From 53865435f78fb15fdbdd3f80ade481f644652730 Mon Sep 17 00:00:00 2001 From: ernest-ag5 Date: Mon, 18 Jul 2022 09:42:18 +0200 Subject: [PATCH 1/3] add overwrite --- backend/aws-parameterstore.go | 18 ++++++++++-------- backend/backend.go | 2 +- backend/gsm.go | 2 +- backend/kms.go | 2 +- cmd/kiya/cmd_move.go | 3 ++- cmd/kiya/cmd_put_paste_generate.go | 5 ++++- 6 files changed, 19 insertions(+), 13 deletions(-) diff --git a/backend/aws-parameterstore.go b/backend/aws-parameterstore.go index 23b5ddd..47b719b 100644 --- a/backend/aws-parameterstore.go +++ b/backend/aws-parameterstore.go @@ -86,15 +86,17 @@ func (s *AWSParameterStore) CheckExists(ctx context.Context, p *Profile, key str } // Put write the parameter and its value using encryption ;either the default key or the one specified in the profile. -func (s *AWSParameterStore) Put(ctx context.Context, p *Profile, key, value string) error { +func (s *AWSParameterStore) Put(ctx context.Context, p *Profile, key, value string, overwrite bool) error { input := &ssm.PutParameterInput{ - Name: aws.String(key), - Value: aws.String(value), - Overwrite: aws.Bool(false), - DataType: aws.String("text"), - Description: aws.String(fmt.Sprintf("created by %s using kiya", os.Getenv("USER"))), - Tags: []*ssm.Tag{{Key: aws.String("creator"), Value: aws.String(os.Getenv("USER"))}}, - Type: aws.String("SecureString"), + Name: aws.String(key), + Value: aws.String(value), + Overwrite: aws.Bool(overwrite), + DataType: aws.String("text"), + Type: aws.String("SecureString"), + } + if !overwrite { + input.Description = aws.String(fmt.Sprintf("created by %s using kiya", os.Getenv("USER"))) + input.Tags = []*ssm.Tag{{Key: aws.String("creator"), Value: aws.String(os.Getenv("USER"))}} } // only if CryptoKey is set in the Profile then we set the KeyId // which overrides the default key associated with the AWS account diff --git a/backend/backend.go b/backend/backend.go index e759c6c..21fb945 100644 --- a/backend/backend.go +++ b/backend/backend.go @@ -9,7 +9,7 @@ type Backend interface { Get(ctx context.Context, p *Profile, key string) ([]byte, error) List(ctx context.Context, p *Profile) ([]Key, error) CheckExists(ctx context.Context, p *Profile, key string) (bool, error) - Put(ctx context.Context, p *Profile, key, value string) error + Put(ctx context.Context, p *Profile, key, value string, overwrite bool) error Delete(ctx context.Context, p *Profile, key string) error SetParameter(key string, value interface{}) Close() error diff --git a/backend/gsm.go b/backend/gsm.go index e7c4b5b..df3f6e7 100644 --- a/backend/gsm.go +++ b/backend/gsm.go @@ -75,7 +75,7 @@ func (b *GSM) CheckExists(ctx context.Context, p *Profile, key string) (bool, er return err == nil, err } -func (b *GSM) Put(ctx context.Context, p *Profile, key, value string) error { +func (b *GSM) Put(ctx context.Context, p *Profile, key, value string, overwrite bool) error { _, err := b.client.CreateSecret(ctx, &secretmanagerpb.CreateSecretRequest{ Parent: fmt.Sprintf("projects/%s", p.ProjectID), SecretId: key, diff --git a/backend/kms.go b/backend/kms.go index 0ab8107..de80123 100644 --- a/backend/kms.go +++ b/backend/kms.go @@ -57,7 +57,7 @@ func (b *KMS) CheckExists(ctx context.Context, p *Profile, key string) (bool, er return true, nil } -func (b *KMS) Put(ctx context.Context, p *Profile, key, value string) error { +func (b *KMS) Put(ctx context.Context, p *Profile, key, value string, overwrite bool) error { encryptedValue, err := b.getEncryptedValue(p, value) if err != nil { return tre.New(err, "failed