towk/magellan
1
0
Fork 0
mirror of https://github.com/davidallendj/magellan.git synced 2025-12-20 11:37:01 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions
magellan/cmd/secrets.go

273 lines
7.6 KiB
Go
Raw Blame History

package cmd
import (
"encoding/base64"
"encoding/json"
"fmt"
"os"
"strings"
"github.com/OpenCHAMI/magellan/pkg/secrets"
"github.com/rs/zerolog/log"
"github.com/spf13/cobra"
"github.com/spf13/viper"
)
var (
secretsFile string
secretsStoreFormat string
secretsStoreInputFile string
)
var secretsCmd = &cobra.Command{
Use: "secrets",
Short: "Manage credentials for BMC nodes",
Long: "Manage credentials for BMC nodes to for querying information through redfish. This requires generating a key and setting the 'MASTER_KEY' environment variable for the secrets store.\n" +
"Examples:\n\n" +
" export MASTER_KEY=$(magellan secrets generatekey)\n" +
// store specific BMC node creds for `collect` and `crawl` in default secrets store (`--file/-f`` flag not set)
" magellan secrets store $bmc_host $bmc_creds" +
// retrieve creds from secrets store
" magellan secrets retrieve $bmc_host -f nodes.json" +
// list creds from specific secrets
" magellan secrets list -f nodes.json",
Run: func(cmd *cobra.Command, args []string) {
// show command help and exit
if len(args) < 1 {
cmd.Help()
os.Exit(0)
}
},
}
var secretsGenerateKeyCmd = &cobra.Command{
Use: "generatekey",
Args: cobra.NoArgs,
Short: "Generates a new 32-byte master key (in hex).",
Run: func(cmd *cobra.Command, args []string) {
key, err := secrets.GenerateMasterKey()
if err != nil {
fmt.Printf("Error generating master key: %v\n", err)
os.Exit(1)
}
fmt.Printf("%s\n", key)
},
}
var secretsStoreCmd = &cobra.Command{
Use: "store secretID <basic(default)|json|base64>",
Args: cobra.MinimumNArgs(1),
Short: "Stores the given string value under secretID.",
Run: func(cmd *cobra.Command, args []string) {
var (
secretID string = args[0]
secretValue string
store secrets.SecretStore
inputFileBytes []byte
err error
)
// require either the args or input file
if len(args) < 1 && secretsStoreInputFile == "" {
log.Error().Msg("no input data or file")
os.Exit(1)
} else if len(args) > 1 && secretsStoreInputFile == "" {
// use args[1] here because args[0] is the secretID
secretValue = args[1]
}
// handle input file format
switch secretsStoreFormat {
case "basic": // format: $username:$password
var (
values []string
username string
password string
)
// seperate username and password provided
values = strings.Split(secretValue, ":")
if len(values) != 2 {
log.Error().Msgf("expected 2 arguments in [username:password] format but got %d", len(values))
os.Exit(1)
}
// open secret store to save credentials
store, err = secrets.OpenStore(secretsFile)
if err != nil {
log.Error().Err(err).Msg("failed to open secrets store")
os.Exit(1)
}
// extract username/password from input (for clarity)
username = values[0]
password = values[1]
// create JSON formatted string from input
secretValue = fmt.Sprintf("{\"username\": \"%s\", \"password\": \"%s\"}", username, password)
case "base64": // format: ($encoded_base64_string)
decoded, err := base64.StdEncoding.DecodeString(secretValue)
if err != nil {
log.Error().Err(err).Msg("error decoding base64 data")
os.Exit(1)
}
// check the decoded string if it's a valid JSON and has creds
if !isValidCredsJSON(string(decoded)) {
log.Error().Err(err).Msg("value is not a valid JSON or is missing credentials")
os.Exit(1)
}
store, err = secrets.OpenStore(secretsFile)
if err != nil {
log.Error().Err(err).Msg("failed to open secrets store")
os.Exit(1)
}
secretValue = string(decoded)
case "json": // format: {"username": $username, "password": $password}
// read input from file if set and override
