@unito/integration-cli 0.58.9 → 0.60.0

package/dist/schemas/authorization.json

@@ -163,15 +163,15 @@
         },
         "grantType": {
           "type": "string",
-          "description": "The type of grant of the OAuth 2 authorization",
-          "enum": ["authorization_code", "password"],
-          "tsEnumNames": ["AUTHORIZATION_CODE", "PASSWORD"]
+          "description": "The type of grant of the OAuth 2 authorization.",
+          "enum": ["authorization_code", "password", "client_credentials"],
+          "tsEnumNames": ["AUTHORIZATION_CODE", "PASSWORD", "CLIENT_CREDENTIALS"]
         },
         "scopes": {
           "type": "array",
           "items": {
             "type": "object",
-            "description": "The requested scope of access to the user account",
+            "description": "The requested scope of access to the user account.",
             "additionalProperties": false,
             "required": ["name"],
             "properties": {

package/dist/schemas/configuration.json

@@ -84,6 +84,16 @@
         "type": "string",
         "pattern": "^unito-secret-v[0-9]+:\/\/.*$"
       }
+    },
+    "environmentVariables": {
+      "type": "object",
+      "description": "The environment variables of the integration",
+      "patternProperties": {
+        "^[A-Z0-9_]+$": {
+          "type": "string"
+        }
+      },
+      "additionalProperties": false
     }
   }
 }

package/dist/src/commands/dev.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const tslib_1 = require("tslib");
 const core_1 = require("@oclif/core");
+const chalk_1 = tslib_1.__importDefault(require("chalk"));
 const child_process_1 = tslib_1.__importDefault(require("child_process"));
 const baseCommand_1 = require("../baseCommand");
 const errors_1 = require("../errors");
@@ -81,7 +82,7 @@ class Dev extends baseCommand_1.BaseCommand {
         // Resolve the configuration.
         const environment = flags.environment ?? GlobalConfiguration.Environment.Production;
         const configuration = await (0, configuration_1.getConfiguration)(environment, flags['config-path']);
-        let credentialPayload;
+        let credentialPayload = '{}';
         let readOnly = flags['read-only'] ?? false;
         if (flags['credential-id']) {
             const credential = await (0, credentials_1.fetchCredential)(environment, this.config.configDir, flags['credential-id']);
@@ -93,18 +94,28 @@ class Dev extends baseCommand_1.BaseCommand {
             credentialPayload = flags['credential-payload'];
         }
         else {
-            let credentials = configuration.testAccounts?.[flags['test-account']];
+            const credentials = configuration.testAccounts?.[flags['test-account']];
             if (credentials) {
-                credentials = (await (0, decryption_1.decryptEntries)(configuration.name, environment, this.config.configDir, credentials))
-                    .entries;
+                const decryptedEntries = await (0, decryption_1.decryptEntries)(configuration.name, environment, this.config.configDir, credentials);
+                if (decryptedEntries.failed.length) {
+                    throw new errors_1.EntryDecryptionError(decryptedEntries.failed.at(0), environment);
+                }
+                credentialPayload = JSON.stringify(decryptedEntries.successful);
             }
-            credentialPayload = JSON.stringify(credentials);
         }
-        let secrets = {};
-        // Decrypt secrets, if necessary.
-        if (configuration.secrets) {
-            secrets = (await (0, decryption_1.decryptEntries)(configuration.name, environment, this.config.configDir, configuration.secrets))
-                .entries;
+        // Load secrets.
+        const { successful: secrets, failed: failedSecrets } = await (0, decryption_1.decryptEntries)(configuration.name, environment, this.config.configDir, configuration.secrets ?? {});
+        if (failedSecrets.length) {
+            throw new errors_1.EntryDecryptionError(failedSecrets.at(0), environment);
+        }
+        // Load environment variables.
+        const { successful: environmentVariables, failed: failedEnvironmentVariables } = await (0, decryption_1.decryptEntries)(configuration.name, environment, this.config.configDir, configuration.environmentVariables ?? {});
+        for (const environmentVariable of failedEnvironmentVariables) {
+            core_1.ux.log();
+            core_1.ux.log(`Could not decrypt the environment variable ${chalk_1.default.yellowBright(environmentVariable)}.`);
+            core_1.ux.log('It may be a normal behavior locally as some environment variables are sensitive secrets.');
+            core_1.ux.log(`You can still pass ${chalk_1.default.yellowBright(`${environmentVariable}=<value>`)} to the CLI command to provide a value for this environment variable.`);
+            core_1.ux.log(`Example: ${chalk_1.default.yellowBright(`${environmentVariable}=foo ${this.config.bin} ${this.id}`)}`);
         }
         // Launch the debugger.
         const commandArguments = [
@@ -150,7 +161,7 @@ class Dev extends baseCommand_1.BaseCommand {
         const child = child_process_1.default.spawn('node', commandArguments, {
             detached: true,
             stdio: 'inherit',
-            env: { ...process.env, NODE_ENV: 'development', PORT: '9200' },
+            env: { ...process.env, ...environmentVariables, NODE_ENV: 'development', PORT: '9200' },
         });
         // istanbul ignore next
         child.on('exit', (code) => {

