From ce89c5abe8fa34c3705e0a6135bb3b4656299042 Mon Sep 17 00:00:00 2001
From: Ryan Curtin <ryan@onecloud.io>
Date: Tue, 7 Dec 2021 17:11:39 -0500
Subject: [PATCH 1/9] Placeholder for performing decryption logic; cobra now
distributed using go modules
---
Gopkg.lock | 186 --------------------------------------------------
Gopkg.toml | 54 ---------------
command.go | 5 ++
decryptor.go | 5 ++
gatekeeper.go | 39 +++++++++++
go.mod | 26 +++++++
go.sum | 49 +++++++++++++
7 files changed, 124 insertions(+), 240 deletions(-)
delete mode 100644 Gopkg.lock
delete mode 100644 Gopkg.toml
create mode 100644 decryptor.go
create mode 100644 gatekeeper.go
create mode 100644 go.mod
create mode 100644 go.sum
diff --git a/Gopkg.lock b/Gopkg.lock
deleted file mode 100644
index f08eb9ff..00000000
--- a/Gopkg.lock
+++ /dev/null
@@ -1,186 +0,0 @@
-# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
-
-
-[[projects]]
- digest = "1:7cb4fdca4c251b3ef8027c90ea35f70c7b661a593b9eeae34753c65499098bb1"
- name = "github.com/cpuguy83/go-md2man"
- packages = ["md2man"]
- pruneopts = "UT"
- revision = "20f5889cbdc3c73dbd2862796665e7c465ade7d1"
- version = "v1.0.8"
-
-[[projects]]
- digest = "1:abeb38ade3f32a92943e5be54f55ed6d6e3b6602761d74b4aab4c9dd45c18abd"
- name = "github.com/fsnotify/fsnotify"
- packages = ["."]
- pruneopts = "UT"
- revision = "c2828203cd70a50dcccfb2761f8b1f8ceef9a8e9"
- version = "v1.4.7"
-
-[[projects]]
- digest = "1:c0d19ab64b32ce9fe5cf4ddceba78d5bc9807f0016db6b1183599da3dcc24d10"
- name = "github.com/hashicorp/hcl"
- packages = [
- ".",
- "hcl/ast",
- "hcl/parser",
- "hcl/printer",
- "hcl/scanner",
- "hcl/strconv",
- "hcl/token",
- "json/parser",
- "json/scanner",
- "json/token",
- ]
- pruneopts = "UT"
- revision = "8cb6e5b959231cc1119e43259c4a608f9c51a241"
- version = "v1.0.0"
-
-[[projects]]
- digest = "1:870d441fe217b8e689d7949fef6e43efbc787e50f200cb1e70dbca9204a1d6be"
- name = "github.com/inconshreveable/mousetrap"
- packages = ["."]
- pruneopts = "UT"
- revision = "76626ae9c91c4f2a10f34cad8ce83ea42c93bb75"
- version = "v1.0"
-
-[[projects]]
- digest = "1:c568d7727aa262c32bdf8a3f7db83614f7af0ed661474b24588de635c20024c7"
- name = "github.com/magiconair/properties"
- packages = ["."]
- pruneopts = "UT"
- revision = "c2353362d570a7bfa228149c62842019201cfb71"
- version = "v1.8.0"
-
-[[projects]]
- digest = "1:5d231480e1c64a726869bc4142d270184c419749d34f167646baa21008eb0a79"
- name = "github.com/mitchellh/go-homedir"
- packages = ["."]
- pruneopts = "UT"
- revision = "af06845cf3004701891bf4fdb884bfe4920b3727"
- version = "v1.1.0"
-
-[[projects]]
- digest = "1:53bc4cd4914cd7cd52139990d5170d6dc99067ae31c56530621b18b35fc30318"
- name = "github.com/mitchellh/mapstructure"
- packages = ["."]
- pruneopts = "UT"
- revision = "3536a929edddb9a5b34bd6861dc4a9647cb459fe"
- version = "v1.1.2"
-
-[[projects]]
- digest = "1:95741de3af260a92cc5c7f3f3061e85273f5a81b5db20d4bd68da74bd521675e"
- name = "github.com/pelletier/go-toml"
- packages = ["."]
- pruneopts = "UT"
- revision = "c01d1270ff3e442a8a57cddc1c92dc1138598194"
- version = "v1.2.0"
-
-[[projects]]
- digest = "1:b36a0ede02c4c2aef7df7f91cbbb7bb88a98b5d253509d4f997dda526e50c88c"
- name = "github.com/russross/blackfriday"
- packages = ["."]
- pruneopts = "UT"
- revision = "05f3235734ad95d0016f6a23902f06461fcf567a"
- version = "v1.5.2"
-
-[[projects]]
- digest = "1:3e39bafd6c2f4bf3c76c3bfd16a2e09e016510ad5db90dc02b88e2f565d6d595"
- name = "github.com/spf13/afero"
- packages = [
- ".",
- "mem",
- ]
- pruneopts = "UT"
- revision = "f4711e4db9e9a1d3887343acb72b2bbfc2f686f5"
- version = "v1.2.1"
-
-[[projects]]
- digest = "1:08d65904057412fc0270fc4812a1c90c594186819243160dc779a402d4b6d0bc"
- name = "github.com/spf13/cast"
- packages = ["."]
- pruneopts = "UT"
- revision = "8c9545af88b134710ab1cd196795e7f2388358d7"
- version = "v1.3.0"
-
-[[projects]]
- digest = "1:e01b05ba901239c783dfe56450bcde607fc858908529868259c9a8765dc176d0"
- name = "github.com/spf13/cobra"
- packages = [
- ".",
- "doc",
- ]
- pruneopts = "UT"
- revision = "ef82de70bb3f60c65fb8eebacbb2d122ef517385"
- version = "v0.0.3"
-
-[[projects]]
- digest = "1:68ea4e23713989dc20b1bded5d9da2c5f9be14ff9885beef481848edd18c26cb"
- name = "github.com/spf13/jwalterweatherman"
- packages = ["."]
- pruneopts = "UT"
- revision = "4a4406e478ca629068e7768fc33f3f044173c0a6"
- version = "v1.0.0"
-
-[[projects]]
- digest = "1:c1b1102241e7f645bc8e0c22ae352e8f0dc6484b6cb4d132fa9f24174e0119e2"
- name = "github.com/spf13/pflag"
- packages = ["."]
- pruneopts = "UT"
- revision = "298182f68c66c05229eb03ac171abe6e309ee79a"
- version = "v1.0.3"
-
-[[projects]]
- digest = "1:de37e343c64582d7026bf8ab6ac5b22a72eac54f3a57020db31524affed9f423"
- name = "github.com/spf13/viper"
- packages = ["."]
- pruneopts = "UT"
- revision = "6d33b5a963d922d182c91e8a1c88d81fd150cfd4"
- version = "v1.3.1"
-
-[[projects]]
- branch = "master"
- digest = "1:d0e9a312c4610a508569ab25e54d34600b1a96d19b1866ece104ffdf1c1b9d2c"
- name = "golang.org/x/sys"
- packages = ["unix"]
- pruneopts = "UT"
- revision = "cd391775e71e684db52b63df9affd58269495083"
-
-[[projects]]
- digest = "1:8029e9743749d4be5bc9f7d42ea1659471767860f0cdc34d37c3111bd308a295"
- name = "golang.org/x/text"
- packages = [
- "internal/gen",
- "internal/triegen",
- "internal/ucd",
- "transform",
- "unicode/cldr",
- "unicode/norm",
- ]
- pruneopts = "UT"
- revision = "f21a4dfb5e38f5895301dc265a8def02365cc3d0"
- version = "v0.3.0"
-
-[[projects]]
- digest = "1:4d2e5a73dc1500038e504a8d78b986630e3626dc027bc030ba5c75da257cdb96"
- name = "gopkg.in/yaml.v2"
- packages = ["."]
