serve.zone/gitops
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(secrets): add ability to fetch and view all secrets across projects and groups, include scopeName, and improve frontend merging/filtering

Browse Source
This commit is contained in:
Jürgen Kunz
2026-02-24 21:09:17 +00:00
parent ee3f01993f
commit 179bb9223e
11 changed files with 156 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
changelog.md
View File

@@ -1,5 +1,14 @@
# Changelog # Changelog
## 2026-02-24 - 2.7.0 - feat(secrets)
add ability to fetch and view all secrets across projects and groups, include scopeName, and improve frontend merging/filtering
- Add new typed request and handler getAllSecrets to opsserver to bulk-fetch secrets across projects or groups (batched and using Promise.allSettled for performance).
- Extend ISecret with scopeName and update provider mappings (Gitea/GitLab) and secret return values to include scopeName.
- Frontend: add fetchAllSecretsAction, add an "All" option in the Secrets view, filter table by selected entity or show all, and disable "Add Secret" when "All" is selected.
- Create/update actions now merge only the affected entity's secrets into state instead of replacing the entire list; delete now filters by key+scope+scopeId to avoid removing unrelated secrets.
- UI: table now shows a Scope column using scopeName (or fallback to scopeId), selection changes trigger reloading of entities and secrets.
## 2026-02-24 - 2.6.2 - fix(meta) ## 2026-02-24 - 2.6.2 - fix(meta)
update file metadata only (no source changes) update file metadata only (no source changes)

2
ts/00_commitinfo_data.ts
View File

@@ -3,6 +3,6 @@
*/ */
export const commitinfo = { export const commitinfo = {
name: '@serve.zone/gitops', name: '@serve.zone/gitops',
version: '2.6.2', version: '2.7.0',
description: 'GitOps management app for Gitea and GitLab - manage secrets, browse projects, view CI pipelines, and stream build logs' description: 'GitOps management app for Gitea and GitLab - manage secrets, browse projects, view CI pipelines, and stream build logs'
} }

52
ts/opsserver/handlers/secrets.handler.ts
View File

@@ -12,6 +12,58 @@ export class SecretsHandler {
} }
private registerHandlers(): void { private registerHandlers(): void {
// Get all secrets (bulk fetch across all entities)
this.typedrouter.addTypedHandler(
new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetAllSecrets>(
'getAllSecrets',
async (dataArg) => {
await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
const provider = this.opsServerRef.gitopsAppRef.connectionManager.getProvider(
dataArg.connectionId,
);
const allSecrets: interfaces.data.ISecret[] = [];
if (dataArg.scope === 'project') {
const projects = await provider.getProjects();
// Fetch in batches of 5 for performance
for (let i = 0; i < projects.length; i += 5) {
const batch = projects.slice(i, i + 5);
const results = await Promise.allSettled(
batch.map(async (p) => {
const secrets = await provider.getProjectSecrets(p.id);
return secrets.map((s) => ({ ...s, scopeName: p.fullPath || p.name }));
}),
);
for (const result of results) {
if (result.status === 'fulfilled') {
allSecrets.push(...result.value);
}
}
}
} else {
const groups = await provider.getGroups();
for (let i = 0; i < groups.length; i += 5) {
const batch = groups.slice(i, i + 5);
const results = await Promise.allSettled(
batch.map(async (g) => {
const secrets = await provider.getGroupSecrets(g.id);
return secrets.map((s) => ({ ...s, scopeName: g.fullPath || g.name }));
}),
);
for (const result of results) {
if (result.status === 'fulfilled') {
allSecrets.push(...result.value);
}
}
}
}
return { secrets: allSecrets };
},
),
);
// Get secrets // Get secrets
this.typedrouter.addTypedHandler( this.typedrouter.addTypedHandler(
new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetSecrets>( new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetSecrets>(

