From 6589a35aa71a3084654a4bfe9644045cf596c049 Mon Sep 17 00:00:00 2001 From: Roberto Hidalgo Date: Sat, 14 Jan 2023 15:56:32 -0600 Subject: [PATCH] make builds, actually build plugin that works --- .gitignore | 1 + .milpa/commands/joao/release/build.sh | 37 +++++++++++++++++ .milpa/commands/joao/release/build.yaml | 10 +++++ .milpa/commands/joao/test/unit.sh | 2 +- README.md | 2 +- cmd/git-filters.go | 2 +- cmd/vault-plugin.go | 54 ++++++++++--------------- go.mod | 4 +- go.sum | 8 ++-- internal/vault/backend.go | 2 +- pkg/config/config.go | 1 - 11 files changed, 79 insertions(+), 44 deletions(-) create mode 100644 .milpa/commands/joao/release/build.sh create mode 100644 .milpa/commands/joao/release/build.yaml diff --git a/.gitignore b/.gitignore index 0163820..d7b7f0a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ coverage.* +dist/* diff --git a/.milpa/commands/joao/release/build.sh b/.milpa/commands/joao/release/build.sh new file mode 100644 index 0000000..e6a32f1 --- /dev/null +++ b/.milpa/commands/joao/release/build.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash + +platforms=( + linux/amd64 + linux/arm64 + linux/arm + linux/mips + darwin/arm64 + darwin/amd64 +) +root=$(dirname "$MILPA_COMMAND_REPO") +cd "$root" || @milpa.fail "could not cd into $MILPA_REPO_ROOT" + +@milpa.log info "Starting build for version $MILPA_ARG_VERSION" + +for platform in "${platforms[@]}"; do + @milpa.log info "building for $platform" + os="${platform%%/*}" + arch="${platform##*/}" + base="dist/$os-$arch" + mkdir -p "$base" || @milpa.fail "Could not create dist dir" + GOOS="$os" GOARCH="$arch" go build -ldflags "-s -w -X git.rob.mx/nidito/joao/pkg/version.Version=$MILPA_ARG_VERSION" -trimpath -o "$base/joao" + @milpa.log success "built for $platform" + + package="$root/dist/joao-$os-$arch.tgz" + @milpa.log info "archiving to $package" + (cd "$base" && tar -czf "$MILPA_REPO_ROOT$package" joao) || @milpa.fail "Could not archive $package" + rm -rf "$base" + @milpa.log success "archived $package" +done + +@milpa.log info "uploading to cdn" +rclone sync --s3-acl=public-read \ + "$root/dist/" \ + "cdn:cdn.rob.mx/tools/joao/$MILPA_ARG_VERSION/" || @milpa.fail "could not upload to CDN" +@milpa.log complete "release for $MILPA_ARG_VERSION available at CDN" +rm -rf dist diff --git a/.milpa/commands/joao/release/build.yaml b/.milpa/commands/joao/release/build.yaml new file mode 100644 index 0000000..aa90725 --- /dev/null +++ b/.milpa/commands/joao/release/build.yaml @@ -0,0 +1,10 @@ +summary: Packages and joao for release +description: | + Creates a folder, by default `dist` with `joao-$os-$arch.tgz`, the packaged joao executable, for all supported platforms. +arguments: + - name: version + description: The semver number to build + required: true + values: + script: git tag -l + suggest-only: true diff --git a/.milpa/commands/joao/test/unit.sh b/.milpa/commands/joao/test/unit.sh index f0e144d..813de1e 100644 --- a/.milpa/commands/joao/test/unit.sh +++ b/.milpa/commands/joao/test/unit.sh @@ -2,7 +2,7 @@ # SPDX-License-Identifier: Apache-2.0 # Copyright © 2021 Roberto Hidalgo -cd "$MILPA_REPO_ROOT" || @milpa.fail "could not cd into $MILPA_REPO_ROOT" +cd "$(dirname "$MILPA_COMMAND_REPO")" || @milpa.fail "could not cd into $MILPA_REPO_ROOT" @milpa.log info "Running unit tests" args=() after_run=complete diff --git a/README.md b/README.md index c6faa33..cb55d0c 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ joao diff [--cache] PATH joao git-filter # show information on the vault integration -joao vault server --help +joao vault-plugin --help ``` ## Why diff --git a/cmd/git-filters.go b/cmd/git-filters.go index bdb9870..d5e5c8f 100644 --- a/cmd/git-filters.go +++ b/cmd/git-filters.go @@ -70,7 +70,7 @@ git config filter.joao.smudge cat # let's enforce these filters git config filter.joao.required true -# optionally, configure a diff filter to show changes as would be commited to git +# optionally, configure a diff filter to show changes as would be committed to git # this does not modify the original file on disk git config diff.joao.textconv "joao git-filter diff" ﹅﹅﹅ diff --git a/cmd/vault-plugin.go b/cmd/vault-plugin.go index 4356f24..8edd350 100644 --- a/cmd/vault-plugin.go +++ b/cmd/vault-plugin.go @@ -3,6 +3,8 @@ package cmd import ( + "os" + "git.rob.mx/nidito/chinampa/pkg/command" "git.rob.mx/nidito/joao/internal/vault" "github.com/hashicorp/vault/api" @@ -10,11 +12,11 @@ import ( ) var Plugin = &command.Command{ - Path: []string{"vault", "server"}, + Path: []string{"vault-plugin"}, Summary: "Starts a vault-joao-plugin server", - Description: `Runs ﹅joao﹅ as a vault plugin. + Description: `﹅joao﹅ can run as a plugin to Hashicorp Vault, and make whole configuration entries available—secrets and all—through the Vault API. -You'll need to install ﹅joao﹅ in the machine running ﹅vault﹅ to ﹅plugin_directory﹅ as specified by vault's config. The installed ﹅joao﹅ executable needs to be executable for the user running vault only. +To install, download ﹅joao﹅ to the machine running ﹅vault﹅ at the ﹅plugin_directory﹅, as specified by vault's config. The installed ﹅joao﹅ executable needs to be executable for the user running vault only. ### Configuration ﹅﹅﹅sh @@ -24,14 +26,14 @@ export PLUGIN_SHA="$(openssl dgst -sha256 -hex "$VAULT_PLUGIN_DIR/joao" | awk '{ export VERSION="$($VAULT_PLUGIN_DIR/joao --version)" # register -vault plugin register -sha256="$PLUGIN_SHA" -command=joao -args="vault,server" -version="$VERSION" secret joao +vault plugin register -sha256="$PLUGIN_SHA" -command=joao -args="vault-plugin" -version="$VERSION" secret joao # configure, add ﹅vault﹅ to set a default vault for querying vault write config/1password "host=$OP_CONNECT_HOST" "token=$OP_CONNECT_TOKEN" # vault=my-default-vault -if !vault plugin list secret | grep -c -m1 '^joao ' >/dev/null; then +if !(vault plugin list secret | grep -c -m1 '^joao ' >/dev/null); then # first time, let's enable the secrets backend - vault secrets enable --path=config joao + vault secrets enable -path=config joao else # updating from a previous version vault secrets tune -plugin-version="$VERSION" config/ @@ -57,39 +59,25 @@ See: - https://developer.hashicorp.com/vault/docs/plugins `, Options: command.Options{ - "ca-cert": { - Type: command.ValueTypeString, - Description: "See https://pkg.go.dev/github.com/hashicorp/vault/api#TLSConfig", + "sigh0": { + ShortName: "c", + Default: "", }, - "ca-path": { - Type: command.ValueTypeString, - Description: "See https://pkg.go.dev/github.com/hashicorp/vault/api#TLSConfig", - }, - "client-cert": { - Type: command.ValueTypeString, - Description: "See https://pkg.go.dev/github.com/hashicorp/vault/api#TLSConfig", - }, - "client-key": { - Type: command.ValueTypeString, - Description: "See https://pkg.go.dev/github.com/hashicorp/vault/api#TLSConfig", - }, - "tls-skip-verify": { - Type: command.ValueTypeBoolean, - Description: "See https://pkg.go.dev/github.com/hashicorp/vault/api#TLSConfig", - Default: false, + "sigh1": { + ShortName: "t", + Default: "", }, }, Action: func(cmd *command.Command) error { + apiClientMeta := &api.PluginAPIClientMeta{} + flags := apiClientMeta.FlagSet() + flags.Parse(os.Args[2:]) + + tlsConfig := apiClientMeta.GetTLSConfig() + tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig) return plugin.ServeMultiplex(&plugin.ServeOpts{ BackendFactoryFunc: vault.Factory, - TLSProviderFunc: api.VaultPluginTLSProvider(&api.TLSConfig{ - CACert: cmd.Options["ca-cert"].ToString(), - CAPath: cmd.Options["ca-path"].ToString(), - ClientCert: cmd.Options["client-cert"].ToString(), - ClientKey: cmd.Options["client-key"].ToString(), - TLSServerName: "", - Insecure: cmd.Options["tls-skip-verify"].ToValue().