Merge pull request #198 from secrethub/release/v0.30.0

Release v0.30.0

Author: SimonBarendse

.circleci/config.yml

@@ -1,8 +1,20 @@
 version: 2
 jobs:
-  build:
+  test:
     docker:
       - image: circleci/golang:1.12
     steps:
       - checkout
       - run: make test
+  verify-goreleaser:
+    docker:
+      - image: goreleaser/goreleaser:v0.117
+    steps:
+      - checkout
+      - run: goreleaser check
+workflows:
+  version: 2
+  pipeline:
+    jobs:
+      - test
+      - verify-goreleaser

README.md

@@ -12,9 +12,9 @@
 [![Version]( https://img.shields.io/github/release/secrethub/secrethub-cli.svg)][latest-version]
 [![Discord](https://img.shields.io/badge/chat-on%20discord-7289da.svg?logo=discord)][discord]
 
-The SecretHub CLI provides the command-line interface to interact with SecretHub.
+The SecretHub CLI provides the command-line interface to interact with the SecretHub API.
 
-> [SecretHub][secrethub] is a developer tool to help you keep database passwords, API tokens, and other secrets out of IT automation scripts.
+> [SecretHub][secrethub] is an end-to-end encrypted secret management service that helps developers keep database passwords, API keys, and other secrets out of source code.
 
 ## Usage
 

go.mod

@@ -4,7 +4,7 @@ go 1.12
 
 require (
 	bitbucket.org/zombiezen/cardcpx v0.0.0-20150417151802-902f68ff43ef
-	github.com/alecthomas/kingpin v0.0.0-20190705085659-95eb9edaa399
+	github.com/alecthomas/kingpin v0.0.0-20190930021037-0a108b7f5563
 	github.com/atotto/clipboard v0.1.2
 	github.com/aws/aws-sdk-go v1.19.38
 	github.com/danieljoos/wincred v1.0.2 // indirect
@@ -25,5 +25,3 @@ require (
 	golang.org/x/text v0.3.0
 	gopkg.in/yaml.v2 v2.2.2
 )
-
-replace github.com/alecthomas/kingpin => github.com/secrethub/kingpin v0.0.0-20190920111600-67b1cb231087

go.sum

@@ -6,6 +6,8 @@ github.com/ChrisTrenkamp/goxpath v0.0.0-20170922090931-c385f95c6022 h1:y8Gs8CzNf
 github.com/ChrisTrenkamp/goxpath v0.0.0-20170922090931-c385f95c6022/go.mod h1:nuWgzSkT5PnyOd+272uUmV0dnAnAn42Mk7PiQC5VzN4=
 github.com/alecthomas/kingpin v0.0.0-20190705085659-95eb9edaa399 h1:NoJOfPUP5uDdYYuWS/+I6UQDH4+Fo1wDlaw4CUEeHmk=
 github.com/alecthomas/kingpin v0.0.0-20190705085659-95eb9edaa399/go.mod h1:idxgS9pV6OOpAhZvx+gcoGRMX9/tt0iqkw/pNxI0C14=
+github.com/alecthomas/kingpin v0.0.0-20190930021037-0a108b7f5563 h1:YT8l7Flq7VNXnjqwtjCF9bzffTPGgedBC+xyj88lVe4=
+github.com/alecthomas/kingpin v0.0.0-20190930021037-0a108b7f5563/go.mod h1:idxgS9pV6OOpAhZvx+gcoGRMX9/tt0iqkw/pNxI0C14=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc h1:cAKDfWh5VpdgMhJosfJnn5/FoN2SRZ4p7fJNX58YPaU=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf h1:qet1QNfXsQxTZqLG4oE62mJzwPIB8+Tee4RNCL9ulrY=

internals/cli/masker/writer_test.go

@@ -271,7 +271,7 @@ func TestNewMaskedWriter(t *testing.T) {
 	}
 }
 
-func TestNewMaskedWriter_OnlyFlushingOnTimeoutBug(t *testing.T) {
+func TestNewMaskedWriter_FlushBeforeTimeout(t *testing.T) {
 	// There was a bug in MaskedWriter where it was only flushed on a timeout when a secret was found in the middle
 	// of write. This test assures this bug is not present by writing a secret in the middle of a Write and
 	// checking whether Flush() returns before the timeout of the MaskedWriter.

