Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: fix secrets commands #53

Merged
merged 1 commit into from
Mar 26, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions .github/workflows/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ jobs:
run: |
echo "${{secrets.CERTIFICATE}}" > tls.crt
echo "${{secrets.PRIVATE_KEY}}" > tls.key

cat > okms.yaml <<-EOF
version: 1
profile: default
Expand Down Expand Up @@ -59,4 +58,3 @@ jobs:
./tests/out/coverage.txt
./tests/out/coverage.html
retention-days: 5

4 changes: 2 additions & 2 deletions cmd/okms/keys/keys.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,9 +43,9 @@ func newListServiceKeysCmd() *cobra.Command {
}
// Let's list all the keys by putting them all in memory. The memory is not an issue, unless a domain has hundreds of thousands of keys
// Filter keys by activation state
stateFilter := types.Active
stateFilter := types.KeyStatesActive
if listAll {
stateFilter = types.All
stateFilter = types.KeyStatesAll
}
for key, err := range common.Client().ListAllServiceKeys(&keysPageSize, &stateFilter).Iter(cmd.Context()) {
exit.OnErr(err)
Expand Down
8 changes: 3 additions & 5 deletions cmd/okms/secrets/config.go
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
//go:build unstable

package secrets

import (
Expand Down Expand Up @@ -54,7 +52,7 @@ func kvReadConfigCommand() *cobra.Command {
func kvWriteConfigCommand() *cobra.Command {
var (
casRequired bool
maxVersions int32
maxVersions uint32
deleteVersionAfter string
)

Expand All @@ -73,7 +71,7 @@ func kvWriteConfigCommand() *cobra.Command {
d = &deleteVersionAfter
}

var m *int32
var m *uint32
if cmd.Flag("max-versions").Changed {
m = &maxVersions
}
Expand All @@ -89,7 +87,7 @@ func kvWriteConfigCommand() *cobra.Command {
}

cmd.Flags().BoolVar(&casRequired, "cas-required", false, "If true all keys will require the cas parameter to be set on all write requests.")
cmd.Flags().Int32Var(&maxVersions, "max-versions", 0, "The number of versions to keep per key. This value applies to all keys, but a key's metadata setting can overwrite this value. Once a key has more than the configured allowed versions, the oldest version will be permanently deleted. ")
cmd.Flags().Uint32Var(&maxVersions, "max-versions", 0, "The number of versions to keep per key. This value applies to all keys, but a key's metadata setting can overwrite this value. Once a key has more than the configured allowed versions, the oldest version will be permanently deleted. ")
cmd.Flags().StringVar(&deleteVersionAfter, "delete-after", "0s", "If set, specifies the length of time before a version is deleted.\nDate format, see: https://developer.hashicorp.com/vault/docs/concepts/duration-format")
return cmd
}
38 changes: 8 additions & 30 deletions cmd/okms/secrets/metadata.go
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
//go:build unstable

package secrets

import (
Expand Down Expand Up @@ -112,7 +110,7 @@ func kvGetMetadataCommand() *cobra.Command {
func kvPutMetadataCommand() *cobra.Command {
var (
casRequired bool
maxVersions int32
maxVersions uint32
deleteVersionAfter string
customMetadata map[string]string
)
Expand All @@ -132,34 +130,24 @@ func kvPutMetadataCommand() *cobra.Command {
d = &deleteVersionAfter
}

var m *int32
var m *uint32
if cmd.Flag("max-versions").Changed {
m = &maxVersions
}

var cm *map[string]interface{}
if len(customMetadata) > 0 {
tmp := make(map[string]interface{})
cm = &tmp
for k, v := range customMetadata {
(*cm)[k] = v
}
}

body := types.SecretUpdatableMetadata{
CasRequired: c,
DeleteVersionAfter: d,
MaxVersions: m,
CustomMetadata: new(any),
CustomMetadata: &customMetadata,
}
*body.CustomMetadata = cm

exit.OnErr(common.Client().PostSecretMetadata(cmd.Context(), args[0], body))
},
}

