enpass-cli now has JSON support

This commit is contained in:
Aleksandr Lossenko
2024-11-07 17:44:28 +01:00
parent b356b08069
commit 8d7a6403b5
2 changed files with 52 additions and 43 deletions

View File

@@ -15,10 +15,9 @@ class Kamal::Secrets::Adapters::Enpass < Kamal::Secrets::Adapters::Base
secrets_titles = fetch_secret_titles(secrets) secrets_titles = fetch_secret_titles(secrets)
# Enpass outputs result as stderr, I did not find a way to stub backticks and output to stderr. Open3 did the job. # Enpass outputs result as stderr, I did not find a way to stub backticks and output to stderr. Open3 did the job.
_stdout, stderr, status = Open3.capture3("enpass-cli -vault #{account.shellescape} show #{secrets_titles.map(&:shellescape).join(" ")}") result = `enpass-cli -json -vault #{account.shellescape} show #{secrets.map(&:shellescape).join(" ")}`.strip
raise RuntimeError, "Could not read #{secrets} from Enpass" unless status.success?
parse_result_and_take_secrets(stderr, secrets) parse_result_and_take_secrets(result, secrets)
end end
def check_dependencies! def check_dependencies!
@@ -31,32 +30,36 @@ class Kamal::Secrets::Adapters::Enpass < Kamal::Secrets::Adapters::Base
end end
def fetch_secret_titles(secrets) def fetch_secret_titles(secrets)
secrets.reduce(Set.new) do |acc, secret| secrets.reduce(Set.new) do |secret_titles, secret|
# Sometimes secrets contain a '/', sometimes not # Sometimes secrets contain a '/', when the intent is to fetch a single password for an item. Example: FooBar/DB_PASSWORD
# Another case is, when the intent is to fetch all passwords for an item. Example: FooBar (and FooBar may have multiple different passwords)
key, separator, value = secret.rpartition("/") key, separator, value = secret.rpartition("/")
if key.empty? if key.empty?
acc << value secret_titles << value
else else
acc << key secret_titles << key
end end
end.to_a end.to_a
end end
def parse_result_and_take_secrets(unparsed_result, secrets) def parse_result_and_take_secrets(unparsed_result, secrets)
unparsed_result.split("\n").reduce({}) do |acc, line| result = JSON.parse(unparsed_result)
title = line[/title:\s{1}(\w+)/, 1]
label = line[/label:\s{1}(.*?)\s{2}/, 1] result.reduce({}) do |secrets_with_passwords, item|
password = line[/password:\s{1}([^"]+)/, 1] title = item["title"]
label = item["label"]
password = item["password"]
if title && password.present?
key = [ title, label ].compact.reject(&:empty?).join("/")
if title && !password.to_s.empty?
key = label.nil? || label.empty? ? title : "#{title}/#{label}"
if secrets.include?(title) || secrets.include?(key) if secrets.include?(title) || secrets.include?(key)
raise RuntimeError, "#{key} is present more than once" if acc[key] raise RuntimeError, "#{key} is present more than once" if secrets_with_passwords[key]
acc[key] = password secrets_with_passwords[key] = password
end end
end end
acc secrets_with_passwords
end end
end end
end end

