-
Notifications
You must be signed in to change notification settings - Fork 148
/
encrypt.go
112 lines (94 loc) · 3.14 KB
/
encrypt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
// Copyright 2021 The PipeCD Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package encrypt
import (
"bytes"
"context"
"fmt"
"io"
"os"
"github.com/spf13/cobra"
"github.com/pipe-cd/pipecd/pkg/app/pipectl/client"
"github.com/pipe-cd/pipecd/pkg/app/server/service/apiservice"
"github.com/pipe-cd/pipecd/pkg/cli"
)
// 10MB
const maxDataSize int64 = 10485760
type command struct {
clientOptions *client.Options
pipedID string
inputFile string
base64Encoding bool
stdout io.Writer
}
func NewCommand() *cobra.Command {
c := &command{
clientOptions: &client.Options{},
stdout: os.Stdout,
}
cmd := &cobra.Command{
Use: "encrypt",
Short: "Encrypt the plaintext entered in either stdin or the --input-file flag.",
Example: ` pipectl encrypt --piped-id=xxx --api-key=yyy --address=foo.xz <secret.txt
cat secret.txt | pipectl encrypt --piped-id=xxxxt --api-key=yyy --address=foo.xz
pipectl encrypt --input-file=secret.txt --piped-id=xxxxt --api-key=yyy --address=foo.xz`,
RunE: cli.WithContext(c.run),
}
cmd.Flags().StringVar(&c.pipedID, "piped-id", c.pipedID, "The id of Piped to which the application using the ciphertext belongs.")
cmd.Flags().StringVar(&c.inputFile, "input-file", c.inputFile, "The path to the file to be encrypted.")
cmd.Flags().BoolVar(&c.base64Encoding, "use-base64-encoding", c.base64Encoding, "Whether the plaintext should be base64 encoded before encrypting or not. (default false)")
cmd.MarkFlagRequired("piped-id")
c.clientOptions.RegisterPersistentFlags(cmd)
return cmd
}
func (c *command) run(ctx context.Context, input cli.Input) error {
cli, err := c.clientOptions.NewClient(ctx)
if err != nil {
return fmt.Errorf("failed to initialize client: %w", err)
}
defer cli.Close()
// Prioritize the file passed via the "--input-file" flag.
var source io.Reader
if c.inputFile != "" {
fd, err := os.Open(c.inputFile)
if err != nil {
return fmt.Errorf("failed to read file %q: %w", c.inputFile, err)
}
defer fd.Close()
source = fd
} else {
source = input.Stdin
}
// Prevent accidental loading of large data into memory.
reader := io.LimitReader(source, maxDataSize+1)
buf := bytes.Buffer{}
n, err := buf.ReadFrom(reader)
if err != nil {
return fmt.Errorf("failed to read the data: %w", err)
}
if n > maxDataSize {
return fmt.Errorf("input data exceeds set limit 10 MB")
}
req := &apiservice.EncryptRequest{
PipedId: c.pipedID,
Plaintext: buf.String(),
Base64Encoding: c.base64Encoding,
}
resp, err := cli.Encrypt(ctx, req)
if err != nil {
return fmt.Errorf("failed to encrypt: %w", err)
}
fmt.Fprintln(c.stdout, resp.Ciphertext)
return nil
}