package/dist/src/commands/oauth2.js

@@ -69,7 +69,7 @@ class Oauth2 extends core_1.Command {
             throw new errors_1.MissingAuth2AuthorizationError();
         }
         // Decrypt any encrypted oauth2 fields (mainly clientSecret)
-        oauth2 = (await (0, decryption_1.decryptEntries)(configuration.name, environment, this.config.configDir, oauth2)).entries;
+        oauth2 = (await (0, decryption_1.decryptEntries)(configuration.name, environment, this.config.configDir, oauth2)).successful;
         const testAccount = flags['test-account'];
         const testAccountCredentials = configuration.testAccounts?.[testAccount];
         let credentials;
@@ -84,17 +84,17 @@ class Oauth2 extends core_1.Command {
                 return;
             }
             const decryptionResult = await (0, decryption_1.decryptEntries)(configuration.name, environment, this.config.configDir, testAccountCredentials);
-            const refreshToken = decryptionResult.entries?.refreshToken;
+            const refreshToken = decryptionResult.successful.refreshToken;
             core_1.ux.action.start(`Refreshing test account ${testAccount}`, undefined, { stdout: true });
             credentials = await Oauth2Resource.updateToken(oauth2, refreshToken);
             // If provider response doesn't contain a new refresh token, use the one we already have
             if (!credentials.refreshToken) {
                 credentials.refreshToken = refreshToken;
             }
-            if (decryptionResult.decryptedKeys.includes('accessToken')) {
+            if (decryptionResult.successful.accessToken) {
                 credentials.accessToken = (await IntegrationsPlatform.encryptData(configuration.name, credentials.accessToken, false)).encryptedData;
             }
-            if (decryptionResult.decryptedKeys.includes('refreshToken')) {
+            if (decryptionResult.successful.refreshToken) {
                 credentials.refreshToken = (await IntegrationsPlatform.encryptData(configuration.name, credentials.refreshToken, false)).encryptedData;
             }
             core_1.ux.action.stop();

package/dist/src/commands/test.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const tslib_1 = require("tslib");
 const core_1 = require("@oclif/core");
+const chalk_1 = tslib_1.__importDefault(require("chalk"));
 const child_process_1 = tslib_1.__importDefault(require("child_process"));
 const crawlerDriver_1 = require("@unito/integration-debugger/dist/src/services/crawlerDriver");
 const baseCommand_1 = require("../baseCommand");
@@ -99,7 +100,7 @@ class Test extends baseCommand_1.BaseCommand {
         // Resolve the configuration.
         const environment = flags.environment ?? GlobalConfiguration.Environment.Production;
         const configuration = await (0, configuration_1.getConfiguration)(environment, flags['config-path']);
-        let credentialPayload;
+        let credentialPayload = '{}';
         let readOnly = flags['read-only'] ?? false;
         if (flags['credential-id']) {
             const credential = await (0, credentials_1.fetchCredential)(environment, this.config.configDir, flags['credential-id']);
@@ -111,18 +112,28 @@ class Test extends baseCommand_1.BaseCommand {
             credentialPayload = flags['credential-payload'];
         }
         else {
-            let credentials = configuration.testAccounts?.[flags['test-account']];
+            const credentials = configuration.testAccounts?.[flags['test-account']];
             if (credentials) {
-                credentials = (await (0, decryption_1.decryptEntries)(configuration.name, environment, this.config.configDir, credentials))
-                    .entries;
+                const decryptedEntries = await (0, decryption_1.decryptEntries)(configuration.name, environment, this.config.configDir, credentials);
+                if (decryptedEntries.failed.length) {
+                    throw new errors_1.EntryDecryptionError(decryptedEntries.failed.at(0), environment);
+                }
+                credentialPayload = JSON.stringify(decryptedEntries.successful);
             }
-            credentialPayload = JSON.stringify(credentials);
         }
-        let secrets = {};
-        // Decrypt secrets, if necessary.
-        if (configuration.secrets) {
-            secrets = (await (0, decryption_1.decryptEntries)(configuration.name, environment, this.config.configDir, configuration.secrets))
-                .entries;
+        // Load secrets.
+        const { successful: secrets, failed: failedSecrets } = await (0, decryption_1.decryptEntries)(configuration.name, environment, this.config.configDir, configuration.secrets ?? {});
+        if (failedSecrets.length) {
+            throw new errors_1.EntryDecryptionError(failedSecrets.at(0), environment);
+        }
+        // Load environment variables.
+        const { successful: environmentVariables, failed: failedEnvironmentVariables } = await (0, decryption_1.decryptEntries)(configuration.name, environment, this.config.configDir, configuration.environmentVariables ?? {});
+        for (const environmentVariable of failedEnvironmentVariables) {
+            core_1.ux.log();
+            core_1.ux.log(`Could not decrypt the environment variable ${chalk_1.default.yellowBright(environmentVariable)}.`);
+            core_1.ux.log('It may be a normal behavior locally as some environment variables are sensitive secrets.');
+            core_1.ux.log(`You can still pass ${chalk_1.default.yellowBright(`${environmentVariable}=<value>`)} to the CLI command to provide a value for this environment variable.`);
+            core_1.ux.log(`Example: ${chalk_1.default.yellowBright(`${environmentVariable}=foo ${this.config.bin} ${this.id}`)}`);
         }
         // Launch the tests.
         const commandArguments = [
@@ -176,7 +187,7 @@ class Test extends baseCommand_1.BaseCommand {
         const child = child_process_1.default.spawn('node', commandArguments, {
             detached: true,
             stdio: 'inherit',
-            env: { ...process.env, NODE_ENV: 'development', PORT: '9200' },
+            env: { ...process.env, ...environmentVariables, NODE_ENV: 'development', PORT: '9200' },
         });
         // istanbul ignore next
         child.on('exit', (code) => {

package/dist/src/configurationTypes.d.ts

@@ -75,6 +75,16 @@ export interface Configuration {
     secrets?: {
         [k: string]: string;
     };
+    /**
+     * The environment variables of the integration
+     */
+    environmentVariables?: {
+        /**
+         * This interface was referenced by `undefined`'s JSON-Schema definition
+         * via the `patternProperty` "^[A-Z0-9_]+$".
+         */
+        [k: string]: string;
+    };
 }
 /**
  * An authorization is a way to obtain and generate credentials for an integration
@@ -180,11 +190,12 @@ export declare enum Method {
     OAUTH2 = "oauth2"
 }
 /**
- * The type of grant of the OAuth 2 authorization
+ * The type of grant of the OAuth 2 authorization.
  */
 export declare enum GrantType {
     AUTHORIZATION_CODE = "authorization_code",
-    PASSWORD = "password"
+    PASSWORD = "password",
+    CLIENT_CREDENTIALS = "client_credentials"
 }
 /**
  * The content type of exchanged information with the provider

package/dist/src/configurationTypes.js

@@ -16,12 +16,13 @@ var Method;
     Method["OAUTH2"] = "oauth2";
 })(Method || (exports.Method = Method = {}));
 /**
- * The type of grant of the OAuth 2 authorization
+ * The type of grant of the OAuth 2 authorization.
  */
 var GrantType;
 (function (GrantType) {
     GrantType["AUTHORIZATION_CODE"] = "authorization_code";
     GrantType["PASSWORD"] = "password";
+    GrantType["CLIENT_CREDENTIALS"] = "client_credentials";
 })(GrantType || (exports.GrantType = GrantType = {}));
 /**
  * The content type of exchanged information with the provider

package/dist/src/errors.d.ts

@@ -31,9 +31,8 @@ export declare class IntegrationAlreadyExistsError extends Error {
 }
 export declare class EntryDecryptionError extends Error {
     key: string;
-    value: string;
     environment: string;
-    constructor(key: string, value: string, targetEnvironment: string);
+    constructor(key: string, targetEnvironment: string);
 }
 export declare class ConfigurationInvalid extends Error {
     details: unknown;

