Merge pull request #35 from ag5/fix/aws-list

fixes AWS Put key with overwrite
kramphub · Jul 18, 2022 · 32c0f22 · 32c0f22
2 parents 9844dde + 035e2e3
commit 32c0f22
Show file tree

Hide file tree

Showing 9 changed files with 30 additions and 18 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,5 +1,9 @@
 # Changes
 
+### v1.11.1
+
+- Fixes overwrite of value in AWS
+
 ### v1.11.0
 
 - Added support for Azure Key Vault (AKV)

diff --git a/backend/akv.go b/backend/akv.go
@@ -2,8 +2,9 @@ package backend
 
 import (
 	"context"
-	"github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets"
 	"time"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets"
 )
 
 type AKV struct {
@@ -49,7 +50,7 @@ func (b *AKV) CheckExists(ctx context.Context, _ *Profile, key string) (bool, er
 	return err == nil, err
 }
 
-func (b *AKV) Put(ctx context.Context, _ *Profile, key, value string) error {
+func (b *AKV) Put(ctx context.Context, _ *Profile, key, value string, overwrite bool) error {
 	_, err := b.client.SetSecret(ctx, key, value, nil)
 	if err != nil {
 		return err

diff --git a/backend/aws-parameterstore.go b/backend/aws-parameterstore.go
@@ -86,15 +86,17 @@ func (s *AWSParameterStore) CheckExists(ctx context.Context, p *Profile, key str
 }
 
 // Put write the parameter and its value using encryption ;either the default key or the one specified in the profile.
-func (s *AWSParameterStore) Put(ctx context.Context, p *Profile, key, value string) error {
+func (s *AWSParameterStore) Put(ctx context.Context, p *Profile, key, value string, overwrite bool) error {
 	input := &ssm.PutParameterInput{
-		Name:        aws.String(key),
-		Value:       aws.String(value),
-		Overwrite:   aws.Bool(false),
-		DataType:    aws.String("text"),
-		Description: aws.String(fmt.Sprintf("created by %s using kiya", os.Getenv("USER"))),
-		Tags:        []*ssm.Tag{{Key: aws.String("creator"), Value: aws.String(os.Getenv("USER"))}},
-		Type:        aws.String("SecureString"),
+		Name:      aws.String(key),
+		Value:     aws.String(value),
+		Overwrite: aws.Bool(overwrite),
+		DataType:  aws.String("text"),
+		Type:      aws.String("SecureString"),
+	}
+	if !overwrite {
+		input.Description = aws.String(fmt.Sprintf("created by %s using kiya", os.Getenv("USER")))
+		input.Tags = []*ssm.Tag{{Key: aws.String("creator"), Value: aws.String(os.Getenv("USER"))}}
 	}
 	// only if CryptoKey is set in the Profile then we set the KeyId
 	// which overrides the default key associated with the AWS account

diff --git a/backend/backend.go b/backend/backend.go
@@ -9,7 +9,7 @@ type Backend interface {
 	Get(ctx context.Context, p *Profile, key string) ([]byte, error)
 	List(ctx context.Context, p *Profile) ([]Key, error)
 	CheckExists(ctx context.Context, p *Profile, key string) (bool, error)
-	Put(ctx context.Context, p *Profile, key, value string) error
+	Put(ctx context.Context, p *Profile, key, value string, overwrite bool) error
 	Delete(ctx context.Context, p *Profile, key string) error
 	SetParameter(key string, value interface{})
 	Close() error

diff --git a/backend/file.go b/backend/file.go
@@ -6,13 +6,14 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"golang.org/x/crypto/argon2"
-	"golang.org/x/crypto/chacha20poly1305"
 	"io/ioutil"
 	"os"
 	"os/user"
 	"path"
 	"time"
+
+	"golang.org/x/crypto/argon2"
+	"golang.org/x/crypto/chacha20poly1305"
 )
 
 type FileStore struct {
@@ -80,7 +81,7 @@ func (f *FileStore) CheckExists(_ context.Context, _ *Profile, key string) (bool
 }
 
 // Put a new Key with encrypted password in the store. Put overwrites the entire store file with the updated store
-func (f *FileStore) Put(_ context.Context, _ *Profile, key, value string) error {
+func (f *FileStore) Put(_ context.Context, _ *Profile, key, value string, overwrite bool) error {
 	if err := f.createStoreIfNotExists(); err != nil {
 		return err
 	}

diff --git a/backend/gsm.go b/backend/gsm.go
@@ -75,7 +75,7 @@ func (b *GSM) CheckExists(ctx context.Context, p *Profile, key string) (bool, er
 	return err == nil, err
 }
 
-func (b *GSM) Put(ctx context.Context, p *Profile, key, value string) error {
+func (b *GSM) Put(ctx context.Context, p *Profile, key, value string, overwrite bool) error {
 	_, err := b.client.CreateSecret(ctx, &secretmanagerpb.CreateSecretRequest{
 		Parent:   fmt.Sprintf("projects/%s", p.ProjectID),
 		SecretId: key,

diff --git a/backend/kms.go b/backend/kms.go
@@ -57,7 +57,7 @@ func (b *KMS) CheckExists(ctx context.Context, p *Profile, key string) (bool, er
 	return true, nil
 }
 
-func (b *KMS) Put(ctx context.Context, p *Profile, key, value string) error {
+func (b *KMS) Put(ctx context.Context, p *Profile, key, value string, overwrite bool) error {
 	encryptedValue, err := b.getEncryptedValue(p, value)
 	if err != nil {
 		return tre.New(err, "failed to fetch encrypted value", "key", key)

diff --git a/cmd/kiya/cmd_move.go b/cmd/kiya/cmd_move.go
@@ -43,7 +43,8 @@ func move(
 		return tre.New(err, "get source key failed", "key", sourceKey)
 	}
 
-	if err := b.Put(ctx, target, targetKey, string(sourceValue)); err != nil {
+	exists, _ := b.CheckExists(ctx, target, targetKey)
+	if err := b.Put(ctx, target, targetKey, string(sourceValue), exists); err != nil {
 		return tre.New(err, "save key failed", targetKey)
 	}
 	// delete key from source

diff --git a/cmd/kiya/cmd_put_paste_generate.go b/cmd/kiya/cmd_put_paste_generate.go
@@ -16,14 +16,17 @@ func commandPutPasteGenerate(
 	command, key, value string,
 	mustPrompt bool,
 ) {
+
+	overwrite := false
 	if exists, _ := b.CheckExists(ctx, target, key); exists {
 		if mustPrompt && !promptForYes(fmt.Sprintf("Are you sure to overwrite [%s] from [%s] (y/N)? ", key, target.Label)) {
 			log.Fatalln(command + " aborted")
 			return
 		}
+		overwrite = true
 	}
 
-	if err := b.Put(ctx, target, key, value); err != nil {
+	if err := b.Put(ctx, target, key, value, overwrite); err != nil {
 		log.Fatal(err)
 	}
 }