mirror of https://github.com/kubernetes/kops.git
Merge pull request #272 from justinsb/secret_consistency
More consistency in publickey CLI
This commit is contained in:
Justin Santa Barbara
GitHub
commit
5d437d3c2d
|
|
@ -15,7 +15,7 @@ type CreateSecretPublickeyCommand struct {
|
|||
|
||||
var createSecretPublickeyCommand = CreateSecretPublickeyCommand{
|
||||
cobraCommand: &cobra.Command{
|
||||
Use: "publickey",
|
||||
Use: "sshpublickey",
|
||||
Short: "Create SSH publickey",
|
||||
Long: `Create SSH publickey.`,
|
||||
},
|
||||
|
|
@ -38,10 +38,10 @@ func init() {
|
|||
|
||||
func (cmd *CreateSecretPublickeyCommand) Run(args []string) error {
|
||||
if len(args) == 0 {
|
||||
return fmt.Errorf("syntax: NAME -i <PublickeyPath>")
|
||||
return fmt.Errorf("syntax: NAME -i <PublicKeyPath>")
|
||||
}
|
||||
if len(args) != 1 {
|
||||
return fmt.Errorf("syntax: NAME -i <PublickeyPath>")
|
||||
return fmt.Errorf("syntax: NAME -i <PublicKeyPath>")
|
||||
}
|
||||
name := args[0]
|
||||
|
||||
|
|
@ -4,6 +4,7 @@ import (
|
|||
"fmt"
|
||||
|
||||
"github.com/spf13/cobra"
|
||||
"k8s.io/kops/upup/pkg/fi"
|
||||
)
|
||||
|
||||
type DeleteSecretCmd struct {
|
||||
|
|
@ -28,24 +29,40 @@ func init() {
|
|||
}
|
||||
|
||||
func (c *DeleteSecretCmd) Run(args []string) error {
|
||||
if len(args) != 2 {
|
||||
return fmt.Errorf("Syntax: <type> <name>")
|
||||
if len(args) != 2 && len(args) != 3 {
|
||||
return fmt.Errorf("Syntax: <type> <name> [<id>]")
|
||||
}
|
||||
|
||||
secretType := args[0]
|
||||
secretName := args[1]
|
||||
|
||||
secretID := ""
|
||||
if len(args) == 3 {
|
||||
secretID = args[2]
|
||||
}
|
||||
|
||||
secrets, err := listSecrets(secretType, []string{secretName})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if secretID != "" {
|
||||
var matches []*fi.KeystoreItem
|
||||
for _, s := range secrets {
|
||||
if s.Id == secretID {
|
||||
matches = append(matches, s)
|
||||
}
|
||||
}
|
||||
secrets = matches
|
||||
}
|
||||
|
||||
if len(secrets) == 0 {
|
||||
return fmt.Errorf("secret %q not found")
|
||||
}
|
||||
|
||||
if len(secrets) != 1 {
|
||||
return fmt.Errorf("found multiple matching secrets")
|
||||
// TODO: it would be friendly to print the matching keys
|
||||
return fmt.Errorf("found multiple matching secrets; specify the id of the key")
|
||||
}
|
||||
|
||||
keyStore, err := rootCommand.KeyStore()
|
||||
|
|
|
|||
|
|
@ -0,0 +1,26 @@
|
|||
## Managing secrets
|
||||
|
||||
### get secrets
|
||||
|
||||
### get secret <name> -oplaintext
|
||||
|
||||
-oplaintext exposes the raw secret value.
|
||||
|
||||
### describe secret
|
||||
|
||||
`kops describe secret`
|
||||
|
||||
### create secret
|
||||
|
||||
`kops create secret publickey admin -i ~/.ssh/id_rsa.pub`
|
||||
|
||||
### delete secret
|
||||
|
||||
Syntax: `kops delete secret <type> <name>`
|
||||
or `kops delete secret <type> <name> <id>`
|
||||
|
||||
The ID form can be used when there are multiple matching keys.
|
||||
|
||||
example:
|
||||
`kops delete secret sshpublickey admin`
|
||||
|
||||
|
|
@ -370,7 +370,7 @@ func (c *VFSCAStore) List() ([]*KeystoreItem, error) {
|
|||
|
||||
item := &KeystoreItem{
|
||||
Name: tokens[0],
|
||||
Id: tokens[1],
|
||||
Id: insertFingerprintColons(tokens[1]),
|
||||
Type: SecretTypeSSHPublicKey,
|
||||
}
|
||||
items = append(items, item)
|
||||
|
|
@ -621,6 +621,39 @@ func buildSerial(timestamp int64) *big.Int {
|
|||
return serial
|
||||
}
|
||||
|
||||
func formatFingerprint(data []byte) string {
|
||||
var buf bytes.Buffer
|
||||
|
||||
for i, b := range data {
|
||||
s := fmt.Sprintf("%0.2x", b)
|
||||
if i != 0 {
|
||||
buf.WriteString(":")
|
||||
}
|
||||
buf.WriteString(s)
|
||||
}
|
||||
return buf.String()
|
||||
}
|
||||
|
||||
func insertFingerprintColons(id string) string {
|
||||
var buf bytes.Buffer
|
||||
|
||||
for {
|
||||
if id == "" {
|
||||
break
|
||||
}
|
||||
if buf.Len() != 0 {
|
||||
buf.WriteString(":")
|
||||
}
|
||||
if len(id) < 2 {
|
||||
buf.WriteString(id)
|
||||
} else {
|
||||
buf.WriteString(id[0:2])
|
||||
id = id[2:]
|
||||
}
|
||||
}
|
||||
return buf.String()
|
||||
}
|
||||
|
||||
// AddSSHPublicKey stores an SSH public key
|
||||
func (c *VFSCAStore) AddSSHPublicKey(name string, pubkey []byte) error {
|
||||
var id string
|
||||
|
|
@ -636,7 +669,7 @@ func (c *VFSCAStore) AddSSHPublicKey(name string, pubkey []byte) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
id = fmt.Sprintf("%x", h.Sum(nil))
|
||||
id = formatFingerprint(h.Sum(nil))
|
||||
}
|
||||
|
||||
p := c.buildSSHPublicKeyPath(name, id)
|
||||
|
|
@ -644,6 +677,8 @@ func (c *VFSCAStore) AddSSHPublicKey(name string, pubkey []byte) error {
|
|||
}
|
||||
|
||||
func (c *VFSCAStore) buildSSHPublicKeyPath(name string, id string) vfs.Path {
|
||||
// id is fingerprint with colons, but we store without colons
|
||||
id = strings.Replace(id, ":", "", -1)
|
||||
return c.basedir.Join("ssh", "public", name, id)
|
||||
}
|
||||
|
||||
|
|
@ -659,8 +694,11 @@ func (c *VFSCAStore) FindSSHPublicKeys(name string) ([]*KeystoreItem, error) {
|
|||
return nil, err
|
||||
}
|
||||
for _, item := range items {
|
||||
// Fill in the missing fields
|
||||
item.Type = SecretTypeSSHPublicKey
|
||||
item.Name = name
|
||||
|
||||
item.Id = insertFingerprintColons(item.Id)
|
||||
}
|
||||
return items, nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue