tyler.durden
/
compose
mirror of https://github.com/docker/compose.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Refactor secrets 

- create secrets from files
  - update Secret structure

Signed-off-by: aiordache <anca.iordache@docker.com>
This commit is contained in:
aiordache 2020-10-08 10:29:45 +02:00
parent f5f87e342a
commit 8f31ad59be
4 changed files with 66 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
api/secrets/api.go
View File

@ -31,21 +31,17 @@ type Service interface {
// Secret hold sensitive data // Secret hold sensitive data
type Secret struct { type Secret struct {
ID string `json:"ID"` ID string `json:"ID"`
Name string `json:"Name"` Name string `json:"Name"`
Labels map[string]string `json:"Labels"` Labels map[string]string `json:"Tags"`
Description string `json:"Description"` content []byte
username string
password string
} }
// NewSecret builds a secret // NewSecret builds a secret
func NewSecret(name, username, password, description string) Secret { func NewSecret(name string, content []byte) Secret {
return Secret{ return Secret{
Name: name, Name: name,
username: username, content: content,
password: password,
Description: description,
} }
} }
@ -58,15 +54,7 @@ func (s Secret) ToJSON() (string, error) {
return string(b), nil return string(b), nil
} }
// GetCredString marshall a Secret's sensitive data into JSON string // GetContent returns a Secret's sensitive data
func (s Secret) GetCredString() (string, error) { func (s Secret) GetContent() []byte {
creds := map[string]string{ return s.content
"username": s.username,
"password": s.password,
}
b, err := json.Marshal(&creds)
if err != nil {
return "", err
}
return string(b), nil
} }

48
cli/cmd/secrets.go
View File

@ -19,6 +19,7 @@ package cmd
import ( import (
"fmt" "fmt"
"io" "io"
"io/ioutil"
"os" "os"
"github.com/spf13/cobra" "github.com/spf13/cobra"
@ -28,13 +29,6 @@ import (
"github.com/docker/compose-cli/formatter" "github.com/docker/compose-cli/formatter"
) )
type createSecretOptions struct {
Label string
Username string
Password string
Description string
}
// SecretCommand manage secrets // SecretCommand manage secrets
func SecretCommand() *cobra.Command { func SecretCommand() *cobra.Command {
cmd := &cobra.Command{ cmd := &cobra.Command{
@ -52,18 +46,39 @@ func SecretCommand() *cobra.Command {
} }
func createSecret() *cobra.Command { func createSecret() *cobra.Command {
opts := createSecretOptions{}
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "create NAME", Use: "create [OPTIONS] SECRET [file|-]",
Short: "Creates a secret.", Short: "Creates a secret.",
Args: cobra.ExactArgs(1), Args: cobra.RangeArgs(1, 2),
RunE: func(cmd *cobra.Command, args []string) error { RunE: func(cmd *cobra.Command, args []string) error {
c, err := client.New(cmd.Context()) c, err := client.New(cmd.Context())
if err != nil { if err != nil {
return err return err
} }
file := "-"
if len(args) == 2 {
file = args[1]
}
if len(file) == 0 {
return fmt.Errorf("secret data source empty: %q", file)
}
var in io.ReadCloser
switch file {
case "-":
in = os.Stdin
default:
in, err = os.Open(file)
if err != nil {
return err
}
defer func() { _ = in.Close() }()
}
content, err := ioutil.ReadAll(in)
if err != nil {
return fmt.Errorf("failed to read content from %q: %v", file, err)
}
name := args[0] name := args[0]
secret := secrets.NewSecret(name, opts.Username, opts.Password, opts.Description) secret := secrets.NewSecret(name, content)
id, err := c.SecretsService().CreateSecret(cmd.Context(), secret) id, err := c.SecretsService().CreateSecret(cmd.Context(), secret)
if err != nil { if err != nil {
return err return err
@ -72,10 +87,6 @@ func createSecret() *cobra.Command {
return nil return nil
}, },
} }
cmd.Flags().StringVarP(&opts.Username, "username", "u", "", "username")
cmd.Flags().StringVarP(&opts.Password, "password", "p", "", "password")
cmd.Flags().StringVarP(&opts.Description, "description", "d", "", "Secret description")
return cmd return cmd
} }
@ -135,7 +146,7 @@ func listSecrets() *cobra.Command {
for _, secret := range view { for _, secret := range view {
_, _ = fmt.Fprintf(w, "%s\t%s\t%s\n", secret.ID, secret.Name, secret.Description) _, _ = fmt.Fprintf(w, "%s\t%s\t%s\n", secret.ID, secret.Name, secret.Description)
} }
}, "ID", "NAME", "DESCRIPTION") }, "ID", "NAME")
}, },
} }
cmd.Flags().StringVar(&opts.format, "format", "", "Format the output. Values: [pretty | json]. (Default: pretty)") cmd.Flags().StringVar(&opts.format, "format", "", "Format the output. Values: [pretty | json]. (Default: pretty)")
@ -153,9 +164,8 @@ func viewFromSecretList(secretList []secrets.Secret) []secretView {
retList := make([]secretView, len(secretList)) retList := make([]secretView, len(secretList))
for i, s := range secretList { for i, s := range secretList {
retList[i] = secretView{ retList[i] = secretView{
ID: s.ID, ID: s.ID,
Name: s.Name, Name: s.Name,
Description: s.Description,
} }
} }
return retList return retList

