Support for adding secrets (#410)

Author: MicroFish91

extension.bundle.ts

@@ -18,5 +18,6 @@ export * from '@microsoft/vscode-azext-utils';
 // Export activate/deactivate for main.js
 export { activate, deactivate } from './src/extension';
 export * from './src/extensionVariables';
+export * from './src/utils/validateUtils';
 
 // NOTE: The auto-fix action "source.organizeImports" does weird things with this file, but there doesn't seem to be a way to disable it on a per-file basis so we'll just let it happen

package.json

@@ -111,6 +111,11 @@
                 "title": "%containerApps.editTargetPort%",
                 "category": "Azure Container Apps"
             },
+            {
+                "command": "containerApps.addSecret",
+                "title": "%containerApps.addSecret%",
+                "category": "Azure Container Apps"
+            },
             {
                 "command": "containerApps.createRevisionDraft",
                 "title": "%containerApps.createRevisionDraft%",
@@ -346,6 +351,11 @@
                     "when": "view =~ /(azureResourceGroups|azureFocusView)/ && (viewItem =~ /ingressEnabledItem/i || viewItem =~ /targetPortItem/i)",
                     "group": "1@3"
                 },
+                {
+                    "command": "containerApps.addSecret",
+                    "when": "view =~ /(azureResourceGroups|azureFocusView)/ && viewItem =~ /secretsItem/i",
+                    "group": "1@1"
+                },
                 {
                     "command": "containerApps.openGitHubRepo",
                     "when": "view =~ /(azureResourceGroups|azureFocusView)/ && viewItem =~ /actionsConnected:true(.*)containerAppsActionsItem/i",

package.nls.json

@@ -14,6 +14,7 @@
     "containerApps.enableIngress": "Enable Ingress for Container App...",
     "containerApps.toggleVisibility": "Switch Ingress Visibility...",
     "containerApps.editTargetPort": "Edit Target Port...",
+    "containerApps.addSecret": "Add Secret...",
     "containerApps.chooseRevisionMode": "Choose Revision Mode...",
     "containerApps.createRevisionDraft": "Create Draft...",
     "containerApps.editRevisionDraft": "Edit Draft (Advanced)...",

src/commands/registerCommands.ts

@@ -31,6 +31,7 @@ import { discardRevisionDraft } from './revisionDraft/discardRevisionDraft';
 import { editRevisionDraft } from './revisionDraft/editRevisionDraft';
 import { addScaleRule } from './scaling/addScaleRule/addScaleRule';
 import { editScalingRange } from './scaling/editScalingRange';
+import { addSecret } from './secret/addSecret/addSecret';
 
 export function registerCommands(): void {
     // managed environments
@@ -57,6 +58,9 @@ export function registerCommands(): void {
     registerCommandWithTreeNodeUnwrapping('containerApps.toggleVisibility', toggleIngressVisibility);
     registerCommandWithTreeNodeUnwrapping('containerApps.editTargetPort', editTargetPort);
 
+    // secret
+    registerCommandWithTreeNodeUnwrapping('containerApps.addSecret', addSecret);
+
     // revisions
     registerCommandWithTreeNodeUnwrapping('containerApps.chooseRevisionMode', chooseRevisionMode);
     registerCommandWithTreeNodeUnwrapping('containerApps.activateRevision', activateRevision);

src/commands/secret/ISecretContext.ts

@@ -0,0 +1,15 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+
+import type { Secret } from "@azure/arm-appcontainers";
+import type { ExecuteActivityContext } from "@microsoft/vscode-azext-utils";
+import type { IContainerAppContext } from "../IContainerAppContext";
+
+export interface ISecretContext extends IContainerAppContext, ExecuteActivityContext {
+    newSecretName?: string;
+    newSecretValue?: string;
+
+    secret?: Secret;
+}