(bool), - }), + TLSProviderFunc: tlsProviderFunc, }) }, } diff --git a/go.mod b/go.mod index fd291cd..c603726 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/alessio/shellescape v1.4.1 github.com/hashicorp/go-hclog v1.4.0 github.com/hashicorp/vault/api v1.8.2 - github.com/hashicorp/vault/sdk v0.6.2 + github.com/hashicorp/vault/sdk v0.7.0 github.com/jellydator/ttlcache/v3 v3.0.1 github.com/sirupsen/logrus v1.9.0 github.com/spf13/cobra v1.6.1 @@ -86,7 +86,7 @@ require ( golang.org/x/term v0.4.0 // indirect golang.org/x/text v0.6.0 // indirect golang.org/x/time v0.3.0 // indirect - google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f // indirect + google.golang.org/genproto v0.0.0-20230113154510-dbe35b8444a5 // indirect google.golang.org/grpc v1.52.0 // indirect google.golang.org/protobuf v1.28.1 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect diff --git a/go.sum b/go.sum index cd574d4..d101811 100644 --- a/go.sum +++ b/go.sum @@ -134,8 +134,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/vault/api v1.8.2 h1:C7OL9YtOtwQbTKI9ogB0A1wffRbCN+rH/LLCHO3d8HM= github.com/hashicorp/vault/api v1.8.2/go.mod h1:ML8aYzBIhY5m1MD1B2Q0JV89cC85YVH4t5kBaZiyVaE= -github.com/hashicorp/vault/sdk v0.6.2 h1:LtWXUM+WheM5T8pOO/6nOTiFwnE+4y3bPztFf15Oz24= -github.com/hashicorp/vault/sdk v0.6.2/go.mod h1:KyfArJkhooyba7gYCKSq8v66QdqJmnbAxtV/OX1+JTs= +github.com/hashicorp/vault/sdk v0.7.0 h1:2pQRO40R1etpKkia5fb4kjrdYMx3BHklPxl1pxpxDHg= +github.com/hashicorp/vault/sdk v0.7.0/go.mod h1:KyfArJkhooyba7gYCKSq8v66QdqJmnbAxtV/OX1+JTs= github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE= github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= @@ -356,8 +356,8 @@ gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJ gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0= gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc= -google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f h1:BWUVssLB0HVOSY78gIdvk1dTVYtT1y8SBWtPYuTJ/6w= -google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230113154510-dbe35b8444a5 h1:wJT65XLOzhpSPCdAmmKfz94SlmnQzDzjm3Cj9k3fsXY= +google.golang.org/genproto v0.0.0-20230113154510-dbe35b8444a5/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk= google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= diff --git a/internal/vault/backend.go b/internal/vault/backend.go index e46fc39..5108547 100644 --- a/internal/vault/backend.go +++ b/internal/vault/backend.go @@ -66,7 +66,7 @@ func Backend() *backend { } b.Backend = &framework.Backend{ - BackendType: logical.TypeCredential, + BackendType: logical.TypeLogical, Help: "joao reads configuration entries from 1Password Connect", PathsSpecial: &logical.Paths{ SealWrapStorage: []string{ diff --git a/pkg/config/config.go b/pkg/config/config.go index 3e96627..01df03d 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -197,7 +197,6 @@ func (cfg *Config) DiffRemote(path string, stdout io.Writer, stderr io.Writer) e if diff.ProcessState.ExitCode() == 1 { return nil } - } return fmt.Errorf("diff could not run: %w", err) }