- pruneopts = "UT"
- revision = "51d6538a90f86fe93ac480b35f37b2be17fef232"
- version = "v2.2.2"
-
-[solve-meta]
- analyzer-name = "dep"
- analyzer-version = 1
- input-imports = [
- "github.com/cpuguy83/go-md2man/md2man",
- "github.com/inconshreveable/mousetrap",
- "github.com/mitchellh/go-homedir",
- "github.com/spf13/cobra",
- "github.com/spf13/cobra/doc",
- "github.com/spf13/pflag",
- "github.com/spf13/viper",
- "gopkg.in/yaml.v2",
- ]
- solver-name = "gps-cdcl"
- solver-version = 1
diff --git a/Gopkg.toml b/Gopkg.toml
deleted file mode 100644
index e273f6f6..00000000
--- a/Gopkg.toml
+++ /dev/null
@@ -1,54 +0,0 @@
-# Gopkg.toml example
-#
-# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html
-# for detailed Gopkg.toml documentation.
-#
-# required = ["github.com/user/thing/cmd/thing"]
-# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
-#
-# [[constraint]]
-# name = "github.com/user/project"
-# version = "1.0.0"
-#
-# [[constraint]]
-# name = "github.com/user/project2"
-# branch = "dev"
-# source = "github.com/myfork/project2"
-#
-# [[override]]
-# name = "github.com/x/y"
-# version = "2.4.0"
-#
-# [prune]
-# non-go = false
-# go-tests = true
-# unused-packages = true
-
-
-[[constraint]]
- name = "github.com/cpuguy83/go-md2man"
- version = "1.0.8"
-
-[[constraint]]
- name = "github.com/inconshreveable/mousetrap"
- version = "1.0.0"
-
-[[constraint]]
- name = "github.com/mitchellh/go-homedir"
- version = "1.1.0"
-
-[[constraint]]
- name = "github.com/spf13/pflag"
- version = "1.0.3"
-
-[[constraint]]
- name = "github.com/spf13/viper"
- version = "1.3.1"
-
-[[constraint]]
- name = "gopkg.in/yaml.v2"
- version = "2.2.2"
-
-[prune]
- go-tests = true
- unused-packages = true
diff --git a/command.go b/command.go
index 34d1bf36..5bed4818 100644
--- a/command.go
+++ b/command.go
@@ -593,6 +593,7 @@ func (c *Command) Traverse(args []string) (*Command, []string, error) {
inFlag := false
for i, arg := range args {
+
switch {
// A long flag with a space separated value
case strings.HasPrefix(arg, "--") && !strings.Contains(arg, "="):
@@ -849,6 +850,10 @@ func (c *Command) ExecuteC() (cmd *Command, err error) {
cmd.commandCalledAs.name = cmd.Name()
}
+ // RC: Implementation of decryption - use DI to test
+ decryptor := Gatekeeper{}
+ flags, err = decryptor.DecryptFlags(flags)
+
err = cmd.execute(flags)
if err != nil {
// Always show help if requested, even if SilenceErrors is in
diff --git a/decryptor.go b/decryptor.go
new file mode 100644
index 00000000..386f276a
--- /dev/null
+++ b/decryptor.go
@@ -0,0 +1,5 @@
+package cobra
+
+type Decryptor interface {
+ DecryptFlags([]string) ([]string, error)
+}
diff --git a/gatekeeper.go b/gatekeeper.go
new file mode 100644
index 00000000..627c6200
--- /dev/null
+++ b/gatekeeper.go
@@ -0,0 +1,39 @@
+package cobra
+
+import (
+ "regexp"
+)
+
+const vaultEncryptStart = "OC_ENCRYPTED"
+const vaultEncryptEnd = "DETPYRCNE_CO"
+
+var vaultRegex = regexp.MustCompile(vaultEncryptStart + "(.*)" + vaultEncryptEnd)
+
+type Gatekeeper struct{}
+
+func (g *Gatekeeper) DecryptFlags(flags []string) ([]string, error) {
+ var decryptedFlags []string
+
+ for _, fl := range flags {
+ keyToDecrypt := extractSecretKey(fl)
+ if keyToDecrypt == "" {
+ continue
+ } else {
+ // TODO: Gatekeeper client should perform decryption here
+ // TODO: Remove recursive decryption to the Gatekeeper client
+ // TODO: Move macro replacement to Gatekeeper package
+ decryptedFlags = append(decryptedFlags, keyToDecrypt)
+ }
+ }
+
+ return decryptedFlags, nil
+}
+
+func extractSecretKey(macro string) string {
+ matches := vaultRegex.FindStringSubmatch(macro)
+ if len(matches) == 2 && matches[1] != "" {
+ secretKey := matches[1]
+ return secretKey
+ }
+ return ""
+}
diff --git a/go.mod b/go.mod
new file mode 100644
index 00000000..8e8e7991
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,26 @@
+module github.com/OneCloudInc/cobra
+
+go 1.15
+
+require (
+ github.com/BurntSushi/toml v0.4.1 // indirect
+ github.com/cpuguy83/go-md2man v1.0.8
+ github.com/fsnotify/fsnotify v1.4.7 // indirect
+ github.com/hashicorp/go-retryablehttp v0.7.0 // indirect
+ github.com/hashicorp/hcl v1.0.0 // indirect
+ github.com/inconshreveable/mousetrap v1.0.0
+ github.com/magiconair/properties v1.8.0 // indirect
+ github.com/mitchellh/go-homedir v1.1.0
+ github.com/mitchellh/mapstructure v1.1.2 // indirect
+ github.com/pelletier/go-toml v1.2.0 // indirect
+ github.com/russross/blackfriday v1.5.2 // indirect
+ github.com/spf13/afero v1.2.1 // indirect
+ github.com/spf13/cast v1.3.0 // indirect
+ github.com/spf13/cobra v0.0.3
+ github.com/spf13/jwalterweatherman v1.0.0 // indirect
+ github.com/spf13/pflag v1.0.3
+ github.com/spf13/viper v1.3.1
+ golang.org/x/sys v0.0.0-20190222171317-cd391775e71e // indirect
+ golang.org/x/text v0.3.0 // indirect
+ gopkg.in/yaml.v2 v2.2.2
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 00000000..6c699980
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,49 @@
+github.com/BurntSushi/toml v0.4.1 h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw=
+github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
+github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
+github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
+github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
+github.com/cpuguy83/go-md2man v1.0.8 h1:DwoNytLphI8hzS2Af4D0dfaEaiSq2bN05mEm4R6vf8M=
+github.com/cpuguy83/go-md2man v1.0.8/go.mod h1:N6JayAiVKtlHSnuTCeuLSQVs75hb8q+dYQLjr7cDsKY=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
+github.com/hashicorp/go-retryablehttp v0.7.0 h1:eu1EI/mbirUgP5C8hVsTNaGZreBDlYiwC1FZWkvQPQ4=
+github.com/hashicorp/go-retryablehttp v0.7.0/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
+github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY=
+github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
+github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo=
+github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
+github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
+github.com/spf13/afero v1.2.1 h1:qgMbHoJbPbw579P+1zVY+6n4nIFuIchaIjzZ/I/Yq8M=
+github.com/spf13/afero v1.2.1/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
+github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8=
+github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
+github.com/spf13/cobra v0.0.3 h1:ZlrZ4XsMRm04Fr5pSFxBgfND2EBVa1nLpiy1stUsX/8=
+github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
+github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9Gc1vn7yk=
