restic/cmd/restic/cmd_key.go

package main

import (
	"context"
	"fmt"

	"github.com/restic/restic/internal/errors"
	"github.com/restic/restic/internal/repository"
	"github.com/restic/restic/internal/restic"

	"github.com/spf13/cobra"
)

var cmdKey = &cobra.Command{
	Use:   "key [list|add|remove|passwd] [ID]",
	Short: "Manage keys (passwords)",
	Long: `
The "key" command manages keys (passwords) for accessing the repository.
`,
	DisableAutoGenTag: true,
	RunE: func(cmd *cobra.Command, args []string) error {
		return runKey(globalOptions, args)
	},
}

func init() {
	cmdRoot.AddCommand(cmdKey)
}

func listKeys(ctx context.Context, s *repository.Repository) error {
	tab := NewTable()
	tab.Header = fmt.Sprintf(" %-10s  %-10s  %-10s  %s", "ID", "User", "Host", "Created")
	tab.RowFormat = "%s%-10s  %-10s  %-10s  %s"

	err := s.List(ctx, restic.KeyFile, func(id restic.ID, size int64) error {
		k, err := repository.LoadKey(ctx, s, id.String())
		if err != nil {
			Warnf("LoadKey() failed: %v\n", err)
			return nil
		}

		var current string
		if id.String() == s.KeyName() {
			current = "*"
		} else {
			current = " "
		}
		tab.Rows = append(tab.Rows, []interface{}{current, id.Str(),
			k.Username, k.Hostname, k.Created.Format(TimeFormat)})
		return nil
	})
	if err != nil {
		return err
	}

	return tab.Write(globalOptions.stdout)
}

// testKeyNewPassword is used to set a new password during integration testing.
var testKeyNewPassword string

func getNewPassword(gopts GlobalOptions) (string, error) {
	if testKeyNewPassword != "" {
		return testKeyNewPassword, nil
	}

	// Since we already have an open repository, temporary remove the password
	// to prompt the user for the passwd.
	newopts := gopts
	newopts.password = ""

	return ReadPasswordTwice(newopts,
		"enter password for new key: ",
		"enter password again: ")
}

func addKey(gopts GlobalOptions, repo *repository.Repository) error {
	pw, err := getNewPassword(gopts)
	if err != nil {
		return err
	}

	id, err := repository.AddKey(gopts.ctx, repo, pw, repo.Key())
	if err != nil {
		return errors.Fatalf("creating new key failed: %v\n", err)
	}

	Verbosef("saved new key as %s\n", id)

	return nil
}

func deleteKey(ctx context.Context, repo *repository.Repository, name string) error {
	if name == repo.KeyName() {
		return errors.Fatal("refusing to remove key currently used to access repository")
	}

	h := restic.Handle{Type: restic.KeyFile, Name: name}
	err := repo.Backend().Remove(ctx, h)
	if err != nil {
		return err
	}

	Verbosef("removed key %v\n", name)
	return nil
}

func changePassword(gopts GlobalOptions, repo *repository.Repository) error {
	pw, err := getNewPassword(gopts)
	if err != nil {
		return err
	}

	id, err := repository.AddKey(gopts.ctx, repo, pw, repo.Key())
	if err != nil {
		return errors.Fatalf("creating new key failed: %v\n", err)
	}

	h := restic.Handle{Type: restic.KeyFile, Name: repo.KeyName()}
	err = repo.Backend().Remove(gopts.ctx, h)
	if err != nil {
		return err
	}

	Verbosef("saved new key as %s\n", id)

	return nil
}

func runKey(gopts GlobalOptions, args []string) error {
	if len(args) < 1 || (args[0] == "remove" && len(args) != 2) || (args[0] != "remove" && len(args) != 1) {
		return errors.Fatal("wrong number of arguments")
	}

	ctx, cancel := context.WithCancel(gopts.ctx)
	defer cancel()

	repo, err := OpenRepository(gopts)
	if err != nil {
		return err
	}

	switch args[0] {
	case "list":
		lock, err := lockRepo(repo)
		defer unlockRepo(lock)
		if err != nil {
			return err
		}

		return listKeys(ctx, repo)
	case "add":
		lock, err := lockRepo(repo)
		defer unlockRepo(lock)
		if err != nil {
			return err
		}

		return addKey(gopts, repo)
	case "remove":
		lock, err := lockRepoExclusive(repo)
		defer unlockRepo(lock)
		if err != nil {
			return err
		}

		id, err := restic.Find(repo.Backend(), restic.KeyFile, args[1])
		if err != nil {
			return err
		}

		return deleteKey(gopts.ctx, repo, id)
	case "passwd":
		lock, err := lockRepoExclusive(repo)
		defer unlockRepo(lock)
		if err != nil {
			return err
		}

