mirror of
https://github.com/davidallendj/magellan.git
synced 2025-12-20 03:27:03 -07:00
fix: adjust secret store precedence in collect command
This commit is contained in:
Devon Bautista
parent
7cfca8c875
commit
1847a5ed41
2 changed files with 72 additions and 77 deletions
|
|
@ -9,7 +9,7 @@ import (
|
|||
urlx "github.com/OpenCHAMI/magellan/internal/url"
|
||||
magellan "github.com/OpenCHAMI/magellan/pkg"
|
||||
"github.com/OpenCHAMI/magellan/pkg/auth"
|
||||
"github.com/OpenCHAMI/magellan/pkg/crawler"
|
||||
"github.com/OpenCHAMI/magellan/pkg/bmc"
|
||||
"github.com/OpenCHAMI/magellan/pkg/secrets"
|
||||
"github.com/cznic/mathutil"
|
||||
"github.com/rs/zerolog/log"
|
||||
|
|
@ -61,6 +61,53 @@ var CollectCmd = &cobra.Command{
|
|||
concurrency = mathutil.Clamp(len(scannedResults), 1, 10000)
|
||||
}
|
||||
|
||||
// use secret store for BMC credentials, and/or credential CLI flags
|
||||
var store secrets.SecretStore
|
||||
if username != "" && password != "" {
|
||||
// First, try and load credentials from --username and --password if both are set.
|
||||
log.Debug().Msgf("--username and --password specified, using them for BMC credentials")
|
||||
store = secrets.NewStaticStore(username, password)
|
||||
} else {
|
||||
// Alternatively, locate specific credentials (falling back to default) and override those
|
||||
// with --username or --password if either are passed.
|
||||
log.Debug().Msgf("one or both of --username and --password NOT passed, attempting to obtain missing credentials from secret store at %s", secretsFile)
|
||||
if store, err = secrets.OpenStore(secretsFile); err != nil {
|
||||
log.Error().Err(err).Msg("failed to open local secrets store")
|
||||
}
|
||||
|
||||
// Temporarily override username/password of each BMC if one of those
|
||||
// flags is passed. The expectation is that if the flag is specified
|
||||
// on the command line, it should be used.
|
||||
switch s := store.(type) {
|
||||
case *secrets.StaticStore:
|
||||
if username != "" {
|
||||
s.Username = username
|
||||
}
|
||||
if password != "" {
|
||||
s.Password = password
|
||||
}
|
||||
case *secrets.LocalSecretStore:
|
||||
for k, _ := range s.Secrets {
|
||||
if creds, err := bmc.GetBMCCredentials(store, k); err != nil {
|
||||
log.Error().Str("id", k).Err(err).Msg("failed to get BMC credentials from secret store")
|
||||
} else {
|
||||
if username != "" {
|
||||
creds.Username = username
|
||||
}
|
||||
if password != "" {
|
||||
creds.Password = password
|
||||
}
|
||||
|
||||
if newCreds, err := json.Marshal(creds); err != nil {
|
||||
log.Error().Str("id", k).Err(err).Msg("failed to marshal updated BMC credentials")
|
||||
} else {
|
||||
s.Secrets[k] = string(newCreds)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// set the collect parameters from CLI params
|
||||
params := &magellan.CollectParams{
|
||||
URI: host,
|
||||
|
|
@ -71,9 +118,7 @@ var CollectCmd = &cobra.Command{
|
|||
OutputPath: outputPath,
|
||||
ForceUpdate: forceUpdate,
|
||||
AccessToken: accessToken,
|
||||
SecretsFile: secretsFile,
|
||||
Username: username,
|
||||
Password: password,
|
||||
SecretStore: store,
|
||||
}
|
||||
|
||||
// show all of the 'collect' parameters being set from CLI if verbose
|
||||
|
|
@ -81,41 +126,7 @@ var CollectCmd = &cobra.Command{
|
|||
log.Debug().Any("params", params)
|
||||
}
|
||||
|
||||
// load the secrets file to get node credentials by ID (i.e. the BMC node's URI)
|
||||
store, err := secrets.OpenStore(params.SecretsFile)
|
||||
if err != nil {
|
||||
log.Warn().Err(err).Msg("failed to open local store...falling back to default provided arguments")
|
||||
// try and use the `username` and `password` arguments instead
|
||||
store = secrets.NewStaticStore(username, password)
|
||||
}
|
||||
|
||||
// found the store so try to load the creds
|
||||
_, err = store.GetSecretByID(host)
|
||||
if err != nil {
|
||||
// if we have CLI flags set, then we want to override default stored creds
|
||||
if username != "" && password != "" {
|
||||
// finally, use the CLI arguments passed instead
|
||||
log.Info().Msg("...using provided arguments for credentials")
|
||||
store = secrets.NewStaticStore(username, password)
|
||||
} else {
|
||||
// try and get a default *stored* username/password
|
||||
secret, err := store.GetSecretByID(secrets.DEFAULT_KEY)
|
||||
if err != nil {
|
||||
// no default found, so use CLI arguments
|
||||
log.Warn().Err(err).Msg("failed to get default credentials...")
|
||||
} else {
|
||||
// found default values in local store so use them
|
||||
log.Info().Msg("...using default store for credentials")
|
||||
var creds crawler.BMCUsernamePassword
|
||||
err = json.Unmarshal([]byte(secret), &creds)
|
||||
if err != nil {
|
||||
log.Warn().Err(err).Msg("failed to unmarshal default store credentials")
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
_, err = magellan.CollectInventory(&scannedResults, params, store)
|
||||
_, err = magellan.CollectInventory(&scannedResults, params)
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("failed to collect data")
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue