Merge pull request #49 from silasdavis/js-tests

Add JS tests

Author: gregdhill

.circleci/config.yml

@@ -63,6 +63,7 @@ jobs:
 
 workflows:
   version: 2
+  
   test_and_release:
     jobs:
       - ensure_vendor:

Gopkg.lock

@@ -140,7 +140,7 @@ test: check
 
 .PHONY: test_js
 test_js: build install
-	$(eval HID := $(shell HOARD_JSON_CONFIG=$$(hoard config -j memory) hoard -e &> /dev/null & echo $$!))
+	$(eval HID := $(shell hoard config memory -s test:secret_pass | hoard -c- &> /dev/null & echo $$!))
 	npm test
 	kill ${HID}
 
@@ -202,7 +202,7 @@ push_ci_image: build_ci_image
 
 .PHONY: npm_install
 npm_install:
-	@cd hoard-js && npm install
+	@npm install
 
 .PHONY: npm_publish
 npm_publish:

Makefile

@@ -23,7 +23,7 @@ func (client *Client) PutSeal(cmd *cli.Cmd) {
 		if *key != "" {
 			spec = grant.Spec{
 				Plaintext: nil,
-				Symmetric: &grant.SymmetricSpec{SecretID: *key},
+				Symmetric: &grant.SymmetricSpec{PublicID: *key},
 			}
 		}
 
@@ -55,7 +55,7 @@ func (client *Client) Seal(cmd *cli.Cmd) {
 		if *key != "" {
 			spec = grant.Spec{
 				Plaintext: nil,
-				Symmetric: &grant.SymmetricSpec{SecretID: *key},
+				Symmetric: &grant.SymmetricSpec{PublicID: *key},
 			}
 		}
 
@@ -85,7 +85,7 @@ func (client *Client) Reseal(cmd *cli.Cmd) {
 		if *key != "" {
 			next = grant.Spec{
 				Plaintext: nil,
-				Symmetric: &grant.SymmetricSpec{SecretID: *key},
+				Symmetric: &grant.SymmetricSpec{PublicID: *key},
 			}
 		}
 

cmd/hoarctl/grants.go

@@ -3,6 +3,7 @@ package main
 import (
 	"fmt"
 	"os"
+	"strings"
 
 	"github.com/monax/hoard/config/secrets"
 
@@ -35,7 +36,7 @@ func main() {
 		"Whether to emit any operational logging")
 
 	configFileOpt := hoardApp.StringOpt("c config", "", "Path to "+
-		"config file. If omitted default config is used.")
+		"config file. If omitted default config is used. Use '-' to read config from STDIN.")
 
 	environmentOpt := hoardApp.BoolOpt("e env", false,
 		fmt.Sprintf("Parse the contents of the environment variable %s as a complete JSON config",
@@ -111,16 +112,32 @@ func main() {
 			initOpt := configCmd.BoolOpt("i init", false, "Write file to "+
 				"XDG standard location")
 
-			arg := configCmd.StringArg("CONFIG", "", "Supported config to generate")
-			configCmd.Spec = "[--json] | (([--output=<output file>] |  [--init]) [--force])"
-			configCmd.Spec += "CONFIG"
+			secretsOpt := configCmd.StringsOpt("s secret", nil, "Pairs of PublicID and Passphrase to use as symmetric secrets in config")
+
+			arg := configCmd.StringArg("CONFIG", "", fmt.Sprintf("Config type to generate, one of: %s",
+				strings.Join(configTypes(), ", ")))
+
+			configCmd.Spec = "[--json] | (([--output=<output file>] |  [--init]) [--force]) CONFIG [--secret=<PublicID:Passphrase>...]"
 
 			configCmd.Action = func() {
 				store, err := storage.GetDefaultConfig(*arg)
 				if err != nil {
 					fatalf("Error fetching default config for %v: %v", arg, err)
 				}
 				conf.Storage = store
+				if len(*secretsOpt) > 0 {
+					conf.Secrets = &secrets.SecretsConfig{
+						Symmetric: make([]secrets.SymmetricSecret, len(*secretsOpt)),
+					}
+					for i, ss := range *secretsOpt {
+						pair := strings.Split(ss, ":")
+						if len(pair) != 2 {
+							fatalf("got symmetric secret specification '%s' but must be specified as <PublicID:Passphrase>", ss)
+						}
+						conf.Secrets.Symmetric[i].PublicID = pair[0]
+						conf.Secrets.Symmetric[i].Passphrase = pair[1]
+					}
+				}
 			}
 
 			configCmd.After = func() {
@@ -175,3 +192,12 @@ func writeFile(filename string, data []byte, overwrite bool) error {
 	}
 	return fmt.Errorf("file '%s' already exists", filename)
 }
+
+func configTypes() []string {
+	storageTypes := storage.GetStorageTypes()
+	configTypes := make([]string, len(storageTypes))
+	for i, st := range storageTypes {
+		configTypes[i] = string(st)
+	}
+	return configTypes
+}