		return changePassword(gopts, repo)
	}

	return nil
}
Add command "key list" 2014-11-25 22:52:53 +01:00			`package main`

			`import (`
Adapt `key` command to context world. 2017-03-08 20:17:30 +01:00			`"context"`
Add command "key list" 2014-11-25 22:52:53 +01:00			`"fmt"`
Run goimports 2017-07-23 14:21:03 +02:00
			`"github.com/restic/restic/internal/errors"`
			`"github.com/restic/restic/internal/repository"`
Move restic package to internal/restic 2017-07-24 17:42:25 +02:00			`"github.com/restic/restic/internal/restic"`
Adapt `key` command to context world. 2017-03-08 20:17:30 +01:00
			`"github.com/spf13/cobra"`
Add command "key list" 2014-11-25 22:52:53 +01:00			`)`

Use cobra for all commands 2016-09-17 12:36:05 +02:00			`var cmdKey = &cobra.Command{`
Change key rm command to key remove Change key rm command to key remove, to follow manual and other commands 2017-08-17 11:03:26 -03:00			`Use: "key [list\|add\|remove\|passwd] [ID]",`
Capitalize short help commands Unify existing Cobra help command, and git-help's style. 2017-09-11 09:32:44 -07:00			`Short: "Manage keys (passwords)",`
Use cobra for all commands 2016-09-17 12:36:05 +02:00			Long: `
Consistently refer to 'the' instead of 'a' repository in help text 2017-02-13 16:05:25 +01:00			`The "key" command manages keys (passwords) for accessing the repository.`
Use cobra for all commands 2016-09-17 12:36:05 +02:00			`,
manpage: Remove auto gen tag from man page 2017-08-06 21:02:16 +02:00			`DisableAutoGenTag: true,`
Use cobra for all commands 2016-09-17 12:36:05 +02:00			`RunE: func(cmd *cobra.Command, args []string) error {`
			`return runKey(globalOptions, args)`
			`},`
Restructure `cmd/restic`, no functional changes 2015-06-21 13:02:56 +02:00			`}`
Refactor commands 2014-12-07 16:30:52 +01:00
Move command init into cmd_* files 2014-11-30 22:39:58 +01:00			`func init() {`
Use cobra for all commands 2016-09-17 12:36:05 +02:00			`cmdRoot.AddCommand(cmdKey)`
Move command init into cmd_* files 2014-11-30 22:39:58 +01:00			`}`

Adapt `key` command to context world. 2017-03-08 20:17:30 +01:00			`func listKeys(ctx context.Context, s *repository.Repository) error {`
Add command "key list" 2014-11-25 22:52:53 +01:00			`tab := NewTable()`
Show currently used key in 'key list' 2014-11-27 23:26:19 +01:00			`tab.Header = fmt.Sprintf(" %-10s %-10s %-10s %s", "ID", "User", "Host", "Created")`
			`tab.RowFormat = "%s%-10s %-10s %-10s %s"`
Add command "key list" 2014-11-25 22:52:53 +01:00
Fix calls to repo/backend.List() everywhere 2018-01-21 17:25:36 +01:00			`err := s.List(ctx, restic.KeyFile, func(id restic.ID, size int64) error {`
Add context to restic packages 2017-06-04 11:16:55 +02:00			`k, err := repository.LoadKey(ctx, s, id.String())`
Add command "key list" 2014-11-25 22:52:53 +01:00			`if err != nil {`
Use cobra for all commands 2016-09-17 12:36:05 +02:00			`Warnf("LoadKey() failed: %v\n", err)`
Fix calls to repo/backend.List() everywhere 2018-01-21 17:25:36 +01:00			`return nil`
Add command "key list" 2014-11-25 22:52:53 +01:00			`}`

Show currently used key in 'key list' 2014-11-27 23:26:19 +01:00			`var current string`
Move FindSnapshot, make Repository.List() return IDs 2015-05-17 20:48:59 +02:00			`if id.String() == s.KeyName() {`
Show currently used key in 'key list' 2014-11-27 23:26:19 +01:00			`current = "*"`
			`} else {`
			`current = " "`
			`}`
Use cobra for all commands 2016-09-17 12:36:05 +02:00			`tab.Rows = append(tab.Rows, []interface{}{current, id.Str(),`
Add command "key list" 2014-11-25 22:52:53 +01:00			`k.Username, k.Hostname, k.Created.Format(TimeFormat)})`
Fix calls to repo/backend.List() everywhere 2018-01-21 17:25:36 +01:00			`return nil`
			`})`
			`if err != nil {`
			`return err`
Refactor backends 2015-03-28 11:50:23 +01:00			`}`
Add command "key list" 2014-11-25 22:52:53 +01:00
Use cobra for all commands 2016-09-17 12:36:05 +02:00			`return tab.Write(globalOptions.stdout)`
Add command "key list" 2014-11-25 22:52:53 +01:00			`}`

