#3416

Committed 12 May 2026 03:59AM UTC coverage: 75.525% (-19.9%) from 95.406%

Build # #3416

Build Type

Pull #3493

screwdriver

Committed by

web-flow

Commit Message

Merge branch 'master' into fix_event_meta_update

Pull Request Pull Request #3493: fix: Exclusive control over meta updates

Coverage Stats

1703 of 2430 branches covered (70.08%)

Branch coverage included in aggregate %.

13 of 13 new or added lines in 1 file covered. (100.0%)

1057 existing lines in 57 files now uncovered.

4376 of 5619 relevant lines covered (77.88%)

106.75 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

31.58

/plugins/secrets/remove.js

'use strict';

const boom = require('@hapi/boom');
const joi = require('joi');
const schema = require('screwdriver-data-schema');
const logger = require('screwdriver-logger');
const idSchema = schema.models.secret.base.extract('id');

module.exports = () => ({
    method: 'DELETE',
    path: '/secrets/{id}',
    options: {
        description: 'Remove a single secret',
        notes: 'Returns null if successful',
        tags: ['api', 'secrets'],
        auth: {
            strategies: ['token'],
            scope: ['user', '!guest', 'pipeline']
        },

        handler: async (request, h) => {
            const { secretFactory } = request.server.app;
            const { credentials } = request.auth;
            const { canAccess } = request.server.plugins.secrets;

            // Get the secret first
            return secretFactory
                .get(request.params.id)
                .then(secret => {
                    if (!secret) {
                        throw boom.notFound('Secret does not exist');
                    }

                    // Make sure that user has permission before deleting
                    return canAccess(credentials, secret, 'admin', request.server.app)
                        .then(async () => {
                            logger.info(
                                `[Audit] user ${credentials.username}:${credentials.scmContext} deletes the secret key:${secret.name} from pipelineId:${secret.pipelineId}.`
                            );
                            await secret.remove();
                        })
                        .then(() => h.response().code(204));
                })
                .catch(err => {
                    throw err;
                });
        },
        validate: {
            params: joi.object({
                id: idSchema
            })
        }
    }
});

1	'use strict';
2
3	const boom = require('@hapi/boom');	1✔
4	const joi = require('joi');	1✔
5	const schema = require('screwdriver-data-schema');	1✔
6	const logger = require('screwdriver-logger');	1✔
7	const idSchema = schema.models.secret.base.extract('id');	1✔
8
9	module.exports = () => ({	1✔
10	method: 'DELETE',
11	path: '/secrets/{id}',
12	options: {
13	description: 'Remove a single secret',
14	notes: 'Returns null if successful',
15	tags: ['api', 'secrets'],
16	auth: {
17	strategies: ['token'],
18	scope: ['user', '!guest', 'pipeline']
19	},
20
21	handler: async (request, h) => {
UNCOV 22	const { secretFactory } = request.server.app;	×
UNCOV 23	const { credentials } = request.auth;	×
UNCOV 24	const { canAccess } = request.server.plugins.secrets;	×
25
26	// Get the secret first
UNCOV 27	return secretFactory	×
28	.get(request.params.id)
29	.then(secret => {
UNCOV 30	if (!secret) {	×
UNCOV 31	throw boom.notFound('Secret does not exist');	×
32	}
33
34	// Make sure that user has permission before deleting
UNCOV 35	return canAccess(credentials, secret, 'admin', request.server.app)	×
36	.then(async () => {
UNCOV 37	logger.info(	×
38	`[Audit] user ${credentials.username}:${credentials.scmContext} deletes the secret key:${secret.name} from pipelineId:${secret.pipelineId}.`
39	);
UNCOV 40	await secret.remove();	×
41	})
UNCOV 42	.then(() => h.response().code(204));	×
43	})
44	.catch(err => {
UNCOV 45	throw err;	×
46	});
47	},
48	validate: {
49	params: joi.object({
50	id: idSchema
51	})
52	}
53	}
54	});

screwdriver-cd / screwdriver / #3416

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous