make builds, actually build plugin that works

.gitignore

@@ -1 +1,2 @@
 coverage.*
+dist/*

.milpa/commands/joao/release/build.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+platforms=(
+  linux/amd64
+  linux/arm64
+  linux/arm
+  linux/mips
+  darwin/arm64
+  darwin/amd64
+)
+root=$(dirname "$MILPA_COMMAND_REPO")
+cd "$root" || @milpa.fail "could not cd into $MILPA_REPO_ROOT"
+
+@milpa.log info "Starting build for version $MILPA_ARG_VERSION"
+
+for platform in "${platforms[@]}"; do
+  @milpa.log info "building for $platform"
+  os="${platform%%/*}"
+  arch="${platform##*/}"
+  base="dist/$os-$arch"
+  mkdir -p "$base" || @milpa.fail "Could not create dist dir"
+  GOOS="$os" GOARCH="$arch" go build -ldflags "-s -w -X git.rob.mx/nidito/joao/pkg/version.Version=$MILPA_ARG_VERSION" -trimpath -o "$base/joao"
+  @milpa.log success "built for $platform"
+
+  package="$root/dist/joao-$os-$arch.tgz"
+  @milpa.log info "archiving to $package"
+  (cd "$base" && tar -czf "$MILPA_REPO_ROOT$package" joao) || @milpa.fail "Could not archive $package"
+  rm -rf "$base"
+  @milpa.log success "archived $package"
+done
+
+@milpa.log info "uploading to cdn"
+rclone sync --s3-acl=public-read \
+  "$root/dist/" \
+  "cdn:cdn.rob.mx/tools/joao/$MILPA_ARG_VERSION/" || @milpa.fail "could not upload to CDN"
+@milpa.log complete "release for $MILPA_ARG_VERSION available at CDN"
+rm -rf dist

.milpa/commands/joao/release/build.yaml

@@ -0,0 +1,10 @@
+summary: Packages and joao for release
+description: |
+  Creates a folder, by default `dist` with `joao-$os-$arch.tgz`, the packaged joao executable, for all supported platforms.
+arguments:
+  - name: version
+    description: The semver number to build
+    required: true
+    values:
+      script: git tag -l
+      suggest-only: true

.milpa/commands/joao/test/unit.sh

@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: Apache-2.0
 # Copyright © 2021 Roberto Hidalgo <joao@un.rob.mx>
 
-cd "$MILPA_REPO_ROOT" || @milpa.fail "could not cd into $MILPA_REPO_ROOT"
+cd "$(dirname "$MILPA_COMMAND_REPO")" || @milpa.fail "could not cd into $MILPA_REPO_ROOT"
 @milpa.log info "Running unit tests"
 args=()
 after_run=complete

README.md

@@ -29,7 +29,7 @@ joao diff [--cache] PATH
 joao git-filter
 
 # show information on the vault integration
-joao vault server --help
+joao vault-plugin --help
 ```
 
 ## Why

cmd/git-filters.go

@@ -70,7 +70,7 @@ git config filter.joao.smudge cat
 # let's enforce these filters
 git config filter.joao.required true
 
-# optionally, configure a diff filter to show changes as would be commited to git
+# optionally, configure a diff filter to show changes as would be committed to git
 # this does not modify the original file on disk
 git config diff.joao.textconv "joao git-filter diff"
 ﹅﹅﹅

cmd/vault-plugin.go

@@ -3,6 +3,8 @@
 package cmd
 
 import (
+	"os"
+
 	"git.rob.mx/nidito/chinampa/pkg/command"
 	"git.rob.mx/nidito/joao/internal/vault"
 	"github.com/hashicorp/vault/api"
@@ -10,11 +12,11 @@ import (
 )
 
 var Plugin = &command.Command{
-	Path:    []string{"vault", "server"},
+	Path:    []string{"vault-plugin"},
 	Summary: "Starts a vault-joao-plugin server",
-	Description: `Runs ﹅joao﹅ as a vault plugin.
+	Description: `﹅joao﹅ can run as a plugin to Hashicorp Vault, and make whole configuration entries available—secrets and all—through the Vault API.
 
-You'll need to install ﹅joao﹅ in the machine running ﹅vault﹅ to ﹅plugin_directory﹅ as specified by vault's config. The installed ﹅joao﹅ executable needs to be executable for the user running vault only.
+To install, download ﹅joao﹅ to the machine running ﹅vault﹅ at the ﹅plugin_directory﹅, as specified by vault's config. The installed ﹅joao﹅ executable needs to be executable for the user running vault only.
 
 ### Configuration
 ﹅﹅﹅sh
@@ -24,14 +26,14 @@ export PLUGIN_SHA="$(openssl dgst -sha256 -hex "$VAULT_PLUGIN_DIR/joao" | awk '{
 export VERSION="$($VAULT_PLUGIN_DIR/joao --version)"
 
 # register
-vault plugin register -sha256="$PLUGIN_SHA" -command=joao -args="vault,server" -version="$VERSION" secret joao
+vault plugin register -sha256="$PLUGIN_SHA" -command=joao -args="vault-plugin" -version="$VERSION" secret joao
 
 # configure, add ﹅vault﹅ to set a default vault for querying
 vault write config/1password "host=$OP_CONNECT_HOST" "token=$OP_CONNECT_TOKEN" # vault=my-default-vault
 
-if !vault plugin list secret | grep -c -m1 '^joao ' >/dev/null; then
+if !(vault plugin list secret | grep -c -m1 '^joao ' >/dev/null); then
   # first time, let's enable the secrets backend
-  vault secrets enable --path=config joao
+  vault secrets enable -path=config joao
 else
   # updating from a previous version
   vault secrets tune -plugin-version="$VERSION" config/
@@ -57,39 +59,25 @@ See:
   - https://developer.hashicorp.com/vault/docs/plugins
 `,
 	Options: command.Options{
-		"ca-cert": {
-			Type:        command.ValueTypeString,
-			Description: "See https://pkg.go.dev/github.com/hashicorp/vault/api#TLSConfig",
+		"sigh0": {
+			ShortName: "c",
+			Default:   "",
 		},
-		"ca-path": {
-			Type:        command.ValueTypeString,
-			Description: "See https://pkg.go.dev/github.com/hashicorp/vault/api#TLSConfig",
-		},
-		"client-cert": {
-			Type:        command.ValueTypeString,
-			Description: "See https://pkg.go.dev/github.com/hashicorp/vault/api#TLSConfig",
-		},
-		"client-key": {
-			Type:        command.ValueTypeString,
-			Description: "See https://pkg.go.dev/github.com/hashicorp/vault/api#TLSConfig",
-		},
-		"tls-skip-verify": {
-			Type:        command.ValueTypeBoolean,
-			Description: "See https://pkg.go.dev/github.com/hashicorp/vault/api#TLSConfig",
-			Default:     false,
+		"sigh1": {
+			ShortName: "t",
+			Default:   "",
 		},
 	},
 	Action: func(cmd *command.Command) error {
+		apiClientMeta := &api.PluginAPIClientMeta{}
+		flags := apiClientMeta.FlagSet()
+		flags.Parse(os.Args[2:])
+
+		tlsConfig := apiClientMeta.GetTLSConfig()
+		tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
 		return plugin.ServeMultiplex(&plugin.ServeOpts{
 			BackendFactoryFunc: vault.Factory,
-			TLSProviderFunc: api.VaultPluginTLSProvider(&api.TLSConfig{
-				CACert:        cmd.Options["ca-cert"].ToString(),
-				CAPath:        cmd.Options["ca-path"].ToString(),
-				ClientCert:    cmd.Options["client-cert"].ToString(),
-				ClientKey:     cmd.Options["client-key"].ToString(),
-				TLSServerName: "",
-				Insecure:      cmd.Options["tls-skip-verify"].ToValue().(bool),
-			}),
+			TLSProviderFunc:    tlsProviderFunc,
 		})
 	},
 }

go.mod

@@ -10,7 +10,7 @@ require (
 	github.com/alessio/shellescape v1.4.1
 	github.com/hashicorp/go-hclog v1.4.0
 	github.com/hashicorp/vault/api v1.8.2
-	github.com/hashicorp/vault/sdk v0.6.2
+	github.com/hashicorp/vault/sdk v0.7.0
 	github.com/jellydator/ttlcache/v3 v3.0.1
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.6.1
@@ -86,7 +86,7 @@ require (
 	golang.org/x/term v0.4.0 // indirect
 	golang.org/x/text v0.6.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f // indirect
+	google.golang.org/genproto v0.0.0-20230113154510-dbe35b8444a5 // indirect
 	google.golang.org/grpc v1.52.0 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect

go.sum

@@ -134,8 +134,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/vault/api v1.8.2 h1:C7OL9YtOtwQbTKI9ogB0A1wffRbCN+rH/LLCHO3d8HM=
 github.com/hashicorp/vault/api v1.8.2/go.mod h1:ML8aYzBIhY5m1MD1B2Q0JV89cC85YVH4t5kBaZiyVaE=
-github.com/hashicorp/vault/sdk v0.6.2 h1:LtWXUM+WheM5T8pOO/6nOTiFwnE+4y3bPztFf15Oz24=
-github.com/hashicorp/vault/sdk v0.6.2/go.mod h1:KyfArJkhooyba7gYCKSq8v66QdqJmnbAxtV/OX1+JTs=
+github.com/hashicorp/vault/sdk v0.7.0 h1:2pQRO40R1etpKkia5fb4kjrdYMx3BHklPxl1pxpxDHg=
+github.com/hashicorp/vault/sdk v0.7.0/go.mod h1:KyfArJkhooyba7gYCKSq8v66QdqJmnbAxtV/OX1+JTs=
 github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=
 github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
 github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
@@ -356,8 +356,8 @@ gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJ
 gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0=
 gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
 gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc=
-google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f h1:BWUVssLB0HVOSY78gIdvk1dTVYtT1y8SBWtPYuTJ/6w=
-google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
+google.golang.org/genproto v0.0.0-20230113154510-dbe35b8444a5 h1:wJT65XLOzhpSPCdAmmKfz94SlmnQzDzjm3Cj9k3fsXY=
+google.golang.org/genproto v0.0.0-20230113154510-dbe35b8444a5/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
 google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk=
 google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=

internal/vault/backend.go

@@ -66,7 +66,7 @@ func Backend() *backend {
 	}
 
 	b.Backend = &framework.Backend{
-		BackendType: logical.TypeCredential,
+		BackendType: logical.TypeLogical,
 		Help:        "joao reads configuration entries from 1Password Connect",
 		PathsSpecial: &logical.Paths{
 			SealWrapStorage: []string{

pkg/config/config.go

@@ -197,7 +197,6 @@ func (cfg *Config) DiffRemote(path string, stdout io.Writer, stderr io.Writer) e
 			if diff.ProcessState.ExitCode() == 1 {
 				return nil
 			}
-
 		}
 		return fmt.Errorf("diff could not run: %w", err)
 	}