feat: completed secret v3 raw to support tag based filtering

2026-01-10 07:58:15 -05:00 · 2024-08-06 15:35:00 +05:30
parent e6848828f2
commit c5a2b0321f
6 changed files with 29 additions and 10 deletions
--- a/backend/src/lib/api-docs/constants.ts
+++ b/backend/src/lib/api-docs/constants.ts
@@ -596,7 +596,8 @@ export const RAW_SECRETS = {
      "The slug of the project to list secrets from. This parameter is only applicable by machine identities.",
    environment: "The slug of the environment to list secrets from.",
    secretPath: "The secret path to list secrets from.",
-    includeImports: "Weather to include imported secrets or not."
+    includeImports: "Weather to include imported secrets or not.",
+    tagSlugs: "The comma seperated tag slugs to filter secrets"
  },
  CREATE: {
    secretName: "The name of the secret to create.",
--- a/backend/src/server/routes/v3/secret-router.ts
+++ b/backend/src/server/routes/v3/secret-router.ts
@@ -180,7 +180,13 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
          .enum(["true", "false"])
          .default("false")
          .transform((value) => value === "true")
-          .describe(RAW_SECRETS.LIST.includeImports)
+          .describe(RAW_SECRETS.LIST.includeImports),
+        tagSlugs: z
+          .string()
+          .describe(RAW_SECRETS.LIST.tagSlugs)
+          .optional()
+          // split by comma and trim the strings
+          .transform((el) => (el ? el.split(",").map((i) => i.trim()) : []))
      }),
      response: {
        200: z.object({
@@ -251,7 +257,8 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
        projectId: workspaceId,
        path: secretPath,
        includeImports: req.query.include_imports,
-        recursive: req.query.recursive
+        recursive: req.query.recursive,
+        tagSlugs: req.query.tagSlugs
      });

      await server.services.auditLog.createAuditLog({
--- a/backend/src/services/secret-v2-bridge/secret-v2-bridge-service.ts
+++ b/backend/src/services/secret-v2-bridge/secret-v2-bridge-service.ts
@@ -429,6 +429,7 @@ export const secretV2BridgeServiceFactory = ({
    actorAuthMethod,
    includeImports,
    recursive,
+    tagSlugs = [],
    expandSecretReferences: shouldExpandSecretReferences
  }: TGetSecretsDTO) => {
    const { permission } = await permissionService.getProjectPermission(
@@ -496,6 +497,9 @@ export const secretV2BridgeServiceFactory = ({
          : ""
      })
    );
+    const filteredSecrets = tagSlugs.length
+      ? decryptedSecrets.filter((secret) => Boolean(secret.tags?.find((el) => tagSlugs.includes(el.slug))))
+      : decryptedSecrets;
    const expandSecretReferences = expandSecretReferencesFactory({
      projectId,
      folderDAL,
@@ -504,7 +508,7 @@ export const secretV2BridgeServiceFactory = ({
    });

    if (shouldExpandSecretReferences) {
-      const secretsGroupByPath = groupBy(decryptedSecrets, (i) => i.secretPath);
+      const secretsGroupByPath = groupBy(filteredSecrets, (i) => i.secretPath);
      for (const secretPathKey in secretsGroupByPath) {
        if (Object.hasOwn(secretsGroupByPath, secretPathKey)) {
          const secretsGroupByKey = secretsGroupByPath[secretPathKey].reduce(
@@ -530,7 +534,7 @@ export const secretV2BridgeServiceFactory = ({

    if (!includeImports) {
      return {
-        secrets: decryptedSecrets
+        secrets: filteredSecrets
      };
    }

@@ -558,7 +562,7 @@ export const secretV2BridgeServiceFactory = ({
    });

    return {
-      secrets: decryptedSecrets,
+      secrets: filteredSecrets,
      imports: importedSecrets
    };
  };
--- a/backend/src/services/secret-v2-bridge/secret-v2-bridge-types.ts
+++ b/backend/src/services/secret-v2-bridge/secret-v2-bridge-types.ts
@@ -20,6 +20,7 @@ export type TGetSecretsDTO = {
  environment: string;
  includeImports?: boolean;
  recursive?: boolean;
+  tagSlugs?: string[];
 } & TProjectPermission;

 export type TGetASecretDTO = {
--- a/backend/src/services/secret/secret-service.ts
+++ b/backend/src/services/secret/secret-service.ts
@@ -964,7 +964,8 @@ export const secretServiceFactory = ({
    environment,
    includeImports,
    expandSecretReferences,
-    recursive
+    recursive,
+    tagSlugs = []
  }: TGetSecretsRawDTO) => {
    const { botKey, shouldUseSecretV2Bridge } = await projectBotService.getBotKey(projectId);
    if (shouldUseSecretV2Bridge) {
@@ -978,7 +979,8 @@ export const secretServiceFactory = ({
        path,
        recursive,
        actorAuthMethod,
-        includeImports
+        includeImports,
+        tagSlugs
      });
      return { secrets, imports };
    }
@@ -998,6 +1000,9 @@ export const secretServiceFactory = ({
    });

    const decryptedSecrets = secrets.map((el) => decryptSecretRaw(el, botKey));
+    const filteredSecrets = tagSlugs.length
+      ? decryptedSecrets.filter((secret) => Boolean(secret.tags?.find((el) => tagSlugs.includes(el.slug))))
+      : decryptedSecrets;
    const processedImports = (imports || [])?.map(({ secrets: importedSecrets, ...el }) => {
      const decryptedImportSecrets = importedSecrets.map((sec) =>
        decryptSecretRaw(
@@ -1106,14 +1111,14 @@ export const secretServiceFactory = ({
      };

      // expand secrets
-      await batchSecretsExpand(decryptedSecrets);
+      await batchSecretsExpand(filteredSecrets);

      // expand imports by batch
      await Promise.all(processedImports.map((processedImport) => batchSecretsExpand(processedImport.secrets)));
    }

    return {
-      secrets: decryptedSecrets,
+      secrets: filteredSecrets,
      imports: processedImports
    };
  };
--- a/backend/src/services/secret/secret-types.ts
+++ b/backend/src/services/secret/secret-types.ts
@@ -149,6 +149,7 @@ export type TGetSecretsRawDTO = {
  environment: string;
  includeImports?: boolean;
  recursive?: boolean;
+  tagSlugs?: string[];
 } & TProjectPermission;

 export type TGetASecretRawDTO = {