+github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
+github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/viper v1.3.1 h1:5+8j8FTpnFV4nEImW/ofkzEt8VoOiLXxdYIDsB73T38=
+github.com/spf13/viper v1.3.1/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
+github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
+golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222171317-cd391775e71e h1:oF7qaQxUH6KzFdKN4ww7NpPdo53SZi4UlcksLrb2y/o=
+golang.org/x/sys v0.0.0-20190222171317-cd391775e71e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
From 93ca442bab56627d5f00262acf555dbc52e5e3ac Mon Sep 17 00:00:00 2001
From: Ryan Curtin <ryan@onecloud.io>
Date: Tue, 14 Dec 2021 16:47:22 -0500
Subject: [PATCH 2/9] Adds the ability to decrypt arguments using the reaper
service
---
command.go | 5 +-
decryptor.go | 5 --
decryptor/decryptor.go | 31 ++++++++
decryptor/noop.go | 11 +++
decryptor/reaper.go | 171 +++++++++++++++++++++++++++++++++++++++++
gatekeeper.go | 39 ----------
go.mod | 3 +-
go.sum | 2 +
8 files changed, 220 insertions(+), 47 deletions(-)
delete mode 100644 decryptor.go
create mode 100644 decryptor/decryptor.go
create mode 100644 decryptor/noop.go
create mode 100644 decryptor/reaper.go
delete mode 100644 gatekeeper.go
diff --git a/command.go b/command.go
index 5bed4818..7d5ba929 100644
--- a/command.go
+++ b/command.go
@@ -24,6 +24,7 @@ import (
"sort"
"strings"
+ "github.com/OneCloudInc/cobra/decryptor"
flag "github.com/spf13/pflag"
)
@@ -851,8 +852,8 @@ func (c *Command) ExecuteC() (cmd *Command, err error) {
}
// RC: Implementation of decryption - use DI to test
- decryptor := Gatekeeper{}
- flags, err = decryptor.DecryptFlags(flags)
+ decryptor := decryptor.NewDecryptor()
+ flags, err = decryptor.DecryptArguments(flags)
err = cmd.execute(flags)
if err != nil {
diff --git a/decryptor.go b/decryptor.go
deleted file mode 100644
index 386f276a..00000000
--- a/decryptor.go
+++ /dev/null
@@ -1,5 +0,0 @@
-package cobra
-
-type Decryptor interface {
- DecryptFlags([]string) ([]string, error)
-}
diff --git a/decryptor/decryptor.go b/decryptor/decryptor.go
new file mode 100644
index 00000000..47c1e020
--- /dev/null
+++ b/decryptor/decryptor.go
@@ -0,0 +1,31 @@
+package decryptor
+
+import "os"
+
+type Decryptor interface {
+ DecryptArguments([]string) ([]string, error)
+}
+
+func NewDecryptor() Decryptor {
+ if IsCloudRunner() && ReaperURL() != "" && BizAppAuthToken() != "" && CommandExecutorID() != "" {
+ return NewReaperDecryptor(ReaperURL(), BizAppAuthToken(), CommandExecutorID())
+ }
+
+ return NewNoopDecryptor()
+}
+
+func IsCloudRunner() bool {
+ return os.Getenv("OC_CLOUDRUNNER_CONFIG") != ""
+}
+
+func ReaperURL() string {
+ return os.Getenv("REAPER_URL")
+}
+
+func BizAppAuthToken() string {
+ return os.Getenv("BIZ_APP_AUTH_TOKEN")
+}
+
+func CommandExecutorID() string {
+ return os.Getenv("OC_COMMAND_EXECUTOR_ID")
+}
diff --git a/decryptor/noop.go b/decryptor/noop.go
new file mode 100644
index 00000000..e454206f
--- /dev/null
+++ b/decryptor/noop.go
@@ -0,0 +1,11 @@
+package decryptor
+
+type NoopDecryptor struct{}
+
+func NewNoopDecryptor() Decryptor {
+ return &NoopDecryptor{}
+}
+
+func (n *NoopDecryptor) DecryptArguments(args []string) ([]string, error) {
+ return args, nil
+}
diff --git a/decryptor/reaper.go b/decryptor/reaper.go
new file mode 100644
index 00000000..68af2f4e
--- /dev/null
+++ b/decryptor/reaper.go
@@ -0,0 +1,171 @@
+package decryptor
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "fmt"
+ "io"
+ "io/ioutil"
+ "math/rand"
+ "net/http"
+ "regexp"
+ "time"
+
+ jwt "github.com/dgrijalva/jwt-go"
+ retryablehttp "github.com/hashicorp/go-retryablehttp"
+)
+
+// ReaperDecryptor will call out to the reaper service to decrypt arguments
+// passed into a BizApp. It will use a one-off signing key to handle authorizing
+// a request to decrypt arguments associated with a particular CommandExecutor. The
+// reaper will return a list of decrypted arguments, given a list of arguments in the
+// body of the request
+type ReaperDecryptor struct {
+ BaseURL string
+ SigningKey []byte
+ CommandExecutorID string
+}
+
+// Authorization uses a signed nonce, so we really just
+// want to sign a string as the token we use for authorization. In order
+// for it to be signed correctly, go-jwt requires us to implement a Valid()
+// method.
+type tokenClaims string
+
+func (t tokenClaims) Valid() error {
+ return nil
+}
+
+//
+// {"data": {"arguments": ["--arg1=zzz", "--arg2=bbb"]}}
+//
+type reaperResponse struct {
+ Data struct {
+ Arguments []string `json:"arguments"`
+ } `json:"data"`
+}
+
+const vaultEncryptStart = "OC_ENCRYPTED"
+const vaultEncryptEnd = "DETPYRCNE_CO"
+const decryptPath = "/runner/decrypt_arguments"
+
+var vaultRegex = regexp.MustCompile(vaultEncryptStart + "(.*)" + vaultEncryptEnd)
+
+var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
+
+// NewReaperDecryptor returns a Decryptor implementation that will call out to
+// the reaper service to decrypt any encrypted arguments.
+func NewReaperDecryptor(url, signingKey, commandExecutorID string) Decryptor {
+ return &ReaperDecryptor{
+ BaseURL: url,
+ SigningKey: []byte(signingKey),
+ CommandExecutorID: commandExecutorID,
+ }
+}
+
+// DecryptArguments replaces any encrypted values with their decrypted values
+// using the reaper service.
+func (r *ReaperDecryptor) DecryptArguments(args []string) ([]string, error) {
+ // If no encrypted arguments are found, do not attempt to decrypt
+ shouldDecrypt := false
+ for _, arg := range args {
+ if vaultRegex.MatchString(arg) {
+ shouldDecrypt = true
+ break
+ }
+ }
+
+ if !shouldDecrypt {
+ return args, nil
+ }
+
+ payload := make(map[string]interface{})
+ payload["commandExecutorId"] = r.CommandExecutorID
+ payload["arguments"] = args
+ payloadBytes, err := json.Marshal(payload)
+ if err != nil {
+ return args, fmt.Errorf("error creating payload to send for decryption: %s", err)
+ }
+ payloadBody := bytes.NewBuffer(payloadBytes)
+
+ reqURL := fmt.Sprintf("%s%s", r.BaseURL, decryptPath)
+ retryReq, err := retryablehttp.NewRequest("POST", reqURL, payloadBody)
+ if err != nil {
+ return args, fmt.Errorf("error building request to send for decryption: %s", err)
+ }
+
+ cl := defaultClientWithRetries()
+ addJWTHeader(retryReq, r.SigningKey)
+
+ resp, err := cl.Do(retryReq)
+ if err != nil {
+ return args, fmt.Errorf("error response from decryption service: %s", err)
+ }
+ defer resp.Body.Close()
+
+ if resp.StatusCode >= 400 {
+ io.Copy(ioutil.Discard, resp.Body)
