From 318a9d53310d8c8b37072b5f2fcdae2472755fbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diogo=20Ferr=C3=A3o?= Date: Tue, 5 Mar 2024 15:00:43 +0000 Subject: [PATCH 01/10] Onboard secrets manager user: add list command --- docs/stackit_secrets-manager.md | 1 + docs/stackit_secrets-manager_user.md | 32 +++ docs/stackit_secrets-manager_user_list.md | 46 ++++ .../cmd/secrets-manager/secrets_manager.go | 2 + .../cmd/secrets-manager/user/list/list.go | 150 +++++++++++++ .../secrets-manager/user/list/list_test.go | 202 ++++++++++++++++++ internal/cmd/secrets-manager/user/user.go | 25 +++ 7 files changed, 458 insertions(+) create mode 100644 docs/stackit_secrets-manager_user.md create mode 100644 docs/stackit_secrets-manager_user_list.md create mode 100644 internal/cmd/secrets-manager/user/list/list.go create mode 100644 internal/cmd/secrets-manager/user/list/list_test.go create mode 100644 internal/cmd/secrets-manager/user/user.go diff --git a/docs/stackit_secrets-manager.md b/docs/stackit_secrets-manager.md index df31a405b..6863d1692 100644 --- a/docs/stackit_secrets-manager.md +++ b/docs/stackit_secrets-manager.md @@ -29,4 +29,5 @@ stackit secrets-manager [flags] * [stackit](./stackit.md) - Manage STACKIT resources using the command line * [stackit secrets-manager instance](./stackit_secrets-manager_instance.md) - Provides functionality for Secrets Manager instances +* [stackit secrets-manager user](./stackit_secrets-manager_user.md) - Provides functionality for Secrets Manager users diff --git a/docs/stackit_secrets-manager_user.md b/docs/stackit_secrets-manager_user.md new file mode 100644 index 000000000..8f99f0823 --- /dev/null +++ b/docs/stackit_secrets-manager_user.md @@ -0,0 +1,32 @@ +## stackit secrets-manager user + +Provides functionality for Secrets Manager users + +### Synopsis + +Provides functionality for Secrets Manager users. + +``` +stackit secrets-manager user [flags] +``` + +### Options + +``` + -h, --help Help for "stackit secrets-manager user" +``` + +### Options inherited from parent commands + +``` + -y, --assume-yes If set, skips all confirmation prompts + --async If set, runs the command asynchronously + -o, --output-format string Output format, one of ["json" "pretty"] + -p, --project-id string Project ID +``` + +### SEE ALSO + +* [stackit secrets-manager](./stackit_secrets-manager.md) - Provides functionality for Secrets Manager +* [stackit secrets-manager user list](./stackit_secrets-manager_user_list.md) - Lists all Secrets Manager users + diff --git a/docs/stackit_secrets-manager_user_list.md b/docs/stackit_secrets-manager_user_list.md new file mode 100644 index 000000000..8ae8a242a --- /dev/null +++ b/docs/stackit_secrets-manager_user_list.md @@ -0,0 +1,46 @@ +## stackit secrets-manager user list + +Lists all Secrets Manager users + +### Synopsis + +Lists all Secrets Manager users. + +``` +stackit secrets-manager user list [flags] +``` + +### Examples + +``` + List all Secrets Manager users of instance with ID "xxx + $ stackit secrets-manager user list --instance-id xxx + + List all Secrets Manager users in JSON format with ID "xxx + $ stackit secrets-manager user list --instance-id xxx --output-format json + + List up to 10 Secrets Manager users with ID "xxx" + $ stackit secrets-manager user list --instance-id xxx --limit 10 +``` + +### Options + +``` + -h, --help Help for "stackit secrets-manager user list" + --instance-id string Instance ID + --limit int Maximum number of entries to list +``` + +### Options inherited from parent commands + +``` + -y, --assume-yes If set, skips all confirmation prompts + --async If set, runs the command asynchronously + -o, --output-format string Output format, one of ["json" "pretty"] + -p, --project-id string Project ID +``` + +### SEE ALSO + +* [stackit secrets-manager user](./stackit_secrets-manager_user.md) - Provides functionality for Secrets Manager users + diff --git a/internal/cmd/secrets-manager/secrets_manager.go b/internal/cmd/secrets-manager/secrets_manager.go index c94b9706e..a7753e5ad 100644 --- a/internal/cmd/secrets-manager/secrets_manager.go +++ b/internal/cmd/secrets-manager/secrets_manager.go @@ -2,6 +2,7 @@ package secretsmanager import ( "github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/instance" + "github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/user" "github.com/stackitcloud/stackit-cli/internal/pkg/args" "github.com/stackitcloud/stackit-cli/internal/pkg/utils" @@ -22,4 +23,5 @@ func NewCmd() *cobra.Command { func addSubcommands(cmd *cobra.Command) { cmd.AddCommand(instance.NewCmd()) + cmd.AddCommand(user.NewCmd()) } diff --git a/internal/cmd/secrets-manager/user/list/list.go b/internal/cmd/secrets-manager/user/list/list.go new file mode 100644 index 000000000..101abc15e --- /dev/null +++ b/internal/cmd/secrets-manager/user/list/list.go @@ -0,0 +1,150 @@ +package list + +import ( + "context" + "encoding/json" + "fmt" + + "github.com/stackitcloud/stackit-cli/internal/pkg/args" + "github.com/stackitcloud/stackit-cli/internal/pkg/errors" + "github.com/stackitcloud/stackit-cli/internal/pkg/examples" + "github.com/stackitcloud/stackit-cli/internal/pkg/flags" + "github.com/stackitcloud/stackit-cli/internal/pkg/globalflags" + "github.com/stackitcloud/stackit-cli/internal/pkg/services/secrets-manager/client" + secretsManagerUtils "github.com/stackitcloud/stackit-cli/internal/pkg/services/secrets-manager/utils" + "github.com/stackitcloud/stackit-cli/internal/pkg/tables" + + "github.com/spf13/cobra" + "github.com/stackitcloud/stackit-sdk-go/services/secretsmanager" +) + +const ( + instanceIdFlag = "instance-id" + limitFlag = "limit" +) + +type inputModel struct { + *globalflags.GlobalFlagModel + + InstanceId *string + Limit *int64 +} + +func NewCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "list", + Short: "Lists all Secrets Manager users", + Long: "Lists all Secrets Manager users.", + Args: args.NoArgs, + Example: examples.Build( + examples.NewExample( + `List all Secrets Manager users of instance with ID "xxx`, + "$ stackit secrets-manager user list --instance-id xxx"), + examples.NewExample( + `List all Secrets Manager users in JSON format with ID "xxx`, + "$ stackit secrets-manager user list --instance-id xxx --output-format json"), + examples.NewExample( + `List up to 10 Secrets Manager users with ID "xxx"`, + "$ stackit secrets-manager user list --instance-id xxx --limit 10"), + ), + RunE: func(cmd *cobra.Command, args []string) error { + ctx := context.Background() + model, err := parseInput(cmd) + if err != nil { + return err + } + + // Configure API client + apiClient, err := client.ConfigureClient(cmd) + if err != nil { + return err + } + + // Call API + req := buildRequest(ctx, model, apiClient) + resp, err := req.Execute() + if err != nil { + return fmt.Errorf("get Secrets Manager users: %w", err) + } + if resp.Users == nil || len(*resp.Users) == 0 { + instanceLabel, err := secretsManagerUtils.GetInstanceName(ctx, apiClient, model.ProjectId, *model.InstanceId) + if err != nil { + instanceLabel = *model.InstanceId + } + cmd.Printf("No users found for instance %q\n", instanceLabel) + return nil + } + users := *resp.Users + + // Truncate output + if model.Limit != nil && len(users) > int(*model.Limit) { + users = users[:*model.Limit] + } + + return outputResult(cmd, model.OutputFormat, users) + }, + } + + configureFlags(cmd) + return cmd +} + +func configureFlags(cmd *cobra.Command) { + cmd.Flags().Var(flags.UUIDFlag(), instanceIdFlag, "Instance ID") + cmd.Flags().Int64(limitFlag, 0, "Maximum number of entries to list") + + err := flags.MarkFlagsRequired(cmd, instanceIdFlag) + cobra.CheckErr(err) +} + +func parseInput(cmd *cobra.Command) (*inputModel, error) { + globalFlags := globalflags.Parse(cmd) + if globalFlags.ProjectId == "" { + return nil, &errors.ProjectIdError{} + } + + limit := flags.FlagToInt64Pointer(cmd, limitFlag) + if limit != nil && *limit < 1 { + return nil, &errors.FlagValidationError{ + Flag: limitFlag, + Details: "must be greater than 0", + } + } + + return &inputModel{ + GlobalFlagModel: globalFlags, + InstanceId: flags.FlagToStringPointer(cmd, instanceIdFlag), + Limit: flags.FlagToInt64Pointer(cmd, limitFlag), + }, nil +} + +func buildRequest(ctx context.Context, model *inputModel, apiClient *secretsmanager.APIClient) secretsmanager.ApiListUsersRequest { + req := apiClient.ListUsers(ctx, model.ProjectId, *model.InstanceId) + return req +} + +func outputResult(cmd *cobra.Command, outputFormat string, users []secretsmanager.User) error { + switch outputFormat { + case globalflags.JSONOutputFormat: + details, err := json.MarshalIndent(users, "", " ") + if err != nil { + return fmt.Errorf("marshal Secrets Manager user list: %w", err) + } + cmd.Println(string(details)) + + return nil + default: + table := tables.NewTable() + table.SetHeader("ID", "USERNAME") + for i := range users { + user := users[i] + table.AddRow(*user.Id, *user.Username) + } + err := table.Display(cmd) + if err != nil { + return fmt.Errorf("render table: %w", err) + } + + return nil + } +} diff --git a/internal/cmd/secrets-manager/user/list/list_test.go b/internal/cmd/secrets-manager/user/list/list_test.go new file mode 100644 index 000000000..0f85250ee --- /dev/null +++ b/internal/cmd/secrets-manager/user/list/list_test.go @@ -0,0 +1,202 @@ +package list + +import ( + "context" + "testing" + + "github.com/stackitcloud/stackit-cli/internal/pkg/globalflags" + "github.com/stackitcloud/stackit-cli/internal/pkg/utils" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + "github.com/google/uuid" + "github.com/spf13/cobra" + "github.com/stackitcloud/stackit-sdk-go/services/secretsmanager" +) + +var projectIdFlag = globalflags.ProjectIdFlag + +type testCtxKey struct{} + +var testCtx = context.WithValue(context.Background(), testCtxKey{}, "foo") +var testClient = &secretsmanager.APIClient{} +var testProjectId = uuid.NewString() +var testInstanceId = uuid.NewString() + +func fixtureFlagValues(mods ...func(flagValues map[string]string)) map[string]string { + flagValues := map[string]string{ + projectIdFlag: testProjectId, + instanceIdFlag: testInstanceId, + limitFlag: "10", + } + for _, mod := range mods { + mod(flagValues) + } + return flagValues +} + +func fixtureInputModel(mods ...func(model *inputModel)) *inputModel { + model := &inputModel{ + GlobalFlagModel: &globalflags.GlobalFlagModel{ + ProjectId: testProjectId, + }, + InstanceId: utils.Ptr(testInstanceId), + Limit: utils.Ptr(int64(10)), + } + for _, mod := range mods { + mod(model) + } + return model +} + +func fixtureRequest(mods ...func(request *secretsmanager.ApiListUsersRequest)) secretsmanager.ApiListUsersRequest { + request := testClient.ListUsers(testCtx, testProjectId, testInstanceId) + for _, mod := range mods { + mod(&request) + } + return request +} + +func TestParseInput(t *testing.T) { + tests := []struct { + description string + flagValues map[string]string + isValid bool + expectedModel *inputModel + }{ + { + description: "base", + flagValues: fixtureFlagValues(), + isValid: true, + expectedModel: fixtureInputModel(), + }, + { + description: "no values", + flagValues: map[string]string{}, + isValid: false, + }, + { + description: "project id missing", + flagValues: fixtureFlagValues(func(flagValues map[string]string) { + delete(flagValues, projectIdFlag) + }), + isValid: false, + }, + { + description: "project id invalid 1", + flagValues: fixtureFlagValues(func(flagValues map[string]string) { + flagValues[projectIdFlag] = "" + }), + isValid: false, + }, + { + description: "project id invalid 2", + flagValues: fixtureFlagValues(func(flagValues map[string]string) { + flagValues[projectIdFlag] = "invalid-uuid" + }), + isValid: false, + }, + { + description: "instance id missing", + flagValues: fixtureFlagValues(func(flagValues map[string]string) { + delete(flagValues, instanceIdFlag) + }), + isValid: false, + }, + { + description: "instance id invalid 1", + flagValues: fixtureFlagValues(func(flagValues map[string]string) { + flagValues[instanceIdFlag] = "" + }), + isValid: false, + }, + { + description: "limit invalid", + flagValues: fixtureFlagValues(func(flagValues map[string]string) { + flagValues[limitFlag] = "invalid" + }), + isValid: false, + }, + { + description: "limit invalid 2", + flagValues: fixtureFlagValues(func(flagValues map[string]string) { + flagValues[limitFlag] = "0" + }), + isValid: false, + }, + } + + for _, tt := range tests { + t.Run(tt.description, func(t *testing.T) { + cmd := &cobra.Command{} + err := globalflags.Configure(cmd.Flags()) + if err != nil { + t.Fatalf("configure global flags: %v", err) + } + + configureFlags(cmd) + + for flag, value := range tt.flagValues { + err := cmd.Flags().Set(flag, value) + if err != nil { + if !tt.isValid { + return + } + t.Fatalf("setting flag --%s=%s: %v", flag, value, err) + } + } + + err = cmd.ValidateRequiredFlags() + if err != nil { + if !tt.isValid { + return + } + t.Fatalf("error validating flags: %v", err) + } + + model, err := parseInput(cmd) + if err != nil { + if !tt.isValid { + return + } + t.Fatalf("error parsing flags: %v", err) + } + + if !tt.isValid { + t.Fatalf("did not fail on invalid input") + } + diff := cmp.Diff(model, tt.expectedModel) + if diff != "" { + t.Fatalf("Data does not match: %s", diff) + } + }) + } +} + +func TestBuildRequest(t *testing.T) { + tests := []struct { + description string + model *inputModel + expectedRequest secretsmanager.ApiListUsersRequest + }{ + { + description: "base", + model: fixtureInputModel(), + expectedRequest: fixtureRequest(), + }, + } + + for _, tt := range tests { + t.Run(tt.description, func(t *testing.T) { + request := buildRequest(testCtx, tt.model, testClient) + + diff := cmp.Diff(request, tt.expectedRequest, + cmp.AllowUnexported(tt.expectedRequest), + cmpopts.EquateComparable(testCtx), + ) + if diff != "" { + t.Fatalf("Data does not match: %s", diff) + } + }) + } +} diff --git a/internal/cmd/secrets-manager/user/user.go b/internal/cmd/secrets-manager/user/user.go new file mode 100644 index 000000000..1d0165765 --- /dev/null +++ b/internal/cmd/secrets-manager/user/user.go @@ -0,0 +1,25 @@ +package user + +import ( + "github.com/stackitcloud/stackit-cli/internal/pkg/args" + "github.com/stackitcloud/stackit-cli/internal/pkg/utils" + + "github.com/spf13/cobra" + "github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/user/list" +) + +func NewCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "user", + Short: "Provides functionality for Secrets Manager users", + Long: "Provides functionality for Secrets Manager users.", + Args: args.NoArgs, + Run: utils.CmdHelp, + } + addSubcommands(cmd) + return cmd +} + +func addSubcommands(cmd *cobra.Command) { + cmd.AddCommand(list.NewCmd()) +} From 80fc42b4b57adcf169b24b9111f2166a128eb60d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diogo=20Ferr=C3=A3o?= Date: Tue, 5 Mar 2024 16:39:39 +0000 Subject: [PATCH 02/10] Onboard secrets manager user: add create command --- .../cmd/secrets-manager/user/create/create.go | 130 +++++++++++ .../user/create/create_test.go | 213 ++++++++++++++++++ .../cmd/secrets-manager/user/list/list.go | 4 +- internal/cmd/secrets-manager/user/user.go | 2 + 4 files changed, 347 insertions(+), 2 deletions(-) create mode 100644 internal/cmd/secrets-manager/user/create/create.go create mode 100644 internal/cmd/secrets-manager/user/create/create_test.go diff --git a/internal/cmd/secrets-manager/user/create/create.go b/internal/cmd/secrets-manager/user/create/create.go new file mode 100644 index 000000000..4258afa14 --- /dev/null +++ b/internal/cmd/secrets-manager/user/create/create.go @@ -0,0 +1,130 @@ +package create + +import ( + "context" + "fmt" + + "github.com/stackitcloud/stackit-cli/internal/pkg/args" + "github.com/stackitcloud/stackit-cli/internal/pkg/confirm" + "github.com/stackitcloud/stackit-cli/internal/pkg/errors" + "github.com/stackitcloud/stackit-cli/internal/pkg/examples" + "github.com/stackitcloud/stackit-cli/internal/pkg/flags" + "github.com/stackitcloud/stackit-cli/internal/pkg/globalflags" + "github.com/stackitcloud/stackit-cli/internal/pkg/services/secrets-manager/client" + secretsManagerUtils "github.com/stackitcloud/stackit-cli/internal/pkg/services/secrets-manager/utils" + + "github.com/spf13/cobra" + "github.com/stackitcloud/stackit-sdk-go/services/secretsmanager" +) + +const ( + instanceIdFlag = "instance-id" + descriptionFlag = "description" + writeFlag = "write" +) + +type inputModel struct { + *globalflags.GlobalFlagModel + + InstanceId string + Description *string + Write *bool +} + +func NewCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "create", + Short: "Creates a Secrets Manager user", + Long: fmt.Sprintf("%s\n%s\n%s\n%s", + "Creates a Secrets Manager user.", + "The password is only visible upon creation and cannot be retrieved later.", + "The username is randomly generated and provided upon creation.", + "If you want the user to have write access to the secrets engine specify with the --write flag", + ), + Example: examples.Build( + examples.NewExample( + `Create a Secrets Manager user for instance with ID "xxx" and description "yyy"`, + "$ stackit mongodbflex user create --instance-id xxx --description yyy"), + examples.NewExample( + `Create a Secrets Manager user for instance with ID "xxx", description "yyy" and with write access to the secrets engine`, + "$ stackit mongodbflex user create --instance-id xxx --description yyy --write"), + ), + Args: args.NoArgs, + RunE: func(cmd *cobra.Command, args []string) error { + ctx := context.Background() + model, err := parseInput(cmd) + if err != nil { + return err + } + + // Configure API client + apiClient, err := client.ConfigureClient(cmd) + if err != nil { + return err + } + + instanceLabel, err := secretsManagerUtils.GetInstanceName(ctx, apiClient, model.ProjectId, model.InstanceId) + if err != nil { + instanceLabel = model.InstanceId + } + + if !model.AssumeYes { + prompt := fmt.Sprintf("Are you sure you want to create a user for instance %q?", instanceLabel) + err = confirm.PromptForConfirmation(cmd, prompt) + if err != nil { + return err + } + } + + // Call API + req := buildRequest(ctx, model, apiClient) + resp, err := req.Execute() + if err != nil { + return fmt.Errorf("create Secrets Manager user: %w", err) + } + + cmd.Printf("Created user for instance %q. User ID: %s\n\n", instanceLabel, *resp.Id) + cmd.Printf("Username: %s\n", *resp.Username) + cmd.Printf("Password: %s\n", *resp.Password) + cmd.Printf("Description: %s\n", *resp.Description) + cmd.Printf("Write Access: %t\n", *resp.Write) + + return nil + }, + } + + configureFlags(cmd) + return cmd +} + +func configureFlags(cmd *cobra.Command) { + cmd.Flags().Var(flags.UUIDFlag(), instanceIdFlag, "ID of the instance") + cmd.Flags().String(descriptionFlag, "", "A user chosen description to differentiate between multiple users") + cmd.Flags().Bool(writeFlag, false, "User write access to the secrets engine. If unset, user is read-only") + + err := flags.MarkFlagsRequired(cmd, instanceIdFlag, descriptionFlag) + cobra.CheckErr(err) +} + +func parseInput(cmd *cobra.Command) (*inputModel, error) { + globalFlags := globalflags.Parse(cmd) + if globalFlags.ProjectId == "" { + return nil, &errors.ProjectIdError{} + } + + return &inputModel{ + GlobalFlagModel: globalFlags, + InstanceId: flags.FlagToStringValue(cmd, instanceIdFlag), + Description: flags.FlagToStringPointer(cmd, descriptionFlag), + Write: flags.FlagToBoolPointer(cmd, writeFlag), + }, nil +} + +func buildRequest(ctx context.Context, model *inputModel, apiClient *secretsmanager.APIClient) secretsmanager.ApiCreateUserRequest { + req := apiClient.CreateUser(ctx, model.ProjectId, model.InstanceId) + req = req.CreateUserPayload(secretsmanager.CreateUserPayload{ + Description: model.Description, + Write: model.Write, + }) + return req +} diff --git a/internal/cmd/secrets-manager/user/create/create_test.go b/internal/cmd/secrets-manager/user/create/create_test.go new file mode 100644 index 000000000..a2baf103b --- /dev/null +++ b/internal/cmd/secrets-manager/user/create/create_test.go @@ -0,0 +1,213 @@ +package create + +import ( + "context" + "testing" + + "github.com/stackitcloud/stackit-cli/internal/pkg/globalflags" + "github.com/stackitcloud/stackit-cli/internal/pkg/utils" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + "github.com/google/uuid" + "github.com/spf13/cobra" + "github.com/stackitcloud/stackit-sdk-go/services/secretsmanager" +) + +var projectIdFlag = globalflags.ProjectIdFlag + +type testCtxKey struct{} + +var testCtx = context.WithValue(context.Background(), testCtxKey{}, "foo") +var testClient = &secretsmanager.APIClient{} +var testProjectId = uuid.NewString() +var testInstanceId = uuid.NewString() + +func fixtureFlagValues(mods ...func(flagValues map[string]string)) map[string]string { + flagValues := map[string]string{ + projectIdFlag: testProjectId, + instanceIdFlag: testInstanceId, + descriptionFlag: "sample description", + writeFlag: "false", + } + for _, mod := range mods { + mod(flagValues) + } + return flagValues +} + +func fixtureInputModel(mods ...func(model *inputModel)) *inputModel { + model := &inputModel{ + GlobalFlagModel: &globalflags.GlobalFlagModel{ + ProjectId: testProjectId, + }, + InstanceId: testInstanceId, + Description: utils.Ptr("sample description"), + Write: utils.Ptr(false), + } + for _, mod := range mods { + mod(model) + } + return model +} + +func fixtureRequest(mods ...func(request *secretsmanager.ApiCreateUserRequest)) secretsmanager.ApiCreateUserRequest { + request := testClient.CreateUser(testCtx, testProjectId, testInstanceId) + request = request.CreateUserPayload(secretsmanager.CreateUserPayload{ + Description: utils.Ptr("sample description"), + Write: utils.Ptr(false), + }) + + for _, mod := range mods { + mod(&request) + } + return request +} + +func TestParseInput(t *testing.T) { + tests := []struct { + description string + flagValues map[string]string + isValid bool + expectedModel *inputModel + }{ + + { + description: "base", + flagValues: fixtureFlagValues(), + isValid: true, + expectedModel: fixtureInputModel(), + }, + { + description: "no description specified", + flagValues: fixtureFlagValues(func(flagValues map[string]string) { + delete(flagValues, descriptionFlag) + }), + isValid: false, + }, + { + description: "no values", + flagValues: map[string]string{}, + isValid: false, + }, + { + description: "project id missing", + flagValues: fixtureFlagValues(func(flagValues map[string]string) { + delete(flagValues, projectIdFlag) + }), + isValid: false, + }, + { + description: "project id invalid 1", + flagValues: fixtureFlagValues(func(flagValues map[string]string) { + flagValues[projectIdFlag] = "" + }), + isValid: false, + }, + { + description: "project id invalid 2", + flagValues: fixtureFlagValues(func(flagValues map[string]string) { + flagValues[projectIdFlag] = "invalid-uuid" + }), + isValid: false, + }, + { + description: "instance id missing", + flagValues: fixtureFlagValues(func(flagValues map[string]string) { + delete(flagValues, instanceIdFlag) + }), + isValid: false, + }, + { + description: "instance id invalid 1", + flagValues: fixtureFlagValues(func(flagValues map[string]string) { + flagValues[instanceIdFlag] = "" + }), + isValid: false, + }, + { + description: "write set to true", + flagValues: fixtureFlagValues(func(flagValues map[string]string) { + flagValues[writeFlag] = "true" + }), + isValid: true, + expectedModel: fixtureInputModel(func(model *inputModel) { + model.Write = utils.Ptr(true) + }), + }, + } + + for _, tt := range tests { + t.Run(tt.description, func(t *testing.T) { + cmd := &cobra.Command{} + err := globalflags.Configure(cmd.Flags()) + if err != nil { + t.Fatalf("configure global flags: %v", err) + } + + configureFlags(cmd) + + for flag, value := range tt.flagValues { + err := cmd.Flags().Set(flag, value) + if err != nil { + if !tt.isValid { + return + } + t.Fatalf("setting flag --%s=%s: %v", flag, value, err) + } + } + + err = cmd.ValidateRequiredFlags() + if err != nil { + if !tt.isValid { + return + } + t.Fatalf("error validating flags: %v", err) + } + + model, err := parseInput(cmd) + if err != nil { + if !tt.isValid { + return + } + t.Fatalf("error parsing flags: %v", err) + } + + if !tt.isValid { + t.Fatalf("did not fail on invalid input") + } + diff := cmp.Diff(model, tt.expectedModel) + if diff != "" { + t.Fatalf("Data does not match: %s", diff) + } + }) + } +} + +func TestBuildRequest(t *testing.T) { + tests := []struct { + description string + model *inputModel + expectedRequest secretsmanager.ApiCreateUserRequest + }{ + { + description: "base", + model: fixtureInputModel(), + expectedRequest: fixtureRequest(), + }, + } + + for _, tt := range tests { + t.Run(tt.description, func(t *testing.T) { + request := buildRequest(testCtx, tt.model, testClient) + + diff := cmp.Diff(request, tt.expectedRequest, + cmp.AllowUnexported(tt.expectedRequest), + cmpopts.EquateComparable(testCtx), + ) + if diff != "" { + t.Fatalf("Data does not match: %s", diff) + } + }) + } +} diff --git a/internal/cmd/secrets-manager/user/list/list.go b/internal/cmd/secrets-manager/user/list/list.go index 101abc15e..46171fcc9 100644 --- a/internal/cmd/secrets-manager/user/list/list.go +++ b/internal/cmd/secrets-manager/user/list/list.go @@ -135,10 +135,10 @@ func outputResult(cmd *cobra.Command, outputFormat string, users []secretsmanage return nil default: table := tables.NewTable() - table.SetHeader("ID", "USERNAME") + table.SetHeader("ID", "USERNAME", "DESCRIPTION", "WRITE ACCESS") for i := range users { user := users[i] - table.AddRow(*user.Id, *user.Username) + table.AddRow(*user.Id, *user.Username, *user.Description, *user.Write) } err := table.Display(cmd) if err != nil { diff --git a/internal/cmd/secrets-manager/user/user.go b/internal/cmd/secrets-manager/user/user.go index 1d0165765..6c4d661bb 100644 --- a/internal/cmd/secrets-manager/user/user.go +++ b/internal/cmd/secrets-manager/user/user.go @@ -5,6 +5,7 @@ import ( "github.com/stackitcloud/stackit-cli/internal/pkg/utils" "github.com/spf13/cobra" + "github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/user/create" "github.com/stackitcloud/stackit-cli/internal/cmd/secrets-manager/user/list" ) @@ -22,4 +23,5 @@ func NewCmd() *cobra.Command { func addSubcommands(cmd *cobra.Command) { cmd.AddCommand(list.NewCmd()) + cmd.AddCommand(create.NewCmd()) } From 20bd087d452622ea0d320ea94ed9f7cefed2ffcc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diogo=20Ferr=C3=A3o?= Date: Tue, 5 Mar 2024 17:11:22 +0000 Subject: [PATCH 03/10] Updated the Long helper for create command --- internal/cmd/secrets-manager/user/create/create.