Skip to content

feat(secret): guard against removing last key and add single-key update/delete e2e tests#418

Merged
markcallen merged 3 commits into
mainfrom
feat/single-key-update-delete
May 6, 2026
Merged

feat(secret): guard against removing last key and add single-key update/delete e2e tests#418
markcallen merged 3 commits into
mainfrom
feat/single-key-update-delete

Conversation

@markcallen

Copy link
Copy Markdown
Owner

Summary

Closes #406

  • Extracts the key-removal loop from the `remove` command into a new `applyKeyRemovals` helper in `src/cli/helpers.ts` so it is unit-testable
  • Adds a last-key guard: attempting to remove all keys from a JSON secret now fails with a clear error directing the user to `aws secret delete` instead
  • Adds 5 unit tests for `applyKeyRemovals` covering happy path, partial-miss, none-found, and last-key scenarios
  • Adds 5 e2e tests against LocalStack covering: append to non-existent secret, remove missing key, remove last key, append-overwrite preserving other keys, and partial remove with missing-key reporting
  • Updates `docs/AWS.md` to document `append` and `remove` as the way to update/delete individual keys, with an explicit error-case reference table and the last-key guard note

Test plan

  • `npx jest --testPathPattern="helpers"` — all unit tests pass (31 total, 5 new)
  • `npm run test:e2e` — new e2e tests pass against LocalStack (requires Docker)
  • `npm run build` — TypeScript compiles cleanly

🤖 Generated with Claude Code

Extracts the key-removal logic from the `remove` command into a testable
`applyKeyRemovals` helper and adds a guard that prevents callers from
emptying a secret entirely — they must use `aws secret delete` instead.

Closes #406

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@codecov

codecov Bot commented May 5, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.26%. Comparing base (d623c5a) to head (4b8b0cb).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main     #418      +/-   ##
==========================================
+ Coverage   86.81%   87.26%   +0.45%     
==========================================
  Files           6        6              
  Lines         364      377      +13     
  Branches       73       76       +3     
==========================================
+ Hits          316      329      +13     
  Misses         29       29              
  Partials       19       19              
Flag Coverage Δ
unittests 87.26% <100.00%> (+0.45%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

…quote stripping

The shell was stripping double-quotes from JSON strings passed via -v,
causing create to store a wrapped {value: ...} object instead of the
intended multi-key payload. Rewrite the four affected tests to write
a temp env file and use upsert --file, matching the pattern used by
the existing e2e tests.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves the AWS Secrets Manager “secret remove” UX by extracting key-removal logic into a testable helper, adding a guard against removing the last remaining key in a JSON secret, and expanding unit/e2e coverage plus docs to support single-key update/delete workflows.

Changes:

  • Extracts key removal into applyKeyRemovals(...) and reuses it from the aws secret remove CLI command.
  • Adds a “last-key” guard that errors when a removal would leave an empty JSON object.
  • Adds unit tests for applyKeyRemovals and new LocalStack e2e tests for append/remove scenarios; updates AWS docs accordingly.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
src/index.ts Uses the new applyKeyRemovals helper in the aws secret remove command.
src/cli/helpers.ts Introduces applyKeyRemovals with missing-key reporting and last-key guard errors.
__tests__/cli/helpers.test.ts Adds unit coverage for applyKeyRemovals behavior and edge cases.
__e2e__/aws-secret-mutation-args.test.ts Adds LocalStack e2e coverage for append/remove error and mutation scenarios.
docs/AWS.md Documents single-key update/delete workflow and adds an error-case table + safety note.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/cli/helpers.ts Outdated
Comment thread docs/AWS.md Outdated
Comment thread docs/AWS.md Outdated
…es and docs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@gitstream-cm

gitstream-cm Bot commented May 5, 2026

Copy link
Copy Markdown

🥷 Code experts: no user but you matched threshold 10

markcallen has most 👩‍💻 activity in the files.
markcallen has most 🧠 knowledge in the files.

See details

__e2e__/aws-secret-mutation-args.test.ts

Activity based on git-commit:

markcallen
MAY
APR
MAR 199 additions & 0 deletions
FEB
JAN
DEC

Knowledge based on git-blame:
markcallen: 100%

__tests__/cli/helpers.test.ts

Activity based on git-commit:

markcallen
MAY 35 additions & 0 deletions
APR
MAR 16 additions & 0 deletions
FEB 205 additions & 4 deletions
JAN
DEC

Knowledge based on git-blame:
markcallen: 100%

docs/AWS.md

Activity based on git-commit:

markcallen
MAY 42 additions & 13 deletions
APR
MAR 34 additions & 9 deletions
FEB 116 additions & 7 deletions
JAN
DEC

Knowledge based on git-blame:
markcallen: 40%

src/cli/helpers.ts

Activity based on git-commit:

markcallen
MAY 16 additions & 0 deletions
APR
MAR 5 additions & 5 deletions
FEB 244 additions & 5 deletions
JAN
DEC

Knowledge based on git-blame:
markcallen: 100%

src/index.ts

Activity based on git-commit:

markcallen
MAY 116 additions & 67 deletions
APR 29 additions & 13 deletions
MAR 286 additions & 64 deletions
FEB 552 additions & 134 deletions
JAN
DEC

Knowledge based on git-blame:
markcallen: 91%

✨ Comment /gs review for LinearB AI review. Learn how to automate it here.

@markcallen markcallen merged commit 45984ef into main May 6, 2026
14 checks passed
@markcallen markcallen deleted the feat/single-key-update-delete branch May 6, 2026 05:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Support updating or deleting a single key within a secret

2 participants