7
ts/providers/classes.giteaprovider.ts
View File

@@ -72,7 +72,7 @@ export class GiteaProvider extends BaseProvider {
value: string, value: string,
): Promise<interfaces.data.ISecret> { ): Promise<interfaces.data.ISecret> {
await this.client.setRepoSecret(projectId, key, value); await this.client.setRepoSecret(projectId, key, value);
return { key, value: '***', protected: false, masked: true, scope: 'project', scopeId: projectId, connectionId: this.connectionId, environment: '*' }; return { key, value: '***', protected: false, masked: true, scope: 'project', scopeId: projectId, scopeName: projectId, connectionId: this.connectionId, environment: '*' };
} }
async updateProjectSecret( async updateProjectSecret(
@@ -100,7 +100,7 @@ export class GiteaProvider extends BaseProvider {
value: string, value: string,
): Promise<interfaces.data.ISecret> { ): Promise<interfaces.data.ISecret> {
await this.client.setOrgSecret(groupId, key, value); await this.client.setOrgSecret(groupId, key, value);
return { key, value: '***', protected: false, masked: true, scope: 'group', scopeId: groupId, connectionId: this.connectionId, environment: '*' }; return { key, value: '***', protected: false, masked: true, scope: 'group', scopeId: groupId, scopeName: groupId, connectionId: this.connectionId, environment: '*' };
} }
async updateGroupSecret( async updateGroupSecret(
@@ -175,7 +175,7 @@ export class GiteaProvider extends BaseProvider {
}; };
} }
private mapSecret(s: plugins.giteaClient.IGiteaSecret, scope: 'project' | 'group', scopeId: string): interfaces.data.ISecret { private mapSecret(s: plugins.giteaClient.IGiteaSecret, scope: 'project' | 'group', scopeId: string, scopeName?: string): interfaces.data.ISecret {
return { return {
key: s.name || '', key: s.name || '',
value: '***', value: '***',
@@ -183,6 +183,7 @@ export class GiteaProvider extends BaseProvider {
masked: true, masked: true,
scope, scope,
scopeId, scopeId,
scopeName: scopeName || scopeId,
connectionId: this.connectionId, connectionId: this.connectionId,
environment: '*', environment: '*',
}; };

2
ts/providers/classes.gitlabprovider.ts
View File

@@ -149,6 +149,7 @@ export class GitLabProvider extends BaseProvider {
v: plugins.gitlabClient.IGitLabVariable, v: plugins.gitlabClient.IGitLabVariable,
scope: 'project' | 'group', scope: 'project' | 'group',
scopeId: string, scopeId: string,
scopeName?: string,
): interfaces.data.ISecret { ): interfaces.data.ISecret {
return { return {
key: v.key || '', key: v.key || '',
@@ -157,6 +158,7 @@ export class GitLabProvider extends BaseProvider {
masked: v.masked || false, masked: v.masked || false,
scope, scope,
scopeId, scopeId,
scopeName: scopeName || scopeId,
connectionId: this.connectionId, connectionId: this.connectionId,
environment: v.environment_scope || '*', environment: v.environment_scope || '*',
}; };

2
ts_bundled/bundle.ts
View File

File diff suppressed because one or more lines are too long

1
ts_interfaces/data/secret.ts
View File

@@ -5,6 +5,7 @@ export interface ISecret {
masked: boolean; masked: boolean;
scope: 'project' | 'group'; scope: 'project' | 'group';
scopeId: string; scopeId: string;
scopeName: string;
connectionId: string; connectionId: string;
environment: string; environment: string;
} }

15
ts_interfaces/requests/secrets.ts
View File

@@ -1,6 +1,21 @@
import * as plugins from '../plugins.ts'; import * as plugins from '../plugins.ts';
import * as data from '../data/index.ts'; import * as data from '../data/index.ts';
export interface IReq_GetAllSecrets extends plugins.typedrequestInterfaces.implementsTR<
plugins.typedrequestInterfaces.ITypedRequest,
IReq_GetAllSecrets
> {
method: 'getAllSecrets';
request: {
identity: data.IIdentity;
connectionId: string;
scope: 'project' | 'group';
};
response: {
secrets: data.ISecret[];
};
}
export interface IReq_GetSecrets extends plugins.typedrequestInterfaces.implementsTR< export interface IReq_GetSecrets extends plugins.typedrequestInterfaces.implementsTR<
plugins.typedrequestInterfaces.ITypedRequest, plugins.typedrequestInterfaces.ITypedRequest,
IReq_GetSecrets IReq_GetSecrets

