Merge pull request #242 from secrethub/release/v0.34.0

Release v0.34.0

Author: SimonBarendse

go.mod

@@ -6,7 +6,7 @@ require (
 	bitbucket.org/zombiezen/cardcpx v0.0.0-20150417151802-902f68ff43ef
 	github.com/alecthomas/kingpin v0.0.0-20191009151950-9e366cbf24ad
 	github.com/atotto/clipboard v0.1.2
-	github.com/aws/aws-sdk-go v1.19.38
+	github.com/aws/aws-sdk-go v1.25.49
 	github.com/docker/go-units v0.3.3
 	github.com/fatih/color v1.7.0
 	github.com/masterzen/winrm v0.0.0-20190308153735-1d17eaf15943
@@ -16,7 +16,7 @@ require (
 	github.com/mitchellh/mapstructure v1.1.2
 	github.com/op/go-logging v0.0.0-20160315200505-970db520ece7
 	github.com/secrethub/demo-app v0.1.0
-	github.com/secrethub/secrethub-go v0.25.0
+	github.com/secrethub/secrethub-go v0.26.0
 	github.com/zalando/go-keyring v0.0.0-20190208082241-fbe81aec3a07
 	golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a
 	golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223

go.sum

@@ -18,6 +18,8 @@ github.com/atotto/clipboard v0.1.2 h1:YZCtFu5Ie8qX2VmVTBnrqLSiU9XOWwqNRmdT3gIQzb
 github.com/atotto/clipboard v0.1.2/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI=
 github.com/aws/aws-sdk-go v1.19.38 h1:WKjobgPO4Ua1ww2NJJl2/zQNreUZxvqmEzwMlRjjm9g=
 github.com/aws/aws-sdk-go v1.19.38/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/aws/aws-sdk-go v1.25.49 h1:j5R2Ey+g8qaiy2NJ9iH+KWzDWS4SjXRCjhc22EeQVE4=
+github.com/aws/aws-sdk-go v1.25.49/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/danieljoos/wincred v1.0.2 h1:zf4bhty2iLuwgjgpraD2E9UbvO+fe54XXGJbOwe23fU=
 github.com/danieljoos/wincred v1.0.2/go.mod h1:SnuYRW9lp1oJrZX/dXJqr0cPK5gYXqx3EJbmjhLdK9U=
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
@@ -74,6 +76,8 @@ github.com/secrethub/secrethub-cli v0.30.0/go.mod h1:dC0wd40v+iQdV83/0rUrOa01LYq
 github.com/secrethub/secrethub-go v0.21.0/go.mod h1:rc2IfKKBJ4L0wGec0u4XnF5/pe0FFPE4Q1MWfrFso7s=
 github.com/secrethub/secrethub-go v0.25.0 h1:cpYmkLRurrrw6NNE4PagPNDOn7kvY6UMrnnDxrvuI1M=
 github.com/secrethub/secrethub-go v0.25.0/go.mod h1:rc2IfKKBJ4L0wGec0u4XnF5/pe0FFPE4Q1MWfrFso7s=
+github.com/secrethub/secrethub-go v0.26.0 h1:BonMEvD3rdAQyY3L91Ze7Mkq0KXXhB3Esn/cDUq3qYc=
+github.com/secrethub/secrethub-go v0.26.0/go.mod h1:Wr4gXWrk8OvBHiCttjLq7wFdKSm07rlEhq5OSYPemtI=
 github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48=

internals/cli/env.go

@@ -148,6 +148,21 @@ func (a *App) PrintEnv(w io.Writer, verbose bool) error {
 	return nil
 }
 
+// CheckStrictEnv checks that every environment variable that starts with the app name is recognized by the application.
+func (a *App) CheckStrictEnv() error {
+	for _, envVar := range os.Environ() {
+		key, _, match := splitVar(a.name, a.separator, envVar)
+		if match {
+			key = strings.ToUpper(key)
+			_, isKnown := a.knownEnvVars[key]
+			if !(isKnown || a.isExtraEnvVar(key)) {
+				return fmt.Errorf("environment variable set, but not recognized: %s", key)
+			}
+		}
+	}
+	return nil
+}
+
 // CommandClause represents a command clause in a command0-line application.
 type CommandClause struct {
 	*kingpin.CmdClause

internals/secrethub/acl_check.go

@@ -5,6 +5,8 @@ import (
 	"sort"
 	"text/tabwriter"
 
+	"github.com/secrethub/secrethub-go/pkg/secretpath"
+
 	"github.com/secrethub/secrethub-cli/internals/cli/ui"
 	"github.com/secrethub/secrethub-cli/internals/secrethub/command"
 
@@ -38,12 +40,7 @@ func (cmd *ACLCheckCommand) Register(r command.Registerer) {
 
 // Run prints the access level(s) on the given directory.
 func (cmd *ACLCheckCommand) Run() error {
-	client, err := cmd.newClient()
-	if err != nil {
-		return err
-	}
-
-	levels, err := client.AccessRules().ListLevels(cmd.path.Value())
+	levels, err := cmd.listLevels()
 	if err != nil {
 		return err
 	}
@@ -79,3 +76,33 @@ func (cmd *ACLCheckCommand) Run() error {
 
 	return nil
 }
+
+func (cmd *ACLCheckCommand) listLevels() ([]*api.AccessLevel, error) {
+	client, err := cmd.newClient()
+	if err != nil {
+		return nil, err
+	}
+
+	path := cmd.path.Value()
+
+	levels, listLevelsErr := client.AccessRules().ListLevels(path)
+	if listLevelsErr == nil {
+		return levels, nil
+	}
+	if !api.IsErrNotFound(listLevelsErr) {
+		return nil, listLevelsErr
+	}
+
+	isSecret, isSecretErr := client.Secrets().Exists(path)
+	if isSecretErr != nil {
+		return nil, listLevelsErr
+	}
+	if isSecret {
+		levels, err = client.AccessRules().ListLevels(secretpath.Parent(path))
+		if err != nil {
+			return nil, err
+		}
+		return levels, nil
+	}
+	return nil, listLevelsErr
+}

internals/secrethub/app.go

@@ -177,7 +177,7 @@ func (app *App) registerCommands() {
 	NewInspectCommand(app.io, app.clientFactory.NewClient).Register(app.cli)
 	NewAuditCommand(app.io, app.clientFactory.NewClient).Register(app.cli)
 	NewInjectCommand(app.io, app.clientFactory.NewClient).Register(app.cli)
-	NewRunCommand(app.clientFactory.NewClient).Register(app.cli)
+	NewRunCommand(app.io, app.clientFactory.NewClient).Register(app.cli)
 	NewPrintEnvCommand(app.cli, app.io).Register(app.cli)
 
 	// Hidden commands

internals/secrethub/inject.go

@@ -5,14 +5,14 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
-	"strings"
 	"time"
 
+	"github.com/secrethub/secrethub-cli/internals/secrethub/tpl"
+
 	"github.com/secrethub/secrethub-cli/internals/cli/clip"
 	"github.com/secrethub/secrethub-cli/internals/cli/filemode"
 	"github.com/secrethub/secrethub-cli/internals/cli/posix"
 	"github.com/secrethub/secrethub-cli/internals/cli/ui"
-	"github.com/secrethub/secrethub-cli/internals/cli/validation"
 	"github.com/secrethub/secrethub-cli/internals/secrethub/command"
 
 	"github.com/docker/go-units"
@@ -26,17 +26,18 @@ var (
 
 // InjectCommand is a command to read a secret.
 type InjectCommand struct {
-	outFile             string
-	inFile              string
-	fileMode            filemode.FileMode
-	force               bool
-	io                  ui.IO
-	useClipboard        bool
-	clearClipboardAfter time.Duration
-	clipper             clip.Clipper
-	newClient           newClientFunc
-	templateVars        map[string]string
-	templateVersion     string
+	outFile                       string
+	inFile                        string
+	fileMode                      filemode.FileMode
+	force                         bool
+	io                            ui.IO
+	useClipboard                  bool
+	clearClipboardAfter           time.Duration
+	clipper                       clip.Clipper
+	newClient                     newClientFunc
+	templateVars                  map[string]string
+	templateVersion               string
+	dontPromptMissingTemplateVars bool
 }
 
 // NewInjectCommand creates a new InjectCommand.
@@ -67,6 +68,7 @@ func (cmd *InjectCommand) Register(r command.Registerer) {
 	clause.Flag("file-mode", "Set filemode for the output file if it does not yet exist. Defaults to 0600 (read and write for current user) and is ignored without the --out-file flag.").Default("0600").SetValue(&cmd.fileMode)
 	clause.Flag("var", "Define the value for a template variable with `VAR=VALUE`, e.g. --var env=prod").Short('v').StringMapVar(&cmd.templateVars)
 	clause.Flag("template-version", "The template syntax version to be used. The options are v1, v2, latest or auto to automatically detect the version.").Default("auto").StringVar(&cmd.templateVersion)
+	clause.Flag("no-prompt", "Do not prompt when a template variable is missing and return an error instead.").BoolVar(&cmd.dontPromptMissingTemplateVars)
 	registerForceFlag(clause).BoolVar(&cmd.force)
 
 	command.BindAction(clause, cmd.Run)
@@ -97,25 +99,16 @@ func (cmd *InjectCommand) Run() error {
 		}
 	}
 