43
ecs/sdk.go
View File

@ -551,15 +551,21 @@ func (s sdk) DeleteStack(ctx context.Context, name string) error {
func (s sdk) CreateSecret(ctx context.Context, secret secrets.Secret) (string, error) { func (s sdk) CreateSecret(ctx context.Context, secret secrets.Secret) (string, error) {
logrus.Debug("Create secret " + secret.Name) logrus.Debug("Create secret " + secret.Name)
secretStr, err := secret.GetCredString() var tags []*secretsmanager.Tag
if err != nil { for k, v := range secret.Labels {
return "", err tags = []*secretsmanager.Tag{
{
Key: aws.String(k),
Value: aws.String(v),
},
}
} }
// store the secret content as string
content := string(secret.GetContent())
response, err := s.SM.CreateSecret(&secretsmanager.CreateSecretInput{ response, err := s.SM.CreateSecret(&secretsmanager.CreateSecretInput{
Name: &secret.Name, Name: &secret.Name,
SecretString: &secretStr, SecretString: &content,
Description: &secret.Description, Tags: tags,
}) })
if err != nil { if err != nil {
return "", err return "", err
@ -573,17 +579,15 @@ func (s sdk) InspectSecret(ctx context.Context, id string) (secrets.Secret, erro
if err != nil { if err != nil {
return secrets.Secret{}, err return secrets.Secret{}, err
} }
labels := map[string]string{} tags := map[string]string{}
for _, tag := range response.Tags { for _, tag := range response.Tags {
labels[aws.StringValue(tag.Key)] = aws.StringValue(tag.Value) tags[aws.StringValue(tag.Key)] = aws.StringValue(tag.Value)
} }
secret := secrets.Secret{ secret := secrets.Secret{
ID: aws.StringValue(response.ARN), ID: aws.StringValue(response.ARN),
Name: aws.StringValue(response.Name), Name: aws.StringValue(response.Name),
Labels: labels, Labels: tags,
}
if response.Description != nil {
secret.Description = *response.Description
} }
return secret, nil return secret, nil
} }
@ -598,19 +602,14 @@ func (s sdk) ListSecrets(ctx context.Context) ([]secrets.Secret, error) {
var ls []secrets.Secret var ls []secrets.Secret
for _, sec := range response.SecretList { for _, sec := range response.SecretList {
labels := map[string]string{} tags := map[string]string{}
for _, tag := range sec.Tags { for _, tag := range sec.Tags {
labels[*tag.Key] = *tag.Value tags[*tag.Key] = *tag.Value
}
description := ""
if sec.Description != nil {
description = *sec.Description
} }
ls = append(ls, secrets.Secret{ ls = append(ls, secrets.Secret{
ID: *sec.ARN, ID: *sec.ARN,
Name: *sec.Name, Name: *sec.Name,
Labels: labels, Labels: tags,
Description: description,
}) })
} }
return ls, nil return ls, nil

11
tests/ecs-e2e/e2e-ecs_test.go
View File

@ -21,6 +21,7 @@ import (
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"os" "os"
"path/filepath"
"strconv" "strconv"
"strings" "strings"
"testing" "testing"
@ -50,23 +51,23 @@ func TestMain(m *testing.M) {
func TestSecrets(t *testing.T) { func TestSecrets(t *testing.T) {
cmd, testID := setupTest(t) cmd, testID := setupTest(t)
secretName := "secret" + testID secretName := "secret" + testID
description := "description " + testID
t.Run("create secret", func(t *testing.T) { t.Run("create secret", func(t *testing.T) {
res := cmd.RunDockerCmd("secret", "create", secretName, "-u", "user1", "-p", "pass1", "-d", description) secretFile := filepath.Join(cmd.BinDir, "secret.txt")
assert.Check(t, strings.Contains(res.Stdout(), "secret:"+secretName)) err := ioutil.WriteFile(secretFile, []byte("pass1"), 0644)
assert.Check(t, err == nil)
res := cmd.RunDockerCmd("secret", "create", secretName, secretFile)
assert.Check(t, strings.Contains(res.Stdout(), secretName))
}) })
t.Run("list secrets", func(t *testing.T) { t.Run("list secrets", func(t *testing.T) {
res := cmd.RunDockerCmd("secret", "list") res := cmd.RunDockerCmd("secret", "list")
assert.Check(t, strings.Contains(res.Stdout(), secretName)) assert.Check(t, strings.Contains(res.Stdout(), secretName))
assert.Check(t, strings.Contains(res.Stdout(), description))
}) })
t.Run("inspect secret", func(t *testing.T) { t.Run("inspect secret", func(t *testing.T) {
res := cmd.RunDockerCmd("secret", "inspect", secretName) res := cmd.RunDockerCmd("secret", "inspect", secretName)
assert.Check(t, strings.Contains(res.Stdout(), `"Name": "`+secretName+`"`)) assert.Check(t, strings.Contains(res.Stdout(), `"Name": "`+secretName+`"`))
assert.Check(t, strings.Contains(res.Stdout(), `"Description": "`+description+`"`))
}) })
t.Run("rm secret", func(t *testing.T) { t.Run("rm secret", func(t *testing.T) {