feat(secrets): get secrets with imports

2025-01-25 02:55:54 +01:00
parent d7cd9b9341
commit 6ff584c0e2
3 changed files with 78 additions and 1 deletions
--- a/src/custom/secrets.ts
+++ b/src/custom/secrets.ts
@@ -9,6 +9,7 @@ import type {
 	DefaultApiApiV3SecretsRawSecretNamePostRequest
 } from "../infisicalapi_client";
 import { newInfisicalError } from "./errors";
+import { getUniqueSecretsByKey } from "./util";

 type SecretType = "shared" | "personal";

@@ -51,7 +52,7 @@ export type UpdateSecretResult = ApiV3SecretsRawSecretNamePost200Response;
 export type CreateSecretResult = ApiV3SecretsRawSecretNamePost200Response;
 export type DeleteSecretResult = ApiV3SecretsRawSecretNamePost200Response;

-const convertBool = (value: boolean | undefined) => (value ? "true" : "false");
+const convertBool = (value?: boolean) => (value ? "true" : "false");

 export default class SecretsClient {
 	#apiInstance: InfisicalApi;
@@ -81,6 +82,42 @@ export default class SecretsClient {
 		}
 	};

+	listSecretsWithImports = async (options: Omit<ListSecretsOptions, "includeImports">): Promise<ListSecretsResult["secrets"]> => {
+		const res = await this.listSecrets({
+			...options,
+			includeImports: true
+		});
+
+		let { imports, secrets } = res;
+		if (imports) {
+			if (options.recursive) {
+				secrets = getUniqueSecretsByKey(secrets);
+			}
+
+			for (const imp of imports) {
+				for (const importedSecret of imp.secrets) {
+					// CASE: We need to ensure that the imported values don't override the "base" secrets.
+					// Priority order is:
+					// Local/Preset variables -> Actual secrets -> Imported secrets (high->low)
+
+					// Check if the secret already exists in the secrets list
+					if (!secrets.find(s => s.secretKey === importedSecret.secretKey)) {
+						secrets.push({
+							...importedSecret,
+							secretPath: imp.secretPath,
+							// These fields are not returned by the API
+							updatedAt: new Date().toISOString(),
+							createdAt: new Date().toISOString(),
+							tags: []
+						});
+					}
+				}
+			}
+		}
+
+		return secrets;
+	};
+
 	getSecret = async (options: GetSecretOptions): Promise<GetSecretResult> => {
 		try {
 			const res = await this.#apiInstance.apiV3SecretsRawSecretNameGet(
--- a/src/custom/util.ts
+++ b/src/custom/util.ts
@@ -2,6 +2,19 @@ import axios from "axios";
 import { AWS_IDENTITY_DOCUMENT_URI, AWS_TOKEN_METADATA_URI } from "./constants";
 import AWS from "aws-sdk";
 import { InfisicalSDKError } from "./errors";
+import { ApiV3SecretsRawGet200Response } from "../infisicalapi_client";
+
+type Secret = ApiV3SecretsRawGet200Response["secrets"][number];
+
+export const getUniqueSecretsByKey = (secrets: Secret[]) => {
+	const secretMap = new Map<string, Secret>();
+
+	for (const secret of secrets) {
+		secretMap.set(secret.secretKey, secret);
+	}
+
+	return Array.from(secretMap.values());
+};

 export const getAwsRegion = async () => {
 	const region = process.env.AWS_REGION; // Typically found in lambda runtime environment