src/commands/secret/addSecret/SecretCreateStep.ts

@@ -0,0 +1,42 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+
+import { AzureWizardExecuteStep, nonNullProp } from "@microsoft/vscode-azext-utils";
+import type { Progress } from "vscode";
+import { ext } from "../../../extensionVariables";
+import { ContainerAppModel, getContainerEnvelopeWithSecrets } from "../../../tree/ContainerAppItem";
+import { localize } from "../../../utils/localize";
+import { updateContainerApp } from "../../../utils/updateContainerApp";
+import type { ISecretContext } from "../ISecretContext";
+
+export class SecretCreateStep extends AzureWizardExecuteStep<ISecretContext> {
+    public priority: number = 200;
+
+    public async execute(context: ISecretContext, progress: Progress<{ message?: string | undefined; increment?: number | undefined }>): Promise<void> {
+        const containerApp: ContainerAppModel = nonNullProp(context, 'containerApp');
+        const containerAppEnvelope = await getContainerEnvelopeWithSecrets(context, context.subscription, containerApp);
+
+        containerAppEnvelope.configuration.secrets ||= [];
+        containerAppEnvelope.configuration.secrets.push({
+            name: context.newSecretName,
+            value: context.newSecretValue
+        });
+
+        const addSecret: string = localize('addSecret', 'Add secret "{0}" to container app "{1}"', context.newSecretName, containerApp.name);
+        const creatingSecret: string = localize('creatingSecret', 'Creating secret...');
+
+        context.activityTitle = addSecret;
+        progress.report({ message: creatingSecret });
+
+        await updateContainerApp(context, context.subscription, containerAppEnvelope);
+
+        const addedSecret: string = localize('addedSecret', 'Added secret "{0}" to container app "{1}"', context.newSecretName, containerApp.name);
+        ext.outputChannel.appendLog(addedSecret);
+    }
+
+    public shouldExecute(context: ISecretContext): boolean {
+        return !!context.newSecretName && !!context.newSecretValue;
+    }
+}

src/commands/secret/addSecret/SecretNameStep.ts

@@ -0,0 +1,44 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+
+import type { Secret } from "@azure/arm-appcontainers";
+import { AzureWizardPromptStep } from "@microsoft/vscode-azext-utils";
+import { localize } from "../../../utils/localize";
+import { validateUtils } from "../../../utils/validateUtils";
+import type { ISecretContext } from "../ISecretContext";
+
+export class SecretNameStep extends AzureWizardPromptStep<ISecretContext> {
+    public async prompt(context: ISecretContext): Promise<void> {
+        context.newSecretName = (await context.ui.showInputBox({
+            prompt: localize('secretName', 'Enter a secret name.'),
+            validateInput: (val: string | undefined) => this.validateInput(context, val),
+        })).trim();
+        context.valuesToMask.push(context.newSecretName);
+    }
+
+    public shouldPrompt(context: ISecretContext): boolean {
+        return !context.newSecretName;
+    }
+
+    private validateInput(context: ISecretContext, val: string | undefined): string | undefined {
+        const value: string = val ? val.trim() : '';
+
+        if (!validateUtils.isValidLength(value)) {
+            return validateUtils.getInvalidLengthMessage();
+        }
+
+        const allowedSymbols: string = '-.';
+        if (!validateUtils.isLowerCaseAlphanumericWithSymbols(value, allowedSymbols)) {
+            return validateUtils.getInvalidLowerCaseAlphanumericWithSymbolsMessage(allowedSymbols);
+        }
+
+        const secrets: Secret[] = context.containerApp?.configuration?.secrets ?? [];
+        if (secrets.some((secret) => secret.name?.trim().toLocaleLowerCase() === value.toLocaleLowerCase())) {
+            return localize('secretAlreadyExists', 'Secret with name "{0}" already exists.', value);
+        }
+
+        return undefined;
+    }
+}

src/commands/secret/addSecret/SecretValueStep.ts

@@ -0,0 +1,34 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+
+import { AzureWizardPromptStep } from "@microsoft/vscode-azext-utils";
+import { localize } from "../../../utils/localize";
+import { validateUtils } from "../../../utils/validateUtils";
+import type { ISecretContext } from "../ISecretContext";
+
+export class SecretValueStep extends AzureWizardPromptStep<ISecretContext> {
+    public async prompt(context: ISecretContext): Promise<void> {
+        context.newSecretValue = await context.ui.showInputBox({
+            prompt: localize('secretValue', 'Enter a secret value.'),
+            password: true,
+            validateInput: this.validateInput
+        });
+        context.valuesToMask.push(context.newSecretValue);
+    }
+
+    public shouldPrompt(context: ISecretContext): boolean {
+        return !context.newSecretValue;
+    }
+
+    private validateInput(val: string | undefined): string | undefined {
+        val ??= '';
+
+        if (!validateUtils.isValidLength(val)) {
+            return validateUtils.getInvalidLengthMessage();
+        }
+
+        return undefined;
+    }
+}

