From ce89c5abe8fa34c3705e0a6135bb3b4656299042 Mon Sep 17 00:00:00 2001 From: Ryan Curtin Date: Tue, 7 Dec 2021 17:11:39 -0500 Subject: [PATCH 1/9] Placeholder for performing decryption logic; cobra now distributed using go modules --- Gopkg.lock | 186 -------------------------------------------------- Gopkg.toml | 54 --------------- command.go | 5 ++ decryptor.go | 5 ++ gatekeeper.go | 39 +++++++++++ go.mod | 26 +++++++ go.sum | 49 +++++++++++++ 7 files changed, 124 insertions(+), 240 deletions(-) delete mode 100644 Gopkg.lock delete mode 100644 Gopkg.toml create mode 100644 decryptor.go create mode 100644 gatekeeper.go create mode 100644 go.mod create mode 100644 go.sum diff --git a/Gopkg.lock b/Gopkg.lock deleted file mode 100644 index f08eb9ff..00000000 --- a/Gopkg.lock +++ /dev/null @@ -1,186 +0,0 @@ -# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. - - -[[projects]] - digest = "1:7cb4fdca4c251b3ef8027c90ea35f70c7b661a593b9eeae34753c65499098bb1" - name = "github.com/cpuguy83/go-md2man" - packages = ["md2man"] - pruneopts = "UT" - revision = "20f5889cbdc3c73dbd2862796665e7c465ade7d1" - version = "v1.0.8" - -[[projects]] - digest = "1:abeb38ade3f32a92943e5be54f55ed6d6e3b6602761d74b4aab4c9dd45c18abd" - name = "github.com/fsnotify/fsnotify" - packages = ["."] - pruneopts = "UT" - revision = "c2828203cd70a50dcccfb2761f8b1f8ceef9a8e9" - version = "v1.4.7" - -[[projects]] - digest = "1:c0d19ab64b32ce9fe5cf4ddceba78d5bc9807f0016db6b1183599da3dcc24d10" - name = "github.com/hashicorp/hcl" - packages = [ - ".", - "hcl/ast", - "hcl/parser", - "hcl/printer", - "hcl/scanner", - "hcl/strconv", - "hcl/token", - "json/parser", - "json/scanner", - "json/token", - ] - pruneopts = "UT" - revision = "8cb6e5b959231cc1119e43259c4a608f9c51a241" - version = "v1.0.0" - -[[projects]] - digest = "1:870d441fe217b8e689d7949fef6e43efbc787e50f200cb1e70dbca9204a1d6be" - name = "github.com/inconshreveable/mousetrap" - packages = ["."] - pruneopts = "UT" - revision = "76626ae9c91c4f2a10f34cad8ce83ea42c93bb75" - version = "v1.0" - -[[projects]] - digest = "1:c568d7727aa262c32bdf8a3f7db83614f7af0ed661474b24588de635c20024c7" - name = "github.com/magiconair/properties" - packages = ["."] - pruneopts = "UT" - revision = "c2353362d570a7bfa228149c62842019201cfb71" - version = "v1.8.0" - -[[projects]] - digest = "1:5d231480e1c64a726869bc4142d270184c419749d34f167646baa21008eb0a79" - name = "github.com/mitchellh/go-homedir" - packages = ["."] - pruneopts = "UT" - revision = "af06845cf3004701891bf4fdb884bfe4920b3727" - version = "v1.1.0" - -[[projects]] - digest = "1:53bc4cd4914cd7cd52139990d5170d6dc99067ae31c56530621b18b35fc30318" - name = "github.com/mitchellh/mapstructure" - packages = ["."] - pruneopts = "UT" - revision = "3536a929edddb9a5b34bd6861dc4a9647cb459fe" - version = "v1.1.2" - -[[projects]] - digest = "1:95741de3af260a92cc5c7f3f3061e85273f5a81b5db20d4bd68da74bd521675e" - name = "github.com/pelletier/go-toml" - packages = ["."] - pruneopts = "UT" - revision = "c01d1270ff3e442a8a57cddc1c92dc1138598194" - version = "v1.2.0" - -[[projects]] - digest = "1:b36a0ede02c4c2aef7df7f91cbbb7bb88a98b5d253509d4f997dda526e50c88c" - name = "github.com/russross/blackfriday" - packages = ["."] - pruneopts = "UT" - revision = "05f3235734ad95d0016f6a23902f06461fcf567a" - version = "v1.5.2" - -[[projects]] - digest = "1:3e39bafd6c2f4bf3c76c3bfd16a2e09e016510ad5db90dc02b88e2f565d6d595" - name = "github.com/spf13/afero" - packages = [ - ".", - "mem", - ] - pruneopts = "UT" - revision = "f4711e4db9e9a1d3887343acb72b2bbfc2f686f5" - version = "v1.2.1" - -[[projects]] - digest = "1:08d65904057412fc0270fc4812a1c90c594186819243160dc779a402d4b6d0bc" - name = "github.com/spf13/cast" - packages = ["."] - pruneopts = "UT" - revision = "8c9545af88b134710ab1cd196795e7f2388358d7" - version = "v1.3.0" - -[[projects]] - digest = "1:e01b05ba901239c783dfe56450bcde607fc858908529868259c9a8765dc176d0" - name = "github.com/spf13/cobra" - packages = [ - ".", - "doc", - ] - pruneopts = "UT" - revision = "ef82de70bb3f60c65fb8eebacbb2d122ef517385" - version = "v0.0.3" - -[[projects]] - digest = "1:68ea4e23713989dc20b1bded5d9da2c5f9be14ff9885beef481848edd18c26cb" - name = "github.com/spf13/jwalterweatherman" - packages = ["."] - pruneopts = "UT" - revision = "4a4406e478ca629068e7768fc33f3f044173c0a6" - version = "v1.0.0" - -[[projects]] - digest = "1:c1b1102241e7f645bc8e0c22ae352e8f0dc6484b6cb4d132fa9f24174e0119e2" - name = "github.com/spf13/pflag" - packages = ["."] - pruneopts = "UT" - revision = "298182f68c66c05229eb03ac171abe6e309ee79a" - version = "v1.0.3" - -[[projects]] - digest = "1:de37e343c64582d7026bf8ab6ac5b22a72eac54f3a57020db31524affed9f423" - name = "github.com/spf13/viper" - packages = ["."] - pruneopts = "UT" - revision = "6d33b5a963d922d182c91e8a1c88d81fd150cfd4" - version = "v1.3.1" - -[[projects]] - branch = "master" - digest = "1:d0e9a312c4610a508569ab25e54d34600b1a96d19b1866ece104ffdf1c1b9d2c" - name = "golang.org/x/sys" - packages = ["unix"] - pruneopts = "UT" - revision = "cd391775e71e684db52b63df9affd58269495083" - -[[projects]] - digest = "1:8029e9743749d4be5bc9f7d42ea1659471767860f0cdc34d37c3111bd308a295" - name = "golang.org/x/text" - packages = [ - "internal/gen", - "internal/triegen", - "internal/ucd", - "transform", - "unicode/cldr", - "unicode/norm", - ] - pruneopts = "UT" - revision = "f21a4dfb5e38f5895301dc265a8def02365cc3d0" - version = "v0.3.0" - -[[projects]] - digest = "1:4d2e5a73dc1500038e504a8d78b986630e3626dc027bc030ba5c75da257cdb96" - name = "gopkg.in/yaml.v2" - packages = ["."] - pruneopts = "UT" - revision = "51d6538a90f86fe93ac480b35f37b2be17fef232" - version = "v2.2.2" - -[solve-meta] - analyzer-name = "dep" - analyzer-version = 1 - input-imports = [ - "github.com/cpuguy83/go-md2man/md2man", - "github.com/inconshreveable/mousetrap", - "github.com/mitchellh/go-homedir", - "github.com/spf13/cobra", - "github.com/spf13/cobra/doc", - "github.com/spf13/pflag", - "github.com/spf13/viper", - "gopkg.in/yaml.v2", - ] - solver-name = "gps-cdcl" - solver-version = 1 diff --git a/Gopkg.toml b/Gopkg.toml deleted file mode 100644 index e273f6f6..00000000 --- a/Gopkg.toml +++ /dev/null @@ -1,54 +0,0 @@ -# Gopkg.toml example -# -# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html -# for detailed Gopkg.toml documentation. -# -# required = ["github.com/user/thing/cmd/thing"] -# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"] -# -# [[constraint]] -# name = "github.com/user/project" -# version = "1.0.0" -# -# [[constraint]] -# name = "github.com/user/project2" -# branch = "dev" -# source = "github.com/myfork/project2" -# -# [[override]] -# name = "github.com/x/y" -# version = "2.4.0" -# -# [prune] -# non-go = false -# go-tests = true -# unused-packages = true - - -[[constraint]] - name = "github.com/cpuguy83/go-md2man" - version = "1.0.8" - -[[constraint]] - name = "github.com/inconshreveable/mousetrap" - version = "1.0.0" - -[[constraint]] - name = "github.com/mitchellh/go-homedir" - version = "1.1.0" - -[[constraint]] - name = "github.com/spf13/pflag" - version = "1.0.3" - -[[constraint]] - name = "github.com/spf13/viper" - version = "1.3.1" - -[[constraint]] - name = "gopkg.in/yaml.v2" - version = "2.2.2" - -[prune] - go-tests = true - unused-packages = true diff --git a/command.go b/command.go index 34d1bf36..5bed4818 100644 --- a/command.go +++ b/command.go @@ -593,6 +593,7 @@ func (c *Command) Traverse(args []string) (*Command, []string, error) { inFlag := false for i, arg := range args { + switch { // A long flag with a space separated value case strings.HasPrefix(arg, "--") && !strings.Contains(arg, "="): @@ -849,6 +850,10 @@ func (c *Command) ExecuteC() (cmd *Command, err error) { cmd.commandCalledAs.name = cmd.Name() } + // RC: Implementation of decryption - use DI to test + decryptor := Gatekeeper{} + flags, err = decryptor.DecryptFlags(flags) + err = cmd.execute(flags) if err != nil { // Always show help if requested, even if SilenceErrors is in diff --git a/decryptor.go b/decryptor.go new file mode 100644 index 00000000..386f276a --- /dev/null +++ b/decryptor.go @@ -0,0 +1,5 @@ +package cobra + +type Decryptor interface { + DecryptFlags([]string) ([]string, error) +} diff --git a/gatekeeper.go b/gatekeeper.go new file mode 100644 index 00000000..627c6200 --- /dev/null +++ b/gatekeeper.go @@ -0,0 +1,39 @@ +package cobra + +import ( + "regexp" +) + +const vaultEncryptStart = "OC_ENCRYPTED" +const vaultEncryptEnd = "DETPYRCNE_CO" + +var vaultRegex = regexp.MustCompile(vaultEncryptStart + "(.*)" + vaultEncryptEnd) + +type Gatekeeper struct{} + +func (g *Gatekeeper) DecryptFlags(flags []string) ([]string, error) { + var decryptedFlags []string + + for _, fl := range flags { + keyToDecrypt := extractSecretKey(fl) + if keyToDecrypt == "" { + continue + } else { + // TODO: Gatekeeper client should perform decryption here + // TODO: Remove recursive decryption to the Gatekeeper client + // TODO: Move macro replacement to Gatekeeper package + decryptedFlags = append(decryptedFlags, keyToDecrypt) + } + } + + return decryptedFlags, nil +} + +func extractSecretKey(macro string) string { + matches := vaultRegex.FindStringSubmatch(macro) + if len(matches) == 2 && matches[1] != "" { + secretKey := matches[1] + return secretKey + } + return "" +} diff --git a/go.mod b/go.mod new file mode 100644 index 00000000..8e8e7991 --- /dev/null +++ b/go.mod @@ -0,0 +1,26 @@ +module github.com/OneCloudInc/cobra + +go 1.15 + +require ( + github.com/BurntSushi/toml v0.4.1 // indirect + github.com/cpuguy83/go-md2man v1.0.8 + github.com/fsnotify/fsnotify v1.4.7 // indirect + github.com/hashicorp/go-retryablehttp v0.7.0 // indirect + github.com/hashicorp/hcl v1.0.0 // indirect + github.com/inconshreveable/mousetrap v1.0.0 + github.com/magiconair/properties v1.8.0 // indirect + github.com/mitchellh/go-homedir v1.1.0 + github.com/mitchellh/mapstructure v1.1.2 // indirect + github.com/pelletier/go-toml v1.2.0 // indirect + github.com/russross/blackfriday v1.5.2 // indirect + github.com/spf13/afero v1.2.1 // indirect + github.com/spf13/cast v1.3.0 // indirect + github.com/spf13/cobra v0.0.3 + github.com/spf13/jwalterweatherman v1.0.0 // indirect + github.com/spf13/pflag v1.0.3 + github.com/spf13/viper v1.3.1 + golang.org/x/sys v0.0.0-20190222171317-cd391775e71e // indirect + golang.org/x/text v0.3.0 // indirect + gopkg.in/yaml.v2 v2.2.2 +) diff --git a/go.sum b/go.sum new file mode 100644 index 00000000..6c699980 --- /dev/null +++ b/go.sum @@ -0,0 +1,49 @@ +github.com/BurntSushi/toml v0.4.1 h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw= +github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= +github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/cpuguy83/go-md2man v1.0.8 h1:DwoNytLphI8hzS2Af4D0dfaEaiSq2bN05mEm4R6vf8M= +github.com/cpuguy83/go-md2man v1.0.8/go.mod h1:N6JayAiVKtlHSnuTCeuLSQVs75hb8q+dYQLjr7cDsKY= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= +github.com/hashicorp/go-retryablehttp v0.7.0 h1:eu1EI/mbirUgP5C8hVsTNaGZreBDlYiwC1FZWkvQPQ4= +github.com/hashicorp/go-retryablehttp v0.7.0/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= +github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= +github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY= +github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= +github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc= +github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo= +github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= +github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= +github.com/spf13/afero v1.2.1 h1:qgMbHoJbPbw579P+1zVY+6n4nIFuIchaIjzZ/I/Yq8M= +github.com/spf13/afero v1.2.1/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= +github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8= +github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cobra v0.0.3 h1:ZlrZ4XsMRm04Fr5pSFxBgfND2EBVa1nLpiy1stUsX/8= +github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9Gc1vn7yk= +github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= +github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/viper v1.3.1 h1:5+8j8FTpnFV4nEImW/ofkzEt8VoOiLXxdYIDsB73T38= +github.com/spf13/viper v1.3.1/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= +github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190222171317-cd391775e71e h1:oF7qaQxUH6KzFdKN4ww7NpPdo53SZi4UlcksLrb2y/o= +golang.org/x/sys v0.0.0-20190222171317-cd391775e71e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= From 93ca442bab56627d5f00262acf555dbc52e5e3ac Mon Sep 17 00:00:00 2001 From: Ryan Curtin Date: Tue, 14 Dec 2021 16:47:22 -0500 Subject: [PATCH 2/9] Adds the ability to decrypt arguments using the reaper service --- command.go | 5 +- decryptor.go | 5 -- decryptor/decryptor.go | 31 ++++++++ decryptor/noop.go | 11 +++ decryptor/reaper.go | 171 +++++++++++++++++++++++++++++++++++++++++ gatekeeper.go | 39 ---------- go.mod | 3 +- go.sum | 2 + 8 files changed, 220 insertions(+), 47 deletions(-) delete mode 100644 decryptor.go create mode 100644 decryptor/decryptor.go create mode 100644 decryptor/noop.go create mode 100644 decryptor/reaper.go delete mode 100644 gatekeeper.go diff --git a/command.go b/command.go index 5bed4818..7d5ba929 100644 --- a/command.go +++ b/command.go @@ -24,6 +24,7 @@ import ( "sort" "strings" + "github.com/OneCloudInc/cobra/decryptor" flag "github.com/spf13/pflag" ) @@ -851,8 +852,8 @@ func (c *Command) ExecuteC() (cmd *Command, err error) { } // RC: Implementation of decryption - use DI to test - decryptor := Gatekeeper{} - flags, err = decryptor.DecryptFlags(flags) + decryptor := decryptor.NewDecryptor() + flags, err = decryptor.DecryptArguments(flags) err = cmd.execute(flags) if err != nil { diff --git a/decryptor.go b/decryptor.go deleted file mode 100644 index 386f276a..00000000 --- a/decryptor.go +++ /dev/null @@ -1,5 +0,0 @@ -package cobra - -type Decryptor interface { - DecryptFlags([]string) ([]string, error) -} diff --git a/decryptor/decryptor.go b/decryptor/decryptor.go new file mode 100644 index 00000000..47c1e020 --- /dev/null +++ b/decryptor/decryptor.go @@ -0,0 +1,31 @@ +package decryptor + +import "os" + +type Decryptor interface { + DecryptArguments([]string) ([]string, error) +} + +func NewDecryptor() Decryptor { + if IsCloudRunner() && ReaperURL() != "" && BizAppAuthToken() != "" && CommandExecutorID() != "" { + return NewReaperDecryptor(ReaperURL(), BizAppAuthToken(), CommandExecutorID()) + } + + return NewNoopDecryptor() +} + +func IsCloudRunner() bool { + return os.Getenv("OC_CLOUDRUNNER_CONFIG") != "" +} + +func ReaperURL() string { + return os.Getenv("REAPER_URL") +} + +func BizAppAuthToken() string { + return os.Getenv("BIZ_APP_AUTH_TOKEN") +} + +func CommandExecutorID() string { + return os.Getenv("OC_COMMAND_EXECUTOR_ID") +} diff --git a/decryptor/noop.go b/decryptor/noop.go new file mode 100644 index 00000000..e454206f --- /dev/null +++ b/decryptor/noop.go @@ -0,0 +1,11 @@ +package decryptor + +type NoopDecryptor struct{} + +func NewNoopDecryptor() Decryptor { + return &NoopDecryptor{} +} + +func (n *NoopDecryptor) DecryptArguments(args []string) ([]string, error) { + return args, nil +} diff --git a/decryptor/reaper.go b/decryptor/reaper.go new file mode 100644 index 00000000..68af2f4e --- /dev/null +++ b/decryptor/reaper.go @@ -0,0 +1,171 @@ +package decryptor + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "io" + "io/ioutil" + "math/rand" + "net/http" + "regexp" + "time" + + jwt "github.com/dgrijalva/jwt-go" + retryablehttp "github.com/hashicorp/go-retryablehttp" +) + +// ReaperDecryptor will call out to the reaper service to decrypt arguments +// passed into a BizApp. It will use a one-off signing key to handle authorizing +// a request to decrypt arguments associated with a particular CommandExecutor. The +// reaper will return a list of decrypted arguments, given a list of arguments in the +// body of the request +type ReaperDecryptor struct { + BaseURL string + SigningKey []byte + CommandExecutorID string +} + +// Authorization uses a signed nonce, so we really just +// want to sign a string as the token we use for authorization. In order +// for it to be signed correctly, go-jwt requires us to implement a Valid() +// method. +type tokenClaims string + +func (t tokenClaims) Valid() error { + return nil +} + +// +// {"data": {"arguments": ["--arg1=zzz", "--arg2=bbb"]}} +// +type reaperResponse struct { + Data struct { + Arguments []string `json:"arguments"` + } `json:"data"` +} + +const vaultEncryptStart = "OC_ENCRYPTED" +const vaultEncryptEnd = "DETPYRCNE_CO" +const decryptPath = "/runner/decrypt_arguments" + +var vaultRegex = regexp.MustCompile(vaultEncryptStart + "(.*)" + vaultEncryptEnd) + +var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") + +// NewReaperDecryptor returns a Decryptor implementation that will call out to +// the reaper service to decrypt any encrypted arguments. +func NewReaperDecryptor(url, signingKey, commandExecutorID string) Decryptor { + return &ReaperDecryptor{ + BaseURL: url, + SigningKey: []byte(signingKey), + CommandExecutorID: commandExecutorID, + } +} + +// DecryptArguments replaces any encrypted values with their decrypted values +// using the reaper service. +func (r *ReaperDecryptor) DecryptArguments(args []string) ([]string, error) { + // If no encrypted arguments are found, do not attempt to decrypt + shouldDecrypt := false + for _, arg := range args { + if vaultRegex.MatchString(arg) { + shouldDecrypt = true + break + } + } + + if !shouldDecrypt { + return args, nil + } + + payload := make(map[string]interface{}) + payload["commandExecutorId"] = r.CommandExecutorID + payload["arguments"] = args + payloadBytes, err := json.Marshal(payload) + if err != nil { + return args, fmt.Errorf("error creating payload to send for decryption: %s", err) + } + payloadBody := bytes.NewBuffer(payloadBytes) + + reqURL := fmt.Sprintf("%s%s", r.BaseURL, decryptPath) + retryReq, err := retryablehttp.NewRequest("POST", reqURL, payloadBody) + if err != nil { + return args, fmt.Errorf("error building request to send for decryption: %s", err) + } + + cl := defaultClientWithRetries() + addJWTHeader(retryReq, r.SigningKey) + + resp, err := cl.Do(retryReq) + if err != nil { + return args, fmt.Errorf("error response from decryption service: %s", err) + } + defer resp.Body.Close() + + if resp.StatusCode >= 400 { + io.Copy(ioutil.Discard, resp.Body) + return args, fmt.Errorf("decryption service responsed with status code %d", resp.StatusCode) + } + + var respObj reaperResponse + decoder := json.NewDecoder(resp.Body) + err = decoder.Decode(&respObj) + if err != nil { + return args, fmt.Errorf("error parsing response from decryption service: %s", err) + } + + return respObj.Data.Arguments, err +} + +func addJWTHeader(req *retryablehttp.Request, signingKey []byte) error { + nonce := generateNonce() + token := jwt.NewWithClaims(jwt.SigningMethodHS256, nonce) + + signed, err := token.SignedString(signingKey) + if err != nil { + return err + } + + req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", signed)) + + return