Use cobra for all commands 2016-09-17 12:36:05 +02:00			`// testKeyNewPassword is used to set a new password during integration testing.`
			`var testKeyNewPassword string`

			`func getNewPassword(gopts GlobalOptions) (string, error) {`
			`if testKeyNewPassword != "" {`
			`return testKeyNewPassword, nil`
Add command "key add" 2014-11-25 23:07:00 +01:00			`}`

Refactor password resolving. Instead of determining the password lazily during ReadPassword(), do so now in cobra.PersistentPreRunE() so we can store the result in the globalOptions and reuse/override when applicable without having to worry about the environment or flag options interfering. 2017-07-24 23:01:16 +02:00			`// Since we already have an open repository, temporary remove the password`
			`// to prompt the user for the passwd.`
Force restic to ask the password when adding a key. As `restic key add` uses the same `ReadPasswordTwice()` as the rest of restic, it is sensitive to the environment variable RESTIC_PASSWORD or --password-file= override. When asking for the new key, temporary remove these 2 overrides, forcing the password to be asked. 2017-07-24 22:00:44 +02:00			`newopts := gopts`
			`newopts.password = ""`

			`return ReadPasswordTwice(newopts,`
Add integration test for key handling 2015-06-21 15:01:52 +02:00			`"enter password for new key: ",`
			`"enter password again: ")`
Refactor configuration of cache dir and repository 2015-05-09 21:50:10 +02:00			`}`

Use cobra for all commands 2016-09-17 12:36:05 +02:00			`func addKey(gopts GlobalOptions, repo *repository.Repository) error {`
			`pw, err := getNewPassword(gopts)`
Add option to read the password from a file 2016-09-12 14:08:51 +02:00			`if err != nil {`
			`return err`
			`}`

use global context for check, debug, dump, find, forget, init, key, list, mount, tag, unlock commands gh-1434 2017-12-06 07:02:55 -05:00			`id, err := repository.AddKey(gopts.ctx, repo, pw, repo.Key())`
Add command "key add" 2014-11-25 23:07:00 +01:00			`if err != nil {`
Create package restic/errors 2016-09-01 22:17:37 +02:00			`return errors.Fatalf("creating new key failed: %v\n", err)`
Add command "key add" 2014-11-25 23:07:00 +01:00			`}`

Use cobra for all commands 2016-09-17 12:36:05 +02:00			`Verbosef("saved new key as %s\n", id)`
Add command "key add" 2014-11-25 23:07:00 +01:00
			`return nil`
			`}`

use global context for check, debug, dump, find, forget, init, key, list, mount, tag, unlock commands gh-1434 2017-12-06 07:02:55 -05:00			`func deleteKey(ctx context.Context, repo *repository.Repository, name string) error {`
Rename variables 2015-05-09 13:32:52 +02:00			`if name == repo.KeyName() {`
Create package restic/errors 2016-09-01 22:17:37 +02:00			`return errors.Fatal("refusing to remove key currently used to access repository")`
Add command "key rm" 2014-11-25 23:18:02 +01:00			`}`

Normalise the backend API This makes the following changes, before: type backend interface { // Test a boolean value whether a File with the name and type exists. Test(t FileType, name string) (bool, error) // Remove removes a File with type t and name. Remove(t FileType, name string) error } After: type backend interface { // Test a boolean value whether a File with the name and type exists. Test(h Handle) (bool, error) // Remove removes a File with type t and name. Remove(h Handle) error } 2017-01-25 17:48:35 +01:00			`h := restic.Handle{Type: restic.KeyFile, Name: name}`
use global context for check, debug, dump, find, forget, init, key, list, mount, tag, unlock commands gh-1434 2017-12-06 07:02:55 -05:00			`err := repo.Backend().Remove(ctx, h)`
Add command "key rm" 2014-11-25 23:18:02 +01:00			`if err != nil {`
			`return err`
			`}`

Use cobra for all commands 2016-09-17 12:36:05 +02:00			`Verbosef("removed key %v\n", name)`
Add command "key rm" 2014-11-25 23:18:02 +01:00			`return nil`
			`}`

Use cobra for all commands 2016-09-17 12:36:05 +02:00			`func changePassword(gopts GlobalOptions, repo *repository.Repository) error {`
			`pw, err := getNewPassword(gopts)`
Add option to read the password from a file 2016-09-12 14:08:51 +02:00			`if err != nil {`
			`return err`
			`}`

use global context for check, debug, dump, find, forget, init, key, list, mount, tag, unlock commands gh-1434 2017-12-06 07:02:55 -05:00			`id, err := repository.AddKey(gopts.ctx, repo, pw, repo.Key())`
Add command "key change" to change repository password 2014-11-25 23:23:09 +01:00			`if err != nil {`
Create package restic/errors 2016-09-01 22:17:37 +02:00			`return errors.Fatalf("creating new key failed: %v\n", err)`
Add command "key change" to change repository password 2014-11-25 23:23:09 +01:00			`}`