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/internal/cmd/secrets-manager/user/create/create.go b/internal/cmd/secrets-manager/user/create/create.go index 4258afa14..ce41cc68a 100644 --- a/internal/cmd/secrets-manager/user/create/create.go +++ b/internal/cmd/secrets-manager/user/create/create.go @@ -35,11 +35,9 @@ func NewCmd() *cobra.Command { cmd := &cobra.Command{ Use: "create", Short: "Creates a Secrets Manager user", - Long: fmt.Sprintf("%s\n%s\n%s\n%s", + Long: fmt.Sprintf("%s\n%s", "Creates a Secrets Manager user.", - "The password is only visible upon creation and cannot be retrieved later.", "The username is randomly generated and provided upon creation.", - "If you want the user to have write access to the secrets engine specify with the --write flag", ), Example: examples.Build( examples.NewExample( From b35f2d5ebeeb7aedaf399b733050dedb170e3e3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diogo=20Ferr=C3=A3o?= Date: Tue, 5 Mar 2024 17:46:40 +0000 Subject: [PATCH 04/10] Update create command to support hidden password --- .../cmd/secrets-manager/user/create/create.go | 21 ++++++++++++------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/internal/cmd/secrets-manager/user/create/create.go b/internal/cmd/secrets-manager/user/create/create.go index ce41cc68a..5f0d37da1 100644 --- a/internal/cmd/secrets-manager/user/create/create.go +++ b/internal/cmd/secrets-manager/user/create/create.go @@ -21,24 +21,23 @@ const ( instanceIdFlag = "instance-id" descriptionFlag = "description" writeFlag = "write" + hidePasswordFlag = "hide-password" ) type inputModel struct { *globalflags.GlobalFlagModel - InstanceId string - Description *string - Write *bool + InstanceId string + Description *string + Write *bool + HidePassword bool } func NewCmd() *cobra.Command { cmd := &cobra.Command{ Use: "create", Short: "Creates a Secrets Manager user", - Long: fmt.Sprintf("%s\n%s", - "Creates a Secrets Manager user.", - "The username is randomly generated and provided upon creation.", - ), + Long: "Creates a user for a Secrets Manager instance with generated username and password", Example: examples.Build( examples.NewExample( `Create a Secrets Manager user for instance with ID "xxx" and description "yyy"`, @@ -83,7 +82,11 @@ func NewCmd() *cobra.Command { cmd.Printf("Created user for instance %q. User ID: %s\n\n", instanceLabel, *resp.Id) cmd.Printf("Username: %s\n", *resp.Username) - cmd.Printf("Password: %s\n", *resp.Password) + if model.HidePassword { + cmd.Printf("Password: \n") + } else { + cmd.Printf("Password: %s\n", *resp.Password) + } cmd.Printf("Description: %s\n", *resp.Description) cmd.Printf("Write Access: %t\n", *resp.Write) @@ -99,6 +102,7 @@ func configureFlags(cmd *cobra.Command) { cmd.Flags().Var(flags.UUIDFlag(), instanceIdFlag, "ID of the instance") cmd.Flags().String(descriptionFlag, "", "A user chosen description to differentiate between multiple users") cmd.Flags().Bool(writeFlag, false, "User write access to the secrets engine. If unset, user is read-only") + cmd.Flags().Bool(hidePasswordFlag, false, "Hide password in output") err := flags.MarkFlagsRequired(cmd, instanceIdFlag, descriptionFlag) cobra.CheckErr(err) @@ -115,6 +119,7 @@ func parseInput(cmd *cobra.Command) (*inputModel, error) { InstanceId: flags.FlagToStringValue(cmd, instanceIdFlag), Description: flags.FlagToStringPointer(cmd, descriptionFlag), Write: flags.FlagToBoolPointer(cmd, writeFlag), + HidePassword: flags.FlagToBoolValue(cmd, hidePasswordFlag), }, nil } From 8ff25ab756773cfa7cd17eb8f79f503700d06f4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diogo=20Ferr=C3=A3o?= Date: Wed, 6 Mar 2024 09:43:31 +0000 Subject: [PATCH 05/10] create command: fix formatting and add example for hide-password --- internal/cmd/secrets-manager/user/create/create.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/internal/cmd/secrets-manager/user/create/create.go b/internal/cmd/secrets-manager/user/create/create.go index 5f0d37da1..e3a0f4570 100644 --- a/internal/cmd/secrets-manager/user/create/create.go +++ b/internal/cmd/secrets-manager/user/create/create.go @@ -18,9 +18,9 @@ import ( ) const ( - instanceIdFlag = "instance-id" - descriptionFlag = "description" - writeFlag = "write" + instanceIdFlag = "instance-id" + descriptionFlag = "description" + writeFlag = "write" hidePasswordFlag = "hide-password" ) @@ -42,6 +42,9 @@ func NewCmd() *cobra.Command { examples.NewExample( `Create a Secrets Manager user for instance with ID "xxx" and description "yyy"`, "$ stackit mongodbflex user create --instance-id xxx --description yyy"), + examples.NewExample( + `Create a Secrets Manager user for instance with ID "xxx", description "yyy" and doesn't display the password`, + "$ stackit mongodbflex user create --instance-id xxx --description yyy --hide-password"), examples.NewExample( `Create a Secrets Manager user for instance with ID "xxx", description "yyy" and with write access to the secrets engine`, "$ stackit mongodbflex user create --instance-id xxx --description yyy --write"), From 5485004097a1e4befb577462a3bb7069e30cd294 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diogo=20Ferr=C3=A3o?