err +} + +// random string of 32 bytes to be signed into a JWT - value is not used +func generateNonce() tokenClaims { + b := make([]rune, 32) + for i := range b { + b[i] = letterRunes[rand.Intn(len(letterRunes))] + } + + return tokenClaims(b) +} + +// Using a HTTP client that will automatically retry 5xx errors to ensure that our connection +// is resilient +func defaultClientWithRetries() *retryablehttp.Client { + retryClient := retryablehttp.NewClient() + retryClient.RetryWaitMin = 3 * time.Second + retryClient.CheckRetry = func(ctx context.Context, resp *http.Response, err error) (bool, error) { + if resp == nil { + return true, err + } + + if resp.StatusCode >= 500 || resp.StatusCode == 429 { + return true, err + } + + if err != nil || ctx.Err() != nil { + return true, err + } + return false, err + } + + retryClient.RequestLogHook = func(l retryablehttp.Logger, req *http.Request, retryCount int) { + *req = *req.Clone(context.TODO()) + } + + return retryClient +} diff --git a/gatekeeper.go b/gatekeeper.go deleted file mode 100644 index 627c6200..00000000 --- a/gatekeeper.go +++ /dev/null @@ -1,39 +0,0 @@ -package cobra - -import ( - "regexp" -) - -const vaultEncryptStart = "OC_ENCRYPTED" -const vaultEncryptEnd = "DETPYRCNE_CO" - -var vaultRegex = regexp.MustCompile(vaultEncryptStart + "(.*)" + vaultEncryptEnd) - -type Gatekeeper struct{} - -func (g *Gatekeeper) DecryptFlags(flags []string) ([]string, error) { - var decryptedFlags []string - - for _, fl := range flags { - keyToDecrypt := extractSecretKey(fl) - if keyToDecrypt == "" { - continue - } else { - // TODO: Gatekeeper client should perform decryption here - // TODO: Remove recursive decryption to the Gatekeeper client - // TODO: Move macro replacement to Gatekeeper package - decryptedFlags = append(decryptedFlags, keyToDecrypt) - } - } - - return decryptedFlags, nil -} - -func extractSecretKey(macro string) string { - matches := vaultRegex.FindStringSubmatch(macro) - if len(matches) == 2 && matches[1] != "" { - secretKey := matches[1] - return secretKey - } - return "" -} diff --git a/go.mod b/go.mod index 8e8e7991..1b7132d6 100644 --- a/go.mod +++ b/go.mod @@ -5,8 +5,9 @@ go 1.15 require ( github.com/BurntSushi/toml v0.4.1 // indirect github.com/cpuguy83/go-md2man v1.0.8 + github.com/dgrijalva/jwt-go v3.2.0+incompatible github.com/fsnotify/fsnotify v1.4.7 // indirect - github.com/hashicorp/go-retryablehttp v0.7.0 // indirect + github.com/hashicorp/go-retryablehttp v0.7.0 github.com/hashicorp/hcl v1.0.0 // indirect github.com/inconshreveable/mousetrap v1.0.0 github.com/magiconair/properties v1.8.0 // indirect diff --git a/go.sum b/go.sum index 6c699980..4af59c26 100644 --- a/go.sum +++ b/go.sum @@ -7,6 +7,8 @@ github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee github.com/cpuguy83/go-md2man v1.0.8 h1:DwoNytLphI8hzS2Af4D0dfaEaiSq2bN05mEm4R6vf8M= github.com/cpuguy83/go-md2man v1.0.8/go.mod h1:N6JayAiVKtlHSnuTCeuLSQVs75hb8q+dYQLjr7cDsKY= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgrijalva/jwt-go v1.0.2 h1:KPldsxuKGsS2FPWsNeg9ZO18aCrGKujPoWXn2yo+KQM= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= From f927bb8b1f92ed01b0d35305dd35770658a20057 Mon Sep 17 00:00:00 2001 From: Ryan Curtin Date: Tue, 14 Dec 2021 16:58:15 -0500 Subject: [PATCH 3/9] Adds test for reaper decryptor --- decryptor/reaper_test.go | 73 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 decryptor/reaper_test.go diff --git a/decryptor/reaper_test.go b/decryptor/reaper_test.go new file mode 100644 index 00000000..db70414d --- /dev/null +++ b/decryptor/reaper_test.go @@ -0,0 +1,73 @@ +package decryptor + +import ( + "bytes" + "encoding/json" + "fmt" + "net/http" + "net/http/httptest" + "testing" +) + +func TestDecryptArguments_NoneEncrypted(t *testing.T) { + dec := NewReaperDecryptor("http://url.com/not/used", string(generateNonce()), "1234") + firstArg := "--arg1=aaa" + secondArg := "--zzz=bbb" + args := []string{firstArg, secondArg} + + decryptedArgs, err := dec.DecryptArguments(args) + if err != nil { + t.Error("NoneEncrypted should not return an error") + } + + if decryptedArgs[0] != firstArg { + t.Errorf("NoneEncrypted - first arg should be %s, got %s", firstArg, decryptedArgs[0]) + } + + if decryptedArgs[1] != secondArg { + t.Errorf("NoneEncrypted - second arg should be %s, got %s", firstArg, decryptedArgs[0]) + } +} + +func TestDecryptArguments_EncryptedArgsDecoded(t *testing.T) { + encryptedKey := "zzzzzzz" + decryptedKey := "aaaaaaa" + firstArg := fmt.Sprintf("--arg1=OC_ENCRYPTED%sDETPYRCNE_CO", encryptedKey) + decryptedArg := fmt.Sprintf("--arg1=%s", decryptedKey) + secondArg := "--arg2=iamnotencrypted" + args := []string{firstArg, secondArg} + + reaperTestServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusOK) + w.Header().Set("Content-Type", "application/json") + + payloadObj := make(map[string]interface{}) + dataObj := make(map[string]interface{}) + dataObj["arguments"] = []string{decryptedArg, secondArg} + payloadObj["data"] = dataObj + + payloadBytes, err := json.Marshal(payloadObj) + if err != nil { + t.Errorf("error returning test data JSON: %s", err) + t.FailNow() + } + + b := bytes.NewBuffer(payloadBytes) + b.WriteTo(w) + })) + defer reaperTestServer.Close() + + dec := NewReaperDecryptor(reaperTestServer.URL, string(generateNonce()), "1234") + decryptedArgs, err := dec.DecryptArguments(args) + if err != nil { + t.Error("EncryptedArgsDecoded should not return an error") + } + + if decryptedArgs[0] != decryptedArg { + t.Errorf("EncryptedArgsDecoded - first arg should be %s, got %s", decryptedArg, decryptedArgs[0]) + } + + if decryptedArgs[1] != secondArg { + t.Errorf("EncryptedArgsDecoded - second arg should be %s, got %s", firstArg, decryptedArgs[0]) + } +} From b430be08ed1099eee193b76d8b3d5eca2848980a Mon Sep 17 00:00:00 2001 From: Ryan Curtin Date: Tue, 14 Dec 2021 17:03:56 -0500 Subject: [PATCH 4/9] Ensures that payload is built correctly --- decryptor/reaper_test.go | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/decryptor/reaper_test.go b/decryptor/reaper_test.go index db70414d..a9807638 100644 --- a/decryptor/reaper_test.go +++ b/decryptor/reaper_test.go @@ -4,6 +4,7 @@ import ( "bytes" "encoding/json" "fmt" + "io/ioutil" "net/http" "net/http/httptest" "testing" @@ -30,6 +31,7 @@ func TestDecryptArguments_NoneEncrypted(t *testing.T) { } func TestDecryptArguments_EncryptedArgsDecoded(t *testing.T) { + commandExecutorId := "7777" encryptedKey := "zzzzzzz" decryptedKey := "aaaaaaa" firstArg := fmt.Sprintf("--arg1=OC_ENCRYPTED%sDETPYRCNE_CO", encryptedKey) @@ -41,6 +43,30 @@ func TestDecryptArguments_EncryptedArgsDecoded(t *testing.T) { w.WriteHeader(http.StatusOK) w.Header().Set("Content-Type", "application/json") + reqBytes, err := ioutil.ReadAll(r.Body) + if err != nil { + t.Errorf("error reading test request: %s", err) + t.FailNow() + } + + var reqObj map[string]interface{} + err = json.Unmarshal(reqBytes, &reqObj) + if err != nil { + t.Errorf("error parsing test request JSON: %s", err) + t.FailNow() + } + + foundId, ok := reqObj["commandExecutorId"] + if !ok { + t.Error("request should contain commandExecutorId") + t.FailNow() + } + + if foundId.