kbsecret 1.2.0 → 1.3.0.pre.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3b7e55fb17c53bed43e18cbd8c7a8c57aaacce276af208638d5110284f38f763
-  data.tar.gz: 3c5ea62a9a2d7d418d26369a1a55d6af2119d9328d6a86455d46be29e419e377
+  metadata.gz: 5a564bac0dc6d8ba790b99238519dd12c2e1efea7fccfbf832a69e9861cb98f7
+  data.tar.gz: 502c1bb72096256a854631bf375a30f917f04fd636b28e186ce5b5294f8830e5
 SHA512:
-  metadata.gz: bb715c6c6602411bfe70f150c1c600cd51b7513a4b4433147b75df2f2b70df9d35345a9d85698acb8db37c450e43b8cb2823e9346c8b0d2a93d7397e6353e06c
-  data.tar.gz: 6799876c9f29cd4b5ce9f39d5ec05329e6d1c3ea25e7cf49d0dd49e2d915ede5725d05222d5b68fc4d4bf9ca274195f671755f2658bc19f5bcc30974473b8156
+  metadata.gz: 8a508c3a12446379ba2947d78950f506214ee3c0f8240279cbc09592f44b119af150611a6d1addb18d5173cdb877da95ea9d1553ce0a0b2eef448b963abc47b2
+  data.tar.gz: 87c3e9ba9f42a2c5372b40a16bc7b8ce33042d34955e9ac65dff6fede1169be9214644c2d91f8b15d7e6d3eed19b1274a79c75cf2c6ac8e8f8d20d12b424f722

data/README.md

@@ -9,11 +9,11 @@ KBSecret is a command line utility and library for managing *secrets*.
 
 Quick links:
 
-* [Installation instructions](https://kbsecret.github.io/installation)
-* [Quick start guide](https://kbsecret.github.io/quickstart)
-* [CLI documentation](https://kbsecret.github.io/man/)
+* [Installation instructions](https://kbsecret.github.io/#/install/)
+* [Quick start guide](https://kbsecret.github.io/#/quickstart/)
+* [CLI documentation](https://kbsecret.github.io/man/kbsecret.1.html)
 * [API documentation](http://www.rubydoc.info/gems/kbsecret/)
-* [Customizing your installation](https://kbsecret.github.io/customization)
+* [Customizing your installation](https://kbsecret.github.io/#/customize/)
 
 ## Hacking on KBSecret
 
@@ -22,7 +22,7 @@ Want to hack on KBSecret? Here's how you can get started:
 ```bash
 $ git clone git@github.com:kbsecret/kbsecret.git && cd kbsecret
 $ bundle install --path vendor/bundle
-$ RUBYLIB=./lib PATH=./bin:${PATH} bundle exec ./bin/kbsecret help
+$ bundle exec ./bin/kbsecret help
 ```
 
 ### Manual Pages

data/bin/kbsecret

@@ -6,12 +6,6 @@ require "fileutils"
 
 BUILTIN_CMDS = %w[help version commands types].freeze
 
-INTERNAL_CMD_PATH = File.join(File.dirname(__dir__), "lib/kbsecret/cli")
-
-INTERNAL_PATHS = Dir[File.join(INTERNAL_CMD_PATH, "*")].freeze
-
-INTERNAL_CMDS = INTERNAL_PATHS.map { |p| File.basename(p).sub!("kbsecret-", "") }
-
 EXT_PATHS = ENV["PATH"].split(File::PATH_SEPARATOR).map do |path|
   Dir[File.join(path, "kbsecret-*")]
 end.flatten.uniq.freeze
@@ -27,7 +21,7 @@ ALIASES = Hash.new { |_, k| k }.update(
   "-v" => "version"
 ).freeze
 
-ALL_CMDS = (ALIASES.keys + BUILTIN_CMDS + INTERNAL_CMDS + EXT_CMDS).freeze
+ALL_CMDS = (ALIASES.keys + BUILTIN_CMDS + KBSecret::CLI::Command.command_names + EXT_CMDS).freeze
 
