[#148] Make secret optional when files are attached (#150)

2025-05-14 20:12:23 -04:00 · 2023-11-20 15:52:06 +01:00 · 2023-11-20 15:52:06 +01:00 · 8d29e5f6ed
commit 8d29e5f6ed
parent 62d2897e44
3 changed files with 56 additions and 26 deletions
--- a/cmd/ots-cli/cmd_create.go
+++ b/cmd/ots-cli/cmd_create.go
@ -1,6 +1,7 @@
 package main

 import (
+	"bytes"
 	"fmt"
 	"io"
 	"mime"
@ -37,6 +38,7 @@ func init() {
 	createCmd.Flags().StringSliceP("header", "H", nil, "Headers to include in the request (i.e. 'Authorization: Token ...')")
 	createCmd.Flags().String("instance", "https://ots.fyi/", "Instance to create the secret with")
 	createCmd.Flags().StringSliceP("file", "f", nil, "File(s) to attach to the secret")
+	createCmd.Flags().Bool("no-text", false, "Disable secret read (create a secret with only files)")
 	createCmd.Flags().String("secret-from", "-", `File to read the secret content from ("-" for STDIN)`)
 	createCmd.Flags().StringP("user", "u", "", "Username / Password for basic auth, specified as 'user:pass'")
 	rootCmd.AddCommand(createCmd)
@ -51,29 +53,10 @@ func createRunE(cmd *cobra.Command, _ []string) (err error) {

 	// Read the secret content
 	logrus.Info("reading secret content...")
-	secretSourceName, err := cmd.Flags().GetString("secret-from")
-	if err != nil {
-		return fmt.Errorf("getting secret-from flag: %w", err)
+	if secret.Secret, err = getSecretContent(cmd); err != nil {
+		return fmt.Errorf("getting secret content: %w", err)
 	}

-	var secretSource io.Reader
-	if secretSourceName == "-" {
-		secretSource = os.Stdin
-	} else {
-		f, err := os.Open(secretSourceName) //#nosec:G304 // Opening user specified file is intended
-		if err != nil {
-			return fmt.Errorf("opening secret-from file: %w", err)
-		}
-		defer f.Close() //nolint:errcheck // The file will be force-closed by program exit
-		secretSource = f
-	}
-
-	secretContent, err := io.ReadAll(secretSource)
-	if err != nil {
-		return fmt.Errorf("reading secret content: %w", err)
-	}
-	secret.Secret = string(secretContent)
-
 	// Attach any file given
 	files, err := cmd.Flags().GetStringSlice("file")
 	if err != nil {
@ -93,6 +76,10 @@ func createRunE(cmd *cobra.Command, _ []string) (err error) {
 		})
 	}

+	if secret.Secret == "" && secret.Attachments == nil {
+		return fmt.Errorf("secret has no content and no attachments")
+	}
+
 	// Get flags for creation
 	logrus.Info("creating the secret...")
 	instanceURL, err := cmd.Flags().GetString("instance")
@ -158,6 +145,42 @@ func constructHTTPClient(cmd *cobra.Command) (*http.Client, error) {
 	return &http.Client{Transport: t}, nil
 }

+func getSecretContent(cmd *cobra.Command) (string, error) {
+	secretSourceName, err := cmd.Flags().GetString("secret-from")
+	if err != nil {
+		return "", fmt.Errorf("getting secret-from flag: %w", err)
+	}
+
+	noSecret, err := cmd.Flags().GetBool("no-text")
+	if err != nil {
+		return "", fmt.Errorf("getting no-text flag: %w", err)
+	}
+
+	var secretSource io.Reader
+	switch {
+	case noSecret:
+		secretSource = bytes.NewReader(nil)
+
+	case secretSourceName == "-":
+		secretSource = os.Stdin
+
+	default:
+		f, err := os.Open(secretSourceName) //#nosec:G304 // Opening user specified file is intended
+		if err != nil {
+			return "", fmt.Errorf("opening secret-from file: %w", err)
+		}
+		defer f.Close() //nolint:errcheck // The file will be force-closed by program exit
+		secretSource = f
+	}
+
+	secretContent, err := io.ReadAll(secretSource)
+	if err != nil {
+		return "", fmt.Errorf("reading secret content: %w", err)
+	}
+
+	return strings.TrimSpace(string(secretContent)), nil
+}
+
 func (a authRoundTripper) RoundTrip(r *http.Request) (*http.Response, error) {
 	if a.user != "" {
 		r.SetBasicAuth(a.user, a.pass)