diff --git a/src/vaults/VaultOps.ts b/src/vaults/VaultOps.ts index cb98f5e66..120d9663c 100644 --- a/src/vaults/VaultOps.ts +++ b/src/vaults/VaultOps.ts @@ -276,9 +276,25 @@ async function writeSecret( logger?: Logger, ): Promise { await vault.writeF(async (efs) => { - await efs.writeFile(secretName, content); + try { + await efs.writeFile(secretName, content); + logger?.info(`Wrote secret ${secretName} in vault ${vault.vaultId}`); + } catch (e) { + if (e.code === 'ENOENT') { + throw new vaultsErrors.ErrorSecretsSecretUndefined( + `One or more parent directories for '${secretName}' do not exist`, + { cause: e }, + ); + } + if (e.code === 'EISDIR') { + throw new vaultsErrors.ErrorSecretsIsDirectory( + `Secret path '${secretName}' is a directory`, + { cause: e }, + ); + } + throw e; + } }); - logger?.info(`Wrote secret ${secretName} in vault ${vault.vaultId}`); } export { diff --git a/tests/client/handlers/vaults.test.ts b/tests/client/handlers/vaults.test.ts index 18a64fa0c..377f1c3a2 100644 --- a/tests/client/handlers/vaults.test.ts +++ b/tests/client/handlers/vaults.test.ts @@ -944,10 +944,27 @@ describe('vaultsSecretsWriteFile', () => { recursive: true, }); }); + test('should fail with an invalid vault name', async () => { + const writeP = async () => { + try { + await rpcClient.methods.vaultsSecretsWriteFile({ + nameOrId: 'doesnt-exist', + secretName: 'doesnt-matter', + secretContent: 'doesnt-matter', + }); + } catch (e) { + throw e.cause; + } + }; + await expect(writeP).rejects.toThrow( + vaultsErrors.ErrorVaultsVaultUndefined, + ); + }); test('should edit a secret', async () => { const vaultName = 'test-vault'; - const secretName = 'test-secret'; const vaultId = await vaultManager.createVault(vaultName); + const secretName = 'test-secret'; + const newContent = 'content-changed'; await vaultManager.withVaults([vaultId], async (vault) => { await vault.writeF(async (efs) => { await efs.writeFile(secretName, secretName); @@ -956,32 +973,103 @@ describe('vaultsSecretsWriteFile', () => { const response = await rpcClient.methods.vaultsSecretsWriteFile({ nameOrId: vaultsUtils.encodeVaultId(vaultId), secretName: secretName, - secretContent: Buffer.from('content-change').toString('binary'), + secretContent: Buffer.from(newContent).toString('binary'), }); expect(response.success).toBeTruthy(); await vaultManager.withVaults([vaultId], async (vault) => { await vault.readF(async (efs) => { expect((await efs.readFile(secretName)).toString()).toStrictEqual( - 'content-change', + newContent, ); }); }); }); - test('should create target file with contents if it does not exist', async () => { + test('should create file if it does not exist', async () => { const vaultName = 'test-vault'; - const secretName = 'test-secret'; const vaultId = await vaultManager.createVault(vaultName); + const secretName = 'test-secret'; const response = await rpcClient.methods.vaultsSecretsWriteFile({ nameOrId: vaultsUtils.encodeVaultId(vaultId), secretName: secretName, - secretContent: Buffer.from('content-change').toString('binary'), + secretContent: Buffer.from(secretName).toString('binary'), }); expect(response.success).toBeTruthy(); await vaultManager.withVaults([vaultId], async (vault) => { await vault.readF(async (efs) => { - expect((await efs.readFile(secretName)).toString()).toStrictEqual( - 'content-change', - ); + const content = await efs.readFile(secretName); + expect(content.toString()).toStrictEqual(secretName); + }); + }); + }); + test('should fail when writing to a directory', async () => { + const vaultName = 'test-vault'; + const vaultId = await vaultManager.createVault(vaultName); + const dirName = 'test-secret'; + // Make the directory + await vaultManager.withVaults([vaultId], async (vault) => { + await vault.writeF(async (efs) => { + efs.mkdir(dirName); + }); + }); + // Try writing to directory + const writeP = async () => { + try { + await rpcClient.methods.vaultsSecretsWriteFile({ + nameOrId: vaultsUtils.encodeVaultId(vaultId), + secretName: dirName, + secretContent: Buffer.from(dirName).toString('binary'), + }); + } catch (e) { + throw e.cause; + } + }; + await expect(writeP).rejects.toThrow(vaultsErrors.ErrorSecretsIsDirectory); + }); + test('should fail when parent does not exist', async () => { + const vaultName = 'test-vault'; + const vaultId = await vaultManager.createVault(vaultName); + const dirName = 'dir'; + const secretName = 'secret-name'; + const secretPath = path.join(dirName, secretName); + // Try writing + const writeP = async () => { + try { + await rpcClient.methods.vaultsSecretsWriteFile({ + nameOrId: vaultsUtils.encodeVaultId(vaultId), + secretName: secretPath, + secretContent: Buffer.from(secretName).toString('binary'), + }); + } catch (e) { + throw e.cause; + } + }; + await expect(writeP).rejects.toThrow( + vaultsErrors.ErrorSecretsSecretUndefined, + ); + }); + test('should write to nested path', async () => { + const vaultName = 'test-vault'; + const vaultId = await vaultManager.createVault(vaultName); + const dirName = 'dir'; + const secretName = 'secret-name'; + const secretPath = path.join(dirName, secretName); + // Make the directory + await vaultManager.withVaults([vaultId], async (vault) => { + await vault.writeF(async (efs) => { + efs.mkdir(dirName); + }); + }); + // Try writing + const response = await rpcClient.methods.vaultsSecretsWriteFile({ + nameOrId: vaultsUtils.encodeVaultId(vaultId), + secretName: secretPath, + secretContent: Buffer.from(secretName).toString('binary'), + }); + expect(response.success).toBeTruthy(); + await vaultManager.withVaults([vaultId], async (vault) => { + await vault.readF(async (efs) => { + const content = await efs.readFile(secretPath); + expect(content.toString()).toStrictEqual(secretName); }); }); });