2022-11-16 08:17:07 +00:00
|
|
|
// Copyright © 2022 Roberto Hidalgo <joao@un.rob.mx>
|
2022-12-31 06:14:08 +00:00
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
2022-12-14 05:41:03 +00:00
|
|
|
package opclient
|
2022-11-16 08:17:07 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"encoding/json"
|
|
|
|
"fmt"
|
|
|
|
"os"
|
|
|
|
"os/exec"
|
2022-12-14 05:41:03 +00:00
|
|
|
"strings"
|
2022-11-16 08:17:07 +00:00
|
|
|
|
|
|
|
op "github.com/1Password/connect-sdk-go/onepassword"
|
2022-12-14 05:41:03 +00:00
|
|
|
"github.com/alessio/shellescape"
|
2023-11-26 02:13:32 +00:00
|
|
|
"github.com/hashicorp/go-version"
|
2022-12-14 05:41:03 +00:00
|
|
|
"github.com/sirupsen/logrus"
|
2022-11-16 08:17:07 +00:00
|
|
|
)
|
|
|
|
|
2023-11-26 02:13:32 +00:00
|
|
|
// Path points to the op binary.
|
|
|
|
var Path = "op"
|
|
|
|
var probedVersionModern = false
|
|
|
|
var versionConstraint = version.MustConstraints(version.NewConstraint(">= 2.23"))
|
|
|
|
var Exec ExecFunc = DefaultExec
|
2022-11-16 08:17:07 +00:00
|
|
|
|
2023-11-26 02:13:32 +00:00
|
|
|
type ExecFunc func(program string, args []string, stdin *bytes.Buffer) (bytes.Buffer, error)
|
2022-12-17 05:40:43 +00:00
|
|
|
|
2023-11-26 02:13:32 +00:00
|
|
|
func DefaultExec(program string, args []string, stdin *bytes.Buffer) (stdout bytes.Buffer, err error) {
|
|
|
|
cmd := exec.Command(Path, args...)
|
2022-11-16 08:17:07 +00:00
|
|
|
|
|
|
|
cmd.Env = os.Environ()
|
|
|
|
cmd.Stdout = &stdout
|
|
|
|
var stderr bytes.Buffer
|
|
|
|
cmd.Stderr = &stderr
|
2023-11-26 02:13:32 +00:00
|
|
|
if err = cmd.Run(); err != nil {
|
2022-12-20 05:49:37 +00:00
|
|
|
return stderr, fmt.Errorf("op exited with %s:\n%s", err, stderr.Bytes())
|
2022-11-16 08:17:07 +00:00
|
|
|
}
|
|
|
|
if cmd.ProcessState.ExitCode() > 0 {
|
2022-12-14 05:41:03 +00:00
|
|
|
return stderr, fmt.Errorf("op exited with %d: %s", cmd.ProcessState.ExitCode(), stderr.Bytes())
|
|
|
|
}
|
|
|
|
|
|
|
|
return stdout, nil
|
|
|
|
}
|
|
|
|
|
2023-11-26 02:13:32 +00:00
|
|
|
type CLI struct {
|
|
|
|
DryRun bool // Won't write to 1Password
|
|
|
|
}
|
|
|
|
|
2023-11-26 02:35:12 +00:00
|
|
|
func invoke(dryRun bool, vault string, stdin *bytes.Buffer, args ...string) (bytes.Buffer, error) {
|
2023-11-26 02:13:32 +00:00
|
|
|
if vault != "" {
|
|
|
|
args = append([]string{"--vault", shellescape.Quote(vault)}, args...)
|
|
|
|
}
|
|
|
|
|
|
|
|
argString := strings.Join(args, " ")
|
2023-11-26 02:35:12 +00:00
|
|
|
if dryRun {
|
2023-11-26 02:13:32 +00:00
|
|
|
logrus.Warnf("dry-run: Would have invoked `op %s`", argString)
|
2023-11-26 02:35:12 +00:00
|
|
|
logrus.Warnf("dry-run: stdin `%s`", stdin)
|
2023-11-26 02:13:32 +00:00
|
|
|
return bytes.Buffer{}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
logrus.Debugf("running `%s %s`", Path, argString)
|
|
|
|
return Exec(Path, args, stdin)
|
|
|
|
}
|
|
|
|
|
2022-12-14 05:41:03 +00:00
|
|
|
func (b *CLI) Get(vault, name string) (*op.Item, error) {
|
2023-11-26 02:35:12 +00:00
|
|
|
stdout, err := invoke(false, vault, nil, "item", "--format", "json", "get", name)
|
2022-12-14 05:41:03 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
2022-11-16 08:17:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
var item *op.Item
|
|
|
|
if err := json.Unmarshal(stdout.Bytes(), &item); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return item, nil
|
|
|
|
}
|
|
|
|
|
2022-12-18 18:16:46 +00:00
|
|
|
func (b *CLI) Create(item *op.Item) error {
|
2022-12-14 05:41:03 +00:00
|
|
|
logrus.Infof("Creating new item: %s/%s", item.Vault.ID, item.Title)
|
|
|
|
|
|
|
|
itemJSON, err := json.Marshal(item)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("could not serialize op item into json: %w", err)
|
|
|
|
}
|
|
|
|
|
2023-11-26 02:13:32 +00:00
|
|
|
stdin := bytes.NewBuffer(itemJSON)
|
|
