commit 9281c9fe3fc2fef8e87f929c7767bb46809c1245
parent 0339844d766c1e2e728e7d03bccaec6e2ae79fa3
Author: Sean Enck <sean@ttypty.com>
Date: Fri, 31 Mar 2023 18:45:37 -0400
rekey should take args
Diffstat:
6 files changed, 37 insertions(+), 42 deletions(-)
diff --git a/cmd/main.go b/cmd/main.go
@@ -70,7 +70,7 @@ func run() error {
if err != nil {
return err
}
- return app.ReKey(p.Writer(), keyer)
+ return app.ReKey(p.Args(), p.Writer(), keyer)
}
case cli.ListCommand:
return app.List(p)
diff --git a/internal/app/rekey.go b/internal/app/rekey.go
@@ -78,8 +78,8 @@ func (r DefaultKeyer) Insert(entry ReKeyEntry) error {
}
// ReKey handles entry rekeying
-func ReKey(writer io.Writer, r Keyer) error {
- env, err := inputs.GetReKey()
+func ReKey(args []string, writer io.Writer, r Keyer) error {
+ env, err := inputs.GetReKey(args)
if err != nil {
return err
}
diff --git a/internal/app/rekey_test.go b/internal/app/rekey_test.go
@@ -3,7 +3,6 @@ package app_test
import (
"bytes"
"errors"
- "os"
"testing"
"github.com/enckse/lockbox/internal/app"
@@ -42,41 +41,34 @@ func (m *mockKeyer) Insert(entry app.ReKeyEntry) error {
return nil
}
-func setupReKey() {
- os.Setenv("LOCKBOX_KEY_NEW", "abc")
- os.Setenv("LOCKBOX_STORE_NEW", "store")
-}
-
func TestErrors(t *testing.T) {
- setupReKey()
var buf bytes.Buffer
m := &mockKeyer{}
m.err = errors.New("invalid call")
- if err := app.ReKey(&buf, m); err == nil || err.Error() != "invalid call" {
+ if err := app.ReKey([]string{"-store", "store", "-key", "abc"}, &buf, m); err == nil || err.Error() != "invalid call" {
t.Errorf("invalid error: %v", err)
}
m.err = nil
m.items = map[string]backend.JSON{"test": {ModTime: ""}}
- if err := app.ReKey(&buf, m); err == nil || err.Error() != "did not read modtime" {
+ if err := app.ReKey([]string{"-store", "store", "-key", "abc"}, &buf, m); err == nil || err.Error() != "did not read modtime" {
t.Errorf("invalid error: %v", err)
}
m.items = map[string]backend.JSON{"test1": {ModTime: "2"}}
- if err := app.ReKey(&buf, m); err == nil || err.Error() != "no data" {
+ if err := app.ReKey([]string{"-store", "store", "-key", "abc"}, &buf, m); err == nil || err.Error() != "no data" {
t.Errorf("invalid error: %v", err)
}
m.data = make(map[string][]byte)
m.data["test1"] = []byte{1}
m.data["error"] = []byte{2}
m.items = map[string]backend.JSON{"error": {ModTime: "2"}}
- if err := app.ReKey(&buf, m); err == nil || err.Error() != "bad insert" {
+ if err := app.ReKey([]string{"-store", "store", "-key", "abc"}, &buf, m); err == nil || err.Error() != "bad insert" {
t.Errorf("invalid error: %v", err)
}
}
func TestReKey(t *testing.T) {
- setupReKey()
var buf bytes.Buffer
- if err := app.ReKey(&buf, &mockKeyer{}); err != nil {
+ if err := app.ReKey([]string{"-store", "store", "-key", "abc"}, &buf, &mockKeyer{}); err != nil {
t.Errorf("invalid error: %v", err)
}
if buf.String() != "" {
@@ -90,7 +82,7 @@ func TestReKey(t *testing.T) {
m.data = make(map[string][]byte)
m.data["test1"] = []byte{1}
m.data["test2"] = []byte{2}
- if err := app.ReKey(&buf, m); err != nil {
+ if err := app.ReKey([]string{"-store", "store", "-key", "abc"}, &buf, m); err != nil {
t.Errorf("invalid error: %v", err)
}
if buf.String() == "" {
diff --git a/internal/inputs/env.go b/internal/inputs/env.go
@@ -3,9 +3,11 @@ package inputs
import (
"errors"
+ "flag"
"fmt"
"os"
"os/exec"
+ "sort"
"strconv"
"strings"
"time"
@@ -63,7 +65,6 @@ const (
ModTimeEnv = prefixKey + "SET_MODTIME"
// ModTimeFormat is the expected modtime format
ModTimeFormat = time.RFC3339
- reKeySuffix = "_NEW"
// MaxTOTPTimeDefault is the max TOTP time to run (default)
MaxTOTPTimeDefault = "120"
)
@@ -79,14 +80,26 @@ type (
)
// GetReKey will get the rekey environment settings