src/commands/secret/addSecret/addSecret.ts

@@ -0,0 +1,52 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+
+import { AzureWizard, AzureWizardExecuteStep, AzureWizardPromptStep, IActionContext, createSubscriptionContext } from "@microsoft/vscode-azext-utils";
+import { ext } from "../../../extensionVariables";
+import { SecretsItem } from "../../../tree/configurations/secrets/SecretsItem";
+import { createActivityContext } from "../../../utils/activityUtils";
+import { localize } from "../../../utils/localize";
+import { pickContainerApp } from "../../../utils/pickContainerApp";
+import type { ISecretContext } from "../ISecretContext";
+import { SecretCreateStep } from "./SecretCreateStep";
+import { SecretNameStep } from "./SecretNameStep";
+import { SecretValueStep } from "./SecretValueStep";
+
+export async function addSecret(context: IActionContext, node?: SecretsItem): Promise<void> {
+    const { subscription, containerApp } = node ?? await pickContainerApp(context);
+
+    const wizardContext: ISecretContext = {
+        ...context,
+        ...createSubscriptionContext(subscription),
+        ...(await createActivityContext()),
+        subscription,
+        containerApp,
+    };
+
+    const promptSteps: AzureWizardPromptStep<ISecretContext>[] = [
+        new SecretNameStep(),
+        new SecretValueStep()
+    ];
+
+    const executeSteps: AzureWizardExecuteStep<ISecretContext>[] = [
+        new SecretCreateStep()
+    ];
+
+    const wizard: AzureWizard<ISecretContext> = new AzureWizard(wizardContext, {
+        title: localize('addSecret', 'Add secret to container app "{0}"', containerApp.name),
+        promptSteps,
+        executeSteps,
+        showLoadingPrompt: true
+    });
+
+    await wizard.prompt();
+
+    const parentId: string = `${containerApp.id}/${SecretsItem.idSuffix}`;
+    await ext.state.showCreatingChild(parentId, localize('creatingSecret', 'Creating secret...'), async () => {
+        await wizard.execute();
+    });
+
+    ext.state.notifyChildrenChanged(containerApp.managedEnvironmentId);
+}

src/utils/validateUtils.ts

@@ -9,6 +9,7 @@ export namespace validateUtils {
     const thirtyTwoBitMaxSafeInteger: number = 2147483647;
     // Estimated using UTF-8 encoding, where a character can be up to ~4 bytes long
     const maxSafeCharacterLength: number = thirtyTwoBitMaxSafeInteger / 32;
+    const allowedSymbols: string = '[-\/\\^$*+?.()|[\]{}]';
 
     /**
      * Validates that the given input string is the appropriate length as determined by the optional lower and upper limit parameters
@@ -40,4 +41,30 @@ export namespace validateUtils {
             return localize('invalidBetweenInputLength', 'The input value must be between {0} and {1} characters long.', lowerLimitIncl, upperLimitIncl);
         }
     }
+
+    /**
+     * Validates that the given input string consists of lower case alphanumeric characters,
+     * starts and ends with an alphanumeric character, and does not contain any special symbols not explicitly specified
+     *
+     * @param value The original input string to validate
+     * @param symbols Any custom symbols that are also allowed in the input string. Defaults to '-'.
+     *
+     * @example
+     * "abcd-1234" // returns true
+     * "-abcd-1234" // returns false
+     */
+    export function isLowerCaseAlphanumericWithSymbols(value: string, symbols: string = '-'): boolean {
+        // Search through the passed symbols and match any allowed symbols
+        // If we find a match, escape the symbol using '\\$&'
+        const symbolPattern: string = symbols.replace(new RegExp(allowedSymbols, 'g'), '\\$&');
+        const pattern: RegExp = new RegExp(`^[a-z0-9](?:[a-z0-9${symbolPattern}]*[a-z0-9])?$`);
+        return pattern.test(value);
+    }
+
+    /**
+     * @param symbols Any custom symbols that are also allowed in the input string. Defaults to '-'.
+     */
+    export function getInvalidLowerCaseAlphanumericWithSymbolsMessage(symbols: string = '-'): string {
+        return localize('invalidLowerAlphanumericWithSymbols', `A name must consist of lower case alphanumeric characters or one of the following symbols: "{0}", and must start and end with a lower case alphanumeric character.`, symbols);
+    }
 }