feature/nanocl: secret patch command

bin/nanocl/Cargo.toml

@@ -3,7 +3,7 @@ name = "nanocl"
 version = "0.16.3"
 edition = "2021"
 authors = ["nanocl contributors <team@next-hat.com>"]
-description = "The Self-Sufficient Orchestrator CLI"
+description = "Container and virtual machine orchestrator"
 readme = "../../README.md"
 license = "MIT OR Apache-2.0"
 homepage = "https://next-hat.com/nanocl"

bin/nanocl/src/commands/secret.rs

@@ -4,7 +4,8 @@ use nanocld_client::stubs::secret::Secret;
 use crate::{
   config::CliConfig,
   models::{
-    GenericDefaultOpts, SecretArg, SecretCommand, SecretCreateOpts, SecretRow,
+    GenericDefaultOpts, SecretArg, SecretCommand, SecretCreateOpts,
+    SecretPatchOpts, SecretRow,
   },
 };
 
@@ -43,6 +44,15 @@ async fn exec_secret_create(
   Ok(())
 }
 
+async fn exec_secret_patch(
+  cli_conf: &CliConfig,
+  opts: &SecretPatchOpts,
+) -> IoResult<()> {
+  let update = opts.clone().try_into()?;
+  cli_conf.client.patch_secret(&opts.name, &update).await?;
+  Ok(())
+}
+
 /// Function that execute when running `nanocl secret`
 pub async fn exec_secret(
   cli_conf: &CliConfig,
@@ -59,5 +69,6 @@ pub async fn exec_secret(
       SecretArg::exec_inspect(cli_conf, opts, None).await
     }
     SecretCommand::Create(opts) => exec_secret_create(cli_conf, opts).await,
+    SecretCommand::Patch(opts) => exec_secret_patch(cli_conf, opts).await,
   }
 }

bin/nanocl/src/main.rs

@@ -750,6 +750,26 @@ mod tests {
     assert_cli_ok!("secret", "rm", "-y", "test-cli");
   }
 
+  /// Test Secret patch command for env secrets
+  #[ntex::test]
+  async fn secret_patch() {
+    // Create an env secret
+    assert_cli_ok!(
+      "secret",
+      "create",
+      "env.test",
+      "env",
+      "FOO=bar",
+      "HELLO=world"
+    );
+    // Patch the env secret with a new value for FOO
+    assert_cli_ok!("secret", "patch", "env.test", "env", "FOO=baz");
+    // Inspect the secret
+    assert_cli_ok!("secret", "inspect", "env.test");
+    // Cleanup
+    assert_cli_ok!("secret", "rm", "-y", "env.test");
+  }
+
   #[ntex::test]
   async fn virtual_machine() {
     assert_cli_ok!(

bin/nanocl/src/models/mod.rs

@@ -41,9 +41,15 @@ pub use uninstall::*;
 pub use vm::*;
 pub use vm_image::*;
 
+const LONG_ABOUT: &str = r#"Nanocl is a modern, self-sufficient orchestrator for containers and virtual machines.
+It delivers a clean dev→prod workflow with declarative Statefiles (YAML/TOML/JSON) and opinionated, predictable defaults.
+Built in Rust for performance and safety, it keeps operational overhead low while remaining powerful and extensible.
+Manage cargoes, resources, jobs, and VMs with dynamic routing, DNS, and end-to-end TLS.
+Start local on a single node and scale out when ready — simple to learn, production-grade by design."#;
+
 /// Cli available options and commands
 #[derive(Parser)]
-#[clap(about, version, name = "nanocl")]
+#[clap(name = "nanocl", version, about, long_about = LONG_ABOUT)]
 pub struct Cli {
   /// Nanocld host default: unix://run/nanocl/nanocl.sock
   #[clap(long, short = 'H')]

bin/nanocl/src/models/secret.rs

@@ -4,7 +4,7 @@ use serde::Serialize;
 use tabled::Tabled;
 
 use nanocl_error::io::IoError;
-use nanocld_client::stubs::secret::{Secret, SecretPartial};
+use nanocld_client::stubs::secret::{Secret, SecretPartial, SecretUpdate};
 
 use super::{GenericInspectOpts, GenericListOpts, GenericRemoveOpts};
 