= Date: Wed, 6 Mar 2024 10:52:17 +0000 Subject: [PATCH 06/10] create command: make description optional --- .../cmd/secrets-manager/user/create/create.go | 18 +++++++++++------- .../secrets-manager/user/create/create_test.go | 13 ++++++++++++- 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/internal/cmd/secrets-manager/user/create/create.go b/internal/cmd/secrets-manager/user/create/create.go index e3a0f4570..65f21f0bb 100644 --- a/internal/cmd/secrets-manager/user/create/create.go +++ b/internal/cmd/secrets-manager/user/create/create.go @@ -12,6 +12,7 @@ import ( "github.com/stackitcloud/stackit-cli/internal/pkg/globalflags" "github.com/stackitcloud/stackit-cli/internal/pkg/services/secrets-manager/client" secretsManagerUtils "github.com/stackitcloud/stackit-cli/internal/pkg/services/secrets-manager/utils" + "github.com/stackitcloud/stackit-cli/internal/pkg/utils" "github.com/spf13/cobra" "github.com/stackitcloud/stackit-sdk-go/services/secretsmanager" @@ -39,15 +40,18 @@ func NewCmd() *cobra.Command { Short: "Creates a Secrets Manager user", Long: "Creates a user for a Secrets Manager instance with generated username and password", Example: examples.Build( + examples.NewExample( + `Create a Secrets Manager user for instance with ID "xxx"`, + "$ stackit mongodbflex user create --instance-id xxx"), examples.NewExample( `Create a Secrets Manager user for instance with ID "xxx" and description "yyy"`, "$ stackit mongodbflex user create --instance-id xxx --description yyy"), examples.NewExample( - `Create a Secrets Manager user for instance with ID "xxx", description "yyy" and doesn't display the password`, - "$ stackit mongodbflex user create --instance-id xxx --description yyy --hide-password"), + `Create a Secrets Manager user for instance with ID "xxx" and doesn't display the password`, + "$ stackit mongodbflex user create --instance-id xxx --hide-password"), examples.NewExample( - `Create a Secrets Manager user for instance with ID "xxx", description "yyy" and with write access to the secrets engine`, - "$ stackit mongodbflex user create --instance-id xxx --description yyy --write"), + `Create a Secrets Manager user for instance with ID "xxx" with write access to the secrets engine`, + "$ stackit mongodbflex user create --instance-id xxx --write"), ), Args: args.NoArgs, RunE: func(cmd *cobra.Command, args []string) error { @@ -107,7 +111,7 @@ func configureFlags(cmd *cobra.Command) { cmd.Flags().Bool(writeFlag, false, "User write access to the secrets engine. If unset, user is read-only") cmd.Flags().Bool(hidePasswordFlag, false, "Hide password in output") - err := flags.MarkFlagsRequired(cmd, instanceIdFlag, descriptionFlag) + err := flags.MarkFlagsRequired(cmd, instanceIdFlag) cobra.CheckErr(err) } @@ -120,8 +124,8 @@ func parseInput(cmd *cobra.Command) (*inputModel, error) { return &inputModel{ GlobalFlagModel: globalFlags, InstanceId: flags.FlagToStringValue(cmd, instanceIdFlag), - Description: flags.FlagToStringPointer(cmd, descriptionFlag), - Write: flags.FlagToBoolPointer(cmd, writeFlag), + Description: utils.Ptr(flags.FlagToStringValue(cmd, descriptionFlag)), + Write: utils.Ptr(flags.FlagToBoolValue(cmd, writeFlag)), HidePassword: flags.FlagToBoolValue(cmd, hidePasswordFlag), }, nil } diff --git a/internal/cmd/secrets-manager/user/create/create_test.go b/internal/cmd/secrets-manager/user/create/create_test.go index a2baf103b..4991ba1e2 100644 --- a/internal/cmd/secrets-manager/user/create/create_test.go +++ b/internal/cmd/secrets-manager/user/create/create_test.go @@ -83,7 +83,18 @@ func TestParseInput(t *testing.T) { flagValues: fixtureFlagValues(func(flagValues map[string]string) { delete(flagValues, descriptionFlag) }), - isValid: false, + isValid: true, + expectedModel: fixtureInputModel(func(model *inputModel) { + model.Description = utils.Ptr("") + }), + }, + { + description: "no write flag given", + flagValues: fixtureFlagValues(func(flagValues map[string]string) { + delete(flagValues, writeFlag) + }), + isValid: true, + expectedModel: fixtureInputModel(), }, { description: "no values", From 3ee1255fb051d3bc28b4f7c10a49cf4370a5c0c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diogo=20Ferr=C3=A3o?= Date: Wed, 6 Mar 2024 10:53:19 +0000 Subject: [PATCH 07/10] fix linting --- internal/cmd/secrets-manager/user/create/create_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/cmd/secrets-manager/user/create/create_test.go b/internal/cmd/secrets-manager/user/create/create_test.go index 4991ba1e2..1f1016ba4 100644 --- a/internal/cmd/secrets-manager/user/create/create_test.go +++ b/internal/cmd/secrets-manager/user/create/create_test.go @@ -93,7 +93,7 @@ func TestParseInput(t *testing.T) { flagValues: fixtureFlagValues(func(flagValues map[string]string) { delete(flagValues, writeFlag) }), - isValid: true, + isValid: true, expectedModel: fixtureInputModel(), }, { From 2aef0b7c46785c989222f6ad3512ea0b1e0e502d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diogo=20Ferr=C3=A3o?