feat: add default secret to local store

2025-12-20 11:37:01 -07:00 · 2025-03-31 15:35:15 -06:00 · 2025-03-31 15:35:15 -06:00 · 38e22ff24c
commit 38e22ff24c
parent 92b05a81c7
5 changed files with 72 additions and 7 deletions
--- a/pkg/collect.go
+++ b/pkg/collect.go
@ -127,6 +127,7 @@ func CollectInventory(assets *[]RemoteAsset, params *CollectParams, localStore s
 						URI:             uri,
 						CredentialStore: localStore,
 						Insecure:        true,
+						UseDefault:      true,
 					}
 					err error
 				)
@ -138,8 +139,13 @@ func CollectInventory(assets *[]RemoteAsset, params *CollectParams, localStore s
 				if localStore != nil {
 					_, err := localStore.GetSecretByID(uri)
 					if err != nil {
-						log.Warn().Err(err).Msgf("could not retrieve secrets for %s...falling back to default provided credentials for user '%s'", uri, params.Username)
-						config.CredentialStore = fallbackStore
+						log.Warn().Err(err).Msgf("could not retrieve secrets for '%s'...falling back to credentials provided with flags -u/-p for user '%s'", uri, params.Username)
+						if params.Username != "" && params.Password != "" {
+							config.CredentialStore = fallbackStore
+						} else if !config.UseDefault {
+							log.Warn().Msgf("no fallback credentials provided for '%s'", params.Username)
+							continue
+						}
 					}
 				} else {
 					log.Warn().Msgf("invalid store for %s...falling back to default provided credentials for user '%s'", uri, params.Username)
--- a/pkg/crawler/main.go
+++ b/pkg/crawler/main.go
@ -15,6 +15,7 @@ type CrawlerConfig struct {
 	URI             string // URI of the BMC
 	Insecure        bool   // Whether to ignore SSL errors
 	CredentialStore secrets.SecretStore
+	UseDefault      bool
 }

 func (cc *CrawlerConfig) GetUserPass() (BMCUsernamePassword, error) {
@ -382,7 +383,19 @@ func loadBMCCreds(config CrawlerConfig) (BMCUsernamePassword, error) {
 		event := log.Error()
 		event.Err(err)
 		event.Msg("failed to get credentials from secret store")
-		return BMCUsernamePassword{}, err
+		// try to get default if parameter is set
+		if config.UseDefault {
+			creds, err = config.CredentialStore.GetSecretByID(secrets.DEFAULT_KEY)
+			// no default credentials
+			if err != nil {
+				event := log.Error()
+				event.Err(err)
+				event.Msg("failed to get default credentials from secret store")
+				return BMCUsernamePassword{}, err
+			}
+		} else {
+			return BMCUsernamePassword{}, err
+		}
 	}
 	var bmc_creds BMCUsernamePassword
 	err = json.Unmarshal([]byte(creds), &bmc_creds)
--- a/pkg/secrets/main.go
+++ b/pkg/secrets/main.go
@ -1,5 +1,7 @@
 package secrets

+const DEFAULT_KEY = "default"
+
 type SecretStore interface {
 	GetSecretByID(secretID string) (string, error)
 	StoreSecretByID(secretID, secret string) error