From 222339001eb5505efa91fcc62795ca09c2aebfea Mon Sep 17 00:00:00 2001 From: Iain Powell <89025319+ipowellBT@users.noreply.github.com> Date: Tue, 27 Feb 2024 12:00:23 -0400 Subject: [PATCH] chore: linter, link, typo and formatting fixes --- .frogbot/frogbot-config.yml | 4 +- .github/dependabot.yml | 2 +- .github/release.yaml | 2 +- .github/settings.yaml | 1 - .github/workflows/codeql.yml | 7 +- .github/workflows/frogbot.yml | 6 +- .github/workflows/golint.yml | 6 +- .github/workflows/release.yml | 24 +++--- CHANGELOG.md | 2 +- CODE_OF_CONDUCT.md | 6 +- README.md | 135 +++++++++++++++++++--------------- codeql-config.yml | 2 +- 12 files changed, 105 insertions(+), 92 deletions(-) diff --git a/.frogbot/frogbot-config.yml b/.frogbot/frogbot-config.yml index 3f54720..8ea69fd 100644 --- a/.frogbot/frogbot-config.yml +++ b/.frogbot/frogbot-config.yml @@ -1,4 +1,4 @@ -- params: +- params: git: repoName: go-client-library-passwordsafe branches: @@ -8,4 +8,4 @@ failOnSecurityIssues: false projects: - workingDirs: - - "." \ No newline at end of file + - "." diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1334eb7..79fc83a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,4 +3,4 @@ updates: - package-ecosystem: github-actions directory: "/" schedule: - interval: "weekly" \ No newline at end of file + interval: "weekly" diff --git a/.github/release.yaml b/.github/release.yaml index f912e85..ae7b6f3 100644 --- a/.github/release.yaml +++ b/.github/release.yaml @@ -1 +1 @@ -releaseType: simple \ No newline at end of file +releaseType: simple diff --git a/.github/settings.yaml b/.github/settings.yaml index 35dff68..af29069 100644 --- a/.github/settings.yaml +++ b/.github/settings.yaml @@ -1,4 +1,3 @@ _extends: .github repository: private: false - diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index f103dcb..84b75d6 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -25,7 +25,6 @@ jobs: with: fetch-depth: 0 ref: ${{ github.head_ref }} - - name: Initialize CodeQL uses: github/codeql-action/init@v3 @@ -38,9 +37,9 @@ jobs: - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 - + analyze_on_branch: - name: Analyze on branch + name: Analyze on branch if: ${{ github.actor != 'dependabot[bot]' && ( github.event_name != 'pull_request' && github.event_name != 'pull_request_target' ) }} runs-on: ubuntu-latest strategy: @@ -69,4 +68,4 @@ jobs: uses: github/codeql-action/autobuild@v3 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 \ No newline at end of file + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/frogbot.yml b/.github/workflows/frogbot.yml index 630f2ec..9ad95a8 100644 --- a/.github/workflows/frogbot.yml +++ b/.github/workflows/frogbot.yml @@ -16,15 +16,15 @@ jobs: with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - + - name: Set up JFrog uses: jfrog/setup-jfrog-cli@v4 env: JF_ENV_1: ${{ secrets.ARTIFACTORY_DEPLOYER }} - + - name: Run XRay scan uses: jfrog/frogbot@v2.19.10 env: JF_URL: https://beyondtrust.jfrog.io JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_FROGBOT_TOKEN }} - JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/golint.yml b/.github/workflows/golint.yml index 8dad076..a30cfa8 100644 --- a/.github/workflows/golint.yml +++ b/.github/workflows/golint.yml @@ -5,7 +5,7 @@ on: types: [opened, synchronize] push: branches: - - main + - main workflow_dispatch: permissions: @@ -19,8 +19,8 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - + - name: Go Lint uses: golangci/golangci-lint-action@v4.0.0 with: - version: v1.54 \ No newline at end of file + version: v1.54 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3adf4e3..92b23d8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,7 +10,7 @@ on: types: [opened, synchronize] push: branches: - - main + - main workflow_dispatch: permissions: @@ -28,7 +28,7 @@ jobs: - name: Build library run: | go build - + - name: Run unit tests run: | cd api @@ -55,14 +55,14 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - + - name: Download coverage uses: actions/download-artifact@v4 with: name: coverage - name: SonarQube Scan on PR - if: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request' }} + if: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request' }} uses: sonarsource/sonarqube-scan-action@master with: projectBaseDir: . @@ -76,9 +76,9 @@ jobs: env: SONAR_TOKEN: ${{ env.SONAR_TOKEN }} SONAR_HOST_URL: https://sonar.dev.beyondtrust.com - + - name: SonarQube Scan on branch - if: ${{ github.actor != 'dependabot[bot]' && github.event_name != 