CHANGELOG.md

+## [1.17.2](https://git.panter.ch/catladder/catladder/compare/v1.17.1...v1.17.2) (2022-04-04)
+
+
+### Bug Fixes
+
+* **cli:** cloud sql proxy should not use bitwarden anymore ([c8fa517](https://git.panter.ch/catladder/catladder/commit/c8fa517e83c1948873ac4908baa6cc580e983610))
+
 ## [1.17.1](https://git.panter.ch/catladder/catladder/compare/v1.17.0...v1.17.1) (2022-04-01)
 
 

cli/src/apps/cli/commands/project/commandCloudSqlProxy.ts

@@ -3,14 +3,13 @@ import { spawn } from "child-process-promise";
 import { writeFile } from "fs-extra";
 import { withFile } from "tmp-promise";
 import Vorpal from "vorpal";
-import { GOOGLE_CLOUD_SQL_PASS_PATH } from "../../../../config/constants";
 import {
   getEnvVars,
+  getGitlabVar,
   getPipelineContextByChoice,
   getProjectConfig,
   parseChoice,
 } from "../../../../config/getProjectConfig";
-import { readPass } from "../../../../utils/passwordstore";
 import { envAndComponents } from "./utils/autocompletions";
 
 export default async (vorpal: Vorpal) =>
@@ -30,8 +29,8 @@ export default async (vorpal: Vorpal) =>
         message: "Local port: ",
       });
 
-      const POSTGRESQL_PASSWORD = (await getEnvVars(this, env, componentName))
-        ?.POSTGRESQL_PASSWORD;
+      const envVars = await getEnvVars(this, env, componentName);
+      const POSTGRESQL_PASSWORD = envVars?.POSTGRESQL_PASSWORD;
 
       const context = await getPipelineContextByChoice(env, componentName);
       if (!isOfDeployType(context.componentConfig.deploy, "kubernetes")) {
@@ -59,9 +58,23 @@ export default async (vorpal: Vorpal) =>
 
       const instanceName = `${projectId}:${region}:${instanceId}=tcp:${localPort}`;
 
-      const cloudsqlCredentials = await readPass(GOOGLE_CLOUD_SQL_PASS_PATH);
+      const cloudsqlProxyCredentials = await getGitlabVar(
+        this,
+        env,
+        componentName,
+        "cloudsqlProxyCredentials"
+      );
+
+      if (!cloudsqlProxyCredentials) {
+        // we store cloudsqlProxyCredentials on gitlab, but its currently get pushed via bitwarden due to legacy reasons
+        // this will be fixed with when https://git.panter.ch/catladder/catladder/-/merge_requests/32/ is merged
+        this.log(
+          "cloudsqlProxyCredentials env var missing in gitlab. Please contact gilde-ci-cd about that."
+        );
+        throw new Error("cloudsqlProxyCredentials missing in secrets");
+      }
       await withFile(async ({ path: tmpFilePath }) => {
-        await writeFile(tmpFilePath, cloudsqlCredentials);
+        await writeFile(tmpFilePath, cloudsqlProxyCredentials);
 
         await spawn(
           "cloud_sql_proxy",

cli/src/config/getProjectConfig.ts

@@ -3,10 +3,11 @@ import {
   getAllEnvs,
   getEnvironment as _getEnvironment,
   createContext,
+  getSecretVarName,
 } from "@catladder/pipeline";
 
-import { CommandInstance } from "vorpal";
-import { getAllVariables } from "../utils/gitlab";
+import { Command, CommandInstance } from "vorpal";
+import { getAllVariables, getVariableValueByRawName } from "../utils/gitlab";
 import memoizee from "memoizee";
 import { getGitRoot } from "../utils/projects";
 import { readYaml } from "../utils/files";
@@ -101,6 +102,16 @@ export const getEnvironment = async (env: string, componentName: string) => {
   return _getEnvironment(config, componentName, env);
 };
 
+export const getGitlabVar = async (
+  vorpal: CommandInstance,
+  env: string,
+  componentName: string,
+  variableName: string
+) => {
+  const rawVariableName = getSecretVarName(env, componentName, variableName);
+  return await getVariableValueByRawName(vorpal, rawVariableName);
+};
+
 const resolveSecrets = async (
   vorpal: CommandInstance,
   allEnvVars: Record<string, string>

cli/src/utils/gitlab.ts

@@ -128,6 +128,14 @@ export const getAllVariables = memoizee(
   { promise: true }
 );
 
+export const getVariableValueByRawName = async (
+  vorpal: CommandInstance,
+  rawName: string
+) => {
+  const allVariables = await getAllVariables(vorpal);
+  return allVariables.find((v) => v.key === rawName)?.value;
+};
+
 const maskableRegex = new RegExp("^[a-zA-Z0-9_+=/@:.~-]{8,}$"); // SEE https://gitlab.com/gitlab-org/gitlab-foss/-/blob/master/spec/frontend/ci_variable_list/components/ci_variable_modal_spec.js#L20
 const isMaskable = (value: string): boolean => maskableRegex.test(value);