Enterprise committed Aug 16, 2024
2 parents 94d3341 + ac6778b commit ecfe634
Show file tree
Hide file tree
Showing 4 changed files with 47 additions and 6 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,12 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.

## [Unreleased]

## [0.10.1] - 2024-08-14

### Changed
- Fixed a bug that caused Summon to not properly handle a situation where a secret
to be fetched did not exist (CNJR-6093)

## [0.10.0] - 2024-07-29

### Added
Expand Down
11 changes: 11 additions & 0 deletions acceptance/features/fetching_secrets.feature
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,14 @@ Feature: fetching secrets
And a secret "very/secret/db-password" with "notSoSecret"
When I successfully run `summon -p ./provider env`
Then the output should contain "DB_PASSWORD=notSoSecret"

Scenario: Fetching a database username and non existent password
Given a file named "secrets.yml" with:
"""
DB_USERNAME: !var very/secret/db-username
DB_PASSWORD: !var very/secret/db-password-non-existent
"""
And a secret "very/secret/db-username" with "secretUsername"
And a non-existent secret "very/secret/db-password-non-existent"
When I run `summon -p ./provider env`
Then the output should contain "Error fetching variable DB_PASSWORD"
12 changes: 12 additions & 0 deletions acceptance/features/step_definitions/secret_steps.rb
Original file line number Diff line number Diff line change
Expand Up @@ -35,3 +35,15 @@
"""
}
end

Given(/^a non-existent secret "([^"]*)"$/) do |name|
steps %{
Given I append to "provider" with:
"""
if [ "$1" == "#{name}" ]; then
echo "Error fetching variable #{name}" >&2
exit 1
fi
"""
}
end
24 changes: 18 additions & 6 deletions pkg/provider/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,9 +113,20 @@ func CallInteractiveMode(provider string, secrets secretsyml.SecretsMap) (chan R
ctxCancel()
}
}
stderrPipe, err := cmd.StderrPipe()
if err != nil {
errorsCh <- err
return resultsCh, errorsCh, func() {
stdinPipe.Close()
stdoutPipe.Close()
ctxCancel()
}
}

cleanup := func() {
stdinPipe.Close()
stdoutPipe.Close()
stderrPipe.Close()
ctxCancel()
}

Expand Down Expand Up @@ -145,16 +156,10 @@ func CallInteractiveMode(provider string, secrets secretsyml.SecretsMap) (chan R
go func() {
defer close(resultsCh)
scanner := bufio.NewScanner(stdoutPipe)

index := 0

for scanner.Scan() {

line := scanner.Text()
if err != nil {
errorsCh <- ErrInteractiveModeNotSupported
break
}

decoded, err := base64.StdEncoding.DecodeString(line)

Expand All @@ -179,6 +184,13 @@ func CallInteractiveMode(provider string, secrets secretsyml.SecretsMap) (chan R
}

}()
go func() {
scanner := bufio.NewScanner(stderrPipe)
for scanner.Scan() {
line := scanner.Text()
errorsCh <- fmt.Errorf(line)
}
}()
return resultsCh, errorsCh, cleanup
}

Expand Down

0 comments on commit ecfe634

Please sign in to comment.