 KBSECRET_HELP = <<~KBSECRET_HELP
   Usage:
@@ -50,7 +44,7 @@ def migrate_configs
 end
 
 def internal?(cmd)
-  INTERNAL_CMDS.include?(cmd)
+  KBSecret::CLI::Command.command_names.include?(cmd)
 end
 
 def external?(cmd)
@@ -72,11 +66,7 @@ end
 def expand(cmd)
   return cmd if alias?(cmd) || builtin?(cmd)
 
-  if internal? cmd
-    File.join(INTERNAL_CMD_PATH, "kbsecret-#{cmd}")
-  else
-    "kbsecret-#{cmd}"
-  end
+  "kbsecret-#{cmd}"
 end
 
 def help(*args)
@@ -148,7 +138,9 @@ args = KBSecret::Config.command_args(command) + ARGV
 
 if builtin?(command)
   send command, *args
-elsif external?(command) || internal?(command)
+elsif internal?(command)
+  KBSecret::CLI::Command.run! command, *args
+elsif external?(command)
   exec expand(command), *args
 else
   KBSecret::CLI.die "Unknown command: '#{command}'."

data/lib/kbsecret/cli/command/abstract.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module KBSecret
+  class CLI
+    module Command
+      # Represents an abstract {KBSecret} command that can be subclassed to produce a more
+      # useful command. {KBSecret::CLI::Command::List} is an example of this.
+      # @abstract
+      class Abstract
+        # @return [CLI] the CLI state corresponding to the command
+        attr_reader :cli
+
+        # @return [String] the command's CLI-friendly name
+        # @example
+        #  KBSecret::CLI::Command::StashFile # => "stash-file"
+        def self.command_name
+          name.split("::")
+              .last
+              .gsub(/([^A-Z])([A-Z]+)/, '\1-\2')
+              .downcase
+        end
+
+        # @param argv [String] the arguments to call the command with
+        def initialize(argv)
+          @cli = CLI.create(argv) { |_o| nil }
+          @cli.guard do
+            yield @cli if block_given?
+          end
+        end
+
+        # Sets up any state used by the command. Implemented by children.
+        # @abstract
+        def setup!
+          nil
+        end
+
+        # Runs any validation checks required by the command. Implemented by children.
+        # @abstract
+        def validate!
+          nil
+        end
+
+        # Runs the command. Implemented by children.
+        # @abstract
+        def run!
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/kbsecret/cli/command/conf.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module KBSecret
+  class CLI
+    module Command
+      # The implementation of `kbsecret conf`.
+      class Conf < Abstract
+        def initialize(argv)
+          super(argv) do |cli|
+            cli.slop do |o|
+              o.banner = <<~HELP
+                Usage: kbsecret conf [options]
+              HELP
+
+              o.bool "-c", "--commands", "open the commands config (commands.ini)"
+              o.bool "-d", "--directory", "print the path to the config directory"
+              o.bool "-r", "--record-directory", "print the path to the custom record directory"
+            end
+          end
+        end
+
+        # @see Command::Abstract#validate!
+        def validate!
+          cli.die "Missing $EDITOR." unless ENV["EDITOR"]
+        end
+
+        # @see Command::Abstract#run!
+        def run!
+          if cli.opts.commands?
+            exec "#{ENV["EDITOR"]} #{Config::COMMAND_CONFIG_FILE}"
+          elsif cli.opts.directory?
+            puts Config::CONFIG_DIR
+          elsif cli.opts.record_directory?
+            puts Config::CUSTOM_TYPES_DIR
+          else
+            exec "#{ENV["EDITOR"]} #{Config::CONFIG_FILE}"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/kbsecret/cli/command/cp.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module KBSecret
+  class CLI
+    module Command
+      # The implementation of `kbsecret cp`.
+      class Cp < Abstract
+        def initialize(argv)
+          super(argv) do |cli|
+            cli.slop do |o|
+              o.banner = <<~HELP
+                Usage:
+                  kbsecret cp [options] <source> <destination> <record [record ...]>
+              HELP
+
+              o.bool "-f", "--force", "force copying (ignore overwrites)"
+              o.bool "-m", "--move", "delete the record after copying"
+            end
+
+            cli.dreck do
+              string :src_sess
+              string :dst_sess
+              list :string, :labels
+            end
+          end
+        end
+
+        # @see Command::Abstract#run!
+        def run!
+          cli.guard do
+            src_sess = Session[cli.args[:src_sess]]
+            dst_sess = Session[cli.args[:dst_sess]]
+