+ return args, fmt.Errorf("decryption service responsed with status code %d", resp.StatusCode)
+ }
+
+ var respObj reaperResponse
+ decoder := json.NewDecoder(resp.Body)
+ err = decoder.Decode(&respObj)
+ if err != nil {
+ return args, fmt.Errorf("error parsing response from decryption service: %s", err)
+ }
+
+ return respObj.Data.Arguments, err
+}
+
+func addJWTHeader(req *retryablehttp.Request, signingKey []byte) error {
+ nonce := generateNonce()
+ token := jwt.NewWithClaims(jwt.SigningMethodHS256, nonce)
+
+ signed, err := token.SignedString(signingKey)
+ if err != nil {
+ return err
+ }
+
+ req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", signed))
+
+ return err
+}
+
+// random string of 32 bytes to be signed into a JWT - value is not used
+func generateNonce() tokenClaims {
+ b := make([]rune, 32)
+ for i := range b {
+ b[i] = letterRunes[rand.Intn(len(letterRunes))]
+ }
+
+ return tokenClaims(b)
+}
+
+// Using a HTTP client that will automatically retry 5xx errors to ensure that our connection
+// is resilient
+func defaultClientWithRetries() *retryablehttp.Client {
+ retryClient := retryablehttp.NewClient()
+ retryClient.RetryWaitMin = 3 * time.Second
+ retryClient.CheckRetry = func(ctx context.Context, resp *http.Response, err error) (bool, error) {
+ if resp == nil {
+ return true, err
+ }
+
+ if resp.StatusCode >= 500 || resp.StatusCode == 429 {
+ return true, err
+ }
+
+ if err != nil || ctx.Err() != nil {
+ return true, err
+ }
+ return false, err
+ }
+
+ retryClient.RequestLogHook = func(l retryablehttp.Logger, req *http.Request, retryCount int) {
+ *req = *req.Clone(context.TODO())
+ }
+
+ return retryClient
+}
diff --git a/gatekeeper.go b/gatekeeper.go
deleted file mode 100644
index 627c6200..00000000
--- a/gatekeeper.go
+++ /dev/null
@@ -1,39 +0,0 @@
-package cobra
-
-import (
- "regexp"
-)
-
-const vaultEncryptStart = "OC_ENCRYPTED"
-const vaultEncryptEnd = "DETPYRCNE_CO"
-
-var vaultRegex = regexp.MustCompile(vaultEncryptStart + "(.*)" + vaultEncryptEnd)
-
-type Gatekeeper struct{}
-
-func (g *Gatekeeper) DecryptFlags(flags []string) ([]string, error) {
- var decryptedFlags []string
-
- for _, fl := range flags {
- keyToDecrypt := extractSecretKey(fl)
- if keyToDecrypt == "" {
- continue
- } else {
- // TODO: Gatekeeper client should perform decryption here
- // TODO: Remove recursive decryption to the Gatekeeper client
- // TODO: Move macro replacement to Gatekeeper package
- decryptedFlags = append(decryptedFlags, keyToDecrypt)
- }
- }
-
- return decryptedFlags, nil
-}
-
-func extractSecretKey(macro string) string {
- matches := vaultRegex.FindStringSubmatch(macro)
- if len(matches) == 2 && matches[1] != "" {
- secretKey := matches[1]
- return secretKey
- }
- return ""
-}
diff --git a/go.mod b/go.mod
index 8e8e7991..1b7132d6 100644
--- a/go.mod
+++ b/go.mod
@@ -5,8 +5,9 @@ go 1.15
require (
github.com/BurntSushi/toml v0.4.1 // indirect
github.com/cpuguy83/go-md2man v1.0.8
+ github.com/dgrijalva/jwt-go v3.2.0+incompatible
github.com/fsnotify/fsnotify v1.4.7 // indirect
- github.com/hashicorp/go-retryablehttp v0.7.0 // indirect
+ github.com/hashicorp/go-retryablehttp v0.7.0
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/inconshreveable/mousetrap v1.0.0
github.com/magiconair/properties v1.8.0 // indirect
diff --git a/go.sum b/go.sum
index 6c699980..4af59c26 100644
--- a/go.sum
+++ b/go.sum
@@ -7,6 +7,8 @@ github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee
github.com/cpuguy83/go-md2man v1.0.8 h1:DwoNytLphI8hzS2Af4D0dfaEaiSq2bN05mEm4R6vf8M=
github.com/cpuguy83/go-md2man v1.0.8/go.mod h1:N6JayAiVKtlHSnuTCeuLSQVs75hb8q+dYQLjr7cDsKY=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgrijalva/jwt-go v1.0.2 h1:KPldsxuKGsS2FPWsNeg9ZO18aCrGKujPoWXn2yo+KQM=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
From f927bb8b1f92ed01b0d35305dd35770658a20057 Mon Sep 17 00:00:00 2001
From: Ryan Curtin <ryan@onecloud.io>
Date: Tue, 14 Dec 2021 16:58:15 -0500
Subject: [PATCH 3/9] Adds test for reaper decryptor
---
decryptor/reaper_test.go | 73 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 73 insertions(+)
create mode 100644 decryptor/reaper_test.go
diff --git a/decryptor/reaper_test.go b/decryptor/reaper_test.go
new file mode 100644
index 00000000..db70414d
--- /dev/null
+++ b/decryptor/reaper_test.go
@@ -0,0 +1,73 @@
+package decryptor
+
+import (
+ "bytes"
+ "encoding/json"
+ "fmt"
+ "net/http"
+ "net/http/httptest"
+ "testing"
+)
+
+func TestDecryptArguments_NoneEncrypted(t *testing.T) {
+ dec := NewReaperDecryptor("http://url.com/not/used", string(generateNonce()), "1234")
+ firstArg := "--arg1=aaa"
+ secondArg := "--zzz=bbb"
+ args := []string{firstArg, secondArg}
+
+ decryptedArgs, err := dec.DecryptArguments(args)
+ if err != nil {
+ t.Error("NoneEncrypted should not return an error")
+ }
+
+ if decryptedArgs[0] != firstArg {
+ t.Errorf("NoneEncrypted - first arg should be %s, got %s", firstArg, decryptedArgs[0])
+ }
+
+ if decryptedArgs[1] != secondArg {
+ t.Errorf("NoneEncrypted - second arg should be %s, got %s", firstArg, decryptedArgs[0])
+ }
+}
+
+func TestDecryptArguments_EncryptedArgsDecoded(t *testing.T) {
+ encryptedKey := "zzzzzzz"
+ decryptedKey := "aaaaaaa"
+ firstArg := fmt.Sprintf("--arg1=OC_ENCRYPTED%sDETPYRCNE_CO", encryptedKey)
+ decryptedArg := fmt.Sprintf("--arg1=%s", decryptedKey)
+ secondArg := "--arg2=iamnotencrypted"
+ args := []string{firstArg, secondArg}
+
+ reaperTestServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ w.WriteHeader(http.StatusOK)
+ w.Header().Set("Content-Type", "application/json")
+
+ payloadObj := make(map[string]interface{})
+ dataObj := make(map[string]interface{})
+ dataObj["arguments"] = []string{decryptedArg, secondArg}
+ payloadObj["data"] = dataObj
+
+ payloadBytes, err := json.Marshal(payloadObj)
+ if err != nil {
+ t.Errorf("error returning test data JSON: %s", err)
+ t.FailNow()
+ }
+
+ b := bytes.NewBuffer(payloadBytes)
+ b.WriteTo(w)
+ }))
+ defer reaperTestServer.Close()
+
+ dec := NewReaperDecryptor(reaperTestServer.URL, string(generateNonce()), "1234")
+ decryptedArgs, err := dec.DecryptArguments(args)
+ if err != nil {
+ t.Error("EncryptedArgsDecoded should not return an error")
+ }
+
+ if decryptedArgs[0] != decryptedArg {
+ t.Errorf("EncryptedArgsDecoded - first arg should be %s, got %s", decryptedArg, decryptedArgs[0])
+ }
+
+ if decryptedArgs[1] != secondArg {
+ t.Errorf("EncryptedArgsDecoded - second arg should be %s, got %s", firstArg, decryptedArgs[0])
+ }
+}
From b430be08ed1099eee193b76d8b3d5eca2848980a Mon Sep 17 00:00:00 2001
