feat(secrets): add ability to fetch and view all secrets across projects and groups, include scopeName, and improve frontend merging/filtering

2026-02-24 21:09:17 +00:00
parent ee3f01993f
commit 179bb9223e
11 changed files with 156 additions and 23 deletions
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@serve.zone/gitops',
-  version: '2.6.2',
+  version: '2.7.0',
  description: 'GitOps management app for Gitea and GitLab - manage secrets, browse projects, view CI pipelines, and stream build logs'
 }
--- a/ts/opsserver/handlers/secrets.handler.ts
+++ b/ts/opsserver/handlers/secrets.handler.ts
@@ -12,6 +12,58 @@ export class SecretsHandler {
  }

  private registerHandlers(): void {
+    // Get all secrets (bulk fetch across all entities)
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetAllSecrets>(
+        'getAllSecrets',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          const provider = this.opsServerRef.gitopsAppRef.connectionManager.getProvider(
+            dataArg.connectionId,
+          );
+
+          const allSecrets: interfaces.data.ISecret[] = [];
+
+          if (dataArg.scope === 'project') {
+            const projects = await provider.getProjects();
+            // Fetch in batches of 5 for performance
+            for (let i = 0; i < projects.length; i += 5) {
+              const batch = projects.slice(i, i + 5);
+              const results = await Promise.allSettled(
+                batch.map(async (p) => {
+                  const secrets = await provider.getProjectSecrets(p.id);
+                  return secrets.map((s) => ({ ...s, scopeName: p.fullPath || p.name }));
+                }),
+              );
+              for (const result of results) {
+                if (result.status === 'fulfilled') {
+                  allSecrets.push(...result.value);
+                }
+              }
+            }
+          } else {
+            const groups = await provider.getGroups();
+            for (let i = 0; i < groups.length; i += 5) {
+              const batch = groups.slice(i, i + 5);
+              const results = await Promise.allSettled(
+                batch.map(async (g) => {
+                  const secrets = await provider.getGroupSecrets(g.id);
+                  return secrets.map((s) => ({ ...s, scopeName: g.fullPath || g.name }));
+                }),
+              );
+              for (const result of results) {
+                if (result.status === 'fulfilled') {
+                  allSecrets.push(...result.value);
+                }
+              }
+            }
+          }
+
+          return { secrets: allSecrets };
+        },
+      ),
+    );
+
    // Get secrets
    this.typedrouter.addTypedHandler(
      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetSecrets>(
--- a/ts/providers/classes.giteaprovider.ts
+++ b/ts/providers/classes.giteaprovider.ts
@@ -72,7 +72,7 @@ export class GiteaProvider extends BaseProvider {
    value: string,
  ): Promise<interfaces.data.ISecret> {
    await this.client.setRepoSecret(projectId, key, value);
-    return { key, value: '***', protected: false, masked: true, scope: 'project', scopeId: projectId, connectionId: this.connectionId, environment: '*' };
+    return { key, value: '***', protected: false, masked: true, scope: 'project', scopeId: projectId, scopeName: projectId, connectionId: this.connectionId, environment: '*' };
  }

  async updateProjectSecret(
@@ -100,7 +100,7 @@ export class GiteaProvider extends BaseProvider {
    value: string,
  ): Promise<interfaces.data.ISecret> {
    await this.client.setOrgSecret(groupId, key, value);
-    return { key, value: '***', protected: false, masked: true, scope: 'group', scopeId: groupId, connectionId: this.connectionId, environment: '*' };
+    return { key, value: '***', protected: false, masked: true, scope: 'group', scopeId: groupId, scopeName: groupId, connectionId: this.connectionId, environment: '*' };
  }

  async updateGroupSecret(
@@ -175,7 +175,7 @@ export class GiteaProvider extends BaseProvider {
    };
  }

-  private mapSecret(s: plugins.giteaClient.IGiteaSecret, scope: 'project' | 'group', scopeId: string): interfaces.data.ISecret {
+  private mapSecret(s: plugins.giteaClient.IGiteaSecret, scope: 'project' | 'group', scopeId: string, scopeName?: string): interfaces.data.ISecret {
    return {
      key: s.name || '',
      value: '***',
@@ -183,6 +183,7 @@ export class GiteaProvider extends BaseProvider {
      masked: true,
      scope,
      scopeId,
+      scopeName: scopeName || scopeId,
      connectionId: this.connectionId,
      environment: '*',
    };
--- a/ts/providers/classes.gitlabprovider.ts
+++ b/ts/providers/classes.gitlabprovider.ts
@@ -149,6 +149,7 @@ export class GitLabProvider extends BaseProvider {
    v: plugins.gitlabClient.IGitLabVariable,
    scope: 'project' | 'group',
    scopeId: string,
+    scopeName?: string,
  ): interfaces.data.ISecret {
    return {
      key: v.key || '',
@@ -157,6 +158,7 @@ export class GitLabProvider extends BaseProvider {
      masked: v.masked || false,
      scope,
      scopeId,
+      scopeName: scopeName || scopeId,
      connectionId: this.connectionId,
      environment: v.environment_scope || '*',
    };