'pull_request' }} + if: ${{ github.actor != 'dependabot[bot]' && github.event_name != 'pull_request' }} uses: sonarsource/sonarqube-scan-action@master with: projectBaseDir: . @@ -91,12 +91,12 @@ jobs: SONAR_HOST_URL: https://sonar.dev.beyondtrust.com - name: SonarQube Quality Gate check - if: ${{ github.actor != 'dependabot[bot]' && inputs.quality_gate_check }} + if: ${{ github.actor != 'dependabot[bot]' }} uses: sonarsource/sonarqube-quality-gate-action@master timeout-minutes: 5 env: SONAR_TOKEN: ${{ env.SONAR_TOKEN }} - + x-ray: needs: [build, sonarqube] runs-on: ubuntu-latest @@ -110,7 +110,7 @@ jobs: uses: jfrog/setup-jfrog-cli@v4.0.0 env: JF_ENV_1: ${{ secrets.ARTIFACTORY_DEPLOYER }} - + - name: Setting up artifactory run: | mkdir go-library-passwordsafe @@ -120,8 +120,8 @@ jobs: with: name: library path: go-library-passwordsafe - - - name: Send artifacts to Jfrog + + - name: Send artifacts to Jfrog run: | jfrog rt u "go-library-passwordsafe/*" ${{ env.JFROG_SERVER}} @@ -132,4 +132,4 @@ jobs: jfrog rt build-publish ${{ env.JFROG_CLI_BUILD_NAME }} ${{ env.JFROG_CLI_BUILD_NUMBER }} - name: Scan Build - run: jfrog rt build-scan ${{ env.JFROG_CLI_BUILD_NAME }} ${{ env.JFROG_CLI_BUILD_NUMBER }} \ No newline at end of file + run: jfrog rt build-scan ${{ env.JFROG_CLI_BUILD_NAME }} ${{ env.JFROG_CLI_BUILD_NUMBER }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f2f604..859c226 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ #### Bug Fixes -* solve minnor issues and linting issues ([#30](https://github.com/BeyondTrust/go-client-library-passwordsafe/issues/30)) +* solve minor issues and linting issues ([#30](https://github.com/BeyondTrust/go-client-library-passwordsafe/issues/30)) ### [0.2.0](https://github.com/BeyondTrust/go-client-library-passwordsafe/compare/v0.1.0...v0.2.0) / 2024-02-23 diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index ba39412..060177f 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -112,11 +112,11 @@ community. ## Attribution This Code of Conduct is adapted from the Contributor Covenant, version 2.1, available at -[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. +[v2.1](https://www.contributor-covenant.org/version/2/1/code_of_conduct.html). Community Impact Guidelines were inspired by Mozilla's code of conduct enforcement ladder. For answers to common questions about this code of conduct, see the FAQ at -[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at -[https://www.contributor-covenant.org/translations][translations]. \ No newline at end of file +[FAQ](https://www.contributor-covenant.org/faq). Translations are available at +[translations](https://www.contributor-covenant.org/translations). diff --git a/README.md b/README.md index 7ee35b5..1942a2a 100644 --- a/README.md +++ b/README.md @@ -3,66 +3,70 @@ # Go Client Library for Password Safe + The Go client library for Password Safe enables Go developers to easily manage passwords from Password Safe. It provide simplifications that significantly reduce the amount of code you need to write. [![License](https://img.shields.io/badge/license-MIT%20-brightgreen.svg)](LICENSE) ## Prerequisites + The library supports retrieval of secrets from BeyondInsight/Password Safe versions 23.1 or greater. ## Retrieve Secrets + - apiUrl: - - description: BeyondTrust Password Safe API URL. - - type: string - - required: True + - description: BeyondTrust Password Safe API URL. + - type: string + - required: True - clientId: - - description: API OAuth Client ID. - - type: string - - required: True + - description: API OAuth Client ID. + - type: string + - required: True - clientSecret: - - description: API OAuth Client Secret. - - type: string - - required: True + - description: API OAuth Client Secret. + - type: string + - required: True - secretPaths: - - description: List of secrets ["path/title","path/title"] or managed accounts ["ms/ma","ms/ma"] to be retrieved, separated by a comma. - - type: list - - required: True + - description: List of secrets ["path/title","path/title"] or managed accounts ["ms/ma","ms/ma"] to be retrieved, separated by a comma. + - type: list + - required: True - certificate: - - description: Content of the certificate (cert.pem) for use when authenticating with an API key using a Client Certificate. - - type: string - - required: False + - description: Content of the certificate (cert.pem) for use when authenticating with an API key using a Client Certificate. + - type: string + - required: False - certificateKey: - - description: Certificate