enpass-cli now has JSON support

2024-11-07 17:44:28 +01:00
parent b356b08069
commit 8d7a6403b5
2 changed files with 52 additions and 43 deletions
--- a/lib/kamal/secrets/adapters/enpass.rb
+++ b/lib/kamal/secrets/adapters/enpass.rb
@@ -15,10 +15,9 @@ class Kamal::Secrets::Adapters::Enpass < Kamal::Secrets::Adapters::Base
      secrets_titles = fetch_secret_titles(secrets)
      # Enpass outputs result as stderr, I did not find a way to stub backticks and output to stderr. Open3 did the job.
-      _stdout, stderr, status = Open3.capture3("enpass-cli -vault #{account.shellescape} show #{secrets_titles.map(&:shellescape).join(" ")}")
+      result = `enpass-cli -json -vault #{account.shellescape} show #{secrets.map(&:shellescape).join(" ")}`.strip
      raise RuntimeError, "Could not read #{secrets} from Enpass" unless status.success?
-      parse_result_and_take_secrets(stderr, secrets)
+      parse_result_and_take_secrets(result, secrets)
    end
    def check_dependencies!
@@ -31,32 +30,36 @@ class Kamal::Secrets::Adapters::Enpass < Kamal::Secrets::Adapters::Base
    end
    def fetch_secret_titles(secrets)
-      secrets.reduce(Set.new) do |acc, secret|
+      secrets.reduce(Set.new) do |secret_titles, secret|
-        # Sometimes secrets contain a '/', sometimes not
+        # Sometimes secrets contain a '/', when the intent is to fetch a single password for an item. Example: FooBar/DB_PASSWORD
        # Another case is, when the intent is to fetch all passwords for an item. Example: FooBar (and FooBar may have multiple different passwords)
        key, separator, value = secret.rpartition("/")
        if key.empty?
-          acc << value
+          secret_titles << value
        else
-          acc << key
+          secret_titles << key
        end
      end.to_a
    end
    def parse_result_and_take_secrets(unparsed_result, secrets)
-      unparsed_result.split("\n").reduce({}) do |acc, line|
+      result = JSON.parse(unparsed_result)
-        title = line[/title:\s{1}(\w+)/, 1]
+
-        label = line[/label:\s{1}(.*?)\s{2}/, 1]
+      result.reduce({}) do |secrets_with_passwords, item|
-        password = line[/password:\s{1}([^"]+)/, 1]
+        title = item["title"]
        label = item["label"]
        password = item["password"]
        if title && password.present?
          key = [ title, label ].compact.reject(&:empty?).join("/")
        if title && !password.to_s.empty?
          key = label.nil? || label.empty? ? title : "#{title}/#{label}"
          if secrets.include?(title) || secrets.include?(key)
-            raise RuntimeError, "#{key} is present more than once" if acc[key]
+            raise RuntimeError, "#{key} is present more than once" if secrets_with_passwords[key]
-            acc[key] = password
+            secrets_with_passwords[key] = password
          end
        end
-        acc
+        secrets_with_passwords
      end
    end
 end
--- a/test/secrets/enpass_adapter_test.rb
+++ b/test/secrets/enpass_adapter_test.rb
@@ -18,11 +18,11 @@ class EnpassAdapterTest < SecretAdapterTestCase
  test "fetch one item" do
    stub_ticks_with("enpass-cli version 2> /dev/null")
-    stderr_response = <<~RESULT
+    stub_ticks
-    time="2024-11-03T13:34:39+01:00" level=info msg="> title: FooBar  login:   cat.: computer  label: SECRET_1  password: my-password-1
+      .with("enpass-cli -json -vault vault-path show FooBar/SECRET_1")
-    RESULT
+      .returns(<<~JSON)
-
+      [{"category":"computer","label":"SECRET_1","login":"","password":"my-password-1","title":"FooBar","type":"password"}]
-    Open3.stubs(:capture3).returns([ "", stderr_response, OpenStruct.new(success?: true) ])
+      JSON
    json = JSON.parse(shellunescape(run_command("fetch", "FooBar/SECRET_1")))
@@ -34,13 +34,15 @@ class EnpassAdapterTest < SecretAdapterTestCase
  test "fetch multiple items" do
    stub_ticks_with("enpass-cli version 2> /dev/null")
-    stderr_response = <<~RESULT
+    stub_ticks
