mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-13 11:34:26 +00:00
c0878e4509
* docs: describe crd mode * docs: fix links * docs: fix commands and crdb resources * feat: add configure command * chore: use latest ORBOS * chore: use latest ORBOS * docs: start gitops docs * fix: compile * chore: fix build script path * chore: remove redundant prebuild * chore: add configure.go * docs: describe gitops mode * docs: point template links to main branch * docs: fix versions * feat: initialize empty keys * feat: reconfigure running ZITADEL * docs: describe crd mode * docs: fix links * docs: fix commands and crdb resources * feat: add configure command * chore: use latest ORBOS * chore: use latest ORBOS * docs: start gitops docs * fix: compile * chore: fix build script path * chore: remove redundant prebuild * chore: add configure.go * docs: describe gitops mode * docs: point template links to main branch * docs: fix versions * feat: initialize empty keys * feat: reconfigure running ZITADEL * test: fix * docs: keys are generated with configure * docs: remove keys from template * chore: pass compile time data * chore: use latest ORBOS * fix: when in-cluster, use in-cluster k8s client * fix: try in-cluster config if kubeconfig is empty * fix: reduce unneeded side effects for configure command * docs: boom version * chore: use latest ORBOS * chore: use latest ORBOS * initial commit * inital changes * commit WIP Information Architecture * commit a working state * add static assets and project * add org and fix img names * add plausible * remove img * change sidebar to easier mgmt * add openid oauth and domains * lint md * quickstarts * add auth flow * identity brokering * remove site * fix broken links * extend footer * extend readme * fix: styling * fix: zitadel logo on index * styling * border * fix: nav * fix: nav * fix: index * fix: corrected zitadelctl examples * fix: rename architecture to concepts * fix: introductions * fix: introductions * fix: introductions * docs: cli r/w secrets examples * docs: finish ZITADEL Enterprise Cloud * docs: mention ZITADEL Enterprise Cloud tier * docs: comment configuration options * docs: fix broken links * docs: move some introduction texts around * docs: twilio and email are mandatory * docs: download latest binaries Co-authored-by: Florian Forster <florian@caos.ch> Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: Stefan Benz <stefan@caos.ch>
120 lines
2.7 KiB
Go
120 lines
2.7 KiB
Go
package cmds
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"os"
|
|
|
|
"github.com/caos/orbos/pkg/kubernetes/cli"
|
|
|
|
"github.com/caos/orbos/pkg/secret"
|
|
"github.com/caos/zitadel/operator/secrets"
|
|
"github.com/spf13/cobra"
|
|
)
|
|
|
|
func WriteSecretCommand(getRv GetRootValues) *cobra.Command {
|
|
|
|
var (
|
|
value string
|
|
file string
|
|
stdin bool
|
|
cmd = &cobra.Command{
|
|
Use: "writesecret [path]",
|
|
Short: "Encrypt a secret and push it to the repository",
|
|
Long: "Encrypt a secret and push it to the repository.\nIf no path is provided, a secret can interactively be chosen from a list of all possible secrets",
|
|
Args: cobra.MaximumNArgs(1),
|
|
Example: `zitadelctl writesecret database.bucket.serviceaccountjson.encrypted --file ~/googlecloudstoragesa.json
|
|
zitadelctl writesecret database.bucket.serviceaccountjson.encrypted --value "$(cat ~/googlecloudstoragesa.json)"
|
|
cat ~/googlecloudstoragesa.json | zitadelctl writesecret database.bucket.serviceaccountjson.encrypted --stdin`,
|
|
}
|
|
)
|
|
|
|
flags := cmd.Flags()
|
|
flags.StringVar(&value, "value", "", "Secret value to encrypt")
|
|
flags.StringVarP(&file, "file", "s", "", "File containing the value to encrypt")
|
|
flags.BoolVar(&stdin, "stdin", false, "Value to encrypt is read from standard input")
|
|
|
|
cmd.RunE = func(cmd *cobra.Command, args []string) error {
|
|
rv, err := getRv()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer func() {
|
|
err = rv.ErrFunc(err)
|
|
}()
|
|
|
|
monitor := rv.Monitor
|
|
orbConfig := rv.OrbConfig
|
|
gitClient := rv.GitClient
|
|
|
|
s, err := key(value, file, stdin)
|
|
if err != nil {
|
|
monitor.Error(err)
|
|
return nil
|
|
}
|
|
|
|
path := ""
|
|
if len(args) > 0 {
|
|
path = args[0]
|
|
}
|
|
|
|
k8sClient, err := cli.Client(monitor, orbConfig, gitClient, rv.Kubeconfig, rv.Gitops)
|
|
if err != nil && !rv.Gitops {
|
|
return err
|
|
}
|
|
|
|
if err := secret.Write(
|
|
monitor,
|
|
k8sClient,
|
|
path,
|
|
s,
|
|
"zitadelctl",
|
|
fmt.Sprintf(rv.Version),
|
|
secrets.GetAllSecretsFunc(monitor, path != "", rv.Gitops, gitClient, k8sClient, orbConfig),
|
|
secrets.PushFunc(monitor, rv.Gitops, gitClient, k8sClient),
|
|
); err != nil {
|
|
monitor.Error(err)
|
|
}
|
|
return nil
|
|
}
|
|
return cmd
|
|
}
|
|
|
|
func key(value string, file string, stdin bool) (string, error) {
|
|
|
|
channels := 0
|
|
if value != "" {
|
|
channels++
|
|
}
|
|
if file != "" {
|
|
channels++
|
|
}
|
|
if stdin {
|
|
channels++
|
|
}
|
|
|
|
if channels != 1 {
|
|
return "", errors.New("Key must be provided eighter by value or by file path or by standard input")
|
|
}
|
|
|
|
if value != "" {
|
|
return value, nil
|
|
}
|
|
|
|
readFunc := func() ([]byte, error) {
|
|
return ioutil.ReadFile(file)
|
|
}
|
|
if stdin {
|
|
readFunc = func() ([]byte, error) {
|
|
return ioutil.ReadAll(os.Stdin)
|
|
}
|
|
}
|
|
|
|
key, err := readFunc()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
return string(key), err
|
|
}
|