feat(ignore-errors): introduce --skip-errors flag

FalcoSuessgott · Oct 26, 2023 · 7df6740 · 7df6740
1 parent 014cf7f
commit 7df6740
Show file tree

Hide file tree

Showing 8 changed files with 20 additions and 10 deletions.
diff --git a/Makefile b/Makefile
@@ -49,7 +49,7 @@ vault: clean ## set up a development vault server and write kv secrets
 
 .PHONY: vault-ent
 vault-ent: clean ## set up a development vault enterprise server and write kv secrets
-	nohup vault-ent server -dev -dev-root-token-id=root 2> /dev/null &
+	nohup vault server -dev -dev-root-token-id=root 2> /dev/null &
 	sleep 3
 
 	./scripts/prepare-vault.sh

diff --git a/cmd/export/export.go b/cmd/export/export.go
@@ -30,6 +30,8 @@ type exportOptions struct {
 	ShowMetadata   bool `env:"SHOW_METADATA" envDefault:"true"`
 	MaxValueLength int  `env:"MAX_VALUE_LENGTH" envDefault:"12"`
 
+	SkipErrors bool `env:"SKIP_ERRORS" envDefault:"false"`
+
 	TemplateFile   string `env:"TEMPLATE_FILE"`
 	TemplateString string `env:"TEMPLATE_STRING"`
 
@@ -82,6 +84,7 @@ func NewExportCmd(writer io.Writer, vaultClient *vault.Vault) *cobra.Command {
 			)
 
 			// prepare map
+
 			m, err := o.buildMap(vaultClient)
 			if err != nil {
 				return err
@@ -103,6 +106,7 @@ func NewExportCmd(writer io.Writer, vaultClient *vault.Vault) *cobra.Command {
 	// Input
 	cmd.Flags().StringVarP(&o.Path, "path", "p", o.Path, "KVv2 Engine path (env: VKV_EXPORT_PATH)")
 	cmd.Flags().StringVarP(&o.EnginePath, "engine-path", "e", o.EnginePath, "engine path in case your KV-engine contains special characters such as \"/\", the path value will then be appended if specified (\"<engine-path>/<path>\") (env: VKV_EXPORT_ENGINE_PATH)")
+	cmd.Flags().BoolVar(&o.SkipErrors, "skip-errors", o.SkipErrors, "dont exit on errors (permission denied, deleted secrets)")
 
 	// Modify
 	cmd.Flags().BoolVar(&o.OnlyKeys, "only-keys", o.OnlyKeys, "show only keys (env: VKV_EXPORT_ONLY_KEYS)")
@@ -188,7 +192,7 @@ func (o *exportOptions) buildMap(v *vault.Vault) (map[string]interface{}, error)
 	rootPath, subPath := utils.HandleEnginePath(o.EnginePath, o.Path)
 
 	// read recursive all secrets
-	s, err := v.ListRecursive(rootPath, subPath)
+	s, err := v.ListRecursive(rootPath, subPath, o.SkipErrors)
 	if err != nil {
 		return nil, err
 	}

diff --git a/cmd/imp/import.go b/cmd/imp/import.go
@@ -234,7 +234,7 @@ func (o *importOptions) dryRun(v *vault.Vault, secrets map[string]interface{}) e
 	rootPath, _ := utils.SplitPath(o.Path)
 	existingSecrets := make(map[string]interface{})
 
-	tmp, err := v.ListRecursive(rootPath, "")
+	tmp, err := v.ListRecursive(rootPath, "", false)
 	if err == nil {
 		existingSecrets = utils.PathMap(rootPath, utils.ToMapStringInterface(tmp), false)
 	}
@@ -274,7 +274,7 @@ func (o *importOptions) printResult(v *vault.Vault) error {
 
 	rootPath, _ := utils.SplitPath(o.Path)
 
-	s, err := v.ListRecursive(rootPath, "")
+	s, err := v.ListRecursive(rootPath, "", false)
 	if err != nil {
 		return err
 	}

diff --git a/cmd/snapshot/snapshot_restore_test.go b/cmd/snapshot/snapshot_restore_test.go
@@ -53,7 +53,7 @@ func (s *VaultSuite) TestSnapShotRestoreCommand() {
 						continue
 					}
 
-					secret, err := s.client.ListRecursive(path.Join(expNS, engine), "")
+					secret, err := s.client.ListRecursive(path.Join(expNS, engine), "", false)
 					require.NoError(s.Suite.T(), err)
 
 					out, err := fs.ReadFile(path.Join("testdata/vkv-snapshot-export", expNS, strings.TrimSuffix(engine, "/")+".yaml"))

diff --git a/cmd/snapshot/snapshot_save.go b/cmd/snapshot/snapshot_save.go
@@ -78,7 +78,7 @@ func (o *snapshotSaveOptions) backupKVEngines(v *vault.Vault, engines map[string
 		for _, e := range engines[ns] {
 			enginePath := path.Join(ns, e)
 
-			out, err := v.ListRecursive(enginePath, "")
+			out, err := v.ListRecursive(enginePath, "", false)
 			if err != nil {
 				return err
 			}

diff --git a/cmd/version/version_test.go b/cmd/version/version_test.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"io"
 	"testing"
+
 	"github.com/stretchr/testify/assert"
 )
 

diff --git a/pkg/vault/kv.go b/pkg/vault/kv.go
@@ -20,7 +20,7 @@ const (
 type Secrets map[string]interface{}
 
 // ListRecursive returns secrets to a path recursive.
-func (v *Vault) ListRecursive(rootPath, subPath string) (*Secrets, error) {
+func (v *Vault) ListRecursive(rootPath, subPath string, skipErrors bool) (*Secrets, error) {
 	s := make(Secrets)
 
 	keys, err := v.ListKeys(rootPath, subPath)
@@ -36,18 +36,23 @@ func (v *Vault) ListRecursive(rootPath, subPath string) (*Secrets, error) {
 
 	for _, k := range keys {
 		if strings.HasSuffix(k, utils.Delimiter) {
-			secrets, err := v.ListRecursive(rootPath, path.Join(subPath, k))
+			secrets, err := v.ListRecursive(rootPath, path.Join(subPath, k), skipErrors)
 			if err != nil {
 				return &s, err
 			}
 
 			(s)[k] = secrets
 		} else {
 			secrets, err := v.ReadSecrets(rootPath, path.Join(subPath, k))
-			if err != nil {
+			if !skipErrors && err != nil {
 				return nil, err
 			}
 
+			// do not exit on errors, just an empty map, so json/yaml export still works
+			if skipErrors && secrets == nil {
+				secrets = make(Secrets)
+			}
+
 			(s)[k] = secrets
 		}
 	}

diff --git a/pkg/vault/kv_test.go b/pkg/vault/kv_test.go
@@ -55,7 +55,7 @@ func (s *VaultSuite) TestListRecursive() {
 
 			// read secrets
 			res := make(Secrets)
-			secrets, err := s.client.ListRecursive(tc.rootPath, tc.subPath)
+			secrets, err := s.client.ListRecursive(tc.rootPath, tc.subPath, false)
 			assert.NoError(s.Suite.T(), err)
 
 			res[tc.rootPath] = *secrets
-Original file line number
+Diff line change
@@ Expand Up / @@ -4,6 +4,7 @@ import ( @@
     	"bytes"
     	"io"
     	"testing"
     	"github.com/stretchr/testify/assert"
     )
@@ Expand Down @@