Closed jamrok closed 5 months ago
@jamrok Thanks for reporting this! Unfortunately, this is due to an idiosyncrasy of how the API works right now. Notes are project-level and apply to every secret with the same name across all configs. However, to access the secret, a config is required initially based on the backend API right now. We know this is confusing and it's something we hope to change in a future version of the API. For now, I'm afraid there's not much we'll be able to do here until the next version of the API. We'll see what we can do about updating the documentation to better communicate this though!
Describe the bug The v3/configs/config/secrets/note API endpoint seems to have a bug/feature where it is overwriting the Secret Note for all secrets across different configs that share the same Secret Name.
I checked the code in your public repos and all references pointed to your API and provided the required
project
andconfig
parameters, however, theconfig
parameter is being ignored at the API level.I found one place in your documentation that says that "Notes are scoped at the project level" and that does match the behavior that I am seeing, hence it might be an "old feature" and not a bug, since it was also demoed. However, it seems that the expectation for at least 2 years is that both the
project
andconfig
fields should be respected.To Reproduce This issue occurs via the Doppler CLI command and via the Web UI since it is a problem with the API Server.
Below is the command to reproduce using the CLI
When the above command is run, all secrets with the name
USERNAME
in all other configs have their note overwritten with the note that was set above.The same happens when editing secret notes in the Web UI.
If I don't specify the config parameter, I get this error:
If I specify a non-existing config (eg:
-c anything
), I get the following:This suggests that the config field should be significant.
Expected behavior
config
, then Secret Notes should be set only for the secret in the specifiedproject
ANDconfig
.config
, only then should Secret Note changes be applied to all secrets with the same Secret Name in the specifiedproject
.config
parameter should be optional to facilitate the above, but if it remains a required field, then it should scope the changes down to the config level and actually use theconfig
parameter.Thanks!
Screenshots N/A
Desktop:
CLI Version: Version 3.66.5
Additional context