cmd.Flags().BoolVar(&casRequired, "cas-required", false, "If true all keys will require the cas parameter to be set on all write requests.")
cmd.Flags().Int32Var(&maxVersions, "max-versions", 0, "The number of versions to keep per key. This value applies to all keys, but a key's metadata setting can overwrite this value. Once a key has more than the configured allowed versions, the oldest version will be permanently deleted. ")
cmd.Flags().Uint32Var(&maxVersions, "max-versions", 0, "The number of versions to keep per key. This value applies to all keys, but a key's metadata setting can overwrite this value. Once a key has more than the configured allowed versions, the oldest version will be permanently deleted. ")
cmd.Flags().StringVar(&deleteVersionAfter, "delete-after", "0s", "If set, specifies the length of time before a version is deleted.\nDate format, see: https://developer.hashicorp.com/vault/docs/concepts/duration-format")
cmd.Flags().StringToStringVar(&customMetadata, "custom-metadata", map[string]string{}, "Specifies arbitrary version-agnostic key=value metadata meant to describe a secret.\nThis can be specified multiple times to add multiple pieces of metadata.")
return cmd
Expand All @@ -168,7 +156,7 @@ func kvPutMetadataCommand() *cobra.Command {
func kvPatchMetadataCommand() *cobra.Command {
var (
casRequired bool
maxVersions int32
maxVersions uint32
deleteVersionAfter string
customMetadata map[string]string
)
Expand All @@ -188,34 +176,24 @@ func kvPatchMetadataCommand() *cobra.Command {
d = &deleteVersionAfter
}

var m *int32
var m *uint32
if cmd.Flag("max-versions").Changed {
m = &maxVersions
}

var cm *map[string]interface{}
if len(customMetadata) > 0 {
tmp := make(map[string]interface{})
cm = &tmp
for k, v := range customMetadata {
(*cm)[k] = v
}
}

body := types.SecretUpdatableMetadata{
CasRequired: c,
DeleteVersionAfter: d,
MaxVersions: m,
CustomMetadata: new(any),
CustomMetadata: &customMetadata,
}
*body.CustomMetadata = cm

exit.OnErr(common.Client().PatchSecretMetadata(cmd.Context(), args[0], body))
},
}

cmd.Flags().BoolVar(&casRequired, "cas-required", false, "If true all keys will require the cas parameter to be set on all write requests.")
cmd.Flags().Int32Var(&maxVersions, "max-versions", 0, "The number of versions to keep per key. This value applies to all keys, but a key's metadata setting can overwrite this value. Once a key has more than the configured allowed versions, the oldest version will be permanently deleted. ")
cmd.Flags().Uint32Var(&maxVersions, "max-versions", 0, "The number of versions to keep per key. This value applies to all keys, but a key's metadata setting can overwrite this value. Once a key has more than the configured allowed versions, the oldest version will be permanently deleted. ")
cmd.Flags().StringVar(&deleteVersionAfter, "delete-after", "0s", "If set, specifies the length of time before a version is deleted.\nDate format, see: https://developer.hashicorp.com/vault/docs/concepts/duration-format")
cmd.Flags().StringToStringVar(&customMetadata, "custom-metadata", map[string]string{}, "Specifies arbitrary version-agnostic key=value metadata meant to describe a secret.\nThis can be specified multiple times to add multiple pieces of metadata.")
return cmd
Expand Down
2 changes: 0 additions & 2 deletions cmd/okms/secrets/root.go
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
//go:build unstable

package secrets

import (
Expand Down
50 changes: 24 additions & 26 deletions cmd/okms/secrets/secrets.go
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
//go:build unstable

package secrets

import (
Expand All @@ -21,15 +19,15 @@ import (

func kvGetCmd() *cobra.Command {
var (
version int32
version uint32
)

cmd := &cobra.Command{
Use: "get PATH",
Short: "Retrieves the value from KMS's key-value store at the given key name",
Args: cobra.ExactArgs(1),
Run: func(cmd *cobra.Command, args []string) {
var v *int32
var v *uint32
if version != 0 {
v = &version
}
Expand All @@ -56,7 +54,7 @@ func kvGetCmd() *cobra.Command {
},
}

cmd.Flags().Int32Var(&version, "version", 0, "If passed, the value at the version number will be returned")
cmd.Flags().Uint32Var(&version, "version", 0, "If passed, the value at the version number will be returned")
return cmd
}

