Merge pull request #232 from secrethub/feature/acl-check-secret

jpcoenen · web-flow · commit 7469e82efad6 · 2020-01-15T14:55:18.000+01:00
Accept secret paths on acl check
diff --git a/internals/secrethub/acl_check.go b/internals/secrethub/acl_check.go
@@ -5,6 +5,8 @@ import (
 	"sort"
 	"text/tabwriter"
 
+	"github.com/secrethub/secrethub-go/pkg/secretpath"
+
 	"github.com/secrethub/secrethub-cli/internals/cli/ui"
 	"github.com/secrethub/secrethub-cli/internals/secrethub/command"
 
@@ -38,12 +40,7 @@ func (cmd *ACLCheckCommand) Register(r command.Registerer) {
 
 // Run prints the access level(s) on the given directory.
 func (cmd *ACLCheckCommand) Run() error {
-	client, err := cmd.newClient()
-	if err != nil {
-		return err
-	}
-
-	levels, err := client.AccessRules().ListLevels(cmd.path.Value())
+	levels, err := cmd.listLevels()
 	if err != nil {
 		return err
 	}
@@ -79,3 +76,33 @@ func (cmd *ACLCheckCommand) Run() error {
 
 	return nil
 }
+
+func (cmd *ACLCheckCommand) listLevels() ([]*api.AccessLevel, error) {
+	client, err := cmd.newClient()
+	if err != nil {
+		return nil, err
+	}
+
+	path := cmd.path.Value()
+
+	levels, listLevelsErr := client.AccessRules().ListLevels(path)
+	if listLevelsErr == nil {
+		return levels, nil
+	}
+	if !api.IsErrNotFound(listLevelsErr) {
+		return nil, listLevelsErr
+	}
+
+	isSecret, isSecretErr := client.Secrets().Exists(path)
+	if isSecretErr != nil {
+		return nil, listLevelsErr
+	}
+	if isSecret {
+		levels, err = client.AccessRules().ListLevels(secretpath.Parent(path))
+		if err != nil {
+			return nil, err
+		}
+		return levels, nil
+	}
+	return nil, listLevelsErr
+}
