(#20 ) Error if secret is not found

Without this patch scripts incorrectly proceeded without detecting a secret was not fetched. holos get secret notfound 8:34AM ERR could not execute version=0.46.3 err="not found: notfound" loc=get.go:66
(#14 ) Validate secrets fetched from provisioner cluster
2026-03-19 08:44:58 +00:00 · 2024-02-28 08:33:55 -08:00 · 2024-02-27 15:55:17 -08:00
8 changed files with 23 additions and 34 deletions
--- a/platform.run.xml
+++ b/platform.run.xml
@@ -1,16 +0,0 @@
-<component name="ProjectRunConfigurationManager">
-  <configuration default="false" name="render platform" type="GoApplicationRunConfiguration" factoryName="Go Application">
-    <module name="holos" />
-    <working_directory value="$PROJECT_DIR$/../holos-infra" />
-    <parameters value="render --cluster-name=k2 $PROJECT_DIR$/docs/examples/platforms/reference/clusters/workload/..." />
-    <envs>
-      <env name="DEBUG" value="1" />
-    </envs>
-    <kind value="DIRECTORY" />
-    <package value="github.com/holos-run/holos" />
-    <directory value="$PROJECT_DIR$/cmd/holos" />
-    <filePath value="$PROJECT_DIR$" />
-    <output_directory value="$PROJECT_DIR$/bin" />
-    <method v="2" />
-  </configuration>
-</component>
--- a/docs/examples/platforms/reference/clusters/workload/projects/secrets/components/validate/component.cue
+++ b/docs/examples/platforms/reference/clusters/workload/projects/secrets/components/validate/component.cue
@@ -13,10 +13,7 @@ package holos

 objects: [
 	#SecretStore,
-	#ExternalSecret & {
-		_name: "validate"
-		spec: data: [{remoteRef: key: _name}]
-	},
+	#ExternalSecret & { _name: "validate" },
 ]

 {} & #KubernetesObjects
--- a/docs/examples/schema.cue
+++ b/docs/examples/schema.cue
@@ -79,10 +79,10 @@ _apiVersion: "holos.run/v1alpha1"
 			kind: string | *"GitRepository"
 			name: string | *"flux-system"
 		}
-		suspend?: bool
+		suspend?:         bool
 		targetNamespace?: string
-		timeout: string | *"3m0s"
-		wait:    bool | *true
+		timeout:          string | *"3m0s"
+		wait:             bool | *true
 	}
 }

@@ -102,6 +102,10 @@ _apiVersion: "holos.run/v1alpha1"
 		target: {
 			creationPolicy: string | *"Owner"
 		}
+		data: [{
+			remoteRef: key: _name
+			secretKey: _name
+		}]
 	}
 }

@@ -115,11 +119,11 @@ _apiVersion: "holos.run/v1alpha1"
 			remoteNamespace: #TargetNamespace
 			auth: token: bearerToken: {
 				name: string | *"eso-reader"
-				key: string | *"token"
+				key:  string | *"token"
 			}
 			server: {
 				caBundle: #InputKeys.provisionerCABundle
-				url: #InputKeys.provisionerURL
+				url:      #InputKeys.provisionerURL
 			}
 		}
 	}
@@ -142,9 +146,9 @@ _apiVersion: "holos.run/v1alpha1"
 	gcpProjectID:     string @tag(gcpProjectID, type=string)
 	gcpProjectNumber: int    @tag(gcpProjectNumber, type=int)

-  // Same as cluster certificate-authority-data field in ~/.holos/kubeconfig.provisioner
+	// Same as cluster certificate-authority-data field in ~/.holos/kubeconfig.provisioner
 	provisionerCABundle: string @tag(provisionerCABundle, type=string)
-  // Same as the cluster server field in ~/.holos/kubeconfig.provisioner
+	// Same as the cluster server field in ~/.holos/kubeconfig.provisioner
 	provisionerURL: string @tag(provisionerURL, type=string)
 }

--- a/pkg/cli/main.go
+++ b/pkg/cli/main.go
@@ -16,14 +16,14 @@ func MakeMain(options ...holos.Option) func() int {
 		slog.SetDefault(cfg.Logger())
 		ctx := context.Background()
 		if err := New(cfg).ExecuteContext(ctx); err != nil {
-			return handleError(ctx, err, cfg)
+			return HandleError(ctx, err, cfg)
 		}
 		return 0
 	}
 }

-// handleError is the top level error handler that unwraps and logs errors.
-func handleError(ctx context.Context, err error, hc *holos.Config) (exitCode int) {
+// HandleError is the top level error handler that unwraps and logs errors.
+func HandleError(ctx context.Context, err error, hc *holos.Config) (exitCode int) {
 	log := hc.NewTopLevelLogger()
 	var cueErr errors.Error
 	var errAt *wrapper.ErrorAt
--- a/pkg/cli/secret/get.go
+++ b/pkg/cli/secret/get.go
@@ -63,7 +63,7 @@ func makeGetRunFunc(hc *holos.Config, cfg *config) command.RunFunc {

 			log.DebugContext(ctx, "results", "len", len(list.Items))
 			if len(list.Items) < 1 {
-				continue
+				return wrapper.Wrap(fmt.Errorf("not found: %v", secretName))
 			}

 			// Sort oldest first.
--- a/pkg/cli/secret/secret_test.go
+++ b/pkg/cli/secret/secret_test.go
@@ -55,11 +55,12 @@ func cmdHolos(ts *testscript.TestScript, neg bool, args []string) {
 	cmd := cli.New(cfg)
 	cmd.SetArgs(args)
 	err := cmd.Execute()
+
 	if neg {
 		if err == nil {
-			ts.Fatalf("want: error\nhave: %v", err)
+			ts.Fatalf("\nwant: error\nhave: %v", err)
 		} else {
-			ts.Logf("want: error\nhave: %v", err)
+			cli.HandleError(cmd.Context(), err, cfg)
 		}
 	} else {
 		ts.Check(err)
--- a/pkg/cli/secret/testdata/issue20_secret_not_found.txt
+++ b/pkg/cli/secret/testdata/issue20_secret_not_found.txt
@@ -0,0 +1,3 @@
+# Want cue errors to show files and lines
+! holos get secret does-not-exist
+stderr 'not found: does-not-exist'
--- a/pkg/version/embedded/patch
+++ b/pkg/version/embedded/patch
@@ -1 +1 @@
-1
+3