Warn when using secrets without --trusted #719

This updates the CLI to print a warning if a Truss has secrets defined in its config but is pushed without `--trusted`.
basetenlabs · Nov 7, 2023 · 5340a38 · 5340a38
1 parent 8966035
commit 5340a38
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/truss/cli/cli.py b/truss/cli/cli.py
@@ -447,6 +447,14 @@ def push(
 
         click.echo(draft_model_text)
 
+    # Log a warning if using secrets without --trusted.
+    # TODO(helen): this could be moved to a separate function that includes more config checks.
+    if tr.spec.config.secrets and not trusted:
+        not_trusted_text = """Warning: your Truss has secrets but was not pushed with --trusted.
+Please push with --trusted to grant access to secrets.
+"""
+        console.print(not_trusted_text, style="red")
+
     logs_url = remote_provider.get_remote_logs_url(service)  # type: ignore[attr-defined]
     rich.print(f"🪵  View logs for your deployment at {logs_url}")