From: Ryan Curtin <ryan@onecloud.io>
Date: Tue, 14 Dec 2021 17:03:56 -0500
Subject: [PATCH 4/9] Ensures that payload is built correctly
---
decryptor/reaper_test.go | 28 +++++++++++++++++++++++++++-
1 file changed, 27 insertions(+), 1 deletion(-)
diff --git a/decryptor/reaper_test.go b/decryptor/reaper_test.go
index db70414d..a9807638 100644
--- a/decryptor/reaper_test.go
+++ b/decryptor/reaper_test.go
@@ -4,6 +4,7 @@ import (
"bytes"
"encoding/json"
"fmt"
+ "io/ioutil"
"net/http"
"net/http/httptest"
"testing"
@@ -30,6 +31,7 @@ func TestDecryptArguments_NoneEncrypted(t *testing.T) {
}
func TestDecryptArguments_EncryptedArgsDecoded(t *testing.T) {
+ commandExecutorId := "7777"
encryptedKey := "zzzzzzz"
decryptedKey := "aaaaaaa"
firstArg := fmt.Sprintf("--arg1=OC_ENCRYPTED%sDETPYRCNE_CO", encryptedKey)
@@ -41,6 +43,30 @@ func TestDecryptArguments_EncryptedArgsDecoded(t *testing.T) {
w.WriteHeader(http.StatusOK)
w.Header().Set("Content-Type", "application/json")
+ reqBytes, err := ioutil.ReadAll(r.Body)
+ if err != nil {
+ t.Errorf("error reading test request: %s", err)
+ t.FailNow()
+ }
+
+ var reqObj map[string]interface{}
+ err = json.Unmarshal(reqBytes, &reqObj)
+ if err != nil {
+ t.Errorf("error parsing test request JSON: %s", err)
+ t.FailNow()
+ }
+
+ foundId, ok := reqObj["commandExecutorId"]
+ if !ok {
+ t.Error("request should contain commandExecutorId")
+ t.FailNow()
+ }
+
+ if foundId.(string) != commandExecutorId {
+ t.Errorf("request should contain commandExecutorId %s, got %s", commandExecutorId, foundId.(string))
+ t.FailNow()
+ }
+
payloadObj := make(map[string]interface{})
dataObj := make(map[string]interface{})
dataObj["arguments"] = []string{decryptedArg, secondArg}
@@ -57,7 +83,7 @@ func TestDecryptArguments_EncryptedArgsDecoded(t *testing.T) {
}))
defer reaperTestServer.Close()
- dec := NewReaperDecryptor(reaperTestServer.URL, string(generateNonce()), "1234")
+ dec := NewReaperDecryptor(reaperTestServer.URL, string(generateNonce()), commandExecutorId)
decryptedArgs, err := dec.DecryptArguments(args)
if err != nil {
t.Error("EncryptedArgsDecoded should not return an error")
From 2a36c3f409d7068f0822af2bfa17a9e0a2747112 Mon Sep 17 00:00:00 2001
From: Ryan Curtin <ryan@onecloud.io>
Date: Thu, 16 Dec 2021 14:02:52 -0500
Subject: [PATCH 5/9] Explicitly sending JSON request
---
decryptor/reaper.go | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/decryptor/reaper.go b/decryptor/reaper.go
index 68af2f4e..1ec3039b 100644
--- a/decryptor/reaper.go
+++ b/decryptor/reaper.go
@@ -128,6 +128,7 @@ func addJWTHeader(req *retryablehttp.Request, signingKey []byte) error {
return err
}
+ req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", signed))
return err
@@ -163,9 +164,5 @@ func defaultClientWithRetries() *retryablehttp.Client {
return false, err
}
- retryClient.RequestLogHook = func(l retryablehttp.Logger, req *http.Request, retryCount int) {
- *req = *req.Clone(context.TODO())
- }
-
return retryClient
}
From c21dc0fc861dd1c0e16a78f1d66c69298288a073 Mon Sep 17 00:00:00 2001
From: Ryan Curtin <ryan@onecloud.io>
Date: Thu, 16 Dec 2021 14:13:53 -0500
Subject: [PATCH 6/9] Fixes CircleCI
---
.circleci/config.yml | 69 +++++++++++++++-----------------------------
1 file changed, 23 insertions(+), 46 deletions(-)
diff --git a/.circleci/config.yml b/.circleci/config.yml
index 6d248bcd..a6a35bec 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1,53 +1,30 @@
version: 2
-
-references:
- workspace: &workspace
- /go/src/github.com/spf13/cobra
-
- run_tests: &run_tests
- run:
- name: "All Commands"
- command: |
- mkdir -p bin
- curl -Lso bin/shellcheck https://github.com/caarlos0/shellcheck-docker/releases/download/v0.4.6/shellcheck
- chmod +x bin/shellcheck
- go get -t -v ./...
- PATH=$PATH:$PWD/bin go test -v ./...
- go build
- if [ -z $NOVET ]; then
- diff -u <(echo -n) <(go tool vet . 2>&1 | grep -vE 'ExampleCommand|bash_completions.*Fprint');
- fi
-
jobs:
- go-current:
+ build:
docker:
- - image: circleci/golang:1.11
- working_directory: *workspace
- steps:
- - checkout
- - *run_tests
- - run:
- name: "Check formatting"
- command: diff -u <(echo -n) <(gofmt -d -s .)
- go-previous:
- docker:
- - image: circleci/golang:1.10
- working_directory: *workspace
- steps:
- - checkout
- - *run_tests
- go-latest:
- docker:
- - image: circleci/golang:latest
- working_directory: *workspace
- steps:
- - checkout
- - *run_tests
+ # specify the version
+ - image: circleci/golang:1.15
+ auth:
+ username: $DOCKERHUB_USER
+ password: $DOCKERHUB_PASSWORD
+ environment: # environment variables for primary container
+ DEPLOYMENT: test
+ #### TEMPLATE_NOTE: go expects specific checkout path representing url
+ #### expecting it in the form of
+ #### /go/src/github.com/circleci/go-tool
+ #### /go/src/bitbucket.org/circleci/go-tool
+ working_directory: /go/src/github.com/OneCloudInc/cobra
+ steps:
+ - checkout
+ - run:
+ name: Run tests
+ command: |
+ go test ./...
workflows:
version: 2
- main:
+ workflow:
jobs:
- - go-current
- - go-previous
- - go-latest
+ - build:
+ context:
+ - dockerhub
From ef632ed1e11a34dc259ff660a1f1dc073a6301b8 Mon Sep 17 00:00:00 2001
From: Ryan Curtin <ryan@onecloud.io>
Date: Thu, 16 Dec 2021 14:27:35 -0500
Subject: [PATCH 7/9] Converting cobra to use OneCloudInc/cobra in all cases
---
cobra/cmd/add.go | 6 +++---
cobra/cmd/init.go | 4 ++--
cobra/cmd/project.go | 2 +-
cobra/cmd/project_test.go | 2 +-
cobra/cmd/root.go | 2 +-
cobra/cmd/testdata/root.go.golden | 2 +-
cobra/cmd/testdata/test.go.golden | 2 +-
command.go | 2 +-
command_test.go | 22 +++++++++++-----------
doc/cmd_test.go | 2 +-
doc/man_docs.go | 2 +-
doc/man_docs.md | 4 ++--
doc/man_docs_test.go | 2 +-
doc/man_examples_test.go | 4 ++--
doc/md_docs.go | 2 +-
doc/md_docs.md | 6 +++---
doc/md_docs_test.go | 2 +-
doc/rest_docs.go | 2 +-
doc/rest_docs.md | 6 +++---
doc/rest_docs_test.go | 2 +-
doc/util.go | 2 +-
doc/yaml_docs.go | 2 +-
doc/yaml_docs.md | 6 +++---
doc/yaml_docs_test.go | 2 +-
go.mod | 1 -
25 files changed, 45 insertions(+), 46 deletions(-)
diff --git a/cobra/cmd/add.go b/cobra/cmd/add.go
index 5cec1d04..c2d82ade 100644
--- a/cobra/cmd/add.go
+++ b/cobra/cmd/add.go
@@ -19,7 +19,7 @@ import (
"path/filepath"
"unicode"
- "github.com/spf13/cobra"
+ "github.com/OneCloudInc/cobra"
)
func init() {
@@ -71,7 +71,7 @@ Example: cobra add server -> resulting in a new cmd/server.go`,
// validateCmdName returns source without any dashes and underscore.
// If there will be dash or underscore, next letter will be uppered.
// It supports only ASCII (1-byte character) strings.
