towk/magellan
1
0
Fork 0
mirror of https://github.com/davidallendj/magellan.git synced 2025-12-20 11:37:01 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: updated secrets cmd implementation

Browse source
This commit is contained in:
David Allen 2025-03-17 18:34:08 -06:00
parent 23bd31a1aa
commit 5b79031afa
Signed by: towk
GPG key ID: 793B2924A49B3A3F
2 changed files with 97 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

1
cmd/root.go
View file

@ -38,7 +38,6 @@ var (
cacertPath string cacertPath string
username string username string
password string password string
secretsFile string
cachePath string cachePath string
outputPath string outputPath string
configPath string configPath string

142
cmd/secrets.go
View file

@ -2,14 +2,22 @@ package cmd
import ( import (
"encoding/base64" "encoding/base64"
"encoding/json"
"fmt" "fmt"
"os" "os"
"github.com/OpenCHAMI/magellan/pkg/secrets" "github.com/OpenCHAMI/magellan/pkg/secrets"
"github.com/rs/zerolog/log"
"github.com/spf13/cobra" "github.com/spf13/cobra"
"github.com/spf13/viper" "github.com/spf13/viper"
) )
var (
secretsFile string
secretsStoreFormat string
secretsStoreInputFile string
)
var secretsCmd = &cobra.Command{ var secretsCmd = &cobra.Command{
Use: "secrets", Use: "secrets",
Short: "Manage credentials for BMC nodes", Short: "Manage credentials for BMC nodes",
@ -33,6 +41,7 @@ var secretsCmd = &cobra.Command{
var secretsGenerateKeyCmd = &cobra.Command{ var secretsGenerateKeyCmd = &cobra.Command{
Use: "generatekey", Use: "generatekey",
Args: cobra.NoArgs,
Short: "Generates a new 32-byte master key (in hex).", Short: "Generates a new 32-byte master key (in hex).",
Run: func(cmd *cobra.Command, args []string) { Run: func(cmd *cobra.Command, args []string) {
key, err := secrets.GenerateMasterKey() key, err := secrets.GenerateMasterKey()
@ -45,20 +54,75 @@ var secretsGenerateKeyCmd = &cobra.Command{
} }
var secretsStoreCmd = &cobra.Command{ var secretsStoreCmd = &cobra.Command{
Use: "store secretID secretValue", Use: "store secretID <json(default)|base64>",
Args: cobra.ExactArgs(2), Args: cobra.MinimumNArgs(1),
Short: "Stores the given string value under secretID.", Short: "Stores the given string value under secretID.",
Run: func(cmd *cobra.Command, args []string) { Run: func(cmd *cobra.Command, args []string) {
var ( var (
secretID = args[0] secretID string = args[0]
secretValue = args[1] secretValue string
store secrets.SecretStore
inputFileBytes []byte
err error
) )
store, err := secrets.OpenStore(secretsFile) // require either the args or input file
if len(args) < 1 && secretsStoreInputFile == "" {
log.Error().Msg("no input data or file")
os.Exit(1)
} else if len(args) > 1 && secretsStoreInputFile == "" {
secretValue = args[1]
}
switch secretsStoreFormat {
case "base64":
decoded, err := base64.StdEncoding.DecodeString(secretValue)
if err != nil {
fmt.Printf("Error decoding base64 data: %v\n", err)
os.Exit(1)
}
// check the decoded string if it's a valid JSON and has creds
if !isValidCredsJSON(string(decoded)) {
log.Error().Msg("value is not a valid JSON or is missing credentials")
os.Exit(1)
}
store, err = secrets.OpenStore(secretsFile)
if err != nil { if err != nil {
fmt.Println(err) fmt.Println(err)
os.Exit(1) os.Exit(1)
} }
secretValue = string(decoded)
case "json":
// read input from file if set and override
if secretsStoreInputFile != "" {
if secretValue != "" {
log.Error().Msg("cannot use -i/--input-file with positional argument")
os.Exit(1)
}
inputFileBytes, err = os.ReadFile(secretsStoreInputFile)
if err != nil {
log.Error().Err(err).Msg("failed to read input file")
os.Exit(1)
}
secretValue = string(inputFileBytes)
}
// make sure we have valid JSON with "username" and "password" properties
if !isValidCredsJSON(string(secretValue)) {
log.Error().Err(err).Msg("not a valid JSON or creds")
os.Exit(1)
}
store, err = secrets.OpenStore(secretsFile)
if err != nil {
fmt.Println(err)
os.Exit(1)
}
default:
