Adds support for secret resolution via support of secretResolver.

[VShingala]

Overview

This PR adds support for the optional secretResolvers interface that can accept various resolvers taking care of the actual resolution of variables of type secrets and their resolution.

[codecov]

Codecov Report

❌ Patch coverage is 3.30579% with 117 lines in your changes missing coverage. Please review.
✅ Project coverage is 41.09%. Comparing base (ad947cc) to head (971af12).

Files with missing lines	Patch %	Lines
lib/runner/extensions/item.command.js	1.78%	55 Missing ⚠️
lib/runner/resolve-secrets.js	4.25%	45 Missing ⚠️
lib/runner/extensions/event.command.js	5.55%	17 Missing ⚠️

❌ Your patch check has failed because the patch coverage (3.30%) is below the target coverage (100.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #1543      +/-   ##
===========================================
- Coverage    41.88%   41.09%   -0.79%     
===========================================
  Files           49       50       +1     
  Lines         3794     3876      +82     
  Branches      1087     1115      +28     
===========================================
+ Hits          1589     1593       +4     
- Misses        2082     2160      +78     
  Partials       123      123              

Flag	Coverage Δ
unit	41.09% <3.30%> (-0.79%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[appurva21]

Are we tracking changes to make scripts work separately?

[appurva21]

Needs to be added to README

[appurva21]

I don't think runtime needs to be aware of all kinds of sources and their respective resolvers. Runtime should just accept one resolver, which then can encapsulate all this (including retry and timeout).

Let's follow the same pattern as options.script.packageResolver etc.

[VShingala]

Makes sense. Will work on this and update.

[appurva21]

Why do we have these changes?

[VShingala]

Removing them completely now as not needed anymore. previous approach resolved secret here so they were left out.

[appurva21]

isSecretResolutionFailed why do we need this?

[VShingala]

@appurva21 item trigger gets following args (err, coords, item, result, options). Added this to determine that error was because of the secret resolution and not in other place like pre-request, request, or tests. I don't think there's current usage so it can be removed if needed.

Ideally, if we expect from consumer to provide correct codes/errors from secretResolver side, it's not needed since error will have that info but if not then it'd be usefull field.

it's similar to how we pass { isSkipped: true } in case of execution skip.

[appurva21]

If we just run this logic on used variables, how would we make it work in scripts?

[VShingala]

Yes, we'll be resolving all secrets for now. making related changes.

[appurva21]

There is an each function on values - https://github.com/postmanlabs/postman-collection/blob/b3d052bdfcf304a8243f73618c6aa962ca517115/lib/collection/property-list.js#L412

[appurva21]

This is to handle?

scope can be converted to VariableScope if it is not already one

[appurva21]

Let's revert this

[appurva21]

note: bump to correct version before merge

[VShingala]

Removing them completely now as not needed anymore. previous approach resolved secret here so they were left out.

[VShingala]

@appurva21 item trigger gets following args (err, coords, item, result, options). Added this to determine that error was because of the secret resolution and not in other place like pre-request, request, or tests. I don't think there's current usage so it can be removed if needed.

Ideally, if we expect from consumer to provide correct codes/errors from secretResolver side, it's not needed since error will have that info but if not then it'd be usefull field.

it's similar to how we pass { isSkipped: true } in case of execution skip.

[VShingala]

Yes, we'll be resolving all secrets for now. making related changes.

[VShingala]

We'll update this to correct version once we have related PR merged.

PR: postmanlabs/postman-collection#1421

[appurva21]

Do we need to send the payload to secretResolver?

[VShingala]

@appurva21 Yes, it's used for context in cases like domain based resolution and such. i.e. If request URL is matching with allowed domain for vault secret, we'd resolved otherwise not.