From 2ae3a5ef9e6ee387f6a28c5a7f50041f0e838d65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Hedenstr=C3=B6m?= <erik@hedenstroem.com> Date: Mon, 2 Oct 2023 16:42:23 +0000 Subject: [PATCH] refactor: Refactor command logic, and improve error handling - Modify `delete` command to require exactly 2 arguments - Simplify error-handling logic in retrieving secrets from vault in `password` command - Update `upload.go` to use `os.ReadFile` instead of `ioutil.ReadFile` - Fix error in `download` command's argument checking and change return type to `os.WriteFile` - Rename command line argument `value` to `[value]` in `write` command --- README.md | 47 ++++++++++++++++++++++++----------------------- cmd/delete.go | 8 ++------ cmd/download.go | 12 ++++-------- cmd/password.go | 8 ++------ cmd/read.go | 7 ++----- cmd/upload.go | 11 ++++------- cmd/write.go | 13 ++++--------- vault/http.go | 4 ++-- 8 files changed, 44 insertions(+), 66 deletions(-) diff --git a/README.md b/README.md index 99e6333..59ccfca 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,7 @@ VAULT_TOKEN=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX ``` ## Usage + ```bash > vaultenv help ``` @@ -43,31 +44,31 @@ The following example sets up a policy with read-only access to secrets/env, and > vault write /auth/token/roles/lts allowed_policies="secret-ro" period="87600h" > vault token-create -role lts -Key Value ---- ----- -token 15958ab2-0e1a-3264-ff47-6963ed45aa68 -token_accessor 815f1db5-2fd0-2471-e233-faf6fc9718c9 -token_duration 87600h0m0s -token_renewable true -token_policies [default secret-ro] +Key Value +--- ----- +token 15958ab2-0e1a-3264-ff47-6963ed45aa68 +token_accessor 815f1db5-2fd0-2471-e233-faf6fc9718c9 +token_duration 87600h0m0s +token_renewable true +token_policies [default secret-ro] > export VAULT_TOKEN=15958ab2-0e1a-3264-ff47-6963ed45aa68 > vault read auth/token/lookup-self -Key Value ---- ----- -accessor 815f1db5-2fd0-2471-e233-faf6fc9718c9 -creation_time 1478099538 -creation_ttl 315360000 -display_name token -explicit_max_ttl 0 -id 15958ab2-0e1a-3264-ff47-6963ed45aa68 -meta <nil> -num_uses 0 -orphan false -path auth/token/create/lts -policies [default secret-ro] -renewable true -role lts -ttl 315359676 +Key Value +--- ----- +accessor 815f1db5-2fd0-2471-e233-faf6fc9718c9 +creation_time 1478099538 +creation_ttl 315360000 +display_name token +explicit_max_ttl 0 +id 15958ab2-0e1a-3264-ff47-6963ed45aa68 +meta <nil> +num_uses 0 +orphan false +path auth/token/create/lts +policies [default secret-ro] +renewable true +role lts +ttl 315359676 ``` diff --git a/cmd/delete.go b/cmd/delete.go index d312bd3..caed71a 100644 --- a/cmd/delete.go +++ b/cmd/delete.go @@ -1,21 +1,17 @@ package cmd import ( - "errors" - "gitlab.hedenstroem.com/go/vaultenv/vault" "github.com/spf13/cobra" ) var deleteCmd = &cobra.Command{ - Use: "delete [flags] path key value", + Use: "delete <path> <key>", Short: "delete Short", Long: `delete Long`, + Args: cobra.ExactArgs(2), RunE: func(cmd *cobra.Command, args []string) (err error) { - if len(args) != 2 { - return errors.New("Expected 2 arguments") - } data, err := vault.GetSecret(args[0]) if data != nil { delete(data, args[1]) diff --git a/cmd/download.go b/cmd/download.go index 9cd6812..6b5b7e1 100644 --- a/cmd/download.go +++ b/cmd/download.go @@ -2,29 +2,25 @@ package cmd import ( "encoding/base64" - "errors" + "os" "gitlab.hedenstroem.com/go/vaultenv/vault" - "io/ioutil" - "github.com/spf13/cobra" ) var downloadCmd = &cobra.Command{ - Use: "download [flags] path file", + Use: "download <path> <file>", Short: "download Short", Long: `download Long`, + Args: cobra.ExactArgs(2), RunE: func(cmd *cobra.Command, args []string) (err error) { - if len(args) != 2 { - return errors.New("Expected 2 arguments; path and file.") - } data, err := vault.GetSecret(args[0]) if data != nil { enc := data["file"] b, err := base64.StdEncoding.DecodeString(enc.