View File

@@ -18,11 +18,11 @@ class EnpassAdapterTest < SecretAdapterTestCase
test "fetch one item" do test "fetch one item" do
stub_ticks_with("enpass-cli version 2> /dev/null") stub_ticks_with("enpass-cli version 2> /dev/null")
stderr_response = <<~RESULT stub_ticks
time="2024-11-03T13:34:39+01:00" level=info msg="> title: FooBar login: cat.: computer label: SECRET_1 password: my-password-1 .with("enpass-cli -json -vault vault-path show FooBar/SECRET_1")
RESULT .returns(<<~JSON)
[{"category":"computer","label":"SECRET_1","login":"","password":"my-password-1","title":"FooBar","type":"password"}]
Open3.stubs(:capture3).returns([ "", stderr_response, OpenStruct.new(success?: true) ]) JSON
json = JSON.parse(shellunescape(run_command("fetch", "FooBar/SECRET_1"))) json = JSON.parse(shellunescape(run_command("fetch", "FooBar/SECRET_1")))
@@ -34,13 +34,15 @@ class EnpassAdapterTest < SecretAdapterTestCase
test "fetch multiple items" do test "fetch multiple items" do
stub_ticks_with("enpass-cli version 2> /dev/null") stub_ticks_with("enpass-cli version 2> /dev/null")
stderr_response = <<~RESULT stub_ticks
time="2024-11-03T13:34:39+01:00" level=info msg="> title: FooBar login: cat.: computer label: SECRET_1 password: my-password-1 .with("enpass-cli -json -vault vault-path show FooBar/SECRET_1 FooBar/SECRET_2")
time="2024-11-03T13:34:39+01:00" level=info msg="> title: FooBar login: cat.: computer label: SECRET_2 password: my-password-2 .returns(<<~JSON)
time="2024-11-03T13:34:39+01:00" level=info msg="> title: Hello login: cat.: computer label: SECRET_3 password: my-password-3 [
RESULT {"category":"computer","label":"SECRET_1","login":"","password":"my-password-1","title":"FooBar","type":"password"},
{"category":"computer","label":"SECRET_2","login":"","password":"my-password-2","title":"FooBar","type":"password"},
Open3.stubs(:capture3).returns([ "", stderr_response, OpenStruct.new(success?: true) ]) {"category":"computer","label":"SECRET_3","login":"","password":"my-password-1","title":"Hello","type":"password"}
]
JSON
json = JSON.parse(shellunescape(run_command("fetch", "FooBar/SECRET_1", "FooBar/SECRET_2"))) json = JSON.parse(shellunescape(run_command("fetch", "FooBar/SECRET_1", "FooBar/SECRET_2")))
@@ -52,13 +54,15 @@ class EnpassAdapterTest < SecretAdapterTestCase
test "fetch multiple items with from" do test "fetch multiple items with from" do
stub_ticks_with("enpass-cli version 2> /dev/null") stub_ticks_with("enpass-cli version 2> /dev/null")
stderr_response = <<~RESULT stub_ticks
time="2024-11-03T13:34:39+01:00" level=info msg="> title: FooBar login: cat.: computer label: SECRET_1 password: my-password-1 .with("enpass-cli -json -vault vault-path show FooBar/SECRET_1 FooBar/SECRET_2")
time="2024-11-03T13:34:39+01:00" level=info msg="> title: FooBar login: cat.: computer label: SECRET_2 password: my-password-2 .returns(<<~JSON)
time="2024-11-03T13:34:39+01:00" level=info msg="> title: Hello login: cat.: computer label: SECRET_3 password: my-password-3 [
RESULT {"category":"computer","label":"SECRET_1","login":"","password":"my-password-1","title":"FooBar","type":"password"},
{"category":"computer","label":"SECRET_2","login":"","password":"my-password-2","title":"FooBar","type":"password"},
Open3.stubs(:capture3).returns([ "", stderr_response, OpenStruct.new(success?: true) ]) {"category":"computer","label":"SECRET_3","login":"","password":"my-password-1","title":"Hello","type":"password"}
]
JSON
json = JSON.parse(shellunescape(run_command("fetch", "--from", "FooBar", "SECRET_1", "SECRET_2"))) json = JSON.parse(shellunescape(run_command("fetch", "--from", "FooBar", "SECRET_1", "SECRET_2")))
@@ -70,14 +74,16 @@ class EnpassAdapterTest < SecretAdapterTestCase
test "fetch all with from" do test "fetch all with from" do
stub_ticks_with("enpass-cli version 2> /dev/null") stub_ticks_with("enpass-cli version 2> /dev/null")
stderr_response = <<~RESULT stub_ticks
time="2024-11-03T13:34:39+01:00" level=info msg="> title: FooBar login: cat.: computer label: SECRET_1 password: my-password-1 .with("enpass-cli -json -vault vault-path show FooBar")
time="2024-11-03T13:34:39+01:00" level=info msg="> title: FooBar login: cat.: computer label: SECRET_2 password: my-password-2 .returns(<<~JSON)
time="2024-11-03T13:34:39+01:00" level=info msg="> title: Hello login: cat.: computer label: SECRET_3 password: my-password-3 [
time="2024-11-03T13:34:39+01:00" level=info msg="> title: FooBar login: cat.: computer label: password: my-password-3 {"category":"computer","label":"SECRET_1","login":"","password":"my-password-1","title":"FooBar","type":"password"},
RESULT {"category":"computer","label":"SECRET_2","login":"","password":"my-password-2","title":"FooBar","type":"password"},
{"category":"computer","label":"SECRET_3","login":"","password":"my-password-1","title":"Hello","type":"password"},
Open3.stubs(:capture3).returns([ "", stderr_response, OpenStruct.new(success?: true) ]) {"category":"computer","label":"","login":"","password":"my-password-3","title":"FooBar","type":"password"}
]
JSON
json = JSON.parse(shellunescape(run_command("fetch", "FooBar"))) json = JSON.parse(shellunescape(run_command("fetch", "FooBar")))