to fetch encrypted value", "key", key) diff --git a/cmd/kiya/cmd_move.go b/cmd/kiya/cmd_move.go index af9e209..4155e69 100644 --- a/cmd/kiya/cmd_move.go +++ b/cmd/kiya/cmd_move.go @@ -43,7 +43,8 @@ func move( return tre.New(err, "get source key failed", "key", sourceKey) } - if err := b.Put(ctx, target, targetKey, string(sourceValue)); err != nil { + exists, _ := b.CheckExists(ctx, target, targetKey) + if err := b.Put(ctx, target, targetKey, string(sourceValue), exists); err != nil { return tre.New(err, "save key failed", targetKey) } // delete key from source diff --git a/cmd/kiya/cmd_put_paste_generate.go b/cmd/kiya/cmd_put_paste_generate.go index d5decf7..fd73721 100644 --- a/cmd/kiya/cmd_put_paste_generate.go +++ b/cmd/kiya/cmd_put_paste_generate.go @@ -16,14 +16,17 @@ func commandPutPasteGenerate( command, key, value string, mustPrompt bool, ) { + + overwrite := false if exists, _ := b.CheckExists(ctx, target, key); exists { if mustPrompt && !promptForYes(fmt.Sprintf("Are you sure to overwrite [%s] from [%s] (y/N)? ", key, target.Label)) { log.Fatalln(command + " aborted") return } + overwrite = true } - if err := b.Put(ctx, target, key, value); err != nil { + if err := b.Put(ctx, target, key, value, overwrite); err != nil { log.Fatal(err) } } From 8bc94ac3cefbf57e96c4d205fd2cba7bef6ec73f Mon Sep 17 00:00:00 2001 From: ernest-ag5 Date: Mon, 18 Jul 2022 09:45:39 +0200 Subject: [PATCH 2/3] update akv,file with new Put signature --- backend/akv.go | 5 +++-- backend/file.go | 7 ++++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/backend/akv.go b/backend/akv.go index 589c051..f895282 100644 --- a/backend/akv.go +++ b/backend/akv.go @@ -2,8 +2,9 @@ package backend import ( "context" - "github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets" "time" + + "github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets" ) type AKV struct { @@ -49,7 +50,7 @@ func (b *AKV) CheckExists(ctx context.Context, _ *Profile, key string) (bool, er return err == nil, err } -func (b *AKV) Put(ctx context.Context, _ *Profile, key, value string) error { +func (b *AKV) Put(ctx context.Context, _ *Profile, key, value string, overwrite bool) error { _, err := b.client.SetSecret(ctx, key, value, nil) if err != nil { return err diff --git a/backend/file.go b/backend/file.go index 3f483c1..f95a549 100644 --- a/backend/file.go +++ b/backend/file.go @@ -6,13 +6,14 @@ import ( "encoding/json" "errors" "fmt" - "golang.org/x/crypto/argon2" - "golang.org/x/crypto/chacha20poly1305" "io/ioutil" "os" "os/user" "path" "time" + + "golang.org/x/crypto/argon2" + "golang.org/x/crypto/chacha20poly1305" ) type FileStore struct { @@ -80,7 +81,7 @@ func (f *FileStore) CheckExists(_ context.Context, _ *Profile, key string) (bool } // Put a new Key with encrypted password in the store. Put overwrites the entire store file with the updated store -func (f *FileStore) Put(_ context.Context, _ *Profile, key, value string) error { +func (f *FileStore) Put(_ context.Context, _ *Profile, key, value string, overwrite bool) error { if err := f.createStoreIfNotExists(); err != nil { return err } From 035e2e36283b39d7e3e6a7e1964b29805e946bae Mon Sep 17 00:00:00 2001 From: ernest-ag5 Date: Mon, 18 Jul 2022 09:53:22 +0200 Subject: [PATCH 3/3] add change log entry --- CHANGES.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 7ebda80..d979e40 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,5 +1,9 @@ # Changes +### v1.11.1 + +- Fixes overwrite of value in AWS + ### v1.11.0 - Added support for Azure Key Vault (AKV)