-// https://github.com/spf13/cobra/issues/269
+// https://github.com/OneCloudInc/cobra/issues/269
func validateCmdName(source string) string {
i := 0
l := len(source)
@@ -130,7 +130,7 @@ package {{.cmdPackage}}
import (
"fmt"
- "github.com/spf13/cobra"
+ "github.com/OneCloudInc/cobra"
)
{{ printFlagVars .flags }}
diff --git a/cobra/cmd/init.go b/cobra/cmd/init.go
index 9af76f3c..1f3c3ba2 100644
--- a/cobra/cmd/init.go
+++ b/cobra/cmd/init.go
@@ -19,7 +19,7 @@ import (
"path"
"path/filepath"
- "github.com/spf13/cobra"
+ "github.com/OneCloudInc/cobra"
"github.com/spf13/viper"
)
@@ -148,7 +148,7 @@ import (
"os"
{{if .viper}}
homedir "github.com/mitchellh/go-homedir"{{end}}
- "github.com/spf13/cobra"{{if .viper}}
+ "github.com/OneCloudInc/cobra"{{if .viper}}
"github.com/spf13/viper"{{end}}
){{if .viper}}
diff --git a/cobra/cmd/project.go b/cobra/cmd/project.go
index 7ddb8258..32a46648 100644
--- a/cobra/cmd/project.go
+++ b/cobra/cmd/project.go
@@ -114,7 +114,7 @@ func (p *Project) License() License {
return p.license
}
-// Name returns the name of project, e.g. "github.com/spf13/cobra"
+// Name returns the name of project, e.g. "github.com/OneCloudInc/cobra"
func (p Project) Name() string {
return p.name
}
diff --git a/cobra/cmd/project_test.go b/cobra/cmd/project_test.go
index 037f7c55..fe23ba57 100644
--- a/cobra/cmd/project_test.go
+++ b/cobra/cmd/project_test.go
@@ -5,7 +5,7 @@ import (
)
func TestFindExistingPackage(t *testing.T) {
- path := findPackage("github.com/spf13/cobra")
+ path := findPackage("github.com/OneCloudInc/cobra")
if path == "" {
t.Fatal("findPackage didn't find the existing package")
}
diff --git a/cobra/cmd/root.go b/cobra/cmd/root.go
index 2220d498..504ffe36 100644
--- a/cobra/cmd/root.go
+++ b/cobra/cmd/root.go
@@ -16,8 +16,8 @@ package cmd
import (
"fmt"
+ "github.com/OneCloudInc/cobra"
homedir "github.com/mitchellh/go-homedir"
- "github.com/spf13/cobra"
"github.com/spf13/viper"
)
diff --git a/cobra/cmd/testdata/root.go.golden b/cobra/cmd/testdata/root.go.golden
index 015a15b9..2a878fee 100644
--- a/cobra/cmd/testdata/root.go.golden
+++ b/cobra/cmd/testdata/root.go.golden
@@ -18,7 +18,7 @@ import (
"fmt"
"os"
- "github.com/spf13/cobra"
+ "github.com/OneCloudInc/cobra"
)
diff --git a/cobra/cmd/testdata/test.go.golden b/cobra/cmd/testdata/test.go.golden
index 7c365ab6..57d0f079 100644
--- a/cobra/cmd/testdata/test.go.golden
+++ b/cobra/cmd/testdata/test.go.golden
@@ -17,7 +17,7 @@ package cmd
import (
"fmt"
- "github.com/spf13/cobra"
+ "github.com/OneCloudInc/cobra"
)
diff --git a/command.go b/command.go
index 7d5ba929..c678063e 100644
--- a/command.go
+++ b/command.go
@@ -1229,7 +1229,7 @@ func (c *Command) IsAvailableCommand() bool {
// help topic command; additional help topic command is determined by the
// fact that it is NOT runnable/hidden/deprecated, and has no sub commands that
// are runnable/hidden/deprecated.
-// Concrete example: https://github.com/spf13/cobra/issues/393#issuecomment-282741924.
+// Concrete example: https://github.com/OneCloudInc/cobra/issues/393#issuecomment-282741924.
func (c *Command) IsAdditionalHelpTopicCommand() bool {
// if a command is runnable, deprecated, or hidden it is not a 'help' command
if c.Runnable() || len(c.Deprecated) != 0 || c.Hidden {
diff --git a/command_test.go b/command_test.go
index 6e483a3e..c7c581fe 100644
--- a/command_test.go
+++ b/command_test.go
@@ -805,7 +805,7 @@ func TestHelpFlagExecutedOnChild(t *testing.T) {
// TestHelpFlagInHelp checks,
// if '--help' flag is shown in help for child (executing `parent help child`),
// that has no other flags.
-// Related to https://github.com/spf13/cobra/issues/302.
+// Related to https://github.com/OneCloudInc/cobra/issues/302.
func TestHelpFlagInHelp(t *testing.T) {
parentCmd := &Command{Use: "parent", Run: func(*Command, []string) {}}
@@ -1166,7 +1166,7 @@ func TestPersistentHooks(t *testing.T) {
// TODO: currently PersistenPreRun* defined in parent does not
// run if the matchin child subcommand has PersistenPreRun.
- // If the behavior changes (https://github.com/spf13/cobra/issues/252)
+ // If the behavior changes (https://github.com/OneCloudInc/cobra/issues/252)
// this test must be fixed.
if parentPersPreArgs != "" {
t.Errorf("Expected blank parentPersPreArgs, got %q", parentPersPreArgs)
@@ -1182,7 +1182,7 @@ func TestPersistentHooks(t *testing.T) {
}
// TODO: currently PersistenPostRun* defined in parent does not
// run if the matchin child subcommand has PersistenPostRun.
- // If the behavior changes (https://github.com/spf13/cobra/issues/252)
+ // If the behavior changes (https://github.com/OneCloudInc/cobra/issues/252)
// this test must be fixed.
if parentPersPostArgs != "" {
t.Errorf("Expected blank parentPersPostArgs, got %q", parentPersPostArgs)
@@ -1205,7 +1205,7 @@ func TestPersistentHooks(t *testing.T) {
}
}
-// Related to https://github.com/spf13/cobra/issues/521.
+// Related to https://github.com/OneCloudInc/cobra/issues/521.
func TestGlobalNormFuncPropagation(t *testing.T) {
normFunc := func(f *pflag.FlagSet, name string) pflag.NormalizedName {
return pflag.NormalizedName(name)
@@ -1225,7 +1225,7 @@ func TestGlobalNormFuncPropagation(t *testing.T) {
}
}
-// Related to https://github.com/spf13/cobra/issues/521.
+// Related to https://github.com/OneCloudInc/cobra/issues/521.
func TestNormPassedOnLocal(t *testing.T) {
toUpper := func(f *pflag.FlagSet, name string) pflag.NormalizedName {
return pflag.NormalizedName(strings.ToUpper(name))
@@ -1239,7 +1239,7 @@ func TestNormPassedOnLocal(t *testing.T) {
}
}
-// Related to https://github.com/spf13/cobra/issues/521.
+// Related to https://github.com/OneCloudInc/cobra/issues/521.
func TestNormPassedOnInherited(t *testing.T) {
toUpper := func(f *pflag.FlagSet, name string) pflag.NormalizedName {
return pflag.NormalizedName(strings.ToUpper(name))
@@ -1267,7 +1267,7 @@ func TestNormPassedOnInherited(t *testing.T) {
}
}
-// Related to https://github.com/spf13/cobra/issues/521.
+// Related to https://github.com/OneCloudInc/cobra/issues/521.
func TestConsistentNormalizedName(t *testing.T) {
toUpper := func(f *pflag.FlagSet, name string) pflag.NormalizedName {
return pflag.NormalizedName(strings.ToUpper(name))
@@ -1400,7 +1400,7 @@ func TestFlagErrorFunc(t *testing.T) {
// TestSortedFlags checks,
// if cmd.LocalFlags() is unsorted when cmd.Flags().SortFlags set to false.
-// Related to https://github.com/spf13/cobra/issues/404.
+// Related to https://github.com/OneCloudInc/cobra/issues/404.
func TestSortedFlags(t *testing.T) {
c := &Command{}
c.Flags().SortFlags = false
@@ -1426,7 +1426,7 @@ func TestSortedFlags(t *testing.T) {
// TestMergeCommandLineToFlags checks,
// if pflag.CommandLine is correctly merged to c.Flags() after first call
// of c.mergePersistentFlags.
-// Related to https://github.com/spf13/cobra/issues/443.