-func GetReKey() ([]string, error) {
+func GetReKey(args []string) ([]string, error) {
+ set := flag.NewFlagSet("rekey", flag.ExitOnError)
+ store := set.String("store", "", "new store")
+ key := set.String("key", "", "new key")
+ keyFile := set.String("keyfile", "", "new keyfile")
+ keyMode := set.String("keymode", "", "new keymode")
+ if err := set.Parse(args); err != nil {
+ return nil, err
+ }
+ mapped := map[string]string{
+ keyModeEnv: *keyMode,
+ keyEnv: *key,
+ KeyFileEnv: *keyFile,
+ StoreEnv: *store,
+ }
hasStore := false
hasKey := false
hasKeyFile := false
var out []string
- for _, k := range []string{keyModeEnv, keyEnv, KeyFileEnv, StoreEnv} {
- newKey := fmt.Sprintf("%s%s", k, reKeySuffix)
- val := os.Getenv(newKey)
+ for k, val := range mapped {
if val != "" {
switch k {
case StoreEnv:
@@ -99,6 +112,7 @@ func GetReKey() ([]string, error) {
}
out = append(out, fmt.Sprintf("%s=%s", k, val))
}
+ sort.Strings(out)
if !hasStore || (!hasKey && !hasKeyFile) {
return nil, fmt.Errorf("missing required environment variables for rekey: %s", strings.Join(out, " "))
}
diff --git a/internal/inputs/env_test.go b/internal/inputs/env_test.go
@@ -118,33 +118,26 @@ func TestListVariables(t *testing.T) {
}
func TestReKey(t *testing.T) {
- os.Setenv("LOCKBOX_STORE_NEW", "")
- os.Setenv("LOCKBOX_KEY_NEW", "")
- os.Setenv("LOCKBOX_KEYFILE_NEW", "")
- _, err := inputs.GetReKey()
- if err == nil || err.Error() != "missing required environment variables for rekey: LOCKBOX_KEYMODE= LOCKBOX_KEY= LOCKBOX_KEYFILE= LOCKBOX_STORE=" {
+ _, err := inputs.GetReKey([]string{})
+ if err == nil || err.Error() != "missing required environment variables for rekey: LOCKBOX_KEY= LOCKBOX_KEYFILE= LOCKBOX_KEYMODE= LOCKBOX_STORE=" {
t.Errorf("failed: %v", err)
}
- os.Setenv("LOCKBOX_STORE_NEW", "abc")
- _, err = inputs.GetReKey()
- if err == nil || err.Error() != "missing required environment variables for rekey: LOCKBOX_KEYMODE= LOCKBOX_KEY= LOCKBOX_KEYFILE= LOCKBOX_STORE=abc" {
+ _, err = inputs.GetReKey([]string{"-store", "abc"})
+ if err == nil || err.Error() != "missing required environment variables for rekey: LOCKBOX_KEY= LOCKBOX_KEYFILE= LOCKBOX_KEYMODE= LOCKBOX_STORE=abc" {
t.Errorf("failed: %v", err)
}
- os.Setenv("LOCKBOX_KEY_NEW", "aaa")
- out, err := inputs.GetReKey()
+ out, err := inputs.GetReKey([]string{"-store", "abc", "-key", "aaa"})
if err != nil {
t.Errorf("failed: %v", err)
}
- if fmt.Sprintf("%v", out) != "[LOCKBOX_KEYMODE= LOCKBOX_KEY=aaa LOCKBOX_KEYFILE= LOCKBOX_STORE=abc]" {
+ if fmt.Sprintf("%v", out) != "[LOCKBOX_KEY=aaa LOCKBOX_KEYFILE= LOCKBOX_KEYMODE= LOCKBOX_STORE=abc]" {
t.Errorf("invalid env: %v", out)
}
- os.Setenv("LOCKBOX_KEY_NEW", "")
- os.Setenv("LOCKBOX_KEYFILE_NEW", "xxx")
- out, err = inputs.GetReKey()
+ out, err = inputs.GetReKey([]string{"-store", "abc", "-keyfile", "aaa"})
if err != nil {
t.Errorf("failed: %v", err)
}
- if fmt.Sprintf("%v", out) != "[LOCKBOX_KEYMODE= LOCKBOX_KEY= LOCKBOX_KEYFILE=xxx LOCKBOX_STORE=abc]" {
+ if fmt.Sprintf("%v", out) != "[LOCKBOX_KEY= LOCKBOX_KEYFILE=aaa LOCKBOX_KEYMODE= LOCKBOX_STORE=abc]" {
t.Errorf("invalid env: %v", out)
}
os.Setenv("LOCKBOX_KEY_NEW", "")
diff --git a/tests/run.sh b/tests/run.sh
@@ -91,15 +91,11 @@ _rekey() {
rekey="$LOCKBOX_STORE.rekey.kdbx"
rekeyFile=""
export LOCKBOX_HOOKDIR=""
- export LOCKBOX_STORE_NEW="$rekey"
- export LOCKBOX_KEY_NEW="newkey"
- export LOCKBOX_KEYMODE_NEW=plaintext
if [ -n "$LOCKBOX_KEYFILE" ]; then
rekeyFile="$DATA/newkeyfile"
echo "thisisanewkey" > "$rekeyFile"
fi
- export LOCKBOX_KEYFILE_NEW="$rekeyFile"
- echo y |${LB_BINARY} rekey
+ echo y |${LB_BINARY} rekey -store="$rekey" -key="newkey" -keymode="plaintext" -keyfile="$rekeyFile"
echo
${LB_BINARY} ls
${LB_BINARY} show keys/k/one2
