Update secrets programmatically (#1122)

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

Makefile

@@ -18,6 +18,8 @@ IN_ARENA ?= $(DOCKER_COMPOSE) run $(ARENA_CONTAINER)
 IN_BACKEND ?= $(DOCKER_COMPOSE) run $(BACKEND_CONTAINER)
 IN_FRONTEND ?= $(DOCKER_COMPOSE) run $(FRONTEND_CONTAINER)
 
+SPIFFWORKFLOW_BACKEND_ENV ?= local_development
+
 YML_FILES := -f docker-compose.yml \
 	-f $(BACKEND_DEV_OVERLAY) \
 	-f $(FRONTEND_DEV_OVERLAY) \
@@ -59,6 +61,13 @@ be-ruff:
 be-sh:
 	$(IN_BACKEND) /bin/bash
 
+be-sqlite:
+	@if [ ! -f "$(BACKEND_CONTAINER)/src/instance/db_$(SPIFFWORKFLOW_BACKEND_ENV).sqlite3" ]; then \
+		echo "SQLite database file does not exist: $(BACKEND_CONTAINER)/src/instance/db_$(SPIFFWORKFLOW_BACKEND_ENV).sqlite3"; \
+		exit 1; \
+	fi
+	$(IN_BACKEND) sqlite3 src/instance/db_$(SPIFFWORKFLOW_BACKEND_ENV).sqlite3
+
 be-tests: be-clear-log-file
 	$(IN_BACKEND) poetry run pytest
 
@@ -94,7 +103,7 @@ take-ownership:
 
 .PHONY: build-images dev-env \
 	start-dev stop-dev \
-	be-clear-log-file be-logs be-mypy be-poetry-i be-recreate-db be-ruff be-sh be-tests be-tests-par \
+	be-clear-log-file be-logs be-mypy be-poetry-i be-recreate-db be-ruff be-sh be-sqlite be-tests be-tests-par \
 	fe-lint-fix fe-logs fe-npm-i fe-sh \
 	poetry-i pre-commit run-pyl \
 	take-ownership

spiffworkflow-backend/dev.Dockerfile

@@ -5,7 +5,7 @@ WORKDIR /app
 RUN apt-get update \
  && apt-get install -y -q \
     gcc libssl-dev libpq-dev default-libmysqlclient-dev \
-    pkg-config libffi-dev git-core curl \
+    pkg-config libffi-dev git-core curl sqlite3 \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/*
 

spiffworkflow-backend/dev.docker-compose.yml

@@ -10,7 +10,7 @@ services:
       POETRY_VIRTUALENVS_IN_PROJECT: "true"
       POETRY_CACHE_DIR: "/app/.cache/poetry"
       SPIFFWORKFLOW_BACKEND_DATABASE_URI: ""
-      SPIFFWORKFLOW_BACKEND_ENV: "local_development"
+      SPIFFWORKFLOW_BACKEND_ENV: "${SPIFFWORKFLOW_BACKEND_ENV:-local_development}"
       SPIFFWORKFLOW_BACKEND_LOAD_FIXTURE_DATA: ""
     volumes:
       - ./spiffworkflow-backend:/app

spiffworkflow-backend/src/spiffworkflow_backend/scripts/set_secret.py

@@ -0,0 +1,20 @@
+from typing import Any
+
+from flask import g
+from spiffworkflow_backend.models.script_attributes_context import ScriptAttributesContext
+from spiffworkflow_backend.scripts.script import Script
+from spiffworkflow_backend.services.secret_service import SecretService
+
+
+class SetSecret(Script):
+    def get_description(self) -> str:
+        return "Allows setting a secret value programmatically."
+
+    def run(self, script_attributes_context: ScriptAttributesContext, *args: Any, **kwargs: Any) -> Any:
+        if len(args) < 2:
+            raise ValueError("Expected at least two arguments: secret_key and secret_value")
+        if not hasattr(g, "user") or not g.user:
+            raise RuntimeError("User context is not set")
+        secret_key = args[0]
+        secret_value = args[1]
+        SecretService.update_secret(secret_key, secret_value, g.user.id, True)