feat(api,cli): delete secret from commandline (#5933)

Signed-off-by: francois  samin <[email protected]>

cli/cdsctl/encrypt.go

@@ -59,7 +59,9 @@ my-data: 01234567890987654321`,
 }
 
 func encrypt() *cobra.Command {
-	return cli.NewCommand(encryptCmd, encryptRun, cli.SubCommands{encryptList()}, withAllCommandModifiers()...)
+	return cli.NewCommand(encryptCmd, encryptRun, cli.SubCommands{
+		encryptList(), encryptDelete(),
+	}, withAllCommandModifiers()...)
 }
 
 func encryptRun(v cli.Values) error {
@@ -96,3 +98,22 @@ func encryptListRun(v cli.Values) (cli.ListResult, error) {
 	}
 	return cli.AsListResult(secrets), nil
 }
+
+var encryptDeleteCmd = cli.Command{
+	Name:  "delete",
+	Short: "Delete the given encrypted variable of your CDS project",
+	Ctx: []cli.Arg{
+		{Name: _ProjectKey},
+	},
+	Args: []cli.Arg{
+		{Name: "name"},
+	},
+}
+
+func encryptDelete() *cobra.Command {
+	return cli.NewDeleteCommand(encryptDeleteCmd, encryptDeleteRun, nil, withAllCommandModifiers()...)
+}
+
+func encryptDeleteRun(v cli.Values) error {
+	return client.VariableEncryptDelete(v.GetString(_ProjectKey), v.GetString("name"))
+}

engine/api/api_routes.go

@@ -158,7 +158,7 @@ func (api *API) InitRouter() {
 	r.Handle("/project/{permProjectKey}/group/import", Scope(sdk.AuthConsumerScopeProject), r.POST(api.postImportGroupsInProjectHandler))
 	r.Handle("/project/{permProjectKey}/group/{groupName}", Scope(sdk.AuthConsumerScopeProject), r.PUT(api.putGroupRoleOnProjectHandler), r.DELETE(api.deleteGroupFromProjectHandler))
 	r.Handle("/project/{permProjectKey}/variable", Scope(sdk.AuthConsumerScopeProject), r.GET(api.getVariablesInProjectHandler))
-	r.Handle("/project/{permProjectKey}/encrypt", Scope(sdk.AuthConsumerScopeProject), r.POST(api.postEncryptVariableHandler))
+	r.Handle("/project/{permProjectKey}/encrypt", Scope(sdk.AuthConsumerScopeProject), r.POST(api.postEncryptVariableHandler), r.DELETE(api.deleteEncryptVariableHandler))
 	r.Handle("/project/{permProjectKey}/encrypt/list", Scope(sdk.AuthConsumerScopeProject), r.GET(api.getListEncryptVariableHandler))
 	r.Handle("/project/{permProjectKey}/variable/audit", Scope(sdk.AuthConsumerScopeProject), r.GET(api.getVariablesAuditInProjectnHandler))
 	r.Handle("/project/{permProjectKey}/variable/{name}", Scope(sdk.AuthConsumerScopeProject), r.GET(api.getVariableInProjectHandler), r.POST(api.addVariableInProjectHandler), r.PUT(api.updateVariableInProjectHandler), r.DELETE(api.deleteVariableFromProjectHandler))

engine/api/project/key.go

@@ -35,11 +35,16 @@ func ListEncryptedData(ctx context.Context, db gorp.SqlExecutor, projectID int64
 	var res []sdk.Secret
 	query := gorpmapping.NewQuery("select content_name, token from encrypted_data where project_id = $1").Args(projectID)
 	if err := gorpmapping.GetAll(ctx, db, query, &res); err != nil {
-		return nil, sdk.WithStack(err)
+		return nil, err
 	}
 	return res, nil
 }
 
+func DeleteEncryptedVariable(db gorp.SqlExecutor, projectID int64, name string) error {
+	_, err := db.Exec("delete from encrypted_data where project_id = $1 and content_name = $2", projectID, name)
+	return sdk.WithStack(err)
+}
+
 // EncryptWithBuiltinKey encrypt a content with the builtin gpg key encode, compress it and encode with base64
 func EncryptWithBuiltinKey(db gorp.SqlExecutor, projectID int64, name, content string) (string, error) {
 	existingToken, err := db.SelectStr("select token from encrypted_data where project_id = $1 and content_name = $2", projectID, name)

engine/api/project_variable.go

@@ -72,6 +72,25 @@ func (api *API) postEncryptVariableHandler() service.Handler {
 	}
 }
 
+func (api *API) deleteEncryptVariableHandler() service.Handler {
+	return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
+		vars := mux.Vars(r)
+		key := vars[permProjectKey]
+
+		p, err := project.Load(ctx, api.mustDB(), key)
+		if err != nil {
+			return err
+		}
+
+		secretName := r.FormValue("name")
+		if secretName == "" {
+			return sdk.WithStack(sdk.ErrWrongRequest)
+		}
+
+		return project.DeleteEncryptedVariable(api.mustDB(), p.ID, secretName)
+	}
+}
+
 func (api *API) getVariablesAuditInProjectnHandler() service.Handler {
 	return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
 		vars := mux.Vars(r)

engine/api/project_variable_test.go

@@ -92,4 +92,13 @@ func Test_postEncryptVariableHandler(t *testing.T) {
 	test.NoError(t, err)
 
 	assert.Equal(t, "bar", decrypt)
+
+	uri = router.GetRoute("DELETE", api.deleteEncryptVariableHandler, vars)
+	req = assets.NewAuthentifiedRequest(t, u, pass, "DELETE", uri+"?name="+v.Name, v)
+
+	//Do the request
+	rec = httptest.NewRecorder()
+	api.Router.Mux.ServeHTTP(rec, req)
+	assert.Equal(t, 204, rec.Code)
+
 }

sdk/cdsclient/client_project_variable.go

@@ -57,3 +57,10 @@ func (c *client) VariableListEncrypt(projectKey string) ([]sdk.Secret, error) {
 	}
 	return secrets, nil
 }
+
+func (c *client) VariableEncryptDelete(projectKey, name string) error {
+	if _, err := c.DeleteJSON(context.Background(), "/project/"+projectKey+"/encrypt?name="+url.QueryEscape(name), nil, nil); err != nil {
+		return err
+	}
+	return nil
+}

sdk/cdsclient/interface.go

@@ -245,6 +245,7 @@ type ProjectVariablesClient interface {
 	ProjectVariableUpdate(projectKey string, variable *sdk.Variable) error
 	VariableEncrypt(projectKey string, varName string, content string) (*sdk.Variable, error)
 	VariableListEncrypt(projectKey string) ([]sdk.Secret, error)
+	VariableEncryptDelete(projectKey, name string) error
 }
 
 // QueueClient exposes queue related functions