2
ts_web/00_commitinfo_data.ts
View File

@@ -3,6 +3,6 @@
*/ */
export const commitinfo = { export const commitinfo = {
name: '@serve.zone/gitops', name: '@serve.zone/gitops',
version: '2.6.2', version: '2.7.0',
description: 'GitOps management app for Gitea and GitLab - manage secrets, browse projects, view CI pipelines, and stream build logs' description: 'GitOps management app for Gitea and GitLab - manage secrets, browse projects, view CI pipelines, and stream build logs'
} }

41
ts_web/appstate.ts
View File

@@ -304,6 +304,27 @@ export const fetchSecretsAction = dataStatePart.createAction<{
} }
}); });
export const fetchAllSecretsAction = dataStatePart.createAction<{
connectionId: string;
scope: 'project' | 'group';
}>(async (statePartArg, dataArg) => {
const context = getActionContext();
try {
const typedRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
interfaces.requests.IReq_GetAllSecrets
>('/typedrequest', 'getAllSecrets');
const response = await typedRequest.fire({
identity: context.identity!,
connectionId: dataArg.connectionId,
scope: dataArg.scope,
});
return { ...statePartArg.getState(), secrets: response.secrets };
} catch (err) {
console.error('Failed to fetch all secrets:', err);
return statePartArg.getState();
}
});
export const createSecretAction = dataStatePart.createAction<{ export const createSecretAction = dataStatePart.createAction<{
connectionId: string; connectionId: string;
scope: 'project' | 'group'; scope: 'project' | 'group';
@@ -320,7 +341,7 @@ export const createSecretAction = dataStatePart.createAction<{
identity: context.identity!, identity: context.identity!,
...dataArg, ...dataArg,
}); });
// Re-fetch secrets // Re-fetch only the affected entity's secrets and merge
const listReq = new plugins.domtools.plugins.typedrequest.TypedRequest< const listReq = new plugins.domtools.plugins.typedrequest.TypedRequest<
interfaces.requests.IReq_GetSecrets interfaces.requests.IReq_GetSecrets
>('/typedrequest', 'getSecrets'); >('/typedrequest', 'getSecrets');
@@ -330,7 +351,11 @@ export const createSecretAction = dataStatePart.createAction<{
scope: dataArg.scope, scope: dataArg.scope,
scopeId: dataArg.scopeId, scopeId: dataArg.scopeId,
}); });
return { ...statePartArg.getState(), secrets: listResp.secrets }; const state = statePartArg.getState();
const otherSecrets = state.secrets.filter(
(s) => !(s.scopeId === dataArg.scopeId && s.scope === dataArg.scope),
);
return { ...state, secrets: [...otherSecrets, ...listResp.secrets] };
} catch (err) { } catch (err) {
console.error('Failed to create secret:', err); console.error('Failed to create secret:', err);
return statePartArg.getState(); return statePartArg.getState();
@@ -353,7 +378,7 @@ export const updateSecretAction = dataStatePart.createAction<{
identity: context.identity!, identity: context.identity!,
...dataArg, ...dataArg,
}); });
// Re-fetch // Re-fetch only the affected entity's secrets and merge
const listReq = new plugins.domtools.plugins.typedrequest.TypedRequest< const listReq = new plugins.domtools.plugins.typedrequest.TypedRequest<
interfaces.requests.IReq_GetSecrets interfaces.requests.IReq_GetSecrets
>('/typedrequest', 'getSecrets'); >('/typedrequest', 'getSecrets');
@@ -363,7 +388,11 @@ export const updateSecretAction = dataStatePart.createAction<{
scope: dataArg.scope, scope: dataArg.scope,
scopeId: dataArg.scopeId, scopeId: dataArg.scopeId,
}); });
return { ...statePartArg.getState(), secrets: listResp.secrets }; const state = statePartArg.getState();
const otherSecrets = state.secrets.filter(
(s) => !(s.scopeId === dataArg.scopeId && s.scope === dataArg.scope),
);
return { ...state, secrets: [...otherSecrets, ...listResp.secrets] };
} catch (err) { } catch (err) {
console.error('Failed to update secret:', err); console.error('Failed to update secret:', err);
return statePartArg.getState(); return statePartArg.getState();
@@ -388,7 +417,9 @@ export const deleteSecretAction = dataStatePart.createAction<{
const state = statePartArg.getState(); const state = statePartArg.getState();
return { return {
...state, ...state,
secrets: state.secrets.filter((s) => s.key !== dataArg.key), secrets: state.secrets.filter(
(s) => !(s.key === dataArg.key && s.scopeId === dataArg.scopeId && s.scope === dataArg.scope),
),
}; };
} catch (err) { } catch (err) {
console.error('Failed to delete secret:', err); console.error('Failed to delete secret:', err);