internals/demo/app/page.go

@@ -0,0 +1,101 @@
+package app
+
+const page = `
+<!doctype html>
+<html lang="en">
+<head>
+	<meta charset="utf-8">
+	<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+	<meta name="description" content="">
+	<meta name="author" content="">
+	<link rel="icon" href="https://secrethub.io/img/favicon/favicon.ico">
+
+	<title>SecretHub Example App</title>
+
+	<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.2/css/all.min.css" integrity="sha256-zmfNZmXoNWBMemUOo1XUGFfc0ihGGLYdgtJS3KCr/l0=" crossorigin="anonymous" />
+	<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
+
+	<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
+
+	<style>
+		html,
+		body {
+			height: 100%;
+		}
+
+		body {
+			display: -ms-flexbox;
+			display: -webkit-box;
+			display: flex;
+			-ms-flex-align: center;
+			-ms-flex-pack: center;
+			-webkit-box-align: center;
+			align-items: center;
+			-webkit-box-pack: center;
+			justify-content: center;
+			padding-top: 40px;
+			padding-bottom: 40px;
+			background-color: #f5f5f5;
+		}
+
+		.container {
+			width: 100%;
+			max-width: 400px;
+			padding: 15px;
+			margin: 0 auto;
+		}
+	</style>
+
+	<script>
+		function processResult(status, icon, color, result){
+            $("#status").html(status);
+            $("#animation").attr("class", "fas fa-"+icon+" fa-5x");
+            $("#animation").css("color", color);
+            if(result !== "") {
+                $(".result-container").attr("hidden",false);
+				 try {
+					j = JSON.parse(result);
+					$("#result").html(j['message']);
+				} catch (e) {
+					$("#result").html(result);
+				}
+			}
+		}
+
+		function processError(message){
+            processResult("An error occurred!", "times", "red", message);
+		}
+
+		$(function(){
+		    $.get("/api", {}, function(res, status, xhr){
+		        if(xhr.status === 200) {
+                    processResult("Successfully connected to https://demo.secrethub.io/api!", "check", "green", res);
+                } else {
+					console.log(res, status, xhr);
+                    processError(res);
+				}
+			}).catch(function(res){
+                processError(res.responseText);
+			});
+		});
+	</script>
+</head>
+
+<body class="text-center">
+<div class="container">
+	<img class="mb-4" src="https://secrethub.io/img/secrethub-logo-rgb-shield-square.png" alt="SecretHub logo" width="60" height="60">
+	<h1 class="h3 mb-3 font-weight-normal">Demo App</h1>
+	<i id="animation" class="fas fa-spinner fa-spin fa-3x"> </i>	
+	<p id="status">Trying to connect to https://demo.secrethub.io/api...</p>
+	<div class="result-container mt-3 card" hidden>
+ 		<div class="card-header">
+			Result
+		</div>
+		<div class="card-body" id="result">
+		</div>
+	</div>
+	<p class="mt-5 mb-3 text-muted">Read the <a href="https://secrethub.io/docs/reference/cli/demo/" target="_blank">documentation</a> for this app</p>
+</div>
+</body>
+</html>
+`

internals/demo/app/serve.go

@@ -0,0 +1,80 @@
+package app
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+)
+
+type Server struct {
+	host string
+	port int
+
+	appUsername string
+	appPassword string
+}
+
+func NewServer(host string, port int) *Server {
+	username := os.Getenv("DEMO_USERNAME")
+	password := os.Getenv("DEMO_PASSWORD")
+
+	return &Server{
+		host:        host,
+		port:        port,
+		appUsername: username,
+		appPassword: password,
+	}
+}
+
+func (s *Server) Serve() error {
+	http.HandleFunc("/", s.ServeIndex)
+	http.HandleFunc("/api", s.ServeAPI)
+
+	addr := fmt.Sprintf("%s:%d", s.host, s.port)
+	return http.ListenAndServe(addr, nil)
+}
+
+func (s *Server) ServeIndex(w http.ResponseWriter, r *http.Request) {
+	_, err := w.Write([]byte(page))
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+	}
+}
+
+func (s *Server) ServeAPI(w http.ResponseWriter, r *http.Request) {
+	w.Header().Add("Access-Control-Allow-Origin", "*")
+
+	if s.appUsername == "" {
+		writeServerError(w, "DEMO_USERNAME environment variable not set")
+		return
+	}
+
+	if s.appPassword == "" {
+		writeServerError(w, "DEMO_PASSWORD environment variable not set")
+		return
+	}
+
+	req, err := http.NewRequest("GET", "https://demo.secrethub.io/api/v1/basic-auth", nil)
+	if err != nil {
+		writeServerError(w, err.Error())
+		return
+	}
+
+	req.SetBasicAuth(s.appUsername, s.appPassword)
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		writeServerError(w, err.Error())
+		return
+	}
+	w.WriteHeader(resp.StatusCode)
+	_, err = io.Copy(w, resp.Body)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func writeServerError(w http.ResponseWriter, message string) {
+	w.WriteHeader(http.StatusInternalServerError)
+	fmt.Fprint(w, message)
+}

