-
Notifications
You must be signed in to change notification settings - Fork 0
/
env.go
93 lines (84 loc) · 2.26 KB
/
env.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
package commands
import (
"bufio"
"fmt"
"os"
"os/exec"
"github.com/adrianosela/padl/cli/config"
"github.com/adrianosela/padl/lib/keymgr"
"github.com/adrianosela/padl/lib/keys"
"github.com/adrianosela/padl/lib/padlfile"
"github.com/adrianosela/padl/lib/secretsmgr"
cli "gopkg.in/urfave/cli.v1"
)
// RunCmds - run a command with injected secrets
var RunCmds = cli.Command{
Name: "run",
Aliases: []string{"r"},
Usage: "Run a command with secrets in the environment",
Flags: []cli.Flag{
asMandatory(nameFlag),
withDefault(fmtFlag, "yaml"),
privateKeyFlag, // set by BeforeFunc
pathFlag,
},
Before: checkCanModifyPadlFile,
Action: runHandler,
}
func runHandler(ctx *cli.Context) error {
format := ctx.String(name(fmtFlag))
priv := ctx.String(name(privateKeyFlag))
path := padlfilePath(ctx.String(name(pathFlag)), format)
// get client
pc, err := getClient(ctx)
if err != nil {
return fmt.Errorf("could not get client: %s", err)
}
// read padlfile
pf, err := padlfile.ReadPadlfile(path)
if err != nil {
return fmt.Errorf("could not read padlfile: %s", err)
}
// get key manager
keyMgr, err := keymgr.NewFSManager(config.GetDefaultPath())
if err != nil {
return fmt.Errorf("could not establish key manager: %s", err)
}
secMgr := secretsmgr.NewSecretsMgr(pc, keyMgr, pf)
// decrypted secret and print it
rsa, err := keys.DecodePrivKeyPEM([]byte(priv))
if err != nil {
return fmt.Errorf("could not materialize user private key: %s", err)
}
secretsMap, err := secMgr.DecryptPadlFileSecrets(rsa)
if err != nil {
return fmt.Errorf("could not decrypt padlfile secrets: %s", err)
}
var cmd *exec.Cmd
if len(os.Args) > 3 {
cmd = exec.Command(os.Args[2], os.Args[3:]...)
} else if len(os.Args) > 2 {
cmd = exec.Command(os.Args[2])
} else {
return fmt.Errorf("no command provided")
}
// copy parent environment
cmd.Env = os.Environ()
// attach decrypted secret to the cmd's environment
for k, v := range secretsMap {
cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", k, v))
}
return runCmdAndPipeStdout(cmd)
}
func runCmdAndPipeStdout(cmd *exec.Cmd) error {
stdout, err := cmd.StdoutPipe()
if err != nil {
return err
}
scanner := bufio.NewScanner(stdout)
cmd.Start()
for scanner.Scan() {
fmt.Println(scanner.Text())
}
return nil
}