@@ -21,6 +21,8 @@ pub enum SecretCommand {
   Inspect(GenericInspectOpts),
   /// Create a new secret
   Create(SecretCreateOpts),
+  /// Update a secret data
+  Patch(SecretPatchOpts),
 }
 
 /// `nanocl secret` available arguments
@@ -159,6 +161,74 @@ pub struct SecretCreateOpts {
   pub kind: SecretKindCreateCommand,
 }
 
+/// Kind for patching secret data
+#[derive(Clone, Subcommand)]
+pub enum SecretKindPatchCommand {
+  /// Update env secret values
+  Env(EnvCreateOpts),
+  /// Update TLS secret values
+  Tls(TlsCreateOpts),
+  /// Update container registry secret values
+  ContainerRegistry(ContainerRegistryCreateOpts),
+}
+
+/// `nanocl secret patch` available options
+#[derive(Clone, Parser)]
+pub struct SecretPatchOpts {
+  /// Name of your secret to update
+  pub name: String,
+  /// New data of the secret according to its kind
+  #[clap(subcommand)]
+  pub kind: SecretKindPatchCommand,
+}
+
+impl TryFrom<SecretPatchOpts> for SecretUpdate {
+  type Error = IoError;
+
+  fn try_from(opts: SecretPatchOpts) -> Result<Self, Self::Error> {
+    let data = match &opts.kind {
+      SecretKindPatchCommand::Env(env) => serde_json::to_value(&env.values)?,
+      SecretKindPatchCommand::Tls(tls) => {
+        let mut cert = tls.certificate.clone();
+        let mut cert_key = tls.certificate_key.clone();
+        let mut cert_client = tls.certificate_client.clone();
+        if cert.is_none() && tls.certificate_path.is_none() {
+          return Err(IoError::interrupted("Certificate", "is required"));
+        }
+        if cert_key.is_none() && tls.certificate_key_path.is_none() {
+          return Err(IoError::interrupted("Certificate key", "is required"));
+        }
+        if let Some(certificate_path) = &tls.certificate_path {
+          cert = Some(std::fs::read_to_string(certificate_path)?);
+        }
+        if let Some(certificate_key_path) = &tls.certificate_key_path {
+          cert_key = Some(std::fs::read_to_string(certificate_key_path)?);
+        }
+        if let Some(certificate_client_path) = &tls.certificate_client_path {
+          cert_client = Some(std::fs::read_to_string(certificate_client_path)?);
+        }
+        let tls = TlsCreateOpts {
+          certificate: cert,
+          certificate_key: cert_key,
+          certificate_client: cert_client,
+          certificate_path: None,
+          certificate_key_path: None,
+          certificate_client_path: None,
+          ..tls.clone()
+        };
+        serde_json::to_value(tls)?
+      }
+      SecretKindPatchCommand::ContainerRegistry(container_registry) => {
+        serde_json::to_value(container_registry)?
+      }
+    };
+    Ok(SecretUpdate {
+      metadata: None,
+      data,
+    })
+  }
+}
+
 /// A row of the secret table
 #[derive(Tabled)]
 #[tabled(rename_all = "UPPERCASE")]

bin/ncdns/Cargo.toml

@@ -30,7 +30,12 @@ nanocl_utils = { version = "0.7", features = ["build_tools"] }
 serde_yaml = "0.9"
 
 [dependencies]
-nanocl_error = { version = "0.5", features = ["io", "http", "http_client"] }
+nanocl_error = { version = "0.5", features = [
+  "io",
+  "http",
+  "http_client",
+  "serde_json",
+] }
 log = "0.4"
 clap = { version = "4.5", features = ["derive"] }
 ntex = { version = "2", features = ["tokio", "openssl"] }

doc/man/nanocl-backup.md

@@ -1,10 +1,14 @@
 ---
 title: Backup
-sidebar_position: 2
+sidebar_position: 1
 ---
 
 # Backup
 
+# NAME
+
+backup - Backup the current state
+
 ## SYNOPSIS
 
 **backup** \[**-o**\|**--output-dir**\] \[**-y**\|**--yes**\]
@@ -16,7 +20,7 @@ Backup the current state
 
 ## OPTIONS
 
-**-o**, **--output-dir**=*OUTPUT_DIR*  
+**-o**, **--output-dir** *\<OUTPUT_DIR\>*  
 Directory where to write the backup default to the current directory
 