package/dist/src/errors.js

@@ -55,12 +55,10 @@ class IntegrationAlreadyExistsError extends Error {
 exports.IntegrationAlreadyExistsError = IntegrationAlreadyExistsError;
 class EntryDecryptionError extends Error {
     key;
-    value;
     environment;
-    constructor(key, value, targetEnvironment) {
+    constructor(key, targetEnvironment) {
         super();
         this.key = key;
-        this.value = value;
         this.environment = targetEnvironment;
     }
 }
@@ -134,7 +132,7 @@ function handleError(command, error) {
     else if (error instanceof EntryDecryptionError) {
         command.logToStderr();
         command.logToStderr(chalk_1.default.redBright('A secret cannot be decrypted!'));
-        command.logToStderr(`The secret ${chalk_1.default.yellowBright(error.key)} with the value ${chalk_1.default.yellowBright(error.value)} could not be decrypted.`);
+        command.logToStderr(`The secret ${chalk_1.default.yellowBright(error.key)} could not be decrypted.`);
         command.logToStderr();
         command.logToStderr(`To decrypt this secret locally, make sure:`);
         command.logToStderr();

package/dist/src/resources/decryption.d.ts

@@ -1,11 +1,6 @@
 import * as GlobalConfiguration from './globalConfiguration';
-/**
- * Object returned when decrypting
- *
- * Allows the caller to know which keys were decrypted to reencrypt them later as needed
- */
-export type DecryptionResult = {
-    decryptedKeys: string[];
-    entries: Record<string, unknown>;
+export type DecryptedEntries = {
+    successful: Record<string, unknown>;
+    failed: string[];
 };
-export declare function decryptEntries(configurationName: string, environment: GlobalConfiguration.Environment, configDir: string, entries: Record<string, unknown>, fieldName?: string): Promise<DecryptionResult>;
+export declare function decryptEntries(configurationName: string, environment: GlobalConfiguration.Environment, configDir: string, entries: Record<string, unknown>): Promise<DecryptedEntries>;

package/dist/src/resources/decryption.js

@@ -7,29 +7,37 @@ const GlobalConfiguration = tslib_1.__importStar(require("./globalConfiguration"
 const integrationsPlatform_1 = require("./integrationsPlatform");
 const configuration_1 = require("./configuration");
 const integrationsPlatform_2 = require("../services/integrationsPlatform");
-async function decryptEntries(configurationName, environment, configDir, entries, fieldName = 'entries') {
-    // Get encrypted entries
-    const encryptedEntries = Object.entries(entries).filter((entry) => typeof entry[1] === 'string' && entry[1].startsWith(configuration_1.ENCRYPTION_PREFIX));
-    if (!encryptedEntries.length) {
-        return { decryptedKeys: [], entries };
+async function decryptEntries(configurationName, environment, configDir, entries) {
+    if (!Object.keys(entries).length) {
+        return { successful: entries, failed: [] };
+    }
+    const toDecrypt = {};
+    const toKeepAsIs = {};
+    for (const [key, value] of Object.entries(entries)) {
+        if (typeof value === 'string' && value.startsWith(configuration_1.ENCRYPTION_PREFIX)) {
+            toDecrypt[key] = value;
+        }
+        else {
+            toKeepAsIs[key] = value;
+        }
     }
     const globalConfiguration = await GlobalConfiguration.read(configDir);
     try {
         await (0, integrationsPlatform_1.validateAuthenticated)(globalConfiguration, environment);
     }
-    catch (err) {
-        throw new errors_1.DecryptionAuthenticationError(fieldName);
+    catch {
+        throw new errors_1.DecryptionAuthenticationError();
     }
-    // Copy credentials to avoid mutating the configuration.
-    const decryptedEntries = structuredClone(entries);
-    for (const [key, encryptedEntry] of encryptedEntries) {
+    const decrypted = {};
+    const failed = [];
+    for (const [key, encryptedValue] of Object.entries(toDecrypt)) {
         try {
-            decryptedEntries[key] = (await (0, integrationsPlatform_2.decryptData)(configurationName, encryptedEntry)).decryptedData;
+            decrypted[key] = (await (0, integrationsPlatform_2.decryptData)(configurationName, encryptedValue)).decryptedData;
         }
-        catch (err) {
-            throw new errors_1.EntryDecryptionError(key, encryptedEntry, environment);
+        catch {
+            failed.push(key);
         }
     }
-    return { decryptedKeys: encryptedEntries.map(([key]) => key), entries: decryptedEntries };
+    return { successful: { ...toKeepAsIs, ...decrypted }, failed };
 }
 exports.decryptEntries = decryptEntries;

