feat(secret): guard against removing last key and add single-key update/delete e2e tests#418
Conversation
Extracts the key-removal logic from the `remove` command into a testable `applyKeyRemovals` helper and adds a guard that prevents callers from emptying a secret entirely — they must use `aws secret delete` instead. Closes #406 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #418 +/- ##
==========================================
+ Coverage 86.81% 87.26% +0.45%
==========================================
Files 6 6
Lines 364 377 +13
Branches 73 76 +3
==========================================
+ Hits 316 329 +13
Misses 29 29
Partials 19 19
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
…quote stripping
The shell was stripping double-quotes from JSON strings passed via -v,
causing create to store a wrapped {value: ...} object instead of the
intended multi-key payload. Rewrite the four affected tests to write
a temp env file and use upsert --file, matching the pattern used by
the existing e2e tests.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
This PR improves the AWS Secrets Manager “secret remove” UX by extracting key-removal logic into a testable helper, adding a guard against removing the last remaining key in a JSON secret, and expanding unit/e2e coverage plus docs to support single-key update/delete workflows.
Changes:
- Extracts key removal into
applyKeyRemovals(...)and reuses it from theaws secret removeCLI command. - Adds a “last-key” guard that errors when a removal would leave an empty JSON object.
- Adds unit tests for
applyKeyRemovalsand new LocalStack e2e tests for append/remove scenarios; updates AWS docs accordingly.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
src/index.ts |
Uses the new applyKeyRemovals helper in the aws secret remove command. |
src/cli/helpers.ts |
Introduces applyKeyRemovals with missing-key reporting and last-key guard errors. |
__tests__/cli/helpers.test.ts |
Adds unit coverage for applyKeyRemovals behavior and edge cases. |
__e2e__/aws-secret-mutation-args.test.ts |
Adds LocalStack e2e coverage for append/remove error and mutation scenarios. |
docs/AWS.md |
Documents single-key update/delete workflow and adds an error-case table + safety note. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…es and docs Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
🥷 Code experts: no user but you matched threshold 10 markcallen has most 👩💻 activity in the files. See details
Activity based on git-commit:
Knowledge based on git-blame:
Activity based on git-commit:
Knowledge based on git-blame:
Activity based on git-commit:
Knowledge based on git-blame:
Activity based on git-commit:
Knowledge based on git-blame:
Activity based on git-commit:
Knowledge based on git-blame: ✨ Comment |
Summary
Closes #406
Test plan
🤖 Generated with Claude Code