forked from toolshed/abra
@ -19,6 +19,8 @@ func PassInsertSecret(secretValue, secretName, appName, server string) error {
|
||||
secretValue, server, appName, secretName,
|
||||
)
|
||||
|
||||
logrus.Debugf("attempting to run '%s'", cmd)
|
||||
|
||||
if err := exec.Command("bash", "-c", cmd).Run(); err != nil {
|
||||
return err
|
||||
}
|
||||
@ -39,6 +41,8 @@ func PassRmSecret(secretName, appName, server string) error {
|
||||
server, appName, secretName,
|
||||
)
|
||||
|
||||
logrus.Debugf("attempting to run '%s'", cmd)
|
||||
|
||||
if err := exec.Command("bash", "-c", cmd).Run(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@ -12,6 +12,7 @@ import (
|
||||
"coopcloud.tech/abra/pkg/client"
|
||||
"coopcloud.tech/abra/pkg/config"
|
||||
"github.com/schultz-is/passgen"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
// secretValue represents a parsed `SECRET_FOO=v1 # length=bar` env var config
|
||||
@ -33,6 +34,8 @@ func GeneratePasswords(count, length uint) ([]string, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
logrus.Debugf("generated '%s'", strings.Join(passwords, ", "))
|
||||
|
||||
return passwords, nil
|
||||
}
|
||||
|
||||
@ -50,17 +53,24 @@ func GeneratePassphrases(count uint) ([]string, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
logrus.Debugf("generated '%s'", strings.Join(passphrases, ", "))
|
||||
|
||||
return passphrases, nil
|
||||
}
|
||||
|
||||
// ReadSecretEnvVars reads secret env vars from an app env var config.
|
||||
func ReadSecretEnvVars(appEnv config.AppEnv) map[string]string {
|
||||
secretEnvVars := make(map[string]string)
|
||||
|
||||
for envVar := range appEnv {
|
||||
regex := regexp.MustCompile(`^SECRET.*VERSION.*`)
|
||||
if string(regex.Find([]byte(envVar))) != "" {
|
||||
secretEnvVars[envVar] = appEnv[envVar]
|
||||
}
|
||||
}
|
||||
|
||||
logrus.Debugf("read '%s' as secrets from '%s'", secretEnvVars, appEnv)
|
||||
|
||||
return secretEnvVars
|
||||
}
|
||||
|
||||
@ -68,7 +78,9 @@ func ReadSecretEnvVars(appEnv config.AppEnv) map[string]string {
|
||||
func ParseSecretEnvVarName(secretEnvVar string) string {
|
||||
withoutPrefix := strings.TrimPrefix(secretEnvVar, "SECRET_")
|
||||
withoutSuffix := strings.TrimSuffix(withoutPrefix, "_VERSION")
|
||||
return strings.ToLower(withoutSuffix)
|
||||
name := strings.ToLower(withoutSuffix)
|
||||
logrus.Debugf("parsed '%s' as name from '%s'", name, secretEnvVar)
|
||||
return name
|
||||
}
|
||||
|
||||
// TODO: should probably go in the config/app package?
|
||||
@ -76,7 +88,9 @@ func ParseGeneratedSecretName(secret string, appEnv config.App) string {
|
||||
name := fmt.Sprintf("%s_", appEnv.StackName())
|
||||
withoutAppName := strings.TrimPrefix(secret, name)
|
||||
idx := strings.LastIndex(withoutAppName, "_")
|
||||
return withoutAppName[:idx]
|
||||
parsed := withoutAppName[:idx]
|
||||
logrus.Debugf("parsed '%s' as name from '%s'", parsed, secret)
|
||||
return parsed
|
||||
}
|
||||
|
||||
// TODO: should probably go in the config/app package?
|
||||
@ -85,19 +99,23 @@ func ParseSecretEnvVarValue(secret string) (secretValue, error) {
|
||||
if len(values) == 0 {
|
||||
return secretValue{}, fmt.Errorf("unable to parse '%s'", secret)
|
||||
}
|
||||
|
||||
if len(values) == 1 {
|
||||
return secretValue{Version: values[0], Length: 0}, nil
|
||||
} else {
|
||||
split := strings.Split(values[1], "=")
|
||||
parsed := split[len(split)-1]
|
||||
stripped := strings.ReplaceAll(parsed, " ", "")
|
||||
length, err := strconv.Atoi(stripped)
|
||||
if err != nil {
|
||||
return secretValue{}, err
|
||||
}
|
||||
version := strings.ReplaceAll(values[0], " ", "")
|
||||
return secretValue{Version: version, Length: length}, nil
|
||||
}
|
||||
|
||||
split := strings.Split(values[1], "=")
|
||||
parsed := split[len(split)-1]
|
||||
stripped := strings.ReplaceAll(parsed, " ", "")
|
||||
length, err := strconv.Atoi(stripped)
|
||||
if err != nil {
|
||||
return secretValue{}, err
|
||||
}
|
||||
version := strings.ReplaceAll(values[0], " ", "")
|
||||
|
||||
logrus.Debugf("parsed version '%s' and length '%s' from '%s'", version, length, secret)
|
||||
|
||||
return secretValue{Version: version, Length: length}, nil
|
||||
}
|
||||
|
||||
// GenerateSecrets generates secrets locally and sends them to a remote server for storage.
|
||||
@ -114,6 +132,7 @@ func GenerateSecrets(secretEnvVars map[string]string, appName, server string) (m
|
||||
return
|
||||
}
|
||||
secretRemoteName := fmt.Sprintf("%s_%s_%s", appName, secretName, secretValue.Version)
|
||||
logrus.Debugf("attempting to generate and store '%s' on '%s'", secretRemoteName, server)
|
||||
if secretValue.Length > 0 {
|
||||
passwords, err := GeneratePasswords(1, uint(secretValue.Length))
|
||||
if err != nil {
|
||||
@ -147,5 +166,7 @@ func GenerateSecrets(secretEnvVars map[string]string, appName, server string) (m
|
||||
}
|
||||
}
|
||||
|
||||
logrus.Debugf("generated and stored '%s' on '%s'", secrets, server)
|
||||
|
||||
return secrets, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user