From 09092545507c681b250918a9edd86f48fae96797 Mon Sep 17 00:00:00 2001
From: Devon Bautista <devonb@lanl.gov>
Date: Wed, 16 Apr 2025 16:31:23 -0600
Subject: [PATCH] feat: add secret store support to update command

---
 cmd/update.go | 56 +++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 48 insertions(+), 8 deletions(-)

diff --git a/cmd/update.go b/cmd/update.go
index 42461d5..f07a0bb 100644
--- a/cmd/update.go
+++ b/cmd/update.go
@@ -5,6 +5,8 @@ import (
 	"strings"
 
 	magellan "github.com/OpenCHAMI/magellan/pkg"
+	"github.com/OpenCHAMI/magellan/pkg/bmc"
+	"github.com/OpenCHAMI/magellan/pkg/secrets"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -41,6 +43,46 @@ var updateCmd = &cobra.Command{
 			os.Exit(1)
 		}
 
+		// use secret store for BMC credentials, and/or credential CLI flags
+		var (
+			store secrets.SecretStore
+			uri   = args[0]
+			err   error
+		)
+		if username != "" && password != "" {
+			// First, try and load credentials from --username and --password if both are set.
+			log.Debug().Str("id", uri).Msgf("--username and --password specified, using them for BMC credentials")
+			store = secrets.NewStaticStore(username, password)
+		} else {
+			// Alternatively, locate specific credentials (falling back to default) and override those
+			// with --username or --password if either are passed.
+			log.Debug().Str("id", uri).Msgf("one or both of --username and --password NOT passed, attempting to obtain missing credentials from secret store at %s", secretsFile)
+			if store, err = secrets.OpenStore(secretsFile); err != nil {
+				log.Error().Str("id", uri).Err(err).Msg("failed to open local secrets store")
+			}
+
+			// Either none of the flags were passed or only one of them were; get
+			// credentials from secrets store to fill in the gaps.
+			bmcCreds, _ := bmc.GetBMCCredentials(store, uri)
+			nodeCreds := secrets.StaticStore{
+				Username: bmcCreds.Username,
+				Password: bmcCreds.Password,
+			}
+
+			// If either of the flags were passed, override the fetched
+			// credentials with them.
+			if username != "" {
+				log.Info().Str("id", uri).Msg("--username was set, overriding username for this BMC")
+				nodeCreds.Username = username
+			}
+			if password != "" {
+				log.Info().Str("id", uri).Msg("--password was set, overriding password for this BMC")
+				nodeCreds.Password = password
+			}
+
+			store = &nodeCreds
+		}
+
 		// get status if flag is set and exit
 		for _, arg := range args {
 			if showStatus {
@@ -49,10 +91,9 @@ var updateCmd = &cobra.Command{
 					TransferProtocol: transferProtocol,
 					Insecure:         Insecure,
 					CollectParams: magellan.CollectParams{
-						URI:      arg,
-						Username: username,
-						Password: password,
-						Timeout:  timeout,
+						URI:         arg,
+						SecretStore: store,
+						Timeout:     timeout,
 					},
 				})
 				if err != nil {
@@ -67,10 +108,9 @@ var updateCmd = &cobra.Command{
 				TransferProtocol: strings.ToUpper(transferProtocol),
 				Insecure:         Insecure,
 				CollectParams: magellan.CollectParams{
-					URI:      arg,
-					Username: username,
-					Password: password,
-					Timeout:  timeout,
+					URI:         arg,
+					SecretStore: store,
+					Timeout:     timeout,
 				},
 			})
 			if err != nil {