Expand All @@ -78,14 +76,14 @@ func kvPutCmd() *cobra.Command {
os.Exit(1)
}

var c *int32
var c uint32
if cas != -1 {
c = &cas
c = utils.ToUint32(c)
}
body := types.PostSecretRequest{
Data: new(any),
Options: &types.PostSecretOptions{
Cas: c,
Cas: &c,
},
}

Expand Down Expand Up @@ -122,14 +120,14 @@ func kvPatchCmd() *cobra.Command {
os.Exit(1)
}

var c *int32
var c uint32
if cas != -1 {
c = &cas
c = utils.ToUint32(cas)
}
body := types.PostSecretRequest{
Data: new(any),
Options: &types.PostSecretOptions{
Cas: c,
Cas: &c,
},
}

Expand All @@ -150,7 +148,7 @@ func kvPatchCmd() *cobra.Command {

func kvDeleteCmd() *cobra.Command {
var (
versions []int32
versions []uint
)

cmd := &cobra.Command{
Expand All @@ -161,70 +159,70 @@ func kvDeleteCmd() *cobra.Command {
if len(versions) == 0 {
exit.OnErr(common.Client().DeleteSecretRequest(cmd.Context(), args[0]))
} else {
exit.OnErr(common.Client().DeleteSecretVersions(cmd.Context(), args[0], versions))
exit.OnErr(common.Client().DeleteSecretVersions(cmd.Context(), args[0], utils.ToUint32Array(versions)))
}
},
}

cmd.Flags().Int32SliceVar(&versions, "versions", []int32{}, "Specifies the version numbers to delete. (Comma separated list of versions)")
cmd.Flags().UintSliceVar(&versions, "versions", []uint{}, "Specifies the version numbers to delete. (Comma separated list of versions)")
return cmd
}

func kvUndeleteCmd() *cobra.Command {
var (
versions []int32
versions []uint
)

cmd := &cobra.Command{
Use: "undelete PATH",
Short: "Undeletes the data for the provided version and path in the key-value store.",
Args: cobra.ExactArgs(1),
Run: func(cmd *cobra.Command, args []string) {
exit.OnErr(common.Client().PostSecretUndelete(cmd.Context(), args[0], versions))
exit.OnErr(common.Client().PostSecretUndelete(cmd.Context(), args[0], utils.ToUint32Array(versions)))
},
}

cmd.Flags().Int32SliceVar(&versions, "versions", []int32{}, "Specifies the version numbers to delete. (Comma separated list of versions)")
cmd.Flags().UintSliceVar(&versions, "versions", []uint{}, "Specifies the version numbers to delete. (Comma separated list of versions)")
_ = cmd.MarkFlagRequired("versions")
return cmd
}

func kvDestroyCmd() *cobra.Command {
var (
versions []int32
versions []uint
)

cmd := &cobra.Command{
Use: "destroy PATH",
Short: "Permanently removes the specified versions' data from the key-value store.",
Args: cobra.ExactArgs(1),
Run: func(cmd *cobra.Command, args []string) {
exit.OnErr(common.Client().PostSecretDestroy(cmd.Context(), args[0], versions))
exit.OnErr(common.Client().PutSecretDestroy(cmd.Context(), args[0], utils.ToUint32Array(versions)))
},
}

cmd.Flags().Int32SliceVar(&versions, "versions", []int32{}, "Specifies the version numbers to delete. (Comma separated list of versions)")
cmd.Flags().UintSliceVar(&versions, "versions", []uint{}, "Specifies the version numbers to delete. (Comma separated list of versions)")
_ = cmd.MarkFlagRequired("versions")
return cmd
}

func kvSubkeysCmd() *cobra.Command {
var (
version int32
depth int32
version uint32
depth uint32
)