package/dist/test/commands/dev.test.js

@@ -10,6 +10,8 @@ const IntegrationsPlatformResource = tslib_1.__importStar(require("../../src/res
 const ConfigurationResource = tslib_1.__importStar(require("../../src/resources/configuration"));
 const IntegrationResource = tslib_1.__importStar(require("../../src/resources/integrations"));
 const CredentialResource = tslib_1.__importStar(require("../../src/resources/credentials"));
+const DecryptionResource = tslib_1.__importStar(require("../../src/resources/decryption"));
+const styles_1 = require("../helpers/styles");
 describe('Dev', () => {
     const debuggerConfiguration = {
         ...IntegrationDebugger.getDefaultConfiguration(),
@@ -185,4 +187,22 @@ describe('Dev', () => {
         (0, test_1.expect)(spawnStub.getCall(0).args.at(1)).to.include('--credential-payload={"from":"credential"}');
         (0, test_1.expect)(spawnStub.getCall(0).args.at(1)).to.not.include('--read-only');
     });
+    test_1.test
+        .stdout()
+        .stub(ConfigurationResource, 'getConfiguration', stub => stub.resolves(cliConfiguration))
+        .stub(IntegrationResource, 'validateIsIntegrationDirectory', stub => stub.returns(true))
+        .stub(CredentialResource, 'fetchCredential', stub => stub.resolves({ payload: { from: 'credential' } }))
+        .stub(DecryptionResource, 'decryptEntries', stub => stub
+        .onFirstCall()
+        .resolves({ successful: {}, failed: [] })
+        .onSecondCall()
+        .resolves({ successful: {}, failed: [] })
+        .onThirdCall()
+        .resolves({ successful: { success: 'a' }, failed: ['failure'] }))
+        .command(['dev'])
+        .it('environment variables', ctx => {
+        (0, test_1.expect)(ctx.stdout).to.contain((0, styles_1.uncolorize)('Could not decrypt the environment variable failure.'));
+        (0, test_1.expect)(spawnStub.getCall(0).args.at(2).env.success).to.equal('a');
+        (0, test_1.expect)(spawnStub.getCall(0).args.at(2).env.failure).to.be.undefined;
+    });
 });

package/dist/test/commands/oauth2.test.js

@@ -6,13 +6,11 @@ const core_1 = require("@oclif/core");
 const sinon = tslib_1.__importStar(require("sinon"));
 const inquirer_1 = tslib_1.__importDefault(require("inquirer"));
 const Configuration = tslib_1.__importStar(require("../../src/resources/configuration"));
-const oauth2Service = tslib_1.__importStar(require("../../src/resources/oauth2"));
+const Oauth2Resource = tslib_1.__importStar(require("../../src/resources/oauth2"));
 const IntegrationsPlatform = tslib_1.__importStar(require("../../src/services/integrationsPlatform"));
-const decryptionResource = tslib_1.__importStar(require("../../src/resources/decryption"));
+const DecryptionResource = tslib_1.__importStar(require("../../src/resources/decryption"));
 const configurationTypes_1 = require("../../src/configurationTypes");
 describe('oauth2', () => {
-    const INTEGRATION_NAME = 'myintegration';
-    const sandbox = sinon.createSandbox();
     let getConfigurationsStub;
     let writeTestAccountStub;
     let performOAuth2FlowStub;
@@ -28,7 +26,7 @@ describe('oauth2', () => {
         grantType: configurationTypes_1.GrantType.AUTHORIZATION_CODE,
     };
     const baseConfiguration = {
-        name: INTEGRATION_NAME,
+        name: 'myintegration',
         authorizations: [
             {
                 name: 'MyAuthorization',
@@ -43,19 +41,18 @@ describe('oauth2', () => {
         refreshToken: 'refreshToken',
     };
     beforeEach(() => {
-        getConfigurationsStub = sandbox.stub(Configuration, 'getConfiguration').resolves(baseConfiguration);
-        sandbox.spy(core_1.ux.action, 'start');
-        sandbox.spy(core_1.ux.action, 'stop');
-        sandbox.stub(inquirer_1.default, 'prompt').resolves({
+        getConfigurationsStub = sinon.stub(Configuration, 'getConfiguration').resolves(baseConfiguration);
+        sinon.spy(core_1.ux.action, 'start');
+        sinon.spy(core_1.ux.action, 'stop');
+        sinon.stub(inquirer_1.default, 'prompt').resolves({
             oauth2Information: JSON.stringify(oauth2Information),
         });
-        writeTestAccountStub = sandbox.stub(Configuration, 'writeTestAccount');
-        performOAuth2FlowStub = sandbox.stub(oauth2Service, 'performOAuth2Flow');
-        performOAuth2FlowStub.resolves(credentials);
-        updateTokenStub = sandbox.stub(oauth2Service, 'updateToken').resolves(credentials);
+        writeTestAccountStub = sinon.stub(Configuration, 'writeTestAccount');
+        performOAuth2FlowStub = sinon.stub(Oauth2Resource, 'performOAuth2Flow').resolves(credentials);
+        updateTokenStub = sinon.stub(Oauth2Resource, 'updateToken').resolves(credentials);
     });
     afterEach(() => {
-        sandbox.restore();
+        sinon.restore();
     });
     test_1.test
         .stdout()
@@ -81,6 +78,7 @@ describe('oauth2', () => {
             },
         ],
     }))
+        .stub(DecryptionResource, 'decryptEntries', stub => stub.resolves({ successful: { ...oauth2Information, clientId: 'devClientID' }, failed: [] }))
         .command(['oauth2', '--test-account', 'development'])
         .it('prioritize development authorization', () => {
         (0, test_1.expect)(performOAuth2FlowStub.getCalls().length).to.equal(1);
@@ -109,20 +107,6 @@ describe('oauth2', () => {
             'development',
         ]);
     });
-    test_1.test
-        .stdout()
-        .command(['oauth2', '--test-account', 'development'])
-        .it('performs the oauth flow when there is no test accounts and the auth information are setup', () => {
-        (0, test_1.expect)(performOAuth2FlowStub.getCalls().length).to.equal(1);
-        (0, test_1.expect)(updateTokenStub.getCalls().length).to.equal(0);
-        (0, test_1.expect)(writeTestAccountStub.getCall(0).args).to.deep.equal([
-            baseConfiguration,
-            'production',
-            undefined,
-            credentials,
-            'development',
-        ]);
-    });
     test_1.test
         .stdout()
         .do(() => getConfigurationsStub.returns({
@@ -131,6 +115,7 @@ describe('oauth2', () => {
             development: credentials,
         },
     }))
+        .stub(DecryptionResource, 'decryptEntries', stub => stub.resolves({ successful: { ...oauth2Information }, failed: [] }))
         .command(['oauth2', '--test-account', 'development', '--reauth'])
         .it('performs the oauth flow when there is a test accounts, the auth information are setup and --reauth flag is present', () => {
         (0, test_1.expect)(performOAuth2FlowStub.getCalls().length).to.equal(1);
@@ -156,6 +141,7 @@ describe('oauth2', () => {
             development: { something: 'something' },
         },
     }))
+        .stub(DecryptionResource, 'decryptEntries', stub => stub.resolves({ successful: { ...oauth2Information }, failed: [] }))
         .command(['oauth2', '--test-account', 'compliance'])
         .it('performs the oauth flow when the requested test account is not setup', () => {
         (0, test_1.expect)(performOAuth2FlowStub.getCalls().length).to.equal(1);
@@ -181,6 +167,7 @@ describe('oauth2', () => {
             development: credentials,
         },
     }))
+        .stub(DecryptionResource, 'decryptEntries', stub => stub.resolves({ successful: { ...oauth2Information }, failed: [] }))
         .command(['oauth2', '--test-account', 'development'])
         .it('refresh the token when there is an existing test accounts and the auth information are setup', () => {
         (0, test_1.expect)(performOAuth2FlowStub.getCalls().length).to.equal(0);
@@ -217,19 +204,19 @@ describe('oauth2', () => {
                 },
             },
         });
-        sandbox
-            .stub(decryptionResource, 'decryptEntries')
+        sinon
+            .stub(DecryptionResource, 'decryptEntries')
             .onFirstCall()
-            .resolves({ decryptedKeys: ['clientSecret'], entries: { ...oauth2Information, clientSecret: 'devClientID' } })
+            .resolves({ successful: { ...oauth2Information, clientSecret: 'devClientID' }, failed: [] })
             .onSecondCall()
             .resolves({
-            decryptedKeys: ['accessToken', 'refreshToken'],
-            entries: {
+            failed: [],
+            successful: {
                 accessToken: 'devAccessToken',
                 refreshToken: 'devRefreshToken',
             },
         });
-        sandbox
+        sinon
             .stub(IntegrationsPlatform, 'encryptData')
             .onFirstCall()
             .resolves({ encryptedData: `${Configuration.ENCRYPTION_PREFIX}encryptedAccessToken` })

