github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/cmd/orbctl/writesecret.go (about)

     1  package main
     2  
     3  import (
     4  	"errors"
     5  	"io/ioutil"
     6  	"os"
     7  
     8  	"github.com/caos/orbos/mntr"
     9  
    10  	"github.com/spf13/cobra"
    11  
    12  	"github.com/caos/orbos/internal/secret/operators"
    13  	"github.com/caos/orbos/pkg/kubernetes/cli"
    14  	"github.com/caos/orbos/pkg/secret"
    15  )
    16  
    17  func WriteSecretCommand(getRv GetRootValues) *cobra.Command {
    18  
    19  	var (
    20  		value string
    21  		file  string
    22  		stdin bool
    23  		cmd   = &cobra.Command{
    24  			Use:   "writesecret [path]",
    25  			Short: "Encrypt a secret and push it to the repository",
    26  			Long:  "Encrypt a secret and push it to the repository.\nIf no path is provided, a secret can interactively be chosen from a list of all possible secrets",
    27  			Args:  cobra.MaximumNArgs(1),
    28  			Example: `orbctl writesecret --file ~/.ssh/my-orb-bootstrap
    29  orbctl writesecret --value $(cat ~/.ssh/my-orb-bootstrap)
    30  orbctl writesecret mystaticprovider.bootstrapkey.encrypted --file ~/.ssh/my-orb-bootstrap
    31  orbctl writesecret mystaticprovider.bootstrapkey_pub.encrypted --file ~/.ssh/my-orb-bootstrap.pub
    32  orbctl writesecret mygceprovider.google_application_credentials_value.encrypted --value "$(cat $GOOGLE_APPLICATION_CREDENTIALS)" `,
    33  		}
    34  	)
    35  
    36  	flags := cmd.Flags()
    37  	flags.StringVar(&value, "value", "", "Secret value to encrypt")
    38  	flags.StringVarP(&file, "file", "s", "", "File containing the value to encrypt")
    39  	flags.BoolVar(&stdin, "stdin", false, "Value to encrypt is read from standard input")
    40  
    41  	cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
    42  
    43  		path := ""
    44  		if len(args) > 0 {
    45  			path = args[0]
    46  		}
    47  
    48  		rv := getRv("writesecret", "", map[string]interface{}{"path": path, "value": value != "", "file": file, "stdin": stdin})
    49  		defer rv.ErrFunc(err)
    50  
    51  		s, err := content(value, file, stdin)
    52  		if err != nil {
    53  			return err
    54  		}
    55  
    56  		defer rv.ErrFunc(err)
    57  
    58  		k8sClient, err := cli.Init(monitor, rv.OrbConfig, rv.GitClient, rv.Kubeconfig, rv.Gitops, rv.Gitops, rv.Gitops)
    59  		if err != nil && (!rv.Gitops || !errors.Is(err, cli.ErrNotInitialized)) {
    60  			return err
    61  		}
    62  
    63  		return secret.Write(
    64  			monitor,
    65  			k8sClient,
    66  			path,
    67  			s,
    68  			"orbctl",
    69  			version,
    70  			operators.GetAllSecretsFunc(monitor, true, rv.Gitops, rv.GitClient, k8sClient, rv.OrbConfig),
    71  			operators.PushFunc(monitor, rv.Gitops, rv.GitClient, k8sClient))
    72  	}
    73  	return cmd
    74  }
    75  
    76  func content(value string, file string, stdin bool) (val string, err error) {
    77  
    78  	defer func() {
    79  		if err != nil {
    80  			err = mntr.ToUserError(err)
    81  		}
    82  	}()
    83  
    84  	channels := 0
    85  	if value != "" {
    86  		channels++
    87  	}
    88  	if file != "" {
    89  		channels++
    90  	}
    91  	if stdin {
    92  		channels++
    93  	}
    94  
    95  	if channels != 1 {
    96  		return "", errors.New("content must be provided eighter by value or by file path or by standard input")
    97  	}
    98  
    99  	if value != "" {
   100  		return value, nil
   101  	}
   102  
   103  	readFunc := func() ([]byte, error) {
   104  		return ioutil.ReadFile(file)
   105  	}
   106  	if stdin {
   107  		readFunc = func() ([]byte, error) {
   108  			return ioutil.ReadAll(os.Stdin)
   109  		}
   110  	}
   111  
   112  	c, err := readFunc()
   113  	if err != nil {
   114  		panic(err)
   115  	}
   116  	return string(c), err
   117  }