add redact command
uniformize extension completion abstract config.AsFile(path)
This commit is contained in:
parent
6589a35aa7
commit
c94f1cda76
@ -1,4 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
# Copyright © 2022 Roberto Hidalgo <joao@un.rob.mx>
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
platforms=(
|
||||
linux/amd64
|
||||
|
@ -19,7 +19,7 @@ var Diff = &command.Command{
|
||||
Required: false,
|
||||
Variadic: true,
|
||||
Values: &command.ValueSource{
|
||||
Files: &[]string{"joao.yaml"},
|
||||
Files: &fileExtensions,
|
||||
},
|
||||
},
|
||||
},
|
||||
|
18
cmd/fetch.go
18
cmd/fetch.go
@ -3,10 +3,6 @@
|
||||
package cmd
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io/fs"
|
||||
"os"
|
||||
|
||||
"git.rob.mx/nidito/chinampa/pkg/command"
|
||||
"git.rob.mx/nidito/joao/pkg/config"
|
||||
"github.com/sirupsen/logrus"
|
||||
@ -23,7 +19,7 @@ var Fetch = &command.Command{
|
||||
Required: false,
|
||||
Variadic: true,
|
||||
Values: &command.ValueSource{
|
||||
Files: &[]string{"joao.yaml"},
|
||||
Files: &fileExtensions,
|
||||
},
|
||||
},
|
||||
},
|
||||
@ -49,22 +45,16 @@ var Fetch = &command.Command{
|
||||
return err
|
||||
}
|
||||
|
||||
if dryRun := cmd.Options["dry-run"].ToValue().(bool); dryRun {
|
||||
b, err := local.AsYAML()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if dryRun := cmd.Options["dry-run"].ToValue().(bool); dryRun {
|
||||
logrus.Warnf("dry-run: would write to %s", path)
|
||||
_, _ = cmd.Cobra.OutOrStdout().Write(b)
|
||||
} else {
|
||||
var mode fs.FileMode = 0644
|
||||
if info, err := os.Stat(path); err == nil {
|
||||
mode = info.Mode().Perm()
|
||||
}
|
||||
|
||||
if err := os.WriteFile(path, b, mode); err != nil {
|
||||
return fmt.Errorf("could not save changes to %s: %w", path, err)
|
||||
if err := local.AsFile(path); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
|
12
cmd/flush.go
12
cmd/flush.go
@ -22,7 +22,7 @@ var Flush = &command.Command{
|
||||
Required: false,
|
||||
Variadic: true,
|
||||
Values: &command.ValueSource{
|
||||
Files: &[]string{"yaml"},
|
||||
Files: &fileExtensions,
|
||||
},
|
||||
},
|
||||
},
|
||||
@ -31,6 +31,10 @@ var Flush = &command.Command{
|
||||
Description: "Don't persist to 1Password",
|
||||
Type: "bool",
|
||||
},
|
||||
"redact": {
|
||||
Description: "Redact local file after flushing",
|
||||
Type: "bool",
|
||||
},
|
||||
},
|
||||
Action: func(cmd *command.Command) error {
|
||||
paths := cmd.Arguments[0].ToValue().([]string)
|
||||
@ -48,6 +52,12 @@ var Flush = &command.Command{
|
||||
if err := opclient.Update(cfg.Vault, cfg.Name, cfg.ToOP()); err != nil {
|
||||
return fmt.Errorf("could not flush to 1password: %w", err)
|
||||
}
|
||||
|
||||
if cmd.Options["redact"].ToValue().(bool) {
|
||||
if err := cfg.AsFile(path); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
logrus.Info("Done")
|
||||
|
@ -31,7 +31,7 @@ looks at the filesystem or remotely, using 1password (over the CLI if available,
|
||||
Description: "The configuration to get from",
|
||||
Required: true,
|
||||
Values: &command.ValueSource{
|
||||
Files: &[]string{"yaml", "yml"},
|
||||
Files: &fileExtensions,
|
||||
},
|
||||
},
|
||||
{
|
||||
|
@ -111,7 +111,7 @@ var FilterDiff = &command.Command{
|
||||
Description: "The git staged path to read from",
|
||||
Required: true,
|
||||
Values: &command.ValueSource{
|
||||
Files: &[]string{"yaml", "yml"},
|
||||
Files: &fileExtensions,
|
||||
},
|
||||
},
|
||||
},
|
||||
@ -131,7 +131,7 @@ Use ﹅--flush﹅ to save changes to 1password before redacting file.`,