= Date: Wed, 6 Mar 2024 10:55:13 +0000 Subject: [PATCH 08/10] create command: generate docs --- docs/stackit_secrets-manager_user.md | 1 + docs/stackit_secrets-manager_user_create.md | 51 +++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 docs/stackit_secrets-manager_user_create.md diff --git a/docs/stackit_secrets-manager_user.md b/docs/stackit_secrets-manager_user.md index 8f99f0823..33fc70ac7 100644 --- a/docs/stackit_secrets-manager_user.md +++ b/docs/stackit_secrets-manager_user.md @@ -28,5 +28,6 @@ stackit secrets-manager user [flags] ### SEE ALSO * [stackit secrets-manager](./stackit_secrets-manager.md) - Provides functionality for Secrets Manager +* [stackit secrets-manager user create](./stackit_secrets-manager_user_create.md) - Creates a Secrets Manager user * [stackit secrets-manager user list](./stackit_secrets-manager_user_list.md) - Lists all Secrets Manager users diff --git a/docs/stackit_secrets-manager_user_create.md b/docs/stackit_secrets-manager_user_create.md new file mode 100644 index 000000000..aed85ad8d --- /dev/null +++ b/docs/stackit_secrets-manager_user_create.md @@ -0,0 +1,51 @@ +## stackit secrets-manager user create + +Creates a Secrets Manager user + +### Synopsis + +Creates a user for a Secrets Manager instance with generated username and password + +``` +stackit secrets-manager user create [flags] +``` + +### Examples + +``` + Create a Secrets Manager user for instance with ID "xxx" + $ stackit mongodbflex user create --instance-id xxx + + Create a Secrets Manager user for instance with ID "xxx" and description "yyy" + $ stackit mongodbflex user create --instance-id xxx --description yyy + + Create a Secrets Manager user for instance with ID "xxx" and doesn't display the password + $ stackit mongodbflex user create --instance-id xxx --hide-password + + Create a Secrets Manager user for instance with ID "xxx" with write access to the secrets engine + $ stackit mongodbflex user create --instance-id xxx --write +``` + +### Options + +``` + --description string A user chosen description to differentiate between multiple users + -h, --help Help for "stackit secrets-manager user create" + --hide-password Hide password in output + --instance-id string ID of the instance + --write User write access to the secrets engine. If unset, user is read-only +``` + +### Options inherited from parent commands + +``` + -y, --assume-yes If set, skips all confirmation prompts + --async If set, runs the command asynchronously + -o, --output-format string Output format, one of ["json" "pretty"] + -p, --project-id string Project ID +``` + +### SEE ALSO + +* [stackit secrets-manager user](./stackit_secrets-manager_user.md) - Provides functionality for Secrets Manager users + From 2bac16affce5eda5d203868a6e21bed470f05ba8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diogo=20Ferr=C3=A3o?= Date: Wed, 6 Mar 2024 11:00:26 +0000 Subject: [PATCH 09/10] create command: improve examples --- internal/cmd/secrets-manager/user/create/create.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/cmd/secrets-manager/user/create/create.go b/internal/cmd/secrets-manager/user/create/create.go index 65f21f0bb..82dcf9785 100644 --- a/internal/cmd/secrets-manager/user/create/create.go +++ b/internal/cmd/secrets-manager/user/create/create.go @@ -38,20 +38,20 @@ func NewCmd() *cobra.Command { cmd := &cobra.Command{ Use: "create", Short: "Creates a Secrets Manager user", - Long: "Creates a user for a Secrets Manager instance with generated username and password", + Long: "Creates a Secrets Manager user.", Example: examples.Build( examples.NewExample( `Create a Secrets Manager user for instance with ID "xxx"`, "$ stackit mongodbflex user create --instance-id xxx"), examples.NewExample( `Create a Secrets Manager user for instance with ID "xxx" and description "yyy"`, - "$ stackit mongodbflex user create --instance-id xxx --description yyy"), + "$ stackit secrets-manager user create --instance-id xxx --description yyy"), examples.NewExample( - `Create a Secrets Manager user for instance with ID "xxx" and doesn't display the password`, - "$ stackit mongodbflex user create --instance-id xxx --hide-password"), + `Create a Secrets Manager user for instance with ID "xxx" and hides the generated password`, + "$ stackit secrets-manager user create --instance-id xxx --hide-password"), examples.NewExample( `Create a Secrets Manager user for instance with ID "xxx" with write access to the secrets engine`, - "$ stackit mongodbflex user create --instance-id xxx --write"), + "$ stackit secrets-manager user create --instance-id xxx --write"), ), Args: args.NoArgs, RunE: func(cmd *cobra.Command, args []string) error { From becdf286578709210d7012faaf1e3d10f4b49fa2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diogo=20Ferr=C3=A3o?= Date: Wed, 6 Mar 2024 11:28:43 +0000 Subject: [PATCH 10/10] Address comments --- internal/cmd/secrets-manager/user/create/create.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/internal/cmd/secrets-manager/user/create/create.go b/internal/cmd/secrets-manager/user/create/create.go index 82dcf9785..2f9b17481 100644 --- a/internal/cmd/secrets-manager/user/create/create.go +++ b/internal/cmd/secrets-manager/user/create/create.go @@ -38,11 +38,12 @@ func NewCmd() *cobra.Command { cmd := &cobra.Command{ Use: "create", Short: "Creates a Secrets Manager user", - Long: "Creates a Secrets Manager user.", + Long: fmt.Sprintf("%s\n%s\n%s", + "Creates a Secrets Manager user.", + "The username and password are auto-generated and provided upon creation.", + "A description can be provided to identify a user.", + ), Example: examples.Build( - examples.NewExample( - `Create a Secrets Manager user for instance with ID "xxx"`, - "$ stackit mongodbflex user create --instance-id xxx"), examples.NewExample( `Create a Secrets Manager user for instance with ID "xxx" and description "yyy"`, "$ stackit secrets-manager user create --instance-id xxx --description yyy"),