(string)) if err == nil { - err = ioutil.WriteFile(args[1], b, 0600) + return os.WriteFile(args[1], b, 0600) } } return diff --git a/cmd/password.go b/cmd/password.go index ad5ef4e..74c390c 100644 --- a/cmd/password.go +++ b/cmd/password.go @@ -3,7 +3,6 @@ package cmd import ( "crypto/rand" "encoding/base64" - "errors" "fmt" "github.com/spf13/cobra" @@ -11,15 +10,12 @@ import ( ) var passwordCmd = &cobra.Command{ - Use: "password [flags] path", + Use: "password <path>", Short: "password Retrieve a password stored in vault.", Long: `password Retrieve a password stored in vault. Creates a new password if none exists`, + Args: cobra.ExactArgs(1), RunE: func(cmd *cobra.Command, args []string) error { - if len(args) < 1 { - return errors.New("Expected at least 1 argument") - } - data, err := vault.GetSecret(args[0]) if err != nil { if vault_err, ok := err.(*vault.Error); ok { diff --git a/cmd/read.go b/cmd/read.go index 654b377..7e661ba 100644 --- a/cmd/read.go +++ b/cmd/read.go @@ -2,7 +2,6 @@ package cmd import ( "encoding/json" - "errors" "fmt" "gitlab.hedenstroem.com/go/vaultenv/vault" @@ -20,13 +19,11 @@ var shellFormat bool // vaultenv.exe read -s powershell ... | Invoke-Expression // vaultenv.exe read -s cmd ..., then copy and paste into shell var readCmd = &cobra.Command{ - Use: "read [flags] path", + Use: "read <path>", Short: "read Short", Long: `read Long`, + Args: cobra.ExactArgs(1), RunE: func(cmd *cobra.Command, args []string) (err error) { - if len(args) < 1 { - return errors.New("Expected 1 argument") - } data, err := vault.GetSecret(args[len(args)-1]) if data != nil { if shellFormat { diff --git a/cmd/upload.go b/cmd/upload.go index 92dc406..7e63467 100644 --- a/cmd/upload.go +++ b/cmd/upload.go @@ -2,22 +2,19 @@ package cmd import ( "encoding/base64" - "errors" - "io/ioutil" + "os" "github.com/spf13/cobra" "gitlab.hedenstroem.com/go/vaultenv/vault" ) var uploadCmd = &cobra.Command{ - Use: "upload [flags] path file", + Use: "upload <path> <file>", Short: "upload Short", Long: `upload Long`, + Args: cobra.ExactArgs(2), RunE: func(cmd *cobra.Command, args []string) (err error) { - if len(args) != 2 { - return errors.New("Expected 2 arguments; path and file.") - } - b, err := ioutil.ReadFile(args[1]) + b, err := os.ReadFile(args[1]) if b != nil { data := make(map[string]interface{}) data["file"] = base64.StdEncoding.EncodeToString(b) diff --git a/cmd/write.go b/cmd/write.go index d06d43a..6f5a3f9 100644 --- a/cmd/write.go +++ b/cmd/write.go @@ -1,24 +1,19 @@ package cmd import ( - "errors" - "io/ioutil" - "os" + "io" "github.com/spf13/cobra" "gitlab.hedenstroem.com/go/vaultenv/vault" ) var writeCmd = &cobra.Command{ - Use: "write [flags] path key value", + Use: "write <path> <key> [value]", Short: "write Short", Long: `write Long`, + Args: cobra.MinimumNArgs(2), RunE: func(cmd *cobra.Command, args []string) (err error) { - if len(args) < 2 { - return errors.New("Expected at least 2 arguments") - } - data, err := vault.GetSecret(args[0]) if vault_err, ok := err.(*vault.Error); ok { @@ -30,7 +25,7 @@ var writeCmd = &cobra.Command{ if len(args) == 2 { var b []byte - b, err = ioutil.ReadAll(os.Stdin) + b, err = io.ReadAll(cmd.InOrStdin()) if err != nil { return } diff --git a/vault/http.go b/vault/http.go index ab1deba..d3d76db 100644 --- a/vault/http.go +++ b/vault/http.go @@ -4,9 +4,9 @@ import ( "bytes" "encoding/json" "fmt" + "io" "net/http" - "io/ioutil" "strconv" "github.com/spf13/viper" @@ -92,7 +92,7 @@ func PostSecret(path string, data map[string]interface{}) (err error) { if res.StatusCode != http.StatusNoContent { defer res.Body.Close() - body, io_err := ioutil.ReadAll(res.Body) + body, io_err := io.ReadAll(res.Body) if io_err != nil { return } -- GitLab