2022-11-16 07:38:04 +00:00
|
|
|
// Copyright © 2022 Roberto Hidalgo <joao@un.rob.mx>
|
2022-12-31 06:14:08 +00:00
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
2022-12-14 05:41:03 +00:00
|
|
|
package opclient
|
2022-11-16 07:38:04 +00:00
|
|
|
|
|
|
|
import (
|
2022-12-18 18:16:46 +00:00
|
|
|
"fmt"
|
|
|
|
"strings"
|
|
|
|
|
2023-11-28 01:42:35 +00:00
|
|
|
"github.com/1Password/connect-sdk-go/onepassword"
|
2022-11-16 07:38:04 +00:00
|
|
|
op "github.com/1Password/connect-sdk-go/onepassword"
|
2022-12-18 18:16:46 +00:00
|
|
|
"github.com/sirupsen/logrus"
|
2022-11-16 07:38:04 +00:00
|
|
|
)
|
|
|
|
|
2023-11-28 01:42:35 +00:00
|
|
|
const itemMissingErrorSuffix = `" isn't an item.` // Specify the item...
|
|
|
|
const itemMissingErrorWithVault = `" isn't an item in the "` // "vaultName" vault. Specify the item...
|
|
|
|
|
|
|
|
func ItemMissingError(name string, err error) bool {
|
|
|
|
if opErr, ok := err.(*onepassword.Error); ok {
|
|
|
|
return opErr.StatusCode == 404
|
|
|
|
}
|
|
|
|
needle := itemMissingErrorSuffix
|
|
|
|
needleWithVault := itemMissingErrorWithVault
|
|
|
|
if name != "" {
|
|
|
|
needle = fmt.Sprintf(`"%s`+itemMissingErrorSuffix, name)
|
|
|
|
needleWithVault = fmt.Sprintf(`"%s`+itemMissingErrorWithVault, name)
|
|
|
|
}
|
|
|
|
return strings.Contains(err.Error(), needle) || strings.Contains(err.Error(), needleWithVault)
|
|
|
|
}
|
|
|
|
|
2022-11-16 08:17:07 +00:00
|
|
|
var client opClient
|
|
|
|
|
|
|
|
type opClient interface {
|
|
|
|
Get(vault, name string) (*op.Item, error)
|
2022-12-18 18:16:46 +00:00
|
|
|
Update(item *op.Item, remote *op.Item) error
|
2023-11-28 01:42:35 +00:00
|
|
|
Create(vault string, item *op.Item) error
|
2022-11-16 08:17:07 +00:00
|
|
|
List(vault, prefix string) ([]string, error)
|
|
|
|
}
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
client = &CLI{}
|
|
|
|
}
|
|
|
|
|
|
|
|
func Use(newClient opClient) {
|
|
|
|
client = newClient
|
|
|
|
}
|
|
|
|
|
|
|
|
func Get(vault, name string) (*op.Item, error) {
|
|
|
|
return client.Get(vault, name)
|
|
|
|
}
|
|
|
|
|
|
|
|
func Update(vault, name string, item *op.Item) error {
|
2022-12-18 18:16:46 +00:00
|
|
|
remote, err := client.Get(vault, name)
|
|
|
|
if err != nil {
|
2023-11-28 01:42:35 +00:00
|
|
|
if ItemMissingError(name, err) {
|
|
|
|
return client.Create(vault, item)
|
2022-12-18 18:16:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return fmt.Errorf("could not fetch remote 1password item to compare against: %w", err)
|
|
|
|
}
|
|
|
|
|
2023-08-05 04:48:29 +00:00
|
|
|
remoteCS := Checksum(remote.Fields)
|
2023-11-26 20:57:42 +00:00
|
|
|
// we're checking the checksum we just calculated matches the stored on remote
|
|
|
|
// and that remoteCS matching the current item's stored password
|
|
|
|
// nolint:gocritic
|
2023-08-05 04:48:29 +00:00
|
|
|
if remoteCS == item.GetValue("password") && remoteCS == remote.GetValue("password") {
|
|
|
|
logrus.Debugf("remote %s\nlocal %s", remoteCS, item.GetValue("password"))
|
2023-01-15 08:19:05 +00:00
|
|
|
logrus.Warnf("item %s/%s is already up to date", item.Vault.ID, item.Title)
|
2022-12-18 18:16:46 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
logrus.Infof("Item %s/%s already exists, updating", item.Vault.ID, item.Title)
|
|
|
|
return client.Update(item, remote)
|
2022-11-16 07:38:04 +00:00
|
|
|
}
|
|
|
|
|
2022-11-16 08:17:07 +00:00
|
|
|
func List(vault, prefix string) ([]string, error) {
|
|
|
|
return client.List(vault, prefix)
|
2022-11-16 07:38:04 +00:00
|
|
|
}
|
2022-12-18 18:16:46 +00:00
|
|
|
|
|
|
|
func keyForField(field *op.ItemField) string {
|
|
|
|
name := strings.ReplaceAll(field.Label, ".", "\\.")
|
|
|
|
if field.Section != nil {
|
|
|
|
name = field.Section.ID + "." + name
|
|
|
|
}
|
|
|
|
return name
|
|
|
|
}
|