cmd/hoard/main.go

@@ -9,18 +9,21 @@ import (
 // and OpenPGP identifies an entity in the given keyring
 type SecretsConfig struct {
 	Symmetric []SymmetricSecret
-	OpenPGP   OpenPGPSecret
+	OpenPGP   *OpenPGPSecret
 }
 
 type SymmetricSecret struct {
-	ID         string
+	// An identifier for this secret that will be stored in the clear with the grant
+	PublicID   string
 	Passphrase string
 }
 
 type OpenPGPSecret struct {
-	ID   string
-	File string
-	Data []byte
+	// A private (though not secret) identifier that points to a PGP keyring that this instance of hoard
+	// will use to provide PGP grants
+	PrivateID string
+	File      string
+	Data      []byte
 }
 
 type Manager struct {
@@ -48,7 +51,7 @@ func ProviderFromConfig(conf *SecretsConfig) SymmetricProvider {
 	}
 	secs := make(map[string][]byte, len(conf.Symmetric))
 	for _, s := range conf.Symmetric {
-		secs[s.ID] = []byte(s.Passphrase)
+		secs[s.PublicID] = []byte(s.Passphrase)
 	}
 	return func(id string) []byte {
 		return secs[id]
@@ -57,13 +60,13 @@ func ProviderFromConfig(conf *SecretsConfig) SymmetricProvider {
 
 // OpenPGPFromConfig reads a given PGP keyring
 func OpenPGPFromConfig(conf *SecretsConfig) *OpenPGPSecret {
-	if conf == nil || conf.OpenPGP.File == "" {
+	if conf == nil || conf.OpenPGP == nil {
 		return nil
 	}
 	keyRing, err := ioutil.ReadFile(conf.OpenPGP.File)
 	if err != nil {
 		return nil
 	}
 	conf.OpenPGP.Data = keyRing
-	return &conf.OpenPGP
+	return conf.OpenPGP
 }

config/secrets/secrets.go

@@ -14,6 +14,7 @@ import (
 
 const DefaultHoardConfigFileName = "hoard.toml"
 const DefaultJSONConfigEnvironmentVariable = "HOARD_JSON_CONFIG"
+const STDINFileIdentifier = "-"
 
 type ConfigProvider interface {
 	// Description of where this provider sources its config from
@@ -151,16 +152,26 @@ func Default() *configSource {
 }
 
 func fromFile(configFile string) (*config.HoardConfig, error) {
-	bs, err := ioutil.ReadFile(configFile)
+	bs, err := readFile(configFile)
 	if err != nil {
 		return nil, fmt.Errorf("could not read config file '%s': %s",
 			configFile, err)
 	}
+	if len(bs) == 0 {
+		return nil, fmt.Errorf("empty config")
+	}
 
 	tomlString := string(bs)
 	return config.HoardConfigFromTOMLString(tomlString)
 }
 
+func readFile(configFile string) ([]byte, error) {
+	if configFile == STDINFileIdentifier {
+		return ioutil.ReadAll(os.Stdin)
+	}
+	return ioutil.ReadFile(configFile)
+}
+
 func writeLog(writer io.Writer, msg string) {
 	if writer != nil {
 		writer.Write(([]byte)(msg))

config/source/source.go

@@ -49,8 +49,18 @@ func NewStorageConfig(storageType StorageType, addressEncoding string) *StorageC
 	}
 }
 
-func GetDefaultConfig(c string) (*StorageConfig, error) {
+func GetStorageTypes() []StorageType {
+	return []StorageType{
+		Memory,
+		Filesystem,
+		AWS,
+		Azure,
+		GCP,
+		IPFS,
+	}
+}
 
+func GetDefaultConfig(c string) (*StorageConfig, error) {
 	switch StorageType(c) {
 	case Memory, Unspecified:
 		return DefaultMemoryConfig(), nil

config/storage/storage.go

@@ -15,7 +15,7 @@ func Seal(secret secrets.Manager, ref *reference.Ref, spec *Spec) (*Grant, error
 	case *PlaintextSpec:
 		grt.EncryptedReference = PlaintextGrant(ref)
 	case *SymmetricSpec:
-		encRef, err := SymmetricGrant(ref, secret.Provider(s.SecretID))
+		encRef, err := SymmetricGrant(ref, secret.Provider(s.PublicID))
 		if err != nil {
 			return nil, err
 		}
@@ -38,7 +38,7 @@ func Unseal(secret secrets.Manager, grt *Grant) (*reference.Ref, error) {
 	case *PlaintextSpec:
 		return PlaintextReference(grt.EncryptedReference), nil
 	case *SymmetricSpec:
-		return SymmetricReference(grt.EncryptedReference, secret.Provider(s.SecretID))
+		return SymmetricReference(grt.EncryptedReference, secret.Provider(s.PublicID))
 	case *OpenPGPSpec:
 		return OpenPGPReference(grt.EncryptedReference, secret.OpenPGP)
 	}