(string) != commandExecutorId { + t.Errorf("request should contain commandExecutorId %s, got %s", commandExecutorId, foundId.(string)) + t.FailNow() + } + payloadObj := make(map[string]interface{}) dataObj := make(map[string]interface{}) dataObj["arguments"] = []string{decryptedArg, secondArg} @@ -57,7 +83,7 @@ func TestDecryptArguments_EncryptedArgsDecoded(t *testing.T) { })) defer reaperTestServer.Close() - dec := NewReaperDecryptor(reaperTestServer.URL, string(generateNonce()), "1234") + dec := NewReaperDecryptor(reaperTestServer.URL, string(generateNonce()), commandExecutorId) decryptedArgs, err := dec.DecryptArguments(args) if err != nil { t.Error("EncryptedArgsDecoded should not return an error") From 2a36c3f409d7068f0822af2bfa17a9e0a2747112 Mon Sep 17 00:00:00 2001 From: Ryan Curtin Date: Thu, 16 Dec 2021 14:02:52 -0500 Subject: [PATCH 5/9] Explicitly sending JSON request --- decryptor/reaper.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/decryptor/reaper.go b/decryptor/reaper.go index 68af2f4e..1ec3039b 100644 --- a/decryptor/reaper.go +++ b/decryptor/reaper.go @@ -128,6 +128,7 @@ func addJWTHeader(req *retryablehttp.Request, signingKey []byte) error { return err } + req.Header.Add("Content-Type", "application/json") req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", signed)) return err @@ -163,9 +164,5 @@ func defaultClientWithRetries() *retryablehttp.Client { return false, err } - retryClient.RequestLogHook = func(l retryablehttp.Logger, req *http.Request, retryCount int) { - *req = *req.Clone(context.TODO()) - } - return retryClient } From c21dc0fc861dd1c0e16a78f1d66c69298288a073 Mon Sep 17 00:00:00 2001 From: Ryan Curtin Date: Thu, 16 Dec 2021 14:13:53 -0500 Subject: [PATCH 6/9] Fixes CircleCI --- .circleci/config.yml | 69 +++++++++++++++----------------------------- 1 file changed, 23 insertions(+), 46 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 6d248bcd..a6a35bec 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,53 +1,30 @@ version: 2 - -references: - workspace: &workspace - /go/src/github.com/spf13/cobra - - run_tests: &run_tests - run: - name: "All Commands" - command: | - mkdir -p bin - curl -Lso bin/shellcheck https://github.com/caarlos0/shellcheck-docker/releases/download/v0.4.6/shellcheck - chmod +x bin/shellcheck - go get -t -v ./... - PATH=$PATH:$PWD/bin go test -v ./... - go build - if [ -z $NOVET ]; then - diff -u <(echo -n) <(go tool vet . 2>&1 | grep -vE 'ExampleCommand|bash_completions.*Fprint'); - fi - jobs: - go-current: + build: docker: - - image: circleci/golang:1.11 - working_directory: *workspace - steps: - - checkout - - *run_tests - - run: - name: "Check formatting" - command: diff -u <(echo -n) <(gofmt -d -s .) - go-previous: - docker: - - image: circleci/golang:1.10 - working_directory: *workspace - steps: - - checkout - - *run_tests - go-latest: - docker: - - image: circleci/golang:latest - working_directory: *workspace - steps: - - checkout - - *run_tests + # specify the version + - image: circleci/golang:1.15 + auth: + username: $DOCKERHUB_USER + password: $DOCKERHUB_PASSWORD + environment: # environment variables for primary container + DEPLOYMENT: test + #### TEMPLATE_NOTE: go expects specific checkout path representing url + #### expecting it in the form of + #### /go/src/github.com/circleci/go-tool + #### /go/src/bitbucket.org/circleci/go-tool + working_directory: /go/src/github.com/OneCloudInc/cobra + steps: + - checkout + - run: + name: Run tests + command: | + go test ./... workflows: version: 2 - main: + workflow: jobs: - - go-current - - go-previous - - go-latest + - build: + context: + - dockerhub From ef632ed1e11a34dc259ff660a1f1dc073a6301b8 Mon Sep 17 00:00:00 2001 From: Ryan Curtin Date: Thu, 16 Dec 2021 14:27:35 -0500 Subject: [PATCH 7/9] Converting cobra to use OneCloudInc/cobra in all cases --- cobra/cmd/add.go | 6 +++--- cobra/cmd/init.go | 4 ++-- cobra/cmd/project.go | 2 +- cobra/cmd/project_test.go | 2 +- cobra/cmd/root.go | 2 +- cobra/cmd/testdata/root.go.golden | 2 +- cobra/cmd/testdata/test.go.golden | 2 +- command.go | 2 +- command_test.go | 22 +++++++++++----------- doc/cmd_test.go | 2 +- doc/man_docs.go | 2 +- doc/man_docs.md | 4 ++-- doc/man_docs_test.go | 2 +- doc/man_examples_test.go | 4 ++-- doc/md_docs.go | 2 +- doc/md_docs.md | 6 +++--- doc/md_docs_test.go | 2 +- doc/rest_docs.go | 2 +- doc/rest_docs.md | 6 +++--- doc/rest_docs_test.go | 2 +- doc/util.go | 2 +- doc/yaml_docs.go | 2 +- doc/yaml_docs.md | 6 +++--- doc/yaml_docs_test.go | 2 +- go.mod | 1 - 25 files changed, 45 insertions(+), 46 deletions(-) diff --git a/cobra/cmd/add.go b/cobra/cmd/add.go index 5cec1d04..c2d82ade 100644 --- a/cobra/cmd/add.go +++ b/cobra/cmd/add.go @@ -19,7 +19,7 @@ import ( "path/filepath" "unicode" - "github.com/spf13/cobra" + "github.com/OneCloudInc/cobra" ) func init() { @@ -71,7 +71,7 @@ Example: cobra add server -> resulting in a new cmd/server.go`, // validateCmdName returns source without any dashes and underscore. // If there will be dash or underscore, next letter will be uppered. // It supports only ASCII (1-byte character) strings. -// https://github.com/spf13/cobra/issues/269 +// https://github.com/OneCloudInc/cobra/issues/269 func validateCmdName(source string) string { i := 0 l := len(source) @@ -130,7 +130,7 @@ package {{.cmdPackage}} import ( "fmt" - "github.com/spf13/cobra" + "github.com/OneCloudInc/cobra" ) {{ printFlagVars .flags }} diff --git a/cobra/cmd/init.go b/cobra/cmd/init.go index 9af76f3c..1f3c3ba2 