if secretsStoreInputFile != "" {
if secretValue != "" {
log.Error().Msg("cannot use -i/--input-file with positional argument")
os.Exit(1)
}
inputFileBytes, err = os.ReadFile(secretsStoreInputFile)
if err != nil {
log.Error().Err(err).Msg("failed to read input file")
os.Exit(1)
}
secretValue = string(inputFileBytes)
}
// make sure we have valid JSON with "username" and "password" properties
if !isValidCredsJSON(string(secretValue)) {
log.Error().Err(err).Msg("not a valid JSON or creds")
os.Exit(1)
}
store, err = secrets.OpenStore(secretsFile)
if err != nil {
fmt.Println(err)
os.Exit(1)
}
default:
log.Error().Msg("no input format set")
os.Exit(1)
}
if err := store.StoreSecretByID(secretID, secretValue); err != nil {
fmt.Printf("Error storing secret: %v\n", err)
os.Exit(1)
}
},
}
func isValidCredsJSON(val string) bool {
var (
valid bool = !json.Valid([]byte(val))
creds map[string]string
err error
)
err = json.Unmarshal([]byte(val), &creds)
if err != nil {
return false
}
_, valid = creds["username"]
_, valid = creds["password"]
return valid
}
var secretsRetrieveCmd = &cobra.Command{
Use: "retrieve secretID",
Args: cobra.MinimumNArgs(1),
Run: func(cmd *cobra.Command, args []string) {
var (
secretID = args[0]
secretValue string
store secrets.SecretStore
err error
)
store, err = secrets.OpenStore(secretsFile)
if err != nil {
fmt.Println(err)
os.Exit(1)
}
secretValue, err = store.GetSecretByID(secretID)
if err != nil {
fmt.Printf("Error retrieving secret: %v\n", err)
os.Exit(1)
}
fmt.Printf("Secret for %s: %s\n", secretID, secretValue)
},
}
var secretsListCmd = &cobra.Command{
Use: "list",
Args: cobra.ExactArgs(0),
Short: "Lists all the secret IDs and their values.",
Run: func(cmd *cobra.Command, args []string) {
store, err := secrets.OpenStore(secretsFile)
if err != nil {
fmt.Println(err)
os.Exit(1)
}
secrets, err := store.ListSecrets()
if err != nil {
fmt.Printf("Error listing secrets: %v\n", err)
os.Exit(1)
}
for key := range secrets {
fmt.Printf("%s\n", key)
}
},
}
var secretsRemoveCmd = &cobra.Command{
Use: "remove secretIDs...",
Args: cobra.MinimumNArgs(1),
Short: "Remove secrets by IDs from secret store.",
Run: func(cmd *cobra.Command, args []string) {
for _, secretID := range args {
// open secret store from file
store, err := secrets.OpenStore(secretsFile)
if err != nil {
fmt.Println(err)
os.Exit(1)
}
// remove secret from store by it's ID
err = store.RemoveSecretByID(secretID)
if err != nil {
fmt.Println("failed to remove secret: ", err)
os.Exit(1)
}
// update store by saving to original file
secrets.SaveSecrets(secretsFile, store.(*secrets.LocalSecretStore).Secrets)
}
},
}
func init() {
secretsCmd.Flags().StringVarP(&secretsFile, "file", "f", "nodes.json", "set the secrets file with BMC credentials")
secretsStoreCmd.Flags().StringVarP(&secretsStoreFormat, "format", "F", "basic", "set the input format for the secrets file (basic|json|base64)")
secretsStoreCmd.Flags().StringVarP(&secretsStoreInputFile, "input-file", "i", "", "set the file to read as input")
secretsCmd.AddCommand(secretsGenerateKeyCmd)
secretsCmd.AddCommand(secretsStoreCmd)
secretsCmd.AddCommand(secretsRetrieveCmd)
secretsCmd.AddCommand(secretsListCmd)
secretsCmd.AddCommand(secretsRemoveCmd)
rootCmd.AddCommand(secretsCmd)
checkBindFlagError(viper.BindPFlags(secretsCmd.Flags()))
checkBindFlagError(viper.BindPFlags(secretsGenerateKeyCmd.Flags()))
checkBindFlagError(viper.BindPFlags(secretsStoreCmd.Flags()))
checkBindFlagError(viper.BindPFlags(secretsGenerateKeyCmd.Flags()))
checkBindFlagError(viper.BindPFlags(secretsGenerateKeyCmd.Flags()))
checkBindFlagError(viper.BindPFlags(secretsGenerateKeyCmd.Flags()))
}
Reference in a new issue View git blame Copy permalink