diff --git a/docs/secrets.md b/docs/secrets.md index 3c011ae..724419b 100644 --- a/docs/secrets.md +++ b/docs/secrets.md @@ -187,7 +187,8 @@ effective := secretstore.EffectiveBackendPolicy(store) fmt.Println("backend effectif:", effective) // bitwarden-cli, env-only, keyring-any... ``` -Pour obtenir en un seul appel une description runtime (source manifeste, policy déclarée/effective, disponibilité) : +Pour obtenir en un seul appel une description runtime légère (source manifeste, +policy déclarée/effective, backend affiché) : ```go desc, err := secretstore.DescribeRuntime(secretstore.DescribeRuntimeOptions{ @@ -202,7 +203,8 @@ fmt.Println(secretstore.FormatBackendStatus(desc)) // declared=... effective=... display=... ready=... source=... ``` -Pour un préflight réutilisable dans `setup`, `config show` et `config test` : +`DescribeRuntime` ne contacte pas Bitwarden par défaut. Pour vérifier réellement +la disponibilité du backend, utiliser le préflight : ```go report, err := secretstore.PreflightFromManifest(secretstore.PreflightOptions{ diff --git a/secretstore/runtime.go b/secretstore/runtime.go index 7604b99..08b93ab 100644 --- a/secretstore/runtime.go +++ b/secretstore/runtime.go @@ -16,6 +16,7 @@ type DescribeRuntimeOptions struct { BitwardenCommand string BitwardenDebug bool DisableBitwardenCache bool + CheckReady bool Shell string ManifestLoader ManifestLoader ExecutableResolver ExecutableResolver @@ -91,7 +92,7 @@ func DescribeRuntime(options DescribeRuntimeOptions) (RuntimeDescription, error) desc.EffectivePolicy = effective desc.DisplayName = BackendDisplayName(effective) } - if desc.EffectivePolicy == BackendBitwardenCLI { + if options.CheckReady && desc.EffectivePolicy == BackendBitwardenCLI { if err := verifyBitwardenCLIReady(Options{ BitwardenCommand: options.BitwardenCommand, BitwardenDebug: options.BitwardenDebug, @@ -107,6 +108,7 @@ func DescribeRuntime(options DescribeRuntimeOptions) (RuntimeDescription, error) } func PreflightFromManifest(options PreflightOptions) (PreflightReport, error) { + options.CheckReady = true desc, err := DescribeRuntime(options) if err != nil { return PreflightReport{}, err diff --git a/secretstore/runtime_test.go b/secretstore/runtime_test.go index 3daf05b..23f90f1 100644 --- a/secretstore/runtime_test.go +++ b/secretstore/runtime_test.go @@ -46,16 +46,9 @@ func TestDescribeRuntimeReturnsDeclaredAndEffectivePolicies(t *testing.T) { } } -func TestDescribeRuntimeReportsUnavailableBitwardenAsNotReady(t *testing.T) { +func TestDescribeRuntimeDoesNotProbeBitwardenByDefault(t *testing.T) { withBitwardenRunner(t, func(command string, stdin []byte, args ...string) ([]byte, error) { - switch { - case len(args) == 1 && args[0] == "--version": - return []byte("2026.1.0\n"), nil - case len(args) == 1 && args[0] == "status": - return []byte(`{"status":"locked"}`), nil - default: - return nil, errors.New("unexpected bitwarden invocation") - } + return nil, errors.New("unexpected bitwarden invocation") }) desc, err := DescribeRuntime(DescribeRuntimeOptions{ @@ -80,14 +73,11 @@ func TestDescribeRuntimeReportsUnavailableBitwardenAsNotReady(t *testing.T) { if desc.EffectivePolicy != BackendBitwardenCLI { t.Fatalf("EffectivePolicy = %q, want %q", desc.EffectivePolicy, BackendBitwardenCLI) } - if desc.Ready { - t.Fatalf("Ready = %v, want false", desc.Ready) + if !desc.Ready { + t.Fatalf("Ready = %v, want true without readiness probe", desc.Ready) } - if !errors.Is(desc.ReadyError, ErrBWLocked) { - t.Fatalf("ReadyError = %v, want ErrBWLocked", desc.ReadyError) - } - if !strings.Contains(desc.ReadyError.Error(), "set -x BW_SESSION (bw unlock --raw)") { - t.Fatalf("ReadyError = %v, want fish remediation", desc.ReadyError) + if desc.ReadyError != nil { + t.Fatalf("ReadyError = %v, want nil without readiness probe", desc.ReadyError) } }