Merge pull request #472 from DannyBen/add/env-var-whitelist

Add `allowed` option to `environment_variable`
DannyBen · Dec 22, 2023 · 6efc553 · 6efc553
2 parents a05f7d0 + e205064
commit 6efc553
Show file tree

Hide file tree

Showing 8 changed files with 38 additions and 2 deletions.
diff --git a/lib/bashly/config_validator.rb b/lib/bashly/config_validator.rb
@@ -168,6 +168,9 @@ def assert_env_var(key, value)
       assert_optional_string "#{key}.default", value['default']
       assert_boolean "#{key}.required", value['required']
       assert_boolean "#{key}.private", value['private']
+      assert_array "#{key}.allowed", value['allowed'], of: :string
+
+      refute value['required'] && value['default'], "#{key} cannot have both nub`required` and nub`default`"
     end
 
     def assert_command(key, value)

diff --git a/lib/bashly/libraries/strings/strings.yml b/lib/bashly/libraries/strings/strings.yml
@@ -34,5 +34,6 @@ missing_required_environment_variable: "missing required environment variable: %
 missing_dependency: "missing dependency: %{dependency}"
 disallowed_flag: "%{name} must be one of: %{allowed}"
 disallowed_argument: "%{name} must be one of: %{allowed}"
+disallowed_environment_variable: "%{name} environment variable must be one of: %{allowed}"
 unsupported_bash_version: "bash version 4 or higher is required"
 validation_error: "validation error in %s:\\n%s"
diff --git a/lib/bashly/script/command.rb b/lib/bashly/script/command.rb
@@ -327,6 +327,11 @@ def whitelisted_args
         args.select(&:allowed)
       end
 
+      # Returns an array of all the environemnt_variables with a whitelist arg
+      def whitelisted_environment_variables
+        environment_variables.select(&:allowed)
+      end
+
       # Returns an array of all the flags with a whitelist arg
       def whitelisted_flags
         flags.select(&:allowed)

diff --git a/lib/bashly/script/environment_variable.rb b/lib/bashly/script/environment_variable.rb
@@ -3,7 +3,7 @@ module Script
     class EnvironmentVariable < Base
       class << self
         def option_keys
-          @option_keys ||= %i[default help name required private]
+          @option_keys ||= %i[allowed default help name required private]
         end
       end
 

diff --git a/lib/bashly/views/command/environment_variables_filter.gtx b/lib/bashly/views/command/environment_variables_filter.gtx
@@ -1,4 +1,6 @@
-if default_environment_variables.any? or required_environment_variables.any?
+if default_environment_variables.any? || required_environment_variables.any? ||
+  whitelisted_environment_variables.any?
+
   = view_marker 
   = render(:environment_variables_default)
 
@@ -10,4 +12,13 @@ if default_environment_variables.any? or required_environment_variables.any?
       > fi
     end
   end
+
+  if whitelisted_environment_variables.any?
+    whitelisted_environment_variables.each do |env_var|
+      > if [[ -n "${<%= env_var.name.upcase %>:-}" ]] && [[ ! ${<%= env_var.name.upcase %>:-} =~ ^({{ env_var.allowed.join '|' }})$ ]]; then
+      >   printf "%s\n" "{{ strings[:disallowed_environment_variable] % { name: env_var.name.upcase, allowed: env_var.allowed.join(', ') } }}" >&2
+      >   exit 1
+      > fi
+    end
+  end
 end
diff --git a/schemas/strings.json b/schemas/strings.json
@@ -186,6 +186,13 @@
             "minLength": 1,
             "default": "%{name} must be one of: %{allowed}"
         },
+        "disallowed_environment_variable": {
+            "title": "disallowed_environment_variable",
+            "description": "A forbidden environment variable error of the current script\nhttps://bashly.dannyb.co/advanced/strings/#custom-strings",
+            "type": "string",
+            "minLength": 1,
+            "default": "%{name} environment variable must be one of: %{allowed}"
+        },
         "unsupported_bash_version": {
             "title": "unsupported bash version",
             "description": "An unsupported Bash version error of the current script\nhttps://bashly.dannyb.co/advanced/strings/#custom-strings",

diff --git a/spec/approvals/validations/env_var_required_and_default b/spec/approvals/validations/env_var_required_and_default
@@ -0,0 +1 @@
+#<Bashly::ConfigurationError: root.environment_variables[0] cannot have both nub`required` and nub`default`>
diff --git a/spec/fixtures/script/validations.yml b/spec/fixtures/script/validations.yml
@@ -212,6 +212,14 @@
   - name: api_key
     required: 1
 
+:env_var_required_and_default:
+  name: invalid
+  help: env_var cannot have both required and default
+  environment_variables:
+  - name: app_env
+    required: true
+    default: dev
+
 :env_var_private:
   name: invalid
   help: env_var.private should be a boolean
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		#<Bashly::ConfigurationError: root.environment_variables[0] cannot have both nub`required` and nub`default`>