+// Related to https://github.com/OneCloudInc/cobra/issues/443.
func TestMergeCommandLineToFlags(t *testing.T) {
pflag.Bool("boolflag", false, "")
c := &Command{Use: "c", Run: emptyRun}
@@ -1440,7 +1440,7 @@ func TestMergeCommandLineToFlags(t *testing.T) {
// TestUseDeprecatedFlags checks,
// if cobra.Execute() prints a message, if a deprecated flag is used.
-// Related to https://github.com/spf13/cobra/issues/463.
+// Related to https://github.com/OneCloudInc/cobra/issues/463.
func TestUseDeprecatedFlags(t *testing.T) {
c := &Command{Use: "c", Run: emptyRun}
c.Flags().BoolP("deprecated", "d", false, "deprecated flag")
@@ -1555,7 +1555,7 @@ func TestTraverseWithTwoSubcommands(t *testing.T) {
}
// TestUpdateName checks if c.Name() updates on changed c.Use.
-// Related to https://github.com/spf13/cobra/pull/422#discussion_r143918343.
+// Related to https://github.com/OneCloudInc/cobra/pull/422#discussion_r143918343.
func TestUpdateName(t *testing.T) {
c := &Command{Use: "name xyz"}
originalName := c.Name()
diff --git a/doc/cmd_test.go b/doc/cmd_test.go
index d29c577d..d0847567 100644
--- a/doc/cmd_test.go
+++ b/doc/cmd_test.go
@@ -4,7 +4,7 @@ import (
"strings"
"testing"
- "github.com/spf13/cobra"
+ "github.com/OneCloudInc/cobra"
)
func emptyRun(*cobra.Command, []string) {}
diff --git a/doc/man_docs.go b/doc/man_docs.go
index 4a062339..87beda7f 100644
--- a/doc/man_docs.go
+++ b/doc/man_docs.go
@@ -24,8 +24,8 @@ import (
"strings"
"time"
+ "github.com/OneCloudInc/cobra"
"github.com/cpuguy83/go-md2man/md2man"
- "github.com/spf13/cobra"
"github.com/spf13/pflag"
)
diff --git a/doc/man_docs.md b/doc/man_docs.md
index 3709160f..5caeed33 100644
--- a/doc/man_docs.md
+++ b/doc/man_docs.md
@@ -8,8 +8,8 @@ package main
import (
"log"
- "github.com/spf13/cobra"
- "github.com/spf13/cobra/doc"
+ "github.com/OneCloudInc/cobra"
+ "github.com/OneCloudInc/cobra/doc"
)
func main() {
diff --git a/doc/man_docs_test.go b/doc/man_docs_test.go
index 2c400f5d..babf12f1 100644
--- a/doc/man_docs_test.go
+++ b/doc/man_docs_test.go
@@ -10,7 +10,7 @@ import (
"strings"
"testing"
- "github.com/spf13/cobra"
+ "github.com/OneCloudInc/cobra"
)
func translate(in string) string {
diff --git a/doc/man_examples_test.go b/doc/man_examples_test.go
index db660426..36fc2cf3 100644
--- a/doc/man_examples_test.go
+++ b/doc/man_examples_test.go
@@ -4,8 +4,8 @@ import (
"bytes"
"fmt"
- "github.com/spf13/cobra"
- "github.com/spf13/cobra/doc"
+ "github.com/OneCloudInc/cobra"
+ "github.com/OneCloudInc/cobra/doc"
)
func ExampleGenManTree() {
diff --git a/doc/md_docs.go b/doc/md_docs.go
index d76f6d5e..9c3648f0 100644
--- a/doc/md_docs.go
+++ b/doc/md_docs.go
@@ -23,7 +23,7 @@ import (
"strings"
"time"
- "github.com/spf13/cobra"
+ "github.com/OneCloudInc/cobra"
)
func printOptions(buf *bytes.Buffer, cmd *cobra.Command, name string) error {
diff --git a/doc/md_docs.md b/doc/md_docs.md
index 56ce9fe8..f69bad22 100644
--- a/doc/md_docs.md
+++ b/doc/md_docs.md
@@ -8,8 +8,8 @@ package main
import (
"log"
- "github.com/spf13/cobra"
- "github.com/spf13/cobra/doc"
+ "github.com/OneCloudInc/cobra"
+ "github.com/OneCloudInc/cobra/doc"
)
func main() {
@@ -41,7 +41,7 @@ import (
"k8s.io/kubernetes/pkg/kubectl/cmd"
cmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
- "github.com/spf13/cobra/doc"
+ "github.com/OneCloudInc/cobra/doc"
)
func main() {
diff --git a/doc/md_docs_test.go b/doc/md_docs_test.go
index c060f32f..bf4b69c2 100644
--- a/doc/md_docs_test.go
+++ b/doc/md_docs_test.go
@@ -7,7 +7,7 @@ import (
"path/filepath"
"testing"
- "github.com/spf13/cobra"
+ "github.com/OneCloudInc/cobra"
)
func TestGenMdDoc(t *testing.T) {
diff --git a/doc/rest_docs.go b/doc/rest_docs.go
index 051d8dc8..de531742 100644
--- a/doc/rest_docs.go
+++ b/doc/rest_docs.go
@@ -23,7 +23,7 @@ import (
"strings"
"time"
- "github.com/spf13/cobra"
+ "github.com/OneCloudInc/cobra"
)
func printOptionsReST(buf *bytes.Buffer, cmd *cobra.Command, name string) error {
diff --git a/doc/rest_docs.md b/doc/rest_docs.md
index 6098430e..75b89d97 100644
--- a/doc/rest_docs.md
+++ b/doc/rest_docs.md
@@ -8,8 +8,8 @@ package main
import (
"log"
- "github.com/spf13/cobra"
- "github.com/spf13/cobra/doc"
+ "github.com/OneCloudInc/cobra"
+ "github.com/OneCloudInc/cobra/doc"
)
func main() {
@@ -41,7 +41,7 @@ import (
"k8s.io/kubernetes/pkg/kubectl/cmd"
cmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
- "github.com/spf13/cobra/doc"
+ "github.com/OneCloudInc/cobra/doc"
)
func main() {
diff --git a/doc/rest_docs_test.go b/doc/rest_docs_test.go
index 330a2e5e..deabf64d 100644
--- a/doc/rest_docs_test.go
+++ b/doc/rest_docs_test.go
@@ -7,7 +7,7 @@ import (
"path/filepath"
"testing"
- "github.com/spf13/cobra"
+ "github.com/OneCloudInc/cobra"
)
func TestGenRSTDoc(t *testing.T) {
diff --git a/doc/util.go b/doc/util.go
index 8d3dbece..f27e158d 100644
--- a/doc/util.go
+++ b/doc/util.go
@@ -16,7 +16,7 @@ package doc
import (
"strings"
- "github.com/spf13/cobra"
+ "github.com/OneCloudInc/cobra"
)
// Test to see if we have a reason to print See Also information in docs
diff --git a/doc/yaml_docs.go b/doc/yaml_docs.go
index ea00af07..e9b04df1 100644
--- a/doc/yaml_docs.go
+++ b/doc/yaml_docs.go
@@ -21,7 +21,7 @@ import (
"sort"
"strings"
- "github.com/spf13/cobra"
+ "github.com/OneCloudInc/cobra"
"github.com/spf13/pflag"
"gopkg.in/yaml.v2"
)
diff --git a/doc/yaml_docs.md b/doc/yaml_docs.md
index 1a9b7c6a..f229e034 100644
--- a/doc/yaml_docs.md
+++ b/doc/yaml_docs.md
@@ -8,8 +8,8 @@ package main
import (
"log"
- "github.com/spf13/cobra"
- "github.com/spf13/cobra/doc"
+ "github.com/OneCloudInc/cobra"
+ "github.com/OneCloudInc/cobra/doc"
)
func main() {
@@ -41,7 +41,7 @@ import (
"k8s.io/kubernetes/pkg/kubectl/cmd"
cmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
- "github.com/spf13/cobra/doc"
+ "github.com/OneCloudInc/cobra/doc"
)
func main() {
diff --git a/doc/yaml_docs_test.go b/doc/yaml_docs_test.go
index c5a63594..db775ef7 100644
--- a/doc/yaml_docs_test.go
+++ b/doc/yaml_docs_test.go
@@ -7,7 +7,7 @@ import (
"path/filepath"
"testing"
- "github.com/spf13/cobra"
+ "github.com/OneCloudInc/cobra"
)
func TestGenYamlDoc(t *testing.T) {
diff --git a/go.mod b/go.mod
index 1b7132d6..e782f3c8 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,6 @@ require (
github.com/russross/blackfriday v1.5.2 // indirect
github.com/spf13/afero v1.2.1 // indirect
github.com/spf13/cast v1.3.0 // indirect
- github.com/spf13/cobra v0.0.3
github.com/spf13/jwalterweatherman v1.0.0 // indirect
github.com/spf13/pflag v1.0.3
github.com/spf13/viper v1.3.1
From 1223d49a6213c4e600641a615c4be00b85b5b413 Mon Sep 17 00:00:00 2001
From: Ryan Curtin <ryan@onecloud.io>
Date: Thu, 16 Dec 2021 14:39:36 -0500
Subject: [PATCH 8/9] Fixes issue references
---
cobra/cmd/add.go | 2 +-
command.go | 2 +-
command_test.go | 16 ++++++++--------
3 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/cobra/cmd/add.go b/cobra/cmd/add.go
index c2d82ade..f4e62148 100644
--- a/cobra/cmd/add.go
+++ b/cobra/cmd/add.go
@@ -71,7 +71,7 @@ Example: cobra add server -> resulting in a new cmd/server.go`,
// validateCmdName returns source without any dashes and underscore.
