Add a include_secrets flag to dump that include secret config vals (#…

…1130) See edgedb/edgedb#6106, edgedb/edgedb-rust#277.
edgedb · Oct 11, 2023 · 72cc74d · 72cc74d
1 parent 1d9c1cb
commit 72cc74d
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 11 deletions.
diff --git a/src/commands/dump.rs b/src/commands/dump.rs
@@ -68,18 +68,23 @@ pub async fn dump(cli: &mut Connection, general: &Options,
         } else {
             anyhow::bail!("`--format=dir` is required when using `--all`");
         }
-        dump_all(cli, general, options.path.as_ref()).await
+        dump_all(cli, general, options.path.as_ref(), options.include_secrets).await
     } else {
         if options.format.is_some() {
             anyhow::bail!("`--format` is reserved for dump using `--all`");
         }
-        dump_db(cli, general, options.path.as_ref()).await
+        dump_db(cli, general, options.path.as_ref(), options.include_secrets).await
     }
 }
 
-async fn dump_db(cli: &mut Connection, _options: &Options, filename: &Path)
+async fn dump_db(cli: &mut Connection, _options: &Options, filename: &Path,
+                 mut include_secrets: bool)
     -> Result<(), anyhow::Error>
 {
+    if cli.get_version().await?.specific() < "4.0-alpha.2".parse().unwrap() {
+        include_secrets = false;
+    }
+
     let dbname = cli.database().to_string();
     eprintln!("Starting dump for {dbname}...");
 
@@ -89,7 +94,7 @@ async fn dump_db(cli: &mut Connection, _options: &Options, filename: &Path)
           \x00\x00\x00\x00\x00\x00\x00\x01"
         ).await?;
 
-    let (header, mut blocks) = cli.dump().await?;
+    let (header, mut blocks) = cli.dump(include_secrets).await?;
 
     // this is ensured because length in the protocol is u32 too
     assert!(header.data.len() <= u32::MAX as usize);
@@ -127,7 +132,8 @@ async fn dump_db(cli: &mut Connection, _options: &Options, filename: &Path)
     Ok(())
 }
 
-pub async fn dump_all(cli: &mut Connection, options: &Options, dir: &Path)
+pub async fn dump_all(cli: &mut Connection, options: &Options, dir: &Path,
+                      include_secrets: bool)
     -> Result<(), anyhow::Error>
 {
     let databases = get_databases(cli).await?;
@@ -155,7 +161,7 @@ pub async fn dump_all(cli: &mut Connection, options: &Options, dir: &Path)
             .database(database)?
             .connect().await?;
         let filename = dir.join(&(urlencoding::encode(database) + ".dump")[..]);
-        dump_db(&mut db_conn, options, &filename).await?;
+        dump_db(&mut db_conn, options, &filename, include_secrets).await?;
     }
 
     Ok(())

diff --git a/src/commands/parser.rs b/src/commands/parser.rs
@@ -353,6 +353,10 @@ pub struct Dump {
     #[clap(long)]
     pub all: bool,
 
+    /// Include secret configuration variables in the dump
+    #[clap(long)]
+    pub include_secrets: bool,
+
     /// Choose dump format. For normal dumps this parameter should be omitted.
     /// For `--all`, only `--format=dir` is required.
     #[clap(long, possible_values=&["dir"][..])]
@@ -496,7 +500,7 @@ pub enum ValueParameter {
 
     /// Apply access policies
     ///
-    /// User-specified access policies are not applied when set to `false`, 
+    /// User-specified access policies are not applied when set to `false`,
     /// allowing any queries to be executed.
     ApplyAccessPolicies(ConfigBool),
 
@@ -567,7 +571,7 @@ pub struct AuthParameter {
     #[clap(long)]
     pub priority: i64,
 
-    /// The name(s) of the database role(s) this rule applies to. Will apply 
+    /// The name(s) of the database role(s) this rule applies to. Will apply
     /// to all roles if set to '*'
     #[clap(long="user")]
     pub users: Vec<String>,

diff --git a/src/connect.rs b/src/connect.rs
@@ -343,13 +343,13 @@ impl Connection {
         update_state(&mut self.state, &resp)?;
         Ok(())
     }
-    pub async fn dump(&mut self)
+    pub async fn dump(&mut self, include_secrets: bool)
         -> Result<
             (RawPacket, impl Stream<Item=Result<RawPacket, Error>> + '_),
             Error
         >
     {
-        let mut inner = self.inner.dump().await?;
+        let mut inner = self.inner.dump_with_secrets(include_secrets).await?;
         let header = inner.take_header().expect("header is read");
         let stream = DumpStream { inner, state: &mut self.state };
         Ok((header, stream))

diff --git a/src/portable/upgrade.rs b/src/portable/upgrade.rs
@@ -375,7 +375,8 @@ pub async fn dump_instance(inst: &InstanceInfo, destination: &Path)
         styler: None,
         conn_params: Connector::new(Ok(config)),
     };
-    commands::dump_all(&mut cli, &options, destination.as_ref()).await?;
+    commands::dump_all(&mut cli, &options, destination.as_ref(),
+                       true /*include_secrets*/).await?;
     Ok(())
 }