patch secret override for run/export command

Infisical · Jan 20, 2023 · 3fc68ff · 3fc68ff
1 parent 0613e11
commit 3fc68ff
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 19 deletions.
diff --git a/cli/packages/cmd/export.go b/cli/packages/cmd/export.go
@@ -51,11 +51,22 @@ var exportCmd = &cobra.Command{
 			util.HandleError(err)
 		}
 
+		secretOverriding, err := cmd.Flags().GetBool("secret-overriding")
+		if err != nil {
+			util.HandleError(err, "Unable to parse flag")
+		}
+
 		secrets, err := util.GetAllEnvironmentVariables(envName)
 		if err != nil {
 			util.HandleError(err, "Unable to fetch secrets")
 		}
 
+		if secretOverriding {
+			secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_PERSONAL)
+		} else {
+			secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_SHARED)
+		}
+
 		var output string
 		if shouldExpandSecrets {
 			substitutions := util.SubstituteSecrets(secrets)
@@ -79,6 +90,7 @@ func init() {
 	exportCmd.Flags().StringP("env", "e", "dev", "Set the environment (dev, prod, etc.) from which your secrets should be pulled from")
 	exportCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
 	exportCmd.Flags().StringP("format", "f", "dotenv", "Set the format of the output file (dotenv, json, csv)")
+	exportCmd.Flags().Bool("secret-overriding", true, "Prioritizes personal secrets, if any, with the same name over shared secrets")
 }
 
 // Format according to the format flag

diff --git a/cli/packages/cmd/run.go b/cli/packages/cmd/run.go
@@ -77,12 +77,14 @@ var runCmd = &cobra.Command{
 			util.HandleError(err, "Could not fetch secrets", "If you are using a service token to fetch secrets, please ensure it is valid")
 		}
 
-		if shouldExpandSecrets {
-			secrets = util.SubstituteSecrets(secrets)
+		if secretOverriding {
+			secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_PERSONAL)
+		} else {
+			secrets = util.OverrideSecrets(secrets, util.SECRET_TYPE_SHARED)
 		}
 
-		if secretOverriding {
-			secrets = util.OverrideWithPersonalSecrets(secrets)
+		if shouldExpandSecrets {
+			secrets = util.SubstituteSecrets(secrets)
 		}
 
 		secretsByKey := getSecretsByKeys(secrets)

diff --git a/cli/packages/util/secrets.go b/cli/packages/util/secrets.go
@@ -195,33 +195,46 @@ func SubstituteSecrets(secrets []models.SingleEnvironmentVariable) []models.Sing
 	return expandedSecrets
 }
 
-//
-
-// if two secrets with the same name are found, the one that has type `personal` will be in the returned list
-func OverrideWithPersonalSecrets(secrets []models.SingleEnvironmentVariable) []models.SingleEnvironmentVariable {
-	personalSecret := make(map[string]models.SingleEnvironmentVariable)
-	sharedSecret := make(map[string]models.SingleEnvironmentVariable)
+func OverrideSecrets(secrets []models.SingleEnvironmentVariable, secretType string) []models.SingleEnvironmentVariable {
+	personalSecrets := make(map[string]models.SingleEnvironmentVariable)
+	sharedSecrets := make(map[string]models.SingleEnvironmentVariable)
 	secretsToReturn := []models.SingleEnvironmentVariable{}
+	secretsToReturnMap := make(map[string]models.SingleEnvironmentVariable)
 
 	for _, secret := range secrets {
 		if secret.Type == PERSONAL_SECRET_TYPE_NAME {
-			personalSecret[secret.Key] = secret
+			personalSecrets[secret.Key] = secret
 		}
-
 		if secret.Type == SHARED_SECRET_TYPE_NAME {
-			sharedSecret[secret.Key] = secret
+			sharedSecrets[secret.Key] = secret
 		}
 	}
 
-	for _, secret := range sharedSecret {
-		personalValue, personalExists := personalSecret[secret.Key]
-		if personalExists {
-			secretsToReturn = append(secretsToReturn, personalValue)
-		} else {
-			secretsToReturn = append(secretsToReturn, secret)
+	if secretType == PERSONAL_SECRET_TYPE_NAME {
+		for _, secret := range secrets {
+			if personalSecret, exists := personalSecrets[secret.Key]; exists {
+				secretsToReturnMap[secret.Key] = personalSecret
+			} else {
+				if _, exists = secretsToReturnMap[secret.Key]; !exists {
+					secretsToReturnMap[secret.Key] = secret
+				}
+			}
+		}
+	} else if secretType == SHARED_SECRET_TYPE_NAME {
+		for _, secret := range secrets {
+			if sharedSecret, exists := sharedSecrets[secret.Key]; exists {
+				secretsToReturnMap[secret.Key] = sharedSecret
+			} else {
+				if _, exists := secretsToReturnMap[secret.Key]; !exists {
+					secretsToReturnMap[secret.Key] = secret
+				}
+			}
 		}
 	}
 
+	for _, secret := range secretsToReturnMap {
+		secretsToReturn = append(secretsToReturn, secret)
+	}
 	return secretsToReturn
 }