package/dist/test/commands/test.test.js

@@ -9,7 +9,9 @@ const IntegrationsPlatformResource = tslib_1.__importStar(require("../../src/res
 const ConfigurationResource = tslib_1.__importStar(require("../../src/resources/configuration"));
 const IntegrationResource = tslib_1.__importStar(require("../../src/resources/integrations"));
 const CredentialResource = tslib_1.__importStar(require("../../src/resources/credentials"));
+const DecryptionResource = tslib_1.__importStar(require("../../src/resources/decryption"));
 const errors_1 = require("../../src/errors");
+const styles_1 = require("../helpers/styles");
 describe('Test', () => {
     const cliConfiguration = {
         name: 'a',
@@ -17,6 +19,10 @@ describe('Test', () => {
         secrets: {
             secret: 'encryptedSecret',
         },
+        environmentVariables: {
+            success: '',
+            failure: '',
+        },
         testAccounts: {
             compliance: {
                 accessToken: 'token',
@@ -209,4 +215,22 @@ describe('Test', () => {
         (0, test_1.expect)(spawnStub.getCall(0).args.at(1)).to.include('--credential-payload={"from":"credential"}');
         (0, test_1.expect)(spawnStub.getCall(0).args.at(1)).to.not.include('--read-only');
     });
+    test_1.test
+        .stdout()
+        .stub(ConfigurationResource, 'getConfiguration', stub => stub.resolves(cliConfiguration))
+        .stub(IntegrationResource, 'validateIsIntegrationDirectory', stub => stub.returns(true))
+        .stub(CredentialResource, 'fetchCredential', stub => stub.resolves({ payload: { from: 'credential' } }))
+        .stub(DecryptionResource, 'decryptEntries', stub => stub
+        .onFirstCall()
+        .resolves({ successful: {}, failed: [] })
+        .onSecondCall()
+        .resolves({ successful: {}, failed: [] })
+        .onThirdCall()
+        .resolves({ successful: { success: 'a' }, failed: ['failure'] }))
+        .command(['test'])
+        .it('environment variables', ctx => {
+        (0, test_1.expect)(ctx.stdout).to.contain((0, styles_1.uncolorize)('Could not decrypt the environment variable failure.'));
+        (0, test_1.expect)(spawnStub.getCall(0).args.at(2).env.success).to.equal('a');
+        (0, test_1.expect)(spawnStub.getCall(0).args.at(2).env.failure).to.be.undefined;
+    });
 });

package/dist/test/errors.test.js

@@ -80,7 +80,7 @@ describe('handleError', () => {
         (0, strict_1.default)(handled);
     });
     it('handles EntryDecryptionError', () => {
-        const error = new errors_1.EntryDecryptionError('key', 'value', 'staging');
+        const error = new errors_1.EntryDecryptionError('key', 'staging');
         const handled = (0, errors_1.handleError)(command, error);
         (0, strict_1.default)(handled);
     });

package/dist/test/resources/configuration.test.js

@@ -193,6 +193,36 @@ describe('configuration', () => {
                 await strict_1.default.rejects(Configuration.getConfiguration(globalConfiguration_1.Environment.Production), errors_1.ConfigurationInvalid);
             });
         });
+        describe('validates environment variables', () => {
+            it('valid', async () => {
+                await fs_1.default.promises.writeFile(Configuration.getConfigurationPath(), JSON.stringify({
+                    name: 'foo',
+                    environmentVariables: {
+                        FOO: 'unito-secret-v1://bar',
+                    },
+                }, null, 2));
+                const configuration = await Configuration.getConfiguration(globalConfiguration_1.Environment.Production);
+                strict_1.default.deepEqual(configuration.environmentVariables, { FOO: 'unito-secret-v1://bar' });
+            });
+            it('invalid - type', async () => {
+                await fs_1.default.promises.writeFile(Configuration.getConfigurationPath(), JSON.stringify({
+                    name: 'foo',
+                    environmentVariables: {
+                        FOO: 123,
+                    },
+                }, null, 2));
+                await strict_1.default.rejects(Configuration.getConfiguration(globalConfiguration_1.Environment.Production), errors_1.ConfigurationInvalid);
+            });
+            it('invalid - key pattern', async () => {
+                await fs_1.default.promises.writeFile(Configuration.getConfigurationPath(), JSON.stringify({
+                    name: 'foo',
+                    environmentVariables: {
+                        foo: 'nope',
+                    },
+                }, null, 2));
+                await strict_1.default.rejects(Configuration.getConfiguration(globalConfiguration_1.Environment.Production), errors_1.ConfigurationInvalid);
+            });
+        });
         describe('validates test accounts - custom', () => {
             it('valid test accounts', async () => {
                 await fs_1.default.promises.writeFile(Configuration.getConfigurationPath(), JSON.stringify({

