Merge pull request #180 from secrethub/release/v0.27.0

Release v0.27.0

Author: SimonBarendse

.circleci/config.yml

@@ -2,7 +2,7 @@ version: 2
 jobs:
   test:
     docker:
-      - image: circleci/golang:1.12
+      - image: circleci/golang:1.13
     steps:
       - checkout
       - restore_cache:
@@ -16,7 +16,7 @@ jobs:
       - run: make test
   verify-version:
     docker:
-      - image: circleci/golang:1.12
+      - image: circleci/golang:1.13
     steps:
       - checkout
       - restore_cache:

internals/api/server_errors.go

@@ -1,6 +1,7 @@
 package api
 
 import (
+	"errors"
 	"net/http"
 
 	"fmt"
@@ -40,7 +41,7 @@ var (
 	ErrSignatureNotVerified = errHub.Code("invalid_signature").StatusError("request was not signed by a valid credential", http.StatusUnauthorized)
 
 	// Repos
-	ErrRepoNotFound      = errHub.Code("repo_not_found").StatusError("Repo not found", http.StatusNotFound)
+	ErrRepoNotFound      = errHub.Code("repo_not_found").StatusErrorPref("Repo '%s' not found", http.StatusNotFound)
 	ErrRepoAlreadyExists = errHub.Code("repo_already_exists").StatusError("Repo already exists, please create a different repo", http.StatusConflict)
 
 	// Dirs
@@ -104,9 +105,10 @@ var (
 
 // IsErrNotFound returns whether the given error is caused by a un-existing resource.
 func IsErrNotFound(err error) bool {
-	statusError, ok := err.(errio.PublicStatusError)
+	var publicStatusError errio.PublicStatusError
+	ok := errors.As(err, &publicStatusError)
 	if !ok {
 		return false
 	}
-	return statusError.StatusCode == 404
+	return publicStatusError.StatusCode == 404
 }

pkg/randchar/generator.go

@@ -34,6 +34,8 @@ var (
 	All = Alphanumeric.Add(Symbols)
 	// Similar defines a character set containing similar looking characters.
 	Similar = NewCharset("iIlL1oO0")
+	// HumanReadable defines a character set containing all alphanumeric characters except the similar ones.
+	HumanReadable = Alphanumeric.Subtract(Similar)
 
 	// DefaultRand defines the default random generator to use. You can create
 	// your own generators using NewRand.
@@ -263,6 +265,8 @@ func CharsetByName(charsetName string) (Charset, bool) {
 		return All, true
 	case "similar":
 		return Similar, true
+	case "human-readable":
+		return HumanReadable, true
 	default:
 		return Charset{}, false
 	}

pkg/secrethub/acl.go

@@ -4,6 +4,7 @@ import (
 	"github.com/secrethub/secrethub-go/internals/api"
 	"github.com/secrethub/secrethub-go/internals/api/uuid"
 	"github.com/secrethub/secrethub-go/internals/errio"
+	"github.com/secrethub/secrethub-go/pkg/secrethub/iterator"
 )
 
 // AccessRuleService handles operations on access rules from SecretHub.
@@ -14,13 +15,20 @@ type AccessRuleService interface {
 	Set(path string, permission string, accountName string) (*api.AccessRule, error)
 	// Delete removes the accessrule for the given directory and account.
 	Delete(path string, accountName string) error
-	// List etrieves all access rules that apply to a directory, including
+	// List retrieves all access rules that apply to a directory, including
 	// rules that apply to its children up to a specified depth. When ancestors is set
 	// to true, it also includes rules for any parent directories. When the depth is
 	// set to -1, all children are retrieved without limit.
+	// Deprecated: Use iterator function instead.
 	List(path string, depth int, ancestors bool) ([]*api.AccessRule, error)
+	// Iterator returns an iterator that retrieves all access rules that apply to a
+	// directory.
+	Iterator(path string, _ *AccessRuleIteratorParams) AccessRuleIterator
 	// ListLevels lists the access levels on the given directory.
+	// Deprecated: Use iterator function instead.
 	ListLevels(path string) ([]*api.AccessLevel, error)
+	// LevelIterator returns an iterator that retrieves all access levels on the given directory.
+	LevelIterator(path string, _ *AccessLevelIteratorParams) AccessLevelIterator
 }
 
 func newAccessRuleService(client *Client) AccessRuleService {
@@ -87,7 +95,7 @@ func (s accessRuleService) Get(path string, accountName string) (*api.AccessRule
 	return accessRule, nil
 }
 
-// List etrieves all access rules that apply to a directory, including
+// List retrieves all access rules that apply to a directory, including
 // rules that apply to its children up to a specified depth. When ancestors is set
 // to true, it also includes rules for any parent directories. When the depth is
 // set to -1, all children are retrieved without limit.
@@ -286,3 +294,157 @@ func (c *Client) getAccessLevel(path api.BlindNamePath, accountName api.AccountN
 