+            selected_records = src_sess.records.select { |r| cli.args[:labels].include?(r.label) }
+            cli.die "No such record(s)." if selected_records.empty?
+
+            overlaps = dst_sess.record_labels & selected_records.map(&:label)
+
+            # the code below actually handles the overwriting if necessary, but we fail early here
+            # for friendliness and to avoid half-copying the selected records
+            unless overlaps.empty? || cli.opts.force?
+              cli.die "Refusing to overwrite existing record(s) without --force."
+            end
+
+            selected_records.each do |record|
+              dst_sess.import_record(record, overwrite: cli.opts.force?)
+              src_sess.delete_record(label) if cli.opts.move?
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/kbsecret/cli/command/dump_fields.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module KBSecret
+  class CLI
+    module Command
+      # The implementation of `kbsecret dump-fields`.
+      class DumpFields < Abstract
+        def initialize(argv)
+          super(argv) do |cli|
+            cli.slop do |o|
+              o.banner = <<~HELP
+                Usage:
+                  kbsecret dump-fields [options] <record>
+              HELP
+
+              o.string "-s", "--session", "the session to search in", default: :default
+              o.bool "-x", "--terse", "output in field<sep>value format"
+              o.string "-i", "--ifs", "separate terse pairs with this string", default: CLI.ifs
+            end
+
+            cli.dreck do
+              string :label
+            end
+
+            cli.ensure_session!
+          end
+        end
+
+        # @see Command::Abstract#setup!
+        def setup!
+          @record = cli.session[cli.args[:label]]
+        end
+
+        # @see Command::Abstract#validate!
+        def validate!
+          cli.die "No such record." unless @record
+        end
+
+        # @see Command::Abstract#run!
+        def run!
+          field_values = @record.data_fields.map { |f| @record.send f }
+          field_pairs  = @record.data_fields.zip(field_values)
+
+          if cli.opts.terse?
+            puts field_pairs.map { |f, v| "#{f}#{cli.opts[:ifs]}#{v}" }.join "\n"
+          else
+            puts field_pairs.map { |f, v| "#{f}: #{v}" }.join "\n"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/kbsecret/cli/command/env.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module KBSecret
+  class CLI
+    module Command
+      # The implementation of `kbsecret env`.
+      class Env < Abstract
+        def initialize(argv)
+          super(argv) do |cli|
+            cli.slop do |o|
+              o.banner = <<~HELP
+                Usage:
+                  kbsecret env [options] <record [record ...]>
+              HELP
+
+              o.string "-s", "--session", "the session to search in", default: :default
+              o.bool "-a", "--all", "retrieve all environment records, not just listed ones"
+              o.bool "-v", "--value-only", "print only the environment value, not the key"
+              o.bool "-n", "--no-export", "print only VAR=val keypairs without `export`"
+              o.bool "-u", "--unescape-plus", "escape any pluses in the variable and/or value"
+            end
+
+            unless cli.opts.all?
+              cli.dreck do
+                list :string, :labels
+              end
+            end
+
+            cli.ensure_session!
+          end
+        end
+
+        # @see Command::Abstract#setup!
+        def setup!
+          @records = if cli.opts.all?
+                       cli.session.records :environment
+                     else
+                       cli.session.records(:environment).select do |record|
+                         cli.args[:labels].include? record.label
+                       end
+                     end
+        end
+
+        # @see Command::Abstract#validate!
+        def validate!
+          cli.die "No such record(s)." if @records.empty?
+        end
+
+        # @see Command::Abstract#run!
+        def run!
+          env_output = if cli.opts.no_export?
+                         @records.map(&:to_assignment).join(" ")
+                       elsif cli.opts.value_only?
+                         @records.map(&:value).join("\n")
+                       else
+                         @records.map(&:to_export).join("\n")
+                       end
+
+          env_output.gsub!("\\+", "+") if cli.opts.unescape_plus?
+
+          puts env_output
+        end
+      end
+    end
+  end
+end