internals/demo/command.go

@@ -0,0 +1,29 @@
+package demo
+
+import (
+	"github.com/secrethub/secrethub-cli/internals/cli/ui"
+	"github.com/secrethub/secrethub-cli/internals/secrethub/command"
+)
+
+// Command is a command to run the secrethub example app.
+type Command struct {
+	io        ui.IO
+	newClient newClientFunc
+}
+
+// NewCommand creates a new example app command.
+func NewCommand(io ui.IO, newClient newClientFunc) *Command {
+	return &Command{
+		io:        io,
+		newClient: newClient,
+	}
+}
+
+// Register registers the command, arguments and flags on the provided Registerer.
+func (cmd *Command) Register(r command.Registerer) {
+	clause := r.Command("demo", "Manage the demo application.")
+	clause.Hidden()
+
+	NewInitCommand(cmd.io, cmd.newClient).Register(clause)
+	NewServeCommand(cmd.io).Register(clause)
+}

internals/demo/init.go

@@ -0,0 +1,91 @@
+package demo
+
+import (
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/base64"
+	"fmt"
+
+	"github.com/secrethub/secrethub-cli/internals/cli/ui"
+	"github.com/secrethub/secrethub-cli/internals/secrethub/command"
+
+	"github.com/secrethub/secrethub-go/internals/api"
+	"github.com/secrethub/secrethub-go/pkg/secrethub"
+	"github.com/secrethub/secrethub-go/pkg/secretpath"
+)
+
+type newClientFunc func() (secrethub.ClientInterface, error)
+
+const defaultDemoRepo = "demo"
+
+type InitCommand struct {
+	repo api.RepoPath
+
+	io        ui.IO
+	newClient newClientFunc
+}
+
+func NewInitCommand(io ui.IO, newClient newClientFunc) *InitCommand {
+	return &InitCommand{
+		io:        io,
+		newClient: newClient,
+	}
+}
+
+// Register registers the command, arguments and flags on the provided Registerer.
+func (cmd *InitCommand) Register(r command.Registerer) {
+	clause := r.Command("init", "Create the secrets necessary to connect with the demo application.")
+	clause.HelpLong("demo init creates a repository with the username and password needed to connect to the demo API.")
+
+	clause.Flag("repo", "The path of the repository to create. Defaults to a "+defaultDemoRepo+" repo in your personal namespace.").SetValue(&cmd.repo)
+
+	command.BindAction(clause, cmd.Run)
+}
+
+// Run handles the command with the options as specified in the command.
+func (cmd *InitCommand) Run() error {
+	client, err := cmd.newClient()
+	if err != nil {
+		return err
+	}
+
+	var repoPath string
+	var username string
+	if cmd.repo == "" {
+		me, err := client.Me().GetUser()
+		if err != nil {
+			return err
+		}
+		username = me.Username
+		repoPath = secretpath.Join(me.Username, defaultDemoRepo)
+	} else {
+		username = secretpath.Namespace(cmd.repo.Value())
+		repoPath = cmd.repo.Value()
+	}
+
+	_, err = client.Repos().Create(repoPath)
+	if err == api.ErrRepoAlreadyExists && cmd.repo == "" {
+		return fmt.Errorf("demo repo %s already exists, use --repo to specify another repo to use", repoPath)
+	} else if err != nil {
+		return err
+	}
+
+	usernamePath := secretpath.Join(repoPath, "username")
+	_, err = client.Secrets().Write(usernamePath, []byte(username))
+	if err != nil {
+		return err
+	}
+
+	h := hmac.New(sha256.New, []byte("this-is-no-good-way-to-generate-a-password-that-is-why-we-only-use-it-for-demo-purposes"))
+	password := base64.RawStdEncoding.EncodeToString(h.Sum([]byte(username)))[:20]
+
+	passwordPath := secretpath.Join(repoPath, "password")
+	_, err = client.Secrets().Write(passwordPath, []byte(password))
+	if err != nil {
+		return err
+	}
+
+	fmt.Printf("Created the following secrets:\n%s\n%s\n", usernamePath, passwordPath)
+
+	return nil
+}