-    time="2024-11-03T13:34:39+01:00" level=info msg="> title: FooBar  login:   cat.: computer  label: SECRET_1  password: my-password-1
+      .with("enpass-cli -json -vault vault-path show FooBar/SECRET_1 FooBar/SECRET_2")
-    time="2024-11-03T13:34:39+01:00" level=info msg="> title: FooBar  login:   cat.: computer  label: SECRET_2  password: my-password-2
+      .returns(<<~JSON)
-    time="2024-11-03T13:34:39+01:00" level=info msg="> title: Hello  login:   cat.: computer  label: SECRET_3  password: my-password-3
+      [
-    RESULT
+        {"category":"computer","label":"SECRET_1","login":"","password":"my-password-1","title":"FooBar","type":"password"},
-
+        {"category":"computer","label":"SECRET_2","login":"","password":"my-password-2","title":"FooBar","type":"password"},
-    Open3.stubs(:capture3).returns([ "", stderr_response, OpenStruct.new(success?: true) ])
+        {"category":"computer","label":"SECRET_3","login":"","password":"my-password-1","title":"Hello","type":"password"}
      ]
      JSON
    json = JSON.parse(shellunescape(run_command("fetch", "FooBar/SECRET_1", "FooBar/SECRET_2")))
@@ -52,13 +54,15 @@ class EnpassAdapterTest < SecretAdapterTestCase
  test "fetch multiple items with from" do
    stub_ticks_with("enpass-cli version 2> /dev/null")
-    stderr_response = <<~RESULT
+    stub_ticks
-    time="2024-11-03T13:34:39+01:00" level=info msg="> title: FooBar  login:   cat.: computer  label: SECRET_1  password: my-password-1
+      .with("enpass-cli -json -vault vault-path show FooBar/SECRET_1 FooBar/SECRET_2")
-    time="2024-11-03T13:34:39+01:00" level=info msg="> title: FooBar  login:   cat.: computer  label: SECRET_2  password: my-password-2
+      .returns(<<~JSON)
-    time="2024-11-03T13:34:39+01:00" level=info msg="> title: Hello  login:   cat.: computer  label: SECRET_3  password: my-password-3
+      [
-    RESULT
+        {"category":"computer","label":"SECRET_1","login":"","password":"my-password-1","title":"FooBar","type":"password"},
-
+        {"category":"computer","label":"SECRET_2","login":"","password":"my-password-2","title":"FooBar","type":"password"},
-    Open3.stubs(:capture3).returns([ "", stderr_response, OpenStruct.new(success?: true) ])
+        {"category":"computer","label":"SECRET_3","login":"","password":"my-password-1","title":"Hello","type":"password"}
      ]
      JSON
    json = JSON.parse(shellunescape(run_command("fetch", "--from", "FooBar", "SECRET_1", "SECRET_2")))
@@ -70,14 +74,16 @@ class EnpassAdapterTest < SecretAdapterTestCase
  test "fetch all with from" do
    stub_ticks_with("enpass-cli version 2> /dev/null")
-    stderr_response = <<~RESULT
+    stub_ticks
-    time="2024-11-03T13:34:39+01:00" level=info msg="> title: FooBar  login:   cat.: computer  label: SECRET_1  password: my-password-1
+      .with("enpass-cli -json -vault vault-path show FooBar")
-    time="2024-11-03T13:34:39+01:00" level=info msg="> title: FooBar  login:   cat.: computer  label: SECRET_2  password: my-password-2
+      .returns(<<~JSON)
-    time="2024-11-03T13:34:39+01:00" level=info msg="> title: Hello  login:   cat.: computer  label: SECRET_3  password: my-password-3
+      [
-    time="2024-11-03T13:34:39+01:00" level=info msg="> title: FooBar  login:   cat.: computer  label:   password: my-password-3
+        {"category":"computer","label":"SECRET_1","login":"","password":"my-password-1","title":"FooBar","type":"password"},
-    RESULT
+        {"category":"computer","label":"SECRET_2","login":"","password":"my-password-2","title":"FooBar","type":"password"},
-
+        {"category":"computer","label":"SECRET_3","login":"","password":"my-password-1","title":"Hello","type":"password"},
-    Open3.stubs(:capture3).returns([ "", stderr_response, OpenStruct.new(success?: true) ])
+        {"category":"computer","label":"","login":"","password":"my-password-3","title":"FooBar","type":"password"}
      ]
      JSON
    json = JSON.parse(shellunescape(run_command("fetch", "FooBar")))