|
||||
Description: "The git staged path to read from",
|
||||
Required: true,
|
||||
Values: &command.ValueSource{
|
||||
Files: &[]string{"yaml", "yml"},
|
||||
Files: &fileExtensions,
|
||||
},
|
||||
},
|
||||
},
|
||||
|
43
cmd/redact.go
Normal file
43
cmd/redact.go
Normal file
@ -0,0 +1,43 @@
|
||||
// Copyright © 2022 Roberto Hidalgo <joao@un.rob.mx>
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
package cmd
|
||||
|
||||
import (
|
||||
"git.rob.mx/nidito/chinampa/pkg/command"
|
||||
"git.rob.mx/nidito/joao/pkg/config"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
var Redact = &command.Command{
|
||||
Path: []string{"redact"},
|
||||
Summary: "removes secrets from configuration",
|
||||
Description: `Removes secret values (not the keys) from existing items for every ﹅CONFIG﹅ file provided.`,
|
||||
Arguments: command.Arguments{
|
||||
{
|
||||
Name: "config",
|
||||
Description: "The configuration file(s) to redact",
|
||||
Required: false,
|
||||
Variadic: true,
|
||||
Values: &command.ValueSource{
|
||||
Files: &fileExtensions,
|
||||
},
|
||||
},
|
||||
},
|
||||
Action: func(cmd *command.Command) error {
|
||||
paths := cmd.Arguments[0].ToValue().([]string)
|
||||
|
||||
for _, path := range paths {
|
||||
cfg, err := config.Load(path, false)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := cfg.AsFile(path); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
logrus.Info("Done")
|
||||
return nil
|
||||
},
|
||||
}
|
15
cmd/set.go
15
cmd/set.go
@ -4,7 +4,6 @@ package cmd
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io/fs"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"strings"
|
||||
@ -29,7 +28,7 @@ Will read values from stdin (or ﹅--from﹅ a file) and store it at the ﹅PATH
|
||||
Description: "The configuration file to modify",
|
||||
Required: true,
|
||||
Values: &command.ValueSource{
|
||||
Files: &[]string{"yaml"},
|
||||
Files: &fileExtensions,
|
||||
},
|
||||
},
|
||||
{
|
||||
@ -119,20 +118,10 @@ Will read values from stdin (or ﹅--from﹅ a file) and store it at the ﹅PATH
|
||||
}
|
||||
}
|
||||
|
||||
b, err := cfg.AsYAML()
|
||||
if err != nil {
|
||||
if err := cfg.AsFile(path); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var mode fs.FileMode = 0644
|
||||
if info, err := os.Stat(path); err == nil {
|
||||
mode = info.Mode().Perm()
|
||||
}
|
||||
|
||||
if err := os.WriteFile(path, b, mode); err != nil {
|
||||
return fmt.Errorf("could not save changes to %s: %w", path, err)
|
||||
}
|
||||
|
||||
if flush {
|
||||
if err := opclient.Update(cfg.Vault, cfg.Name, cfg.ToOP()); err != nil {
|
||||
return fmt.Errorf("could not flush to 1password: %w", err)
|
||||
|
5
cmd/util.go
Normal file
5
cmd/util.go
Normal file
@ -0,0 +1,5 @@
|
||||
// Copyright © 2022 Roberto Hidalgo <joao@un.rob.mx>
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
package cmd
|
||||
|
||||
var fileExtensions = []string{"joao.yaml", "yaml", "yml"}
|
@ -9,6 +9,7 @@ import (
|
||||
"git.rob.mx/nidito/joao/internal/vault"
|
||||
"github.com/hashicorp/vault/api"
|
||||
"github.com/hashicorp/vault/sdk/plugin"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
var Plugin = &command.Command{
|
||||
@ -71,7 +72,10 @@ See:
|
||||
Action: func(cmd *command.Command) error {
|
||||
apiClientMeta := &api.PluginAPIClientMeta{}
|
||||
flags := apiClientMeta.FlagSet()
|
||||
flags.Parse(os.Args[2:])
|
||||
err := flags.Parse(os.Args[2:])
|
||||
if err != nil {
|
||||
logrus.Warnf("Could not parse flags: %s", err)
|
||||
}
|
||||
|
||||
