86 lines
2.3 KiB
Go
86 lines
2.3 KiB
Go
package cmd
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/mirivlad/sshkeeper/internal/model"
|
|
"github.com/mirivlad/sshkeeper/internal/ssh"
|
|
"github.com/mirivlad/sshkeeper/internal/vault"
|
|
)
|
|
|
|
const (
|
|
secretSSHPassword = "ssh_password"
|
|
secretKeyPassphrase = "key_passphrase"
|
|
secretSudoPassword = "sudo_password"
|
|
)
|
|
|
|
var serverSecretTypes = []string{
|
|
secretSSHPassword,
|
|
secretKeyPassphrase,
|
|
secretSudoPassword,
|
|
}
|
|
|
|
func serverSecretID(alias, secretType string) string {
|
|
return fmt.Sprintf("server:%s:%s", alias, secretType)
|
|
}
|
|
|
|
func cleanupServerSecrets(v *vault.Vault, alias string) {
|
|
for _, secretType := range serverSecretTypes {
|
|
v.Delete(serverSecretID(alias, secretType))
|
|
}
|
|
}
|
|
|
|
func syncServerSecrets(v *vault.Vault, oldAlias string, server *model.Server, secret string) error {
|
|
if oldAlias == "" {
|
|
oldAlias = server.Alias
|
|
}
|
|
if oldAlias != server.Alias {
|
|
for _, secretType := range serverSecretTypes {
|
|
oldID := serverSecretID(oldAlias, secretType)
|
|
data, err := v.Get(oldID)
|
|
if err == nil {
|
|
if err := v.Put(serverSecretID(server.Alias, secretType), secretType, data); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
v.Delete(oldID)
|
|
}
|
|
}
|
|
|
|
switch server.AuthMethod {
|
|
case model.AuthPassword:
|
|
v.Delete(serverSecretID(server.Alias, secretKeyPassphrase))
|
|
if secret != "" {
|
|
return v.Put(serverSecretID(server.Alias, secretSSHPassword), secretSSHPassword, []byte(secret))
|
|
}
|
|
case model.AuthKeyPassphrase:
|
|
v.Delete(serverSecretID(server.Alias, secretSSHPassword))
|
|
if secret != "" {
|
|
return v.Put(serverSecretID(server.Alias, secretKeyPassphrase), secretKeyPassphrase, []byte(secret))
|
|
}
|
|
default:
|
|
v.Delete(serverSecretID(server.Alias, secretSSHPassword))
|
|
v.Delete(serverSecretID(server.Alias, secretKeyPassphrase))
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func deleteVaultSecrets(v *vault.Vault, alias string, secretType string) error {
|
|
if secretType != "" {
|
|
v.Delete(serverSecretID(alias, secretType))
|
|
return nil
|
|
}
|
|
cleanupServerSecrets(v, alias)
|
|
return nil
|
|
}
|
|
|
|
func formTestVaultFunc(getVault ssh.VaultFunc, server *model.Server, formSecret string) ssh.VaultFunc {
|
|
return func(serverAlias string, secretType string) (string, error) {
|
|
if (secretType == secretSSHPassword || secretType == secretKeyPassphrase) && formSecret != "" {
|
|
return formSecret, nil
|
|
}
|
|
return getVault(serverAlias, secretType)
|
|
}
|
|
}
|