 **-y**, **--yes**  

doc/man/nanocl-cargo-create.md

@@ -1,10 +1,14 @@
 ---
 title: Cargo create
-sidebar_position: 4
+sidebar_position: 2
 ---
 
 # Cargo create
 
+# NAME
+
+create - Create a new cargo
+
 ## SYNOPSIS
 
 **create** \[**-v**\|**--volume**\] \[**-e**\|**--env**\]
@@ -16,10 +20,10 @@ Create a new cargo
 
 ## OPTIONS
 
-**-v**, **--volume**=*VOLUMES*  
+**-v**, **--volume** *\<VOLUMES\>*  
 Volumes of the cargo
 
-**-e**, **--env**=*ENV*  
+**-e**, **--env** *\<ENV\>*  
 Environment variables of the cargo
 
 **-h**, **--help**  

doc/man/nanocl-cargo-exec.md

@@ -1,10 +1,14 @@
 ---
 title: Cargo exec
-sidebar_position: 5
+sidebar_position: 3
 ---
 
 # Cargo exec
 
+# NAME
+
+exec - Execute a command inside a cargo
+
 ## SYNOPSIS
 
 **exec** \[**-t**\|**--tty**\] \[**--detach-keys**\] \[**-e **\]
@@ -20,19 +24,19 @@ Execute a command inside a cargo
 **-t**, **--tty**  
 Allocate a pseudo-TTY
 
-**--detach-keys**=*DETACH_KEYS*  
+**--detach-keys** *\<DETACH_KEYS\>*  
 Override the key sequence for detaching a container
 
-**-e**=*ENV*  
+**-e** *\<ENV\>*  
 Set environment variables
 
 **--privileged**  
 Give extended privileges to the command
 
-**-u**=*USER*  
+**-u** *\<USER\>*  
 Username or UID (format: "\<name\|uid\>\[:\<group\|gid\>\]")
 
-**-w**, **--workdir**=*WORKING_DIR*  
+**-w**, **--workdir** *\<WORKING_DIR\>*  
 Working directory inside the container
 
 **-h**, **--help**  

doc/man/nanocl-cargo-history.md

@@ -1,10 +1,14 @@
 ---
 title: Cargo history
-sidebar_position: 6
+sidebar_position: 4
 ---
 
 # Cargo history
 
+# NAME
+
+history - List cargo history
+
 ## SYNOPSIS
 
 **history** \[**-h**\|**--help**\] \<*NAME*\>

doc/man/nanocl-cargo-image.md

@@ -0,0 +1,43 @@
+---
+title: Cargo image
+sidebar_position: 5
+---
+
+# Cargo image
+
+# NAME
+
+nanocl cargo image - \`nanocl cargo image\` available arguments
+
+## SYNOPSIS
+
+**nanocl cargo image** \[**-h**\|**--help**\] \<*subcommands*\>
+
+## DESCRIPTION
+
+\`nanocl cargo image\` available arguments
+
+## OPTIONS
+
+**-h**, **--help**  
+Print help
+
+# SUBCOMMANDS
+
+nanocl cargo image-list(1)  
+List cargo images
+
+nanocl cargo image-pull(1)  
+Pull a new cargo image
+
+nanocl cargo image-remove(1)  
+Remove an existing cargo image
+
+nanocl cargo image-inspect(1)  
+Inspect a cargo image
+
+nanocl cargo image-import(1)  
+Import a cargo image from a tarball
+
+nanocl cargo image-help(1)  
+Print this message or the help of the given subcommand(s)

doc/man/nanocl-cargo-inspect.md

@@ -1,10 +1,14 @@
 ---
 title: Cargo inspect
-sidebar_position: 7
+sidebar_position: 6
 ---
 
 # Cargo inspect
 
+# NAME
+
+inspect - Inspect a cargo by its name
+
 ## SYNOPSIS
 
 **inspect** \[**--display**\] \[**-h**\|**--help**\] \<*KEY*\>
@@ -15,7 +19,7 @@ Inspect a cargo by its name
 
 ## OPTIONS
 
-**--display**=*DISPLAY*  
+**--display** *\<DISPLAY\>*  
 Display format