data/lib/kbsecret/cli/command/generator.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+module KBSecret
+  class CLI
+    module Command
+      # The implementation of `kbsecret generator`.
+      class Generator < Abstract
+        # The list of subcommands supported by `kbsecret generator`.
+        SUBCOMMANDS = %w[new rm].freeze
+
+        def initialize(argv)
+          super(argv) do |cli|
+            cli.slop cmds: SUBCOMMANDS do |o|
+              o.banner = <<~HELP
+                Usage:
+                  kbsecret generator [options] <new|rm> <generator>
+              HELP
+
+              o.string "-F", "--format", "the format of the secrets generated", default: "hex"
+              o.integer "-l", "--length", "the length, in bytes, of the secrets generated",
+                        default: 16
+              o.bool "-f", "--force", "force generator creation (ignore overwrite)"
+            end
+
+            cli.dreck do
+              string :command
+              string :generator
+            end
+
+            cli.ensure_generator! :argument if cli.args[:command] == "rm"
+          end
+        end
+
+        # @see Command::Abstract#setup!
+        def setup!
+          @subcmd = cli.args[:command]
+        end
+
+        # @see Command::Abstract#validate!
+        def validate!
+          cli.die "Unknown subcommand: #{@subcmd}." unless SUBCOMMANDS.include?(@subcmd)
+        end
+
+        # @see Command::Abstract#run!
+        def run!
+          case @subcmd
+          when "new"
+            if Config.generator?(cli.args[:generator]) && !cli.opts.force?
+              cli.die "Refusing to overwrite an existing generator without --force."
+            end
+
+            Config.configure_generator(cli.args[:generator],
+                                       format: cli.opts[:format],
+                                       length: cli.opts[:length])
+          when "rm"
+            Config.deconfigure_generator(cli.args[:generator])
+          end
+        end
+      end
+    end
+  end
+end

data/lib/kbsecret/cli/command/generators.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module KBSecret
+  class CLI
+    module Command
+      # The implementation of `kbsecret generators`.
+      class Generators < Abstract
+        def initialize(argv)
+          super(argv) do |cli|
+            cli.slop do |o|
+              o.banner = <<~HELP
+                Usage:
+                  kbsecret generators [options]
+              HELP
+
+              o.bool "-a", "--show-all", "show each generator in depth (i.e. metadata)"
+            end
+          end
+        end
+
+        # @see Command::Abstract#run!
+        def run!
+          Config[:generators].each do |label, config|
+            puts label
+
+            next unless cli.opts.show_all?
+
+            puts <<~DETAIL
+              \tFormat: #{config[:format]}
+              \tLength: #{config[:length]}
+            DETAIL
+          end
+        end
+      end
+    end
+  end
+end

data/lib/kbsecret/cli/command/list.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module KBSecret
+  class CLI
+    module Command
+      # The implementation of `kbsecret list`.
+      class List < Abstract
+        def initialize(argv)
+          super(argv) do |cli|
+            cli.slop do |o|
+              o.banner = <<~HELP
+                Usage:
+                  kbsecret list [options]
+              HELP
+
+              o.string "-s", "--session", "the session to list from", default: :default
+              o.string "-t", "--type", "the type of secrets to list", default: nil
+              o.bool "-a", "--show-all", "show everything in each secret (i.e. metadata)"
+            end
+
+            cli.ensure_type! if cli.opts[:type]
+            cli.ensure_session!
+          end
+        end
+
+        # @see Command::Abstract#setup!
+        def setup!
+          @records = cli.session.records cli.opts[:type]
+        end
+
+        # @see Command::Abstract#setup!
+        def run!
+          @records.each do |record|
+            puts record.label
+
+            next unless cli.opts.show_all?
+
+            puts <<~DETAIL
+              \tType: #{record.type}
+              \tLast changed: #{Time.at(record.timestamp)}
+              \tRaw data: #{record.data}
+            DETAIL
+          end
+        end
+      end
+    end
+  end
+end