|
|
|
2023-11-26 02:35:12 +00:00
|
|
|
_, err = invoke(b.DryRun, item.Vault.ID, stdin, "item", "create")
|
2023-11-26 02:13:32 +00:00
|
|
|
if err != nil {
|
2022-12-14 05:41:03 +00:00
|
|
|
return fmt.Errorf("could not create item: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
logrus.Infof("Item %s/%s created", item.Vault.ID, item.Title)
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2022-12-18 18:16:46 +00:00
|
|
|
func (b *CLI) Update(item *op.Item, remote *op.Item) error {
|
2023-11-26 02:35:12 +00:00
|
|
|
res, err := invoke(false, "", nil, "--version")
|
2023-11-26 02:13:32 +00:00
|
|
|
if err == nil {
|
2023-11-26 02:35:12 +00:00
|
|
|
v := strings.TrimSpace(res.String())
|
|
|
|
current, err := version.NewVersion(v)
|
2023-11-26 02:13:32 +00:00
|
|
|
if err == nil {
|
|
|
|
probedVersionModern = versionConstraint.Check(current)
|
|
|
|
} else {
|
2023-11-26 02:35:12 +00:00
|
|
|
logrus.Debugf("Failed parsing version <%s>: %s", v, err)
|
2023-11-26 02:13:32 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if probedVersionModern {
|
|
|
|
return b.UpdateModern(item, remote)
|
|
|
|
}
|
|
|
|
|
|
|
|
return b.DeprecatedUpdate(item, remote)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (b *CLI) UpdateModern(updated *op.Item, original *op.Item) error {
|
|
|
|
itemJSON, err := json.Marshal(updated)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("could not serialize op item into json: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
stdin := bytes.NewBuffer(itemJSON)
|
2023-11-26 02:35:12 +00:00
|
|
|
_, err = invoke(b.DryRun, updated.Vault.ID, stdin, "item", "edit", original.Title)
|
2023-11-26 02:13:32 +00:00
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("could not create item: %w", err)
|
|
|
|
}
|
|
|
|
|
2023-11-26 02:35:12 +00:00
|
|
|
logrus.Infof("Item %s/%s updated", updated.Vault.ID, updated.Title)
|
2023-11-26 02:13:32 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (b *CLI) DeprecatedUpdate(updated *op.Item, original *op.Item) error {
|
|
|
|
logrus.Warnf("Using op-cli < 2.23 means using a hack for updating items, please upgrade ASAP!")
|
|
|
|
args := []string{"item", "edit", updated.Title, "--"}
|
2022-12-17 05:40:43 +00:00
|
|
|
localKeys := map[string]int{}
|
2022-12-14 05:41:03 +00:00
|
|
|
|
2023-11-26 02:13:32 +00:00
|
|
|
for _, field := range updated.Fields {
|
2022-12-17 05:40:43 +00:00
|
|
|
kind := ""
|
|
|
|
if field.Type == "CONCEALED" {
|
|
|
|
kind = "password"
|
|
|
|
} else {
|
2022-12-14 05:41:03 +00:00
|
|
|
kind = "text"
|
|
|
|
}
|
2022-12-17 05:40:43 +00:00
|
|
|
keyName := keyForField(field)
|
|
|
|
key := fmt.Sprintf("%s[%s]", keyName, kind)
|
2022-12-14 05:41:03 +00:00
|
|
|
args = append(args, fmt.Sprintf("%s=%s", key, field.Value))
|
2022-12-17 05:40:43 +00:00
|
|
|
localKeys[keyName] = 1
|
|
|
|
}
|
|
|
|
|
2023-11-26 02:13:32 +00:00
|
|
|
for _, field := range original.Fields {
|
2022-12-17 05:40:43 +00:00
|
|
|
key := keyForField(field)
|
|
|
|
if _, exists := localKeys[key]; !exists {
|
|
|
|
logrus.Debugf("Deleting remote key %s", key)
|
|
|
|
args = append(args, key+"[delete]=")
|
|
|
|
}
|
2022-12-14 05:41:03 +00:00
|
|
|
}
|
|
|
|
|
2022-12-18 18:16:46 +00:00
|
|
|
if b.DryRun {
|
|
|
|
logrus.Warnf("dry-run: Would have invoked op %v", args)
|
|
|
|
return nil
|
|
|
|
}
|
2023-11-26 02:35:12 +00:00
|
|
|
stdout, err := invoke(b.DryRun, updated.Vault.ID, nil, args...)
|
2022-12-14 05:41:03 +00:00
|
|
|
if err != nil {
|
|
|
|
logrus.Errorf("op stderr: %s", stdout.String())
|
|
|
|
return err
|
|
|
|
}
|
2023-11-26 02:13:32 +00:00
|
|
|
logrus.Infof("Item %s/%s updated", updated.Vault.ID, updated.Title)
|
2022-11-16 08:17:07 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (b *CLI) List(vault, prefix string) ([]string, error) {
|
|
|
|
return nil, nil
|
|
|
|
}
|