Infisical/sdk

Python SDK: `include_imports=True` has no effect for getSecret method

ioanemania opened this issue · 2 comments

ioanemania commented

I have set up infisical in a local docker environment.

Created a project with a three folder setup, the folders are called:

  • DEFAULT
  • CURRENT
  • SERVICE

image

I set these folders up in such a way, that each folder is importing the secrets from the folder above, so:

  • DEFAULT folder contains certain secrets
  • CURRENT folder then imports everything from the DEFAULT folder
  • SERVICE folder in turn imports everything from the CURRENT folder

image

image

image

If my understanding of the Secret Imports feature is correct, then CURRENT and SERVICE folders should have access to secrets that were defined in the DEFAULT folder.

For example if I have a secret called MAX_ALLOWED_ERRORS in the DEFAULT folder, I should be able to access this secret when using the SDK by calling getSecret method with the path parameter for GetSecretOptions being either "/CURRENT" or "/SERVICE" (Please correct me if my understanding is wrong).

From what I understand though, for this to work there is an additional include_imports parameter for GetSecretOptions that needs to be set to True.

With all this in mind I have sample code that tries to get the MAX_ALLOWED_ERRORS secret from the CURRENT folder (keeping in mind that it is defined in the DEFAULT folder and imported in CURRENT).

from infisical_client import (
    ClientSettings, 
    InfisicalClient,
    GetSecretOptions,
    AuthenticationOptions,
    UniversalAuthMethod
)

ENVIRONMENT = "dev"
PROJECT_ID = "c76cb737-cf9d-4e02-bab6-0eba77c83f34"
SITE_URL = "http://localhost:80"
CLIENT_ID = "REDACTED_BY_MAINTAINER"
CLIENT_SECRET = "REDACTED_BY_MAINTAINER"

client = InfisicalClient(ClientSettings(
    site_url=SITE_URL,
    auth=AuthenticationOptions(
      universal_auth=UniversalAuthMethod(
        client_id=CLIENT_ID,
        client_secret=CLIENT_SECRET,
      )
    )
))

result = client.getSecret(options=GetSecretOptions(
    environment=ENVIRONMENT,
    project_id=PROJECT_ID,
    include_imports=True,
    secret_name="MAX_ALLOWED_ERRORS",
    path="/CURRENT"
))

print(result)

But running this piece of code results in the following:

Traceback (most recent call last):
  File ".../infisical-test/main.py", line 25, in <module>
    result = client.getSecret(options=GetSecretOptions(
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File ".../infisical-test/venv/lib/python3.12/site-packages/infisical_client/infisical_client.py", line 42, in getSecret
    result = self._run_command(Command(get_secret=options))
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File ".../infisical-test/venv/lib/python3.12/site-packages/infisical_client/infisical_client.py", line 36, in _run_command
    raise Exception(response["errorMessage"])
Exception: [Bad request]: Secret not found

It could be that I have misunderstood something about the secret imports feature or the SDK or that the include_imports option is not working as intended. In either case any type of help would be appreciated.

Thank you in advance!