log.Error().Msg("no input format set")
os.Exit(1)
}
if err := store.StoreSecretByID(secretID, secretValue); err != nil { if err := store.StoreSecretByID(secretID, secretValue); err != nil {
fmt.Printf("Error storing secret: %v\n", err) fmt.Printf("Error storing secret: %v\n", err)
@ -68,58 +132,39 @@ var secretsStoreCmd = &cobra.Command{
}, },
} }
var secretsStoreBase64Cmd = &cobra.Command{ func isValidCredsJSON(val string) bool {
Use: "storebase64 base64String", var (
Args: cobra.ExactArgs(1), valid bool = !json.Valid([]byte(val))
Short: "Decodes the base64-encoded string before storing.", creds map[string]string
Run: func(cmd *cobra.Command, args []string) { err error
if len(os.Args) < 4 { )
fmt.Println("Not enough arguments. Usage: go run main.go storebase64 <secretID> <base64String> [filename]") err = json.Unmarshal([]byte(val), &creds)
os.Exit(1)
}
secretID := os.Args[2]
base64Value := os.Args[3]
filename := "mysecrets.json"
if len(os.Args) == 5 {
filename = os.Args[4]
}
decoded, err := base64.StdEncoding.DecodeString(base64Value)
if err != nil { if err != nil {
fmt.Printf("Error decoding base64 data: %v\n", err) return false
os.Exit(1)
} }
_, valid = creds["username"]
store, err := secrets.OpenStore(filename) _, valid = creds["password"]
if err != nil { return valid
fmt.Println(err)
os.Exit(1)
}
if err := store.StoreSecretByID(secretID, string(decoded)); err != nil {
fmt.Printf("Error storing base64-decoded secret: %v\n", err)
os.Exit(1)
}
fmt.Println("Base64-decoded secret stored successfully.")
},
} }
var secretsRetrieveCmd = &cobra.Command{ var secretsRetrieveCmd = &cobra.Command{
Use: "retrieve secretID", Use: "retrieve secretID",
Args: cobra.MinimumNArgs(1),
Run: func(cmd *cobra.Command, args []string) { Run: func(cmd *cobra.Command, args []string) {
if len(os.Args) < 3 { var (
fmt.Println("Not enough arguments. Usage: go run main.go retrieve <secretID> [filename]") secretID = args[0]
os.Exit(1) secretValue string
} store secrets.SecretStore
secretID := os.Args[2] err error
)
store, err := secrets.OpenStore(secretsFile) store, err = secrets.OpenStore(secretsFile)
if err != nil { if err != nil {
fmt.Println(err) fmt.Println(err)
os.Exit(1) os.Exit(1)
} }
secretValue, err := store.GetSecretByID(secretID) secretValue, err = store.GetSecretByID(secretID)
if err != nil { if err != nil {
fmt.Printf("Error retrieving secret: %v\n", err) fmt.Printf("Error retrieving secret: %v\n", err)
os.Exit(1) os.Exit(1)
@ -130,13 +175,9 @@ var secretsRetrieveCmd = &cobra.Command{
var secretsListCmd = &cobra.Command{ var secretsListCmd = &cobra.Command{
Use: "list", Use: "list",
Args: cobra.MinimumNArgs(1),
Short: "Lists all the secret IDs and their values.", Short: "Lists all the secret IDs and their values.",
Run: func(cmd *cobra.Command, args []string) { Run: func(cmd *cobra.Command, args []string) {
if len(args) < 2 {
fmt.Println("Not enough arguments. Usage: go run main.go list [filename]")
os.Exit(1)
}
store, err := secrets.OpenStore(secretsFile) store, err := secrets.OpenStore(secretsFile)
if err != nil { if err != nil {
fmt.Println(err) fmt.Println(err)
@ -158,10 +199,11 @@ var secretsListCmd = &cobra.Command{
func init() { func init() {
secretsCmd.Flags().StringVarP(&secretsFile, "file", "f", "nodes.json", "") secretsCmd.Flags().StringVarP(&secretsFile, "file", "f", "nodes.json", "")
secretsStoreCmd.Flags().StringVar(&secretsStoreFormat, "format", "json", "set the input format for the secrets file (json|base64)")
secretsStoreCmd.Flags().StringVarP(&secretsStoreInputFile, "input-file", "i", "", "set the file to read as input")
secretsCmd.AddCommand(secretsGenerateKeyCmd) secretsCmd.AddCommand(secretsGenerateKeyCmd)
secretsCmd.AddCommand(secretsStoreCmd) secretsCmd.AddCommand(secretsStoreCmd)
secretsCmd.AddCommand(secretsStoreBase64Cmd)
secretsCmd.AddCommand(secretsRetrieveCmd) secretsCmd.AddCommand(secretsRetrieveCmd)
secretsCmd.AddCommand(secretsListCmd) secretsCmd.AddCommand(secretsListCmd)