tlsConfig := apiClientMeta.GetTLSConfig()
|
||||
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
|
||||
|
4
go.mod
4
go.mod
@ -5,7 +5,7 @@ go 1.18
|
||||
// replace git.rob.mx/nidito/chinampa => /Users/roberto/src/chinampa
|
||||
|
||||
require (
|
||||
git.rob.mx/nidito/chinampa v0.0.0-20230111054043-db21a53b2d20
|
||||
git.rob.mx/nidito/chinampa v0.0.0-20230114231059-a14ffd07b963
|
||||
github.com/1Password/connect-sdk-go v1.5.0
|
||||
github.com/alessio/shellescape v1.4.1
|
||||
github.com/hashicorp/go-hclog v1.4.0
|
||||
@ -26,7 +26,7 @@ require (
|
||||
github.com/aymerick/douceur v0.2.0 // indirect
|
||||
github.com/cenkalti/backoff/v3 v3.2.2 // indirect
|
||||
github.com/charmbracelet/glamour v0.6.0 // indirect
|
||||
github.com/dlclark/regexp2 v1.7.0 // indirect
|
||||
github.com/dlclark/regexp2 v1.8.0 // indirect
|
||||
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
|
||||
github.com/fatih/color v1.13.0 // indirect
|
||||
github.com/go-playground/locales v0.14.1 // indirect
|
||||
|
4
go.sum
4
go.sum
@ -1,6 +1,8 @@
|
||||
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
|
||||
git.rob.mx/nidito/chinampa v0.0.0-20230111054043-db21a53b2d20 h1:hHzbCNAFx9wdi3NyliugN6dTEX8dGsuup6wk2+8TmnI=
|
||||
git.rob.mx/nidito/chinampa v0.0.0-20230111054043-db21a53b2d20/go.mod h1:obhWsLkUIlKJyhfa7uunrSs2O44JBqsegSAtAvY2LRM=
|
||||
git.rob.mx/nidito/chinampa v0.0.0-20230114231059-a14ffd07b963 h1:PRpd8b8qRkrQB8kSlF2jD1NxRC0Vau78qg1zMC3EJgs=
|
||||
git.rob.mx/nidito/chinampa v0.0.0-20230114231059-a14ffd07b963/go.mod h1:obhWsLkUIlKJyhfa7uunrSs2O44JBqsegSAtAvY2LRM=
|
||||
github.com/1Password/connect-sdk-go v1.5.0 h1:F0WJcLSzGg3iXEDY49/ULdszYKsQLGTzn+2cyYXqiyk=
|
||||
github.com/1Password/connect-sdk-go v1.5.0/go.mod h1:TdynFeyvaRoackENbJ8RfJokH+WAowAu1MLmUbdMq6s=
|
||||
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
|
||||
@ -45,6 +47,8 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
|
||||
github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
|
||||
github.com/dlclark/regexp2 v1.7.0 h1:7lJfhqlPssTb1WQx4yvTHN0uElPEv52sbaECrAQxjAo=
|
||||
github.com/dlclark/regexp2 v1.7.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
|
||||
github.com/dlclark/regexp2 v1.8.0 h1:rJD5HeGIT/2b5CDk63FVCwZA3qgYElfg+oQK7uH5pfE=
|
||||
github.com/dlclark/regexp2 v1.8.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
|
||||
github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
|
||||
github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
|
||||
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
|
||||
|
1
main.go
1
main.go
@ -30,6 +30,7 @@ func main() {
|
||||
cmd.Diff,
|
||||
cmd.Fetch,
|
||||
cmd.Flush,
|
||||
cmd.Redact,
|
||||
cmd.Plugin,
|
||||
)
|
||||
chinampa.Register(cmd.GitFilters...)
|
||||
|
@ -6,6 +6,8 @@ import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/fs"
|
||||
"os"
|
||||
|
||||
op "github.com/1Password/connect-sdk-go/onepassword"
|
||||
"github.com/sirupsen/logrus"
|
||||
@ -140,3 +142,21 @@ func (cfg *Config) AsJSON(redacted bool, item bool) ([]byte, error) {
|
||||
}
|
||||
return bytes, nil
|
||||
}
|
||||
|
||||
func (cfg *Config) AsFile(path string) error {
|
||||
b, err := cfg.AsYAML()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var mode fs.FileMode = 0644
|
||||
if info, err := os.Stat(path); err == nil {
|
||||
mode = info.Mode().Perm()
|
||||
}
|
||||
|
||||
if err := os.WriteFile(path, b, mode); err != nil {
|
||||
return fmt.Errorf("could not save config to file %s: %w", path, err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user