data/lib/kbsecret/cli/command/login.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module KBSecret
+  class CLI
+    module Command
+      # The implementation of `kbsecret login`.
+      class Login < Abstract
+        def initialize(argv)
+          super(argv) do |cli|
+            cli.slop do |o|
+              o.banner = <<~HELP
+                Usage:
+                  kbsecret login [options] <record [record ...]>
+              HELP
+
+              o.string "-s", "--session", "the session to search in", default: :default
+              o.bool "-a", "--all", "retrieve all login records, not just listed ones"
+              o.bool "-x", "--terse", "output in label<sep>username<sep>password format"
+              o.string "-i", "--ifs", "separate terse fields with this string", default: CLI.ifs
+            end
+
+            unless cli.opts.all?
+              cli.dreck do
+                list :string, :labels
+              end
+            end
+
+            cli.ensure_session!
+          end
+        end
+
+        # @see Command::Abstract#setup!
+        def setup!
+          @records = if cli.opts.all?
+                       cli.session.records :login
+                     else
+                       cli.session.records(:login).select do |record|
+                         cli.args[:labels].include? record.label
+                       end
+                     end
+        end
+
+        # @see Command::Abstract#validate!
+        def validate!
+          cli.die "No such record(s)." if @records.empty?
+        end
+
+        # @see Command::Abstract#run!
+        def run!
+          @records.each do |record|
+            if cli.opts.terse?
+              fields = %i[label username password].map { |m| record.send(m) }
+              puts fields.join(cli.opts[:ifs])
+            else
+              puts <<~DETAIL
+                Label: #{record.label}
+                \tUsername: #{record.username}
+                \tPassword: #{record.password}
+              DETAIL
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/kbsecret/cli/command/new.rb

@@ -0,0 +1,82 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "abbrev"
+require "tty-prompt"
+
+module KBSecret
+  class CLI
+    module Command
+      # The implementation of `kbsecret new`.
+      class New < Abstract
+        def initialize(argv)
+          super(argv) do |cli|
+            cli.slop do |o|
+              o.banner = <<~HELP
+                Usage:
+                  kbsecret new [options] <type> <label>
+              HELP
+
+              o.string "-s", "--session", "the session to contain the record", default: :default
+              o.bool "-f", "--force", "force creation (ignore overwrites, etc.)"
+              o.bool "-e", "--echo", "echo input to tty (only affects interactive input)"
+              o.bool "-G", "--generate", "generate secret fields (interactive only)"
+              o.string "-g", "--generator", "the generator to use for secret fields",
+                       default: :default
+              o.bool "-x", "--terse", "read fields from input in a terse format"
+              o.string "-i", "--ifs", "separate terse fields with this string", default: CLI.ifs
+            end
+
+            cli.dreck do
+              string :type
+              string :label
+            end
+
+            cli.ensure_generator!
+            cli.ensure_type! :argument
+            cli.ensure_session!
+          end
+        end
+
+        # @see Command::Abstract#setup!
+        def setup!
+          @label = cli.args[:label]
+          @type  = CLI::TYPE_ALIASES[cli.args[:type]]
+        end
+
+        # @see Command::Abstract#validate!
+        def validate!
+          # the code below actually handles the overwriting if necessary, but we fail early here
+          # for friendliness and to avoid prompting the user for input unnecessarily
+          if cli.session.record?(@label) && !cli.opts.force?
+            cli.die "Refusing to overwrite a record without --force."
+          end
+        end
+
+        # @see Command::Abstract#run!
+        def run!
+          generator = KBSecret::Generator.new(cli.opts[:generator]) if cli.opts.generate?
+
+          fields = if cli.opts.terse?
+                     STDIN.read.chomp.split cli.opts[:ifs]
+                   else
+                     prompt = TTY::Prompt.new
+                     klass = Record.class_for(@type)
+                     klass.external_fields.map do |field|
+                       if cli.opts.generate? && klass.sensitive?(field)
+                         generator.secret
+                       else
+                         prompt.ask "#{field.capitalize}?",
+                                    echo: !klass.sensitive?(field) || cli.opts.echo?
+                       end
+                     end
+                   end
+
+          cli.guard do
+            cli.session.add_record @type, @label, *fields, overwrite: cli.opts.force?
+          end
+        end
+      end
+    end
+  end
+end