46
ts_web/elements/views/secrets/index.ts
View File

@@ -36,7 +36,7 @@ export class GitopsViewSecrets extends DeesElement {
accessor selectedScope: 'project' | 'group' = 'project'; accessor selectedScope: 'project' | 'group' = 'project';
@state() @state()
accessor selectedScopeId: string = ''; accessor selectedScopeId: string = '__all__';
private _autoRefreshHandler: () => void; private _autoRefreshHandler: () => void;
@@ -70,6 +70,13 @@ export class GitopsViewSecrets extends DeesElement {
viewHostCss, viewHostCss,
]; ];
private get filteredSecrets() {
if (this.selectedScopeId === '__all__') {
return this.dataState.secrets;
}
return this.dataState.secrets.filter((s) => s.scopeId === this.selectedScopeId);
}
public render(): TemplateResult { public render(): TemplateResult {
const connectionOptions = this.connectionsState.connections.map((c) => ({ const connectionOptions = this.connectionsState.connections.map((c) => ({
option: `${c.name} (${c.providerType})`, option: `${c.name} (${c.providerType})`,
@@ -81,10 +88,17 @@ export class GitopsViewSecrets extends DeesElement {
{ option: 'Group', key: 'group' }, { option: 'Group', key: 'group' },
]; ];
const entityOptions = this.selectedScope === 'project' const entities = this.selectedScope === 'project'
? this.dataState.projects.map((p) => ({ option: p.fullPath || p.name, key: p.id })) ? this.dataState.projects.map((p) => ({ option: p.fullPath || p.name, key: p.id }))
: this.dataState.groups.map((g) => ({ option: g.fullPath || g.name, key: g.id })); : this.dataState.groups.map((g) => ({ option: g.fullPath || g.name, key: g.id }));
const entityOptions = [
{ option: 'All', key: '__all__' },
...entities,
];
const isAllSelected = this.selectedScopeId === '__all__';
return html` return html`
<div class="view-title">Secrets</div> <div class="view-title">Secrets</div>
<div class="view-description">Manage CI/CD secrets and variables</div> <div class="view-description">Manage CI/CD secrets and variables</div>
@@ -95,7 +109,9 @@ export class GitopsViewSecrets extends DeesElement {
.selectedOption=${connectionOptions.find((o) => o.key === this.selectedConnectionId) || connectionOptions[0]} .selectedOption=${connectionOptions.find((o) => o.key === this.selectedConnectionId) || connectionOptions[0]}
@selectedOption=${(e: CustomEvent) => { @selectedOption=${(e: CustomEvent) => {
this.selectedConnectionId = e.detail.key; this.selectedConnectionId = e.detail.key;
this.selectedScopeId = '__all__';
this.loadEntities(); this.loadEntities();
this.loadSecrets();
}} }}
></dees-input-dropdown> ></dees-input-dropdown>
<dees-input-dropdown <dees-input-dropdown
@@ -104,7 +120,9 @@ export class GitopsViewSecrets extends DeesElement {
.selectedOption=${scopeOptions.find((o) => o.key === this.selectedScope)} .selectedOption=${scopeOptions.find((o) => o.key === this.selectedScope)}
@selectedOption=${(e: CustomEvent) => { @selectedOption=${(e: CustomEvent) => {
this.selectedScope = e.detail.key as 'project' | 'group'; this.selectedScope = e.detail.key as 'project' | 'group';
this.selectedScopeId = '__all__';
this.loadEntities(); this.loadEntities();
this.loadSecrets();
}} }}
></dees-input-dropdown> ></dees-input-dropdown>
<dees-input-dropdown <dees-input-dropdown
@@ -113,18 +131,21 @@ export class GitopsViewSecrets extends DeesElement {
.selectedOption=${entityOptions.find((o) => o.key === this.selectedScopeId) || entityOptions[0]} .selectedOption=${entityOptions.find((o) => o.key === this.selectedScopeId) || entityOptions[0]}