100644 --- a/cobra/cmd/init.go +++ b/cobra/cmd/init.go @@ -19,7 +19,7 @@ import ( "path" "path/filepath" - "github.com/spf13/cobra" + "github.com/OneCloudInc/cobra" "github.com/spf13/viper" ) @@ -148,7 +148,7 @@ import ( "os" {{if .viper}} homedir "github.com/mitchellh/go-homedir"{{end}} - "github.com/spf13/cobra"{{if .viper}} + "github.com/OneCloudInc/cobra"{{if .viper}} "github.com/spf13/viper"{{end}} ){{if .viper}} diff --git a/cobra/cmd/project.go b/cobra/cmd/project.go index 7ddb8258..32a46648 100644 --- a/cobra/cmd/project.go +++ b/cobra/cmd/project.go @@ -114,7 +114,7 @@ func (p *Project) License() License { return p.license } -// Name returns the name of project, e.g. "github.com/spf13/cobra" +// Name returns the name of project, e.g. "github.com/OneCloudInc/cobra" func (p Project) Name() string { return p.name } diff --git a/cobra/cmd/project_test.go b/cobra/cmd/project_test.go index 037f7c55..fe23ba57 100644 --- a/cobra/cmd/project_test.go +++ b/cobra/cmd/project_test.go @@ -5,7 +5,7 @@ import ( ) func TestFindExistingPackage(t *testing.T) { - path := findPackage("github.com/spf13/cobra") + path := findPackage("github.com/OneCloudInc/cobra") if path == "" { t.Fatal("findPackage didn't find the existing package") } diff --git a/cobra/cmd/root.go b/cobra/cmd/root.go index 2220d498..504ffe36 100644 --- a/cobra/cmd/root.go +++ b/cobra/cmd/root.go @@ -16,8 +16,8 @@ package cmd import ( "fmt" + "github.com/OneCloudInc/cobra" homedir "github.com/mitchellh/go-homedir" - "github.com/spf13/cobra" "github.com/spf13/viper" ) diff --git a/cobra/cmd/testdata/root.go.golden b/cobra/cmd/testdata/root.go.golden index 015a15b9..2a878fee 100644 --- a/cobra/cmd/testdata/root.go.golden +++ b/cobra/cmd/testdata/root.go.golden @@ -18,7 +18,7 @@ import ( "fmt" "os" - "github.com/spf13/cobra" + "github.com/OneCloudInc/cobra" ) diff --git a/cobra/cmd/testdata/test.go.golden b/cobra/cmd/testdata/test.go.golden index 7c365ab6..57d0f079 100644 --- a/cobra/cmd/testdata/test.go.golden +++ b/cobra/cmd/testdata/test.go.golden @@ -17,7 +17,7 @@ package cmd import ( "fmt" - "github.com/spf13/cobra" + "github.com/OneCloudInc/cobra" ) diff --git a/command.go b/command.go index 7d5ba929..c678063e 100644 --- a/command.go +++ b/command.go @@ -1229,7 +1229,7 @@ func (c *Command) IsAvailableCommand() bool { // help topic command; additional help topic command is determined by the // fact that it is NOT runnable/hidden/deprecated, and has no sub commands that // are runnable/hidden/deprecated. -// Concrete example: https://github.com/spf13/cobra/issues/393#issuecomment-282741924. +// Concrete example: https://github.com/OneCloudInc/cobra/issues/393#issuecomment-282741924. func (c *Command) IsAdditionalHelpTopicCommand() bool { // if a command is runnable, deprecated, or hidden it is not a 'help' command if c.Runnable() || len(c.Deprecated) != 0 || c.Hidden { diff --git a/command_test.go b/command_test.go index 6e483a3e..c7c581fe 100644 --- a/command_test.go +++ b/command_test.go @@ -805,7 +805,7 @@ func TestHelpFlagExecutedOnChild(t *testing.T) { // TestHelpFlagInHelp checks, // if '--help' flag is shown in help for child (executing `parent help child`), // that has no other flags. -// Related to https://github.com/spf13/cobra/issues/302. +// Related to https://github.com/OneCloudInc/cobra/issues/302. func TestHelpFlagInHelp(t *testing.T) { parentCmd := &Command{Use: "parent", Run: func(*Command, []string) {}} @@ -1166,7 +1166,7 @@ func TestPersistentHooks(t *testing.T) { // TODO: currently PersistenPreRun* defined in parent does not // run if the matchin child subcommand has PersistenPreRun. - // If the behavior changes (https://github.com/spf13/cobra/issues/252) + // If the behavior changes (https://github.com/OneCloudInc/cobra/issues/252) // this test must be fixed. if parentPersPreArgs != "" { t.Errorf("Expected blank parentPersPreArgs, got %q", parentPersPreArgs) @@ -1182,7 +1182,7 @@ func TestPersistentHooks(t *testing.T) { } // TODO: currently PersistenPostRun* defined in parent does not // run if the matchin child subcommand has PersistenPostRun. - // If the behavior changes (https://github.com/spf13/cobra/issues/252) + // If the behavior changes (https://github.com/OneCloudInc/cobra/issues/252) // this test must be fixed. if parentPersPostArgs != "" { t.Errorf("Expected blank parentPersPostArgs, got %q", parentPersPostArgs) @@ -1205,7 +1205,7 @@ func TestPersistentHooks(t *testing.T) { } } -// Related to https://github.com/spf13/cobra/issues/521. +// Related to https://github.com/OneCloudInc/cobra/issues/521. func TestGlobalNormFuncPropagation(t *testing.T) { normFunc := func(f *pflag.FlagSet, name string) pflag.NormalizedName { return pflag.NormalizedName(name) @@ -1225,7 +1225,7 @@ func TestGlobalNormFuncPropagation(t *testing.T) { } } -// Related to https://github.com/spf13/cobra/issues/521. +// Related to https://github.com/OneCloudInc/cobra/issues/521. func TestNormPassedOnLocal(t *testing.T) { toUpper := func(f *pflag.FlagSet, name string) pflag.NormalizedName { return pflag.NormalizedName(strings.ToUpper(name)) @@ -1239,7 +1239,7 @@ func TestNormPassedOnLocal(t *testing.T) { } } -// Related to https://github.com/spf13/cobra/issues/521. +// Related to https://github.com/OneCloudInc/cobra/issues/521. func TestNormPassedOnInherited(t *testing.T) { toUpper := func(f *pflag.FlagSet, name string) pflag.NormalizedName { return pflag.NormalizedName(strings.ToUpper(name)) @@ -1267,7 +1267,7 @@ func TestNormPassedOnInherited(t *testing.T) { } } -// Related to https://github.com/spf13/cobra/issues/521. +// Related to https://github.com/OneCloudInc/cobra/issues/521. func TestConsistentNormalizedName(t *testing.T) { toUpper := func(f *pflag.FlagSet, name string) pflag.NormalizedName { return pflag.NormalizedName(strings.ToUpper(name)) @@ -1400,7 +1400,7 @@ func TestFlagErrorFunc(t *testing.T) { // TestSortedFlags checks, // if cmd.LocalFlags() is unsorted when cmd.Flags().SortFlags set to false. -// Related to https://github.com/spf13/cobra/issues/404. +// Related to https://github.com/OneCloudInc/cobra/issues/404. func TestSortedFlags(t *testing.T) { c := &Command{} c.Flags().SortFlags = false @@ -1426,7 +1426,7 @@ func TestSortedFlags(t *testing.T) { // TestMergeCommandLineToFlags checks, // if pflag.CommandLine is correctly merged to c.Flags() after first call // of c.mergePersistentFlags. -// Related to https://github.com/spf13/cobra/issues/443. +// Related to https://github.com/OneCloudInc/cobra/issues/443. func TestMergeCommandLineToFlags(t *testing.T) { pflag.Bool("boolflag", false, "") c := &Command{Use: "c", Run: emptyRun} @@ -1440,7 +1440,7 @@ func TestMergeCommandLineToFlags(t *testing.T) { // TestUseDeprecatedFlags checks, // if cobra.Execute() prints a message, if a deprecated flag is used. -// Related to https://github.com/spf13/cobra/issues/463. +// Related to https://github.com/OneCloudInc/cobra/issues/463. func TestUseDeprecatedFlags(t *testing.T) { c := &Command{Use: "c", Run: emptyRun} c.Flags().BoolP("deprecated", "d", false, "deprecated flag") @@ -1555,7 +1555,7 @@ func TestTraverseWithTwoSubcommands(t *testing.T) { } // TestUpdateName checks if c.Name() updates on changed c.Use. -// Related to https://github.com/spf13/cobra/pull/422#discussion_r143918343. +// Related to https://github.com/OneCloudInc/cobra/pull/422#discussion_r143918343. func TestUpdateName(t *testing.T) { c := &Command{Use: "name xyz"} originalName := c.Name() diff --git a/doc/cmd_test.go b/doc/cmd_test.go index d29c577d..d0847567 100644 --- a/doc/cmd_test.go +++ b/doc/cmd_test.go @@ -4,7 +4,7 @@ import ( "strings" "testing" - "github.com/spf13/cobra" + "github.com/OneCloudInc/cobra" ) func emptyRun(*cobra.Command, []string) {} diff --git a/doc/man_docs.go b/doc/man_docs.go index 4a062339..87beda7f 100644 --- a/doc/man_docs.go +++ b/doc/man_docs.go @@ -24,8 +24,8 @@ import ( "strings" "time" + "github.com/OneCloudInc/cobra" "github.com/cpuguy83/go-md2man/md2man" - "github.com/spf13/cobra" "github.com/spf13/pflag" ) diff --git a/doc/man_docs.md b/doc/man_docs.md index 3709160f..5caeed33 100644 --- a/doc/man_docs.md +++ b/doc/man_docs.md @@ -8,8 +8,8 @@ package main import ( "log" - "github.com/spf13/cobra" - "github.com/spf13/cobra/doc" + "github.com/OneCloudInc/cobra" + "github.com/OneCloudInc/cobra/doc" ) func main() { diff --git a/doc/man_docs_test.go b/doc/man_docs_test.go index 2c400f5d..babf12f1 100644 --- a/doc/man_docs_test.go +++ b/doc/man_docs_test.go @@ -10,7 +10,7 @@ import ( "strings" "testing" - "github.com/spf13/cobra" + "github.com/OneCloudInc/cobra" ) func translate(in string) string { diff --git a/doc/man_examples_test.go b/doc/man_examples_test.go index db660426..36fc2cf3 100644 --- a/doc/man_examples_test.go +++ b/doc/man_examples_test.go @@ -4,8 +4,8 @@ import ( "bytes" "fmt" - "github.com/spf13/cobra" - "github.com/spf13/cobra/doc" + "github.com/OneCloudInc/cobra" + "github.com/OneCloudInc/cobra/doc" ) func ExampleGenManTree() { diff --git a/doc/md_docs.go b/doc/md_docs.go index d76f6d5e..9c3648f0 100644 --- a/doc/md_docs.go +++ b/doc/md_docs.go @@ -23,7 +23,7 @@ import ( "strings" "time" - "github.com/spf13/cobra" + "github.com/OneCloudInc/cobra" ) func printOptions(buf *bytes.Buffer, cmd *cobra.Command, name string) error { diff --git a/doc/md_docs.md b/doc/md_docs.md index 56ce9fe8..f69bad22 100644 --- a/doc/md_docs.md +++ b/doc/md_docs.md @@ -8,8 +8,8 @@ package main import ( "log" - "github.com/spf13/cobra" - "github.com/spf13/cobra/doc" + "github.com/OneCloudInc/cobra" + "github.com/OneCloudInc/cobra/doc" ) func main() { @@ -41,7 +41,7 @@ import ( "k8s.io/kubernetes/pkg/kubectl/cmd" cmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util" - "github.com/spf13/cobra/doc" + "github.com/OneCloudInc/cobra/doc" ) func main() { diff --git a/doc/md_docs_test.go b/doc/md_docs_test.go index c060f32f..bf4b69c2 100644 --- a/doc/md_docs_test.go +++ b/doc/md_docs_test.go @@ -7,7 +7,7 @@ import ( "path/filepath" "testing" - "github.com/spf13/cobra" + "github.com/OneCloudInc/cobra" ) func TestGenMdDoc(t *testing.T) { diff --git a/doc/rest_docs.go b/doc/rest_docs.go index 051d8dc8..de531742 100644 --- a/doc/rest_docs.go +++ b/doc/rest_docs.go @@ -23,7 +23,7 @@ import ( "strings" "time" - "github.com/spf13/cobra" + "github.com/OneCloudInc/cobra" ) func printOptionsReST(buf *bytes.Buffer, cmd *cobra.Command, name string) error { diff --git a/doc/rest_docs.md b/doc/rest_docs.md index 6098430e..75b89d97 100644 --- a/doc/rest_docs.md +++ b/doc/rest_docs.md @@ -8,8 +8,8 @@ package main import ( "log" - "github.com/spf13/cobra" - "github.com/spf13/cobra/doc" + "github.com/OneCloudInc/cobra" + "github.com/OneCloudInc/cobra/doc" ) func main() { @@ -41,7 +41,7 @@ import ( "k8s.io/kubernetes/pkg/kubectl/cmd" cmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util" - "github.com/spf13/cobra/doc" + "github.com/OneCloudInc/cobra/doc" ) func main() { diff --git a/doc/rest_docs_test.go b/doc/rest_docs_test.go index 330a2e5e..deabf64d 100644 --- a/doc/rest_docs_test.go +++ b/doc/rest_docs_test.go @@ -7,7 +7,7 @@ import ( "path/filepath" "testing" - "github.com/spf13/cobra" + "github.com/OneCloudInc/cobra" ) func TestGenRSTDoc(t *testing.T) { diff --git a/doc/util.go b/doc/util.go index 8d3dbece..f27e158d 100644 --- a/doc/util.go +++ b/doc/util.go @@ -16,7 +16,7 @@ package doc import ( "strings" - "github.com/spf13/cobra" + "github.com/OneCloudInc/cobra" ) // Test to see if we have a reason to print See Also information in docs diff --git a/doc/yaml_docs.go b/doc/yaml_docs.go index ea00af07..e9b04df1 100644 --- a/doc/yaml_docs.go +++ b/doc/yaml_docs.go @@ -21,7 +21,7 @@ import ( "sort" "strings" - "github.com/spf13/cobra" + "github.com/OneCloudInc/cobra" "github.com/spf13/pflag" "gopkg.in/yaml.v2" ) diff --git a/doc/yaml_docs.md b/doc/yaml_docs.md index 1a9b7c6a..f229e034 100644 --- a/doc/yaml_docs.md +++ b/doc/yaml_docs.md @@ -8,8 +8,8 @@ package main import ( "log" - "github.com/spf13/cobra" - "github.com/spf13/cobra/doc" + "github.com/OneCloudInc/cobra" + "github.com/OneCloudInc/cobra/doc" ) func main() { @@ -41,7 +41,7 @@ import ( "k8s.io/kubernetes/pkg/kubectl/cmd" cmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util" - "github.com/spf13/cobra/doc" + "github.com/OneCloudInc/cobra/doc" ) func main() { diff --git a/doc/yaml_docs_test.go b/doc/yaml_docs_test.go index c5a63594..db775ef7 100644 --- a/doc/yaml_docs_test.go +++ b/doc/yaml_docs_test.go @@ -7,7 +7,7 @@ import ( "path/filepath" "testing" - "github.com/spf13/cobra" + "github.com/OneCloudInc/cobra" ) func TestGenYamlDoc(t *testing.T) { diff --git a/go.mod b/go.mod index 1b7132d6..e782f3c8 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,6 @@ require ( github.com/russross/blackfriday v1.5.2 // indirect github.com/spf13/afero v1.2.1 // indirect github.com/spf13/cast v1.3.0 // indirect - github.com/spf13/cobra v0.0.3 github.com/spf13/jwalterweatherman v1.0.0 // indirect github.com/spf13/pflag v1.0.3 github.com/spf13/viper v1.3.1 From 1223d49a6213c4e600641a615c4be00b85b5b413 Mon Sep 17 00:00:00 2001 From: Ryan Curtin Date: Thu, 16 Dec 2021 14:39:36 -0500 Subject: [PATCH 8/9] Fixes issue references --- cobra/cmd/add.go | 2 +- command.go | 2 +- command_test.go | 16 ++++++++-------- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/cobra/cmd/add.go b/cobra/cmd/add.go index c2d82ade..f4e62148 100644 --- a/cobra/cmd/add.go +++ b/cobra/cmd/add.go @@ -71,7 +71,7 @@ Example: cobra add server -> resulting in a new cmd/server.go`, // validateCmdName returns source without any dashes and underscore. // If there will be dash or underscore, next letter will be uppered. // It supports only ASCII (1-byte character) strings. -// https://github.com/OneCloudInc/cobra/issues/269 +// https://github.com/spf13/cobra/issues/269 func validateCmdName(source string) string { i := 0 l := len(source) diff --git a/command.go b/command.go index c678063e..7d5ba929 100644 --- a/command.go +++ b/command.go @@ -1229,7 +1229,7 @@ func (c *Command) IsAvailableCommand() bool { // help topic command; additional help topic command is determined by the // fact that it is NOT runnable/hidden/deprecated, and has no sub commands that // are runnable/hidden/deprecated. -// Concrete example: https://github.com/OneCloudInc/cobra/issues/393#issuecomment-282741924. +// Concrete example: https://github.com/spf13/cobra/issues/393#issuecomment-282741924. func (c *Command) IsAdditionalHelpTopicCommand() bool { // if a command is runnable, deprecated, or hidden it is not a 'help' command if c.Runnable() || len(c.Deprecated) != 0 || c.Hidden { diff --git a/command_test.go b/command_test.go index c7c581fe..52169e74 100644 --- a/command_test.go +++ b/command_test.go @@ -805,7 +805,7 @@ func TestHelpFlagExecutedOnChild(t *testing.T) { // TestHelpFlagInHelp checks, // if '--help' flag is shown in help for child (executing `parent help child`), // that has no other flags. -// Related to https://github.com/OneCloudInc/cobra/issues/302. +// Related to https://github.com/spf13/cobra/issues/302. func TestHelpFlagInHelp(t *testing.T) { parentCmd := &Command{Use: "parent", Run: func(*Command, []string) {}} @@ -1205,7 +1205,7 @@ func TestPersistentHooks(t *testing.T) { } } -// Related to https://github.com/OneCloudInc/cobra/issues/521. +// Related to https://github.com/spf13/cobra/issues/521. func TestGlobalNormFuncPropagation(t *testing.T) { normFunc := func(f *pflag.FlagSet, name string) pflag.NormalizedName { return pflag.NormalizedName(name) @@ -1225,7 +1225,7 @@ func TestGlobalNormFuncPropagation(t *testing.T) { } } -// Related to https://github.com/OneCloudInc/cobra/issues/521. +// Related to https://github.com/spf13/cobra/issues/521. func TestNormPassedOnLocal(t *testing.T) { toUpper := func(f *pflag.FlagSet, name string) pflag.NormalizedName { return pflag.NormalizedName(strings.ToUpper(name)) @@ -1239,7 +1239,7 @@ func TestNormPassedOnLocal(t *testing.T) { } } -// Related to https://github.com/OneCloudInc/cobra/issues/521. +// Related to https://github.com/spf13/cobra/issues/521. func TestNormPassedOnInherited(t *testing.T) { toUpper := func(f *pflag.FlagSet, name string) pflag.NormalizedName { return pflag.NormalizedName(strings.ToUpper(name)) @@ -1267,7 +1267,7 @@ func TestNormPassedOnInherited(t *testing.T) { } } -// Related to https://github.com/OneCloudInc/cobra/issues/521. +// Related to https://github.com/spf13/cobra/issues/521. func TestConsistentNormalizedName(t *testing.T) { toUpper := func(f *pflag.FlagSet, name string) pflag.NormalizedName { return pflag.NormalizedName(strings.ToUpper(name)) @@ -1400,7 +1400,7 @@ func TestFlagErrorFunc(t *testing.T) { // TestSortedFlags checks, // if cmd.LocalFlags() is unsorted when cmd.Flags().SortFlags set to false. -// Related to https://github.com/OneCloudInc/cobra/issues/404. +// Related to https://github.com/spf13/cobra/issues/404. func TestSortedFlags(t *testing.T) { c := &Command{} c.Flags().SortFlags = false @@ -1426,7 +1426,7 @@ func TestSortedFlags(t *testing.T) { // TestMergeCommandLineToFlags checks, // if pflag.CommandLine is correctly merged to c.Flags() after first call // of c.mergePersistentFlags. -// Related to https://github.com/OneCloudInc/cobra/issues/443. +// Related to https://github.com/spf13/cobra/issues/443. func TestMergeCommandLineToFlags(t *testing.T) { pflag.Bool("boolflag", false, "") c := &Command{Use: "c", Run: emptyRun} @@ -1440,7 +1440,7 @@ func TestMergeCommandLineToFlags(t *testing.T) { // TestUseDeprecatedFlags checks, // if cobra.Execute() prints a message, if a deprecated flag is used. -// Related to https://github.com/OneCloudInc/cobra/issues/463. +// Related to https://github.com/spf13/cobra/issues/463. func TestUseDeprecatedFlags(t *testing.T) { c := &Command{Use: "c", Run: emptyRun} c.Flags().BoolP("deprecated", "d", false, "deprecated flag") From 1f5bfa181bf558edc72a9c6fd65dde9063e9473c Mon Sep 17 00:00:00 2001 From: Ryan Curtin Date: Thu, 16 Dec 2021 17:03:32 -0500 Subject: [PATCH 9/9] Code review fixes - seeding random number generator and handling error with setting header --- decryptor/reaper.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/decryptor/reaper.go b/decryptor/reaper.go index 1ec3039b..15085e7c 100644 --- a/decryptor/reaper.go +++ b/decryptor/reaper.go @@ -54,6 +54,10 @@ var vaultRegex = regexp.MustCompile(vaultEncryptStart + "(.*)" + vaultEncryptEnd var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") +func init() { + rand.Seed(time.Now().UTC().UnixNano()) +} + // NewReaperDecryptor returns a Decryptor implementation that will call out to // the reaper service to decrypt any encrypted arguments. func NewReaperDecryptor(url, signingKey, commandExecutorID string) Decryptor { @@ -96,7 +100,10 @@ func (r *ReaperDecryptor) DecryptArguments(args []string) ([]string, error) { } cl := defaultClientWithRetries() - addJWTHeader(retryReq, r.SigningKey) + err = addJWTHeader(retryReq, r.SigningKey) + if err != nil { + return args, fmt.Errorf("error signing request: %s", err) + } resp, err := cl.Do(retryReq) if err != nil {