Skip to content

fix(wfctl): forward gen.Name to provider_credential generator #733

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
intel352 merged 1 commit into from
May 20, 2026
Merged

fix(wfctl): forward gen.Name to provider_credential generator #733

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions cmd/wfctl/infra_bootstrap.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -611,6 +611,9 @@ var bootstrapSecrets = func(ctx context.Context, provider secrets.Provider, cfg
if gen.Source != "" {
genConfig["source"] = gen.Source
}
if gen.Name != "" {
genConfig["name"] = gen.Name
}

// --force-rotate path: for provider_credential, read the OLD access_key
// BEFORE deleting so we can revoke it at the upstream provider after minting
Expand Down
39 changes: 39 additions & 0 deletions cmd/wfctl/infra_bootstrap_secrets_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -387,3 +387,42 @@ func TestBootstrapSecrets_ProviderCredential_RollbackOnFirstSetFailure(t *testin
t.Errorf("rollback calls = %v; want one revoke of AK_FIRST", rev.calls)
}
}

// TestBootstrapSecrets_ForwardsGenName is the regression test for the
// breakage caught during the gocodealone-multisite deploy: SecretGen
// has a `name:` field but bootstrapSecrets didn't propagate it into
// genConfig. provider_credential generators requiring a non-empty
// name (e.g. digitalocean.spaces post-v0.60.4) then failed every run
// because the config they received was missing the field.
func TestBootstrapSecrets_ForwardsGenName(t *testing.T) {
var capturedConfig map[string]any
withStubGenerator(t, func(_ context.Context, _ string, cfg map[string]any) (string, error) {
capturedConfig = cfg
out, _ := json.Marshal(map[string]string{
"access_key": "AK",
"secret_key": "SK",
})
return string(out), nil
})

p := &writeOnlyProvider{listOK: true}
cfg := &SecretsConfig{
Generate: []SecretGen{
{
Key: "SPACES",
Type: "provider_credential",
Source: "digitalocean.spaces",
Name: "multisite-deploy-key",
},
},
}
if _, _, err := bootstrapSecrets(context.Background(), p, cfg, nil); err != nil {
t.Fatalf("bootstrapSecrets: %v", err)
}
if got := capturedConfig["name"]; got != "multisite-deploy-key" {
t.Errorf("generator received name=%v want multisite-deploy-key (full config: %v)", got, capturedConfig)
}
if got := capturedConfig["source"]; got != "digitalocean.spaces" {
t.Errorf("generator received source=%v want digitalocean.spaces", got)
}
}
Loading