// If there will be dash or underscore, next letter will be uppered.
// It supports only ASCII (1-byte character) strings.
-// https://github.com/OneCloudInc/cobra/issues/269
+// https://github.com/spf13/cobra/issues/269
func validateCmdName(source string) string {
i := 0
l := len(source)
diff --git a/command.go b/command.go
index c678063e..7d5ba929 100644
--- a/command.go
+++ b/command.go
@@ -1229,7 +1229,7 @@ func (c *Command) IsAvailableCommand() bool {
// help topic command; additional help topic command is determined by the
// fact that it is NOT runnable/hidden/deprecated, and has no sub commands that
// are runnable/hidden/deprecated.
-// Concrete example: https://github.com/OneCloudInc/cobra/issues/393#issuecomment-282741924.
+// Concrete example: https://github.com/spf13/cobra/issues/393#issuecomment-282741924.
func (c *Command) IsAdditionalHelpTopicCommand() bool {
// if a command is runnable, deprecated, or hidden it is not a 'help' command
if c.Runnable() || len(c.Deprecated) != 0 || c.Hidden {
diff --git a/command_test.go b/command_test.go
index c7c581fe..52169e74 100644
--- a/command_test.go
+++ b/command_test.go
@@ -805,7 +805,7 @@ func TestHelpFlagExecutedOnChild(t *testing.T) {
// TestHelpFlagInHelp checks,
// if '--help' flag is shown in help for child (executing `parent help child`),
// that has no other flags.
-// Related to https://github.com/OneCloudInc/cobra/issues/302.
+// Related to https://github.com/spf13/cobra/issues/302.
func TestHelpFlagInHelp(t *testing.T) {
parentCmd := &Command{Use: "parent", Run: func(*Command, []string) {}}
@@ -1205,7 +1205,7 @@ func TestPersistentHooks(t *testing.T) {
}
}
-// Related to https://github.com/OneCloudInc/cobra/issues/521.
+// Related to https://github.com/spf13/cobra/issues/521.
func TestGlobalNormFuncPropagation(t *testing.T) {
normFunc := func(f *pflag.FlagSet, name string) pflag.NormalizedName {
return pflag.NormalizedName(name)
@@ -1225,7 +1225,7 @@ func TestGlobalNormFuncPropagation(t *testing.T) {
}
}
-// Related to https://github.com/OneCloudInc/cobra/issues/521.
+// Related to https://github.com/spf13/cobra/issues/521.
func TestNormPassedOnLocal(t *testing.T) {
toUpper := func(f *pflag.FlagSet, name string) pflag.NormalizedName {
return pflag.NormalizedName(strings.ToUpper(name))
@@ -1239,7 +1239,7 @@ func TestNormPassedOnLocal(t *testing.T) {
}
}
-// Related to https://github.com/OneCloudInc/cobra/issues/521.
+// Related to https://github.com/spf13/cobra/issues/521.
func TestNormPassedOnInherited(t *testing.T) {
toUpper := func(f *pflag.FlagSet, name string) pflag.NormalizedName {
return pflag.NormalizedName(strings.ToUpper(name))
@@ -1267,7 +1267,7 @@ func TestNormPassedOnInherited(t *testing.T) {
}
}
-// Related to https://github.com/OneCloudInc/cobra/issues/521.
+// Related to https://github.com/spf13/cobra/issues/521.
func TestConsistentNormalizedName(t *testing.T) {
toUpper := func(f *pflag.FlagSet, name string) pflag.NormalizedName {
return pflag.NormalizedName(strings.ToUpper(name))
@@ -1400,7 +1400,7 @@ func TestFlagErrorFunc(t *testing.T) {
// TestSortedFlags checks,
// if cmd.LocalFlags() is unsorted when cmd.Flags().SortFlags set to false.
-// Related to https://github.com/OneCloudInc/cobra/issues/404.
+// Related to https://github.com/spf13/cobra/issues/404.
func TestSortedFlags(t *testing.T) {
c := &Command{}
c.Flags().SortFlags = false
@@ -1426,7 +1426,7 @@ func TestSortedFlags(t *testing.T) {
// TestMergeCommandLineToFlags checks,
// if pflag.CommandLine is correctly merged to c.Flags() after first call
// of c.mergePersistentFlags.
-// Related to https://github.com/OneCloudInc/cobra/issues/443.
+// Related to https://github.com/spf13/cobra/issues/443.
func TestMergeCommandLineToFlags(t *testing.T) {
pflag.Bool("boolflag", false, "")
c := &Command{Use: "c", Run: emptyRun}
@@ -1440,7 +1440,7 @@ func TestMergeCommandLineToFlags(t *testing.T) {
// TestUseDeprecatedFlags checks,
// if cobra.Execute() prints a message, if a deprecated flag is used.
-// Related to https://github.com/OneCloudInc/cobra/issues/463.
+// Related to https://github.com/spf13/cobra/issues/463.
func TestUseDeprecatedFlags(t *testing.T) {
c := &Command{Use: "c", Run: emptyRun}
c.Flags().BoolP("deprecated", "d", false, "deprecated flag")
From 1f5bfa181bf558edc72a9c6fd65dde9063e9473c Mon Sep 17 00:00:00 2001
From: Ryan Curtin <ryan@onecloud.io>
Date: Thu, 16 Dec 2021 17:03:32 -0500
Subject: [PATCH 9/9] Code review fixes - seeding random number generator and
handling error with setting header
---
decryptor/reaper.go | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/decryptor/reaper.go b/decryptor/reaper.go
index 1ec3039b..15085e7c 100644
--- a/decryptor/reaper.go
+++ b/decryptor/reaper.go
@@ -54,6 +54,10 @@ var vaultRegex = regexp.MustCompile(vaultEncryptStart + "(.*)" + vaultEncryptEnd
var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
+func init() {
+ rand.Seed(time.Now().UTC().UnixNano())
+}
+
// NewReaperDecryptor returns a Decryptor implementation that will call out to
// the reaper service to decrypt any encrypted arguments.
func NewReaperDecryptor(url, signingKey, commandExecutorID string) Decryptor {
@@ -96,7 +100,10 @@ func (r *ReaperDecryptor) DecryptArguments(args []string) ([]string, error) {
}
cl := defaultClientWithRetries()
- addJWTHeader(retryReq, r.SigningKey)
+ err = addJWTHeader(retryReq, r.SigningKey)
+ if err != nil {
+ return args, fmt.Errorf("error signing request: %s", err)
+ }
resp, err := cl.Do(retryReq)
if err != nil {