@selectedOption=${(e: CustomEvent) => { @selectedOption=${(e: CustomEvent) => {
this.selectedScopeId = e.detail.key; this.selectedScopeId = e.detail.key;
this.loadSecrets();
}} }}
></dees-input-dropdown> ></dees-input-dropdown>
<dees-button @click=${() => this.addSecret()}>Add Secret</dees-button> <dees-button
.disabled=${isAllSelected}
@click=${() => this.addSecret()}
>Add Secret</dees-button>
<dees-button @click=${() => this.loadSecrets()}>Refresh</dees-button> <dees-button @click=${() => this.loadSecrets()}>Refresh</dees-button>
</div> </div>
<dees-table <dees-table
.heading1=${'Secrets'} .heading1=${'Secrets'}
.heading2=${'CI/CD variables for the selected entity'} .heading2=${'CI/CD variables for the selected entity'}
.data=${this.dataState.secrets} .data=${this.filteredSecrets}
.displayFunction=${(item: any) => ({ .displayFunction=${(item: any) => ({
Key: item.key, Key: item.key,
Scope: item.scopeName || item.scopeId,
Value: item.masked ? '******' : item.value, Value: item.masked ? '******' : item.value,
Protected: item.protected ? 'Yes' : 'No', Protected: item.protected ? 'Yes' : 'No',
Environment: item.environment || '*', Environment: item.environment || '*',
@@ -141,8 +162,8 @@ export class GitopsViewSecrets extends DeesElement {
action: async (item: any) => { action: async (item: any) => {
await appstate.dataStatePart.dispatchAction(appstate.deleteSecretAction, { await appstate.dataStatePart.dispatchAction(appstate.deleteSecretAction, {
connectionId: this.selectedConnectionId, connectionId: this.selectedConnectionId,
scope: this.selectedScope, scope: item.scope,
scopeId: this.selectedScopeId, scopeId: item.scopeId,
key: item.key, key: item.key,
}); });
}, },
@@ -158,6 +179,7 @@ export class GitopsViewSecrets extends DeesElement {
if (conns.length > 0 && !this.selectedConnectionId) { if (conns.length > 0 && !this.selectedConnectionId) {
this.selectedConnectionId = conns[0].id; this.selectedConnectionId = conns[0].id;
await this.loadEntities(); await this.loadEntities();
await this.loadSecrets();
} }
} }
@@ -175,15 +197,15 @@ export class GitopsViewSecrets extends DeesElement {
} }
private async loadSecrets() { private async loadSecrets() {
if (!this.selectedConnectionId || !this.selectedScopeId) return; if (!this.selectedConnectionId) return;
await appstate.dataStatePart.dispatchAction(appstate.fetchSecretsAction, { await appstate.dataStatePart.dispatchAction(appstate.fetchAllSecretsAction, {
connectionId: this.selectedConnectionId, connectionId: this.selectedConnectionId,
scope: this.selectedScope, scope: this.selectedScope,
scopeId: this.selectedScopeId,
}); });
} }
private async addSecret() { private async addSecret() {
if (this.selectedScopeId === '__all__') return;
await plugins.deesCatalog.DeesModal.createAndShow({ await plugins.deesCatalog.DeesModal.createAndShow({
heading: 'Add Secret', heading: 'Add Secret',
content: html` content: html`
@@ -234,8 +256,8 @@ export class GitopsViewSecrets extends DeesElement {
const input = modal.shadowRoot.querySelector('dees-input-text'); const input = modal.shadowRoot.querySelector('dees-input-text');
await appstate.dataStatePart.dispatchAction(appstate.updateSecretAction, { await appstate.dataStatePart.dispatchAction(appstate.updateSecretAction, {
connectionId: this.selectedConnectionId, connectionId: this.selectedConnectionId,
scope: this.selectedScope, scope: item.scope,
scopeId: this.selectedScopeId, scopeId: item.scopeId,
key: item.key, key: item.key,
value: input?.value || '', value: input?.value || '',
}); });