Normalise the backend API This makes the following changes, before: type backend interface { // Test a boolean value whether a File with the name and type exists. Test(t FileType, name string) (bool, error) // Remove removes a File with type t and name. Remove(t FileType, name string) error } After: type backend interface { // Test a boolean value whether a File with the name and type exists. Test(h Handle) (bool, error) // Remove removes a File with type t and name. Remove(h Handle) error } 2017-01-25 17:48:35 +01:00			`h := restic.Handle{Type: restic.KeyFile, Name: repo.KeyName()}`
use global context for check, debug, dump, find, forget, init, key, list, mount, tag, unlock commands gh-1434 2017-12-06 07:02:55 -05:00			`err = repo.Backend().Remove(gopts.ctx, h)`
Add command "key change" to change repository password 2014-11-25 23:23:09 +01:00			`if err != nil {`
			`return err`
			`}`

Use cobra for all commands 2016-09-17 12:36:05 +02:00			`Verbosef("saved new key as %s\n", id)`
Add command "key change" to change repository password 2014-11-25 23:23:09 +01:00
			`return nil`
			`}`

Use cobra for all commands 2016-09-17 12:36:05 +02:00			`func runKey(gopts GlobalOptions, args []string) error {`
Change key rm command to key remove Change key rm command to key remove, to follow manual and other commands 2017-08-17 11:03:26 -03:00			`if len(args) < 1 \|\| (args[0] == "remove" && len(args) != 2) \|\| (args[0] != "remove" && len(args) != 1) {`
Use non-formatting functions of errors for strings Commands used: $ gofmt -w -r 'errors.Fatalf(x) -> errors.Fatal(x)' src $ gofmt -w -r 'errors.Errorf(x) -> errors.New(x)' src Closes #789 2017-02-10 19:39:49 +01:00			`return errors.Fatal("wrong number of arguments")`
Refactor commands 2014-12-07 16:30:52 +01:00			`}`

Adapt `key` command to context world. 2017-03-08 20:17:30 +01:00			`ctx, cancel := context.WithCancel(gopts.ctx)`
			`defer cancel()`

Use cobra for all commands 2016-09-17 12:36:05 +02:00			`repo, err := OpenRepository(gopts)`
Refactor commands 2014-12-07 16:30:52 +01:00			`if err != nil {`
			`return err`
Add command "key list" 2014-11-25 22:52:53 +01:00			`}`

			`switch args[0] {`
			`case "list":`
cmd/restic: Do not require exclusive lock for listing keys 2015-06-27 15:06:41 +02:00			`lock, err := lockRepo(repo)`
			`defer unlockRepo(lock)`
			`if err != nil {`
			`return err`
			`}`

Adapt `key` command to context world. 2017-03-08 20:17:30 +01:00			`return listKeys(ctx, repo)`
Add command "key add" 2014-11-25 23:07:00 +01:00			`case "add":`
cmd/restic: Do not require exclusive lock for listing keys 2015-06-27 15:06:41 +02:00			`lock, err := lockRepo(repo)`
			`defer unlockRepo(lock)`
			`if err != nil {`
			`return err`
			`}`

Use cobra for all commands 2016-09-17 12:36:05 +02:00			`return addKey(gopts, repo)`
Change key rm command to key remove Change key rm command to key remove, to follow manual and other commands 2017-08-17 11:03:26 -03:00			`case "remove":`
cmd/restic: Do not require exclusive lock for listing keys 2015-06-27 15:06:41 +02:00			`lock, err := lockRepoExclusive(repo)`
			`defer unlockRepo(lock)`
			`if err != nil {`
			`return err`
			`}`

Fix cmds/restic for new structure 2016-09-01 16:04:29 +02:00			`id, err := restic.Find(repo.Backend(), restic.KeyFile, args[1])`
Add command "key rm" 2014-11-25 23:18:02 +01:00			`if err != nil {`
			`return err`
			`}`

use global context for check, debug, dump, find, forget, init, key, list, mount, tag, unlock commands gh-1434 2017-12-06 07:02:55 -05:00			`return deleteKey(gopts.ctx, repo, id)`
rename "change" to "passwd" 2015-04-25 02:42:52 -04:00			`case "passwd":`
cmd/restic: Do not require exclusive lock for listing keys 2015-06-27 15:06:41 +02:00			`lock, err := lockRepoExclusive(repo)`
			`defer unlockRepo(lock)`
			`if err != nil {`
			`return err`
			`}`

Use cobra for all commands 2016-09-17 12:36:05 +02:00			`return changePassword(gopts, repo)`
Add command "key list" 2014-11-25 22:52:53 +01:00			`}`

			`return nil`
			`}`