-	templateVars := make(map[string]string)
-
 	osEnv, _ := parseKeyValueStringsToMap(os.Environ())
 
-	for k, v := range osEnv {
-		if strings.HasPrefix(k, templateVarEnvVarPrefix) {
-			k = strings.TrimPrefix(k, templateVarEnvVarPrefix)
-			templateVars[strings.ToLower(k)] = v
-		}
-	}
-
-	for k, v := range cmd.templateVars {
-		templateVars[strings.ToLower(k)] = v
+	var templateVariableReader tpl.VariableReader
+	templateVariableReader, err = newVariableReader(osEnv, cmd.templateVars)
+	if err != nil {
+		return err
 	}
 
-	for k := range templateVars {
-		if !validation.IsEnvarNamePosix(k) {
-			return ErrInvalidTemplateVar(k)
-		}
+	if !cmd.dontPromptMissingTemplateVars {
+		templateVariableReader = newPromptMissingVariableReader(templateVariableReader, cmd.io)
 	}
 
 	parser, err := getTemplateParser(raw, cmd.templateVersion)
@@ -128,7 +121,7 @@ func (cmd *InjectCommand) Run() error {
 		return err
 	}
 
-	injected, err := template.Evaluate(templateVars, newSecretReader(cmd.newClient))
+	injected, err := template.Evaluate(templateVariableReader, newSecretReader(cmd.newClient))
 	if err != nil {
 		return err
 	}

internals/secrethub/list.go

@@ -83,9 +83,9 @@ func (cmd *LsCommand) Run() error {
 	dirPath, err := cmd.path.ToDirPath()
 	if err == nil {
 		dirFS, err := client.Dirs().GetTree(dirPath.Value(), 1, false)
-		if err == api.ErrDirNotFound && dirPath.IsRepoPath() {
+		if api.IsErrNotFound(err) && dirPath.IsRepoPath() {
 			return err
-		} else if err != nil && err != api.ErrDirNotFound {
+		} else if err != nil && !isErrNotFound(err) {
 			return err
 		} else if err == nil {
 			err = printDir(cmd.io.Stdout(), cmd.quiet, dirFS.RootDir, timeFormatter)
@@ -100,7 +100,7 @@ func (cmd *LsCommand) Run() error {
 	secretPath, err := cmd.path.ToSecretPath()
 	if err == nil {
 		versions, err := client.Secrets().Versions().ListWithoutData(secretPath.Value())
-		if err == api.ErrSecretNotFound {
+		if api.IsErrNotFound(err) {
 			return ErrResourceNotFound(cmd.path)
 		} else if err != nil {
 			return err

internals/secrethub/org.go

@@ -22,6 +22,11 @@ func NewOrgCommand(io ui.IO, newClient newClientFunc) *OrgCommand {
 // Register registers the command and its sub-commands on the provided Registerer.
 func (cmd *OrgCommand) Register(r command.Registerer) {
 	clause := r.Command("org", "Manage shared organization workspaces.")
+	clause.Alias("organization")
+	clause.Alias("organisation")
+	clause.Alias("orgs")
+	clause.Alias("organizations")
+	clause.Alias("organisations")
 	NewOrgInitCommand(cmd.io, cmd.newClient).Register(clause)
 	NewOrgInspectCommand(cmd.io, cmd.newClient).Register(clause)
 	NewOrgInviteCommand(cmd.io, cmd.newClient).Register(clause)

internals/secrethub/org_list_users.go

@@ -31,6 +31,7 @@ func NewOrgListUsersCommand(io ui.IO, newClient newClientFunc) *OrgListUsersComm
 // Register registers the command, arguments and flags on the provided Registerer.
 func (cmd *OrgListUsersCommand) Register(r command.Registerer) {
 	clause := r.Command("list-users", "List all members of an organization.")
+	clause.Alias("list-members")
 	clause.Arg("org-name", "The organization name").Required().SetValue(&cmd.orgName)
 	registerTimestampFlag(clause).BoolVar(&cmd.useTimestamps)
 

internals/secrethub/repo.go

@@ -22,6 +22,9 @@ func NewRepoCommand(io ui.IO, newClient newClientFunc) *RepoCommand {
 // Register registers the command and its sub-commands on the provided Registerer.
 func (cmd *RepoCommand) Register(r command.Registerer) {
 	clause := r.Command("repo", "Manage repositories.")
+	clause.Alias("repository")
+	clause.Alias("repos")
+	clause.Alias("repositories")
 	NewRepoInitCommand(cmd.io, cmd.newClient).Register(clause)
 	NewRepoInspectCommand(cmd.io, cmd.newClient).Register(clause)
 	NewRepoInviteCommand(cmd.io, cmd.newClient).Register(clause)