cmd := &cobra.Command{
Use: "subkeys PATH",
Short: "Provides the subkeys within a secret entry that exists at the requested path.",
Args: cobra.ExactArgs(1),
Run: func(cmd *cobra.Command, args []string) {
var v *int32
var v *uint32
if cmd.Flag("version").Changed {
v = &version
}

var d *int32
var d *uint32
if cmd.Flag("depth").Changed {
d = &depth
}
Expand All @@ -251,8 +249,8 @@ func kvSubkeysCmd() *cobra.Command {
},
}

cmd.Flags().Int32Var(&version, "version", 0, "The version to return")
cmd.Flags().Int32Var(&depth, "depth", 0, "Deepest nesting level to provide in the output")
cmd.Flags().Uint32Var(&version, "version", 0, "The version to return")
cmd.Flags().Uint32Var(&depth, "depth", 0, "Deepest nesting level to provide in the output")
return cmd
}

Expand Down
25 changes: 13 additions & 12 deletions common/utils/int.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,16 +28,17 @@ func ToUint64[N Integer](n N) uint64 {
return uint64(n)
}

// func ToUint32[N Integer](n N) uint32 {
// if n < 0 || uint64(n) > math.MaxUint32 {
// panic("Integer overflow")
// }
// return uint32(n)
// }
func ToUint32[N Integer](n N) uint32 {
if n < 0 || uint64(n) > math.MaxUint32 {
panic("Integer overflow")
}
return uint32(n)
}

// func ToUint16[N Integer](n N) uint16 {
// if n < 0 || uint64(n) > math.MaxUint16 {
// panic("Integer overflow")
// }
// return uint16(n)
// }
func ToUint32Array[N Integer](l []N) []uint32 {
var v []uint32
for _, val := range l {
v = append(v, ToUint32(val))
}
return v
}
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ require (
github.com/knadh/koanf/v2 v2.1.2
github.com/olekukonko/tablewriter v0.0.5
github.com/ovh/kmip-go v0.3.3
github.com/ovh/okms-sdk-go v0.4.3-0.20250312132334-73bb8f020781
github.com/ovh/okms-sdk-go v0.4.3-0.20250326103329-2a75059822d8
github.com/pterm/pterm v0.12.80
github.com/schollz/progressbar/v3 v3.18.0
github.com/spf13/cobra v1.9.1
Expand Down
4 changes: 4 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,10 @@ github.com/ovh/okms-sdk-go v0.4.2 h1:Vr1HQA0tWoREq5b94Ze2BnG+M1/J87ekWB2/9Cm9wAA
github.com/ovh/okms-sdk-go v0.4.2/go.mod h1:qHignKksvZNNywbHvwJCmy5C6Ro1ZZgNKu2PZO7XTJs=
github.com/ovh/okms-sdk-go v0.4.3-0.20250312132334-73bb8f020781 h1:6zYOcxm6Zqs0rgpNLtN6a1OnJlwWXmOr4NF+okj5oDM=
github.com/ovh/okms-sdk-go v0.4.3-0.20250312132334-73bb8f020781/go.mod h1:qHignKksvZNNywbHvwJCmy5C6Ro1ZZgNKu2PZO7XTJs=
github.com/ovh/okms-sdk-go v0.4.3-0.20250325141909-a44a71a4b427 h1:oUJrxf2kcO/Y/I8wGFMIiP35Of9WHemWKF0uhlSBazY=
github.com/ovh/okms-sdk-go v0.4.3-0.20250325141909-a44a71a4b427/go.mod h1:qHignKksvZNNywbHvwJCmy5C6Ro1ZZgNKu2PZO7XTJs=
github.com/ovh/okms-sdk-go v0.4.3-0.20250326103329-2a75059822d8 h1:Xj2clTOAYD2dQSmHVBoT0SDXK+FHoZqgfx/5aloH7wQ=
github.com/ovh/okms-sdk-go v0.4.3-0.20250326103329-2a75059822d8/go.mod h1:qHignKksvZNNywbHvwJCmy5C6Ro1ZZgNKu2PZO7XTJs=
github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
Expand Down
Loading