 	return accessLevel, nil
 }
+
+// Iterator returns an iterator that retrieves all access rules that apply to a
+// directory.
+func (s accessRuleService) Iterator(path string, params *AccessRuleIteratorParams) AccessRuleIterator {
+	if params == nil {
+		params = &AccessRuleIteratorParams{}
+	}
+
+	depth := -1
+	if params.Depth != nil {
+		depth = int(*params.Depth)
+	}
+	ancestors := params.Ancestors
+
+	return &accessRuleIterator{
+		iterator: iterator.New(
+			iterator.PaginatorFactory(
+				func() ([]interface{}, error) {
+					p, err := api.NewDirPath(path)
+					if err != nil {
+						return nil, errio.Error(err)
+					}
+
+					blindName, err := s.client.convertPathToBlindName(p)
+					if err != nil {
+						return nil, errio.Error(err)
+					}
+
+					accessRules, err := s.client.httpClient.ListAccessRules(blindName, depth, ancestors)
+					if err != nil {
+						return nil, errio.Error(err)
+					}
+
+					res := make([]interface{}, len(accessRules))
+					for i, element := range accessRules {
+						res[i] = element
+					}
+					return res, nil
+				},
+			),
+		),
+	}
+}
+
+// LevelIterator returns an iterator that retrieves all access levels on the given directory.
+func (s accessRuleService) LevelIterator(path string, _ *AccessLevelIteratorParams) AccessLevelIterator {
+	return &accessLevelIterator{
+		iterator: iterator.New(
+			iterator.PaginatorFactory(
+				func() ([]interface{}, error) {
+					p, err := api.NewDirPath(path)
+					if err != nil {
+						return nil, errio.Error(err)
+					}
+
+					blindName, err := s.client.convertPathToBlindName(p)
+					if err != nil {
+						return nil, errio.Error(err)
+					}
+
+					rules, err := s.client.httpClient.ListAccessRules(blindName, 0, true)
+					if err != nil {
+						return nil, errio.Error(err)
+					}
+
+					dir, err := s.dirService.GetTree(path, 0, false)
+					if err != nil {
+						return nil, errio.Error(err)
+					}
+
+					rights := make(map[uuid.UUID][]*api.AccessRule)
+					for _, rule := range rules {
+						list := rights[rule.AccountID]
+						rights[rule.AccountID] = append(list, rule)
+					}
+
+					accessLevels := make([]*api.AccessLevel, len(rights))
+					i := 0
+					for _, list := range rights {
+						first := list[0]
+						maxPerm := first.Permission
+						for _, rule := range list {
+							if maxPerm < rule.Permission {
+								maxPerm = rule.Permission
+							}
+						}
+
+						accessLevels[i] = &api.AccessLevel{
+							Account:    first.Account,
+							AccountID:  first.AccountID,
+							DirID:      dir.RootDir.DirID, // add this for completeness
+							Permission: maxPerm,
+						}
+
+						i++
+					}
+
+					res := make([]interface{}, len(accessLevels))
+					for i, element := range accessLevels {
+						res[i] = element
+					}
+					return res, nil
+				},
+			),
+		),
+	}
+}
+
+// AccessLevelIterator iterates over access rules.
+type AccessRuleIterator interface {
+	Next() (api.AccessRule, error)
+}
+
+type accessRuleIterator struct {
+	iterator iterator.Iterator
+}
+
+// Next returns the next access rule or iterator.Done if all of them have been returned.
+func (it *accessRuleIterator) Next() (api.AccessRule, error) {
+	item, err := it.iterator.Next()
+	if err != nil {
+		return api.AccessRule{}, err
+	}
+
+	return *item.(*api.AccessRule), nil
+}
+
+// AccessRuleIteratorParams specify parameters used when listing access rules.
+type AccessRuleIteratorParams struct {
+	Depth     *uint // Depth defines the depth of traversal for the iterator, nil means listing all subdirectories.
+	Ancestors bool  // Ancestors defines whether the iterator should also list access rules of parent directories.
+}
+
+// AccessLevelIteratorParams defines the parameters used when listing access levels.
+type AccessLevelIteratorParams struct{}
+
+// AccessLevelIterator iterates over access levels.
+type AccessLevelIterator interface {
+	Next() (api.AccessLevel, error)
+}
+
+type accessLevelIterator struct {
+	iterator iterator.Iterator
+}
+
+// Next returns the next access level or iterator.Done if all of them have been returned.
+func (it *accessLevelIterator) Next() (api.AccessLevel, error) {
+	item, err := it.iterator.Next()
+	if err != nil {
+		return api.AccessLevel{}, err
+	}
+
+	return *item.(*api.AccessLevel), nil
+}

pkg/secrethub/client.go

@@ -17,8 +17,8 @@ import (
 	"github.com/secrethub/secrethub-go/pkg/secrethub/internals/http"
 )
 
-const (
-	userAgentPrefix = "SecretHub/v1 secrethub-go/" + ClientVersion
+var (
+	userAgentPrefix = "SecretHub/1.0 secrethub-go/" + strings.TrimPrefix(ClientVersion, "v")
 )
 
 // Errors
@@ -86,7 +86,7 @@ type AppInfo struct {
 func (i AppInfo) userAgentSuffix() string {
 	res := i.Name
 	if i.Version != "" {
-		res += "/" + i.Version
+		res += "/" + strings.TrimPrefix(i.Version, "v")
 	}
 	return res
 }

pkg/secrethub/client_version.go

@@ -2,4 +2,4 @@ package secrethub
 
 // ClientVersion is the current version of the client
 // Do not edit this unless you know what you're doing.
-const ClientVersion = "v0.26.0"
+const ClientVersion = "v0.27.0"