package/dist/test/resources/decryption.test.js

@@ -40,8 +40,8 @@ describe('decryption helper', () => {
                 accessToken: 'developmentToken',
                 accessToken1: 'developmentToken1',
             });
-            strict_1.default.deepEqual(decryptionResult.decryptedKeys, []);
-            strict_1.default.deepEqual(decryptionResult.entries, {
+            strict_1.default.deepEqual(decryptionResult.failed, []);
+            strict_1.default.deepEqual(decryptionResult.successful, {
                 accessToken1: 'developmentToken1',
                 accessToken: 'developmentToken',
             });
@@ -51,8 +51,8 @@ describe('decryption helper', () => {
                 accessToken: 'token',
                 encryptedToken: `${configuration_1.ENCRYPTION_PREFIX}decrypt-me`,
             });
-            strict_1.default.deepEqual(decryptionResult.decryptedKeys, ['encryptedToken']);
-            strict_1.default.deepEqual(decryptionResult.entries, {
+            strict_1.default.deepEqual(decryptionResult.failed, []);
+            strict_1.default.deepEqual(decryptionResult.successful, {
                 accessToken: 'token',
                 encryptedToken: `decrypted-me`,
             });
@@ -62,16 +62,16 @@ describe('decryption helper', () => {
                 encryptedSecret1: `${configuration_1.ENCRYPTION_PREFIX}decrypt-me`,
                 encryptedSecret2: `${configuration_1.ENCRYPTION_PREFIX}decrypt-me`,
             });
-            strict_1.default.deepEqual(decryptionResult.decryptedKeys, ['encryptedSecret1', 'encryptedSecret2']);
-            strict_1.default.deepEqual(decryptionResult.entries, {
+            strict_1.default.deepEqual(decryptionResult.failed, []);
+            strict_1.default.deepEqual(decryptionResult.successful, {
                 encryptedSecret1: 'decrypted-me',
                 encryptedSecret2: 'decrypted-me',
             });
         });
         it('support empty object', async () => {
             const decryptionResult = await decryptionHelper.decryptEntries(configuration.name, GlobalConfiguration.Environment.Local, '/path/to/config', {});
-            strict_1.default.deepEqual(decryptionResult.decryptedKeys, []);
-            strict_1.default.deepEqual(decryptionResult.entries, {});
+            strict_1.default.deepEqual(decryptionResult.failed, []);
+            strict_1.default.deepEqual(decryptionResult.successful, {});
         });
     });
 });

package/dist/test/services/integrationsPlatform.test.js

@@ -44,6 +44,7 @@ describe('integrations platform', function () {
         sinon.restore();
     });
     it('environment', function () {
+        IntegrationsPlatform.setEnvironment(globalConfiguration_1.Environment.Local);
         strict_1.default.equal(integrations_platform_client_1.default.defaults.baseUrl, integrations_platform_client_1.default.servers.local);
         IntegrationsPlatform.setEnvironment(globalConfiguration_1.Environment.Production);
         strict_1.default.equal(integrations_platform_client_1.default.defaults.baseUrl, integrations_platform_client_1.default.servers.production);

package/oclif.manifest.json

@@ -1,5 +1,5 @@
 {
-  "version": "0.58.9",
+  "version": "0.60.0",
   "commands": {
     "activity": {
       "id": "activity",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@unito/integration-cli",
-  "version": "0.58.9",
+  "version": "0.60.0",
   "description": "Integration CLI",
   "bin": {
     "integration-cli": "./bin/run"