private key (key.pem). For use when authenticating with an API key. - - type: string - - required: False + - description: Certificate private key (key.pem). For use when authenticating with an API key. + - type: string + - required: False - verifyCA: - - description: Indicates whether to verify the certificate authority on the Secrets Safe instance. Warning: false is insecure, instructs the Secrets Safe custom action not to verify the certificate authority. - - type: boolean - - default: True - - required: False + - description: Indicates whether to verify the certificate authority on the Secrets Safe instance. Warning: false is insecure, instructs the Secrets Safe custom action not to verify the certificate authority. + - type: boolean + - default: True + - required: False - separator - - description: Indicates the separator used for Managed Accounts or Secrets Safe paths. The default separator is forwardslash. Use a different symbol, for example: root1-folder1-title1 - - type: string - - default: / - - required: False + - description: Indicates the separator used for Managed Accounts or Secrets Safe paths. The default separator is forwardslash. Use a different symbol, for example: root1-folder1-title1 + - type: string + - default: / + - required: False - clientTimeOutInSeconds - - description: Timeout specifies a time limit for requests made by this Client. The timeout includes connection time, any redirects, and reading the response body. - - type: int - - default: 30 seconds - - required: False + - description: Timeout specifies a time limit for requests made by this Client. The timeout includes connection time, any redirects, and reading the response body. + - type: int + - default: 30 seconds + - required: False - retryMaxElapsedTimeMinutes - - description: After MaxElapsedTime the ExponentialBackOff returns Stop. - - type: int - - default: 2 minutes - - required: False + - description: After MaxElapsedTime the ExponentialBackOff returns Stop. + - type: int + - default: 2 minutes + - required: False ## Methods + - getSecrets(paths) - - Invoked for Managed Account or Secrets Safe secrets. - - Returns a dictionary of secrets path/secret key value pair. + - Invoked for Managed Account or Secrets Safe secrets. + - Returns a dictionary of secrets path/secret key value pair. - getSecret(path) - - Invoked for Managed Account or Secrets Safe secrets. - - Returns the requested secret. + - Invoked for Managed Account or Secrets Safe secrets. + - Returns the requested secret. ## Example of usage @@ -70,35 +74,42 @@ The TestClient.go provides example usage of the library. and execute: -```sh +```bash go build go run TestClient.go ``` ## Extracting Client Secret + Download the pfx certificate from Secrets Safe and extract the certificate and the key. -~~~~ +```bash openssl pkcs12 -in client_certificate.pfx -nocerts -out ps_key.pem -nodes openssl pkcs12 -in client_certificate.pfx -clcerts -nokeys -out ps_cert.pem -~~~~ +``` Copy the text from the ps_key.pem to a secret. -``` + +```text -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- ``` + Copy the text from the ps_cert.pem to a secret. -``` ------BEGIN CERTIFICATE----- -... + +```text +-----BEGIN CERTIFICATE----- +... -----END CERTIFICATE----- ``` + ## Logging Abstraction + This library supports Zap, Logr, and go log package. The library can be extended to support other logging packages, see logging.go. -``` + +```go // create a zap logger logger, _ := zap.NewProduction() // logger, _ := zap.NewDevelopment() @@ -106,17 +117,21 @@ logger, _ := zap.NewProduction() // create a zap logger wrapper zapLogger := logging.NewZapLogger(logger) ``` + ## Unit Tests -``` + +```bash go-client-library-passwordsafe\api\authentication> go test go-client-library-passwordsafe\api\managed_account> go test go-client-library-passwordsafe\api\secrets> go test ``` ## License + This software is distributed under the Massachusetts Institute of Technology (MIT) License. See `LICENSE.txt` for more information. ## Get Help + Contact [BeyondTrust support](https://www.beyondtrust.com/docs/index.htm#support) ## Release Please App usage @@ -125,16 +140,16 @@ In order to use Release Please App, we need to use [Conventional commits](https: Some of the more important and common commit types are: -|Type |Description |Triggers Release Please| -|:-------|:------------------------------------------------------------|:----------------------| -|feat! |Introduce a major change e.g. v1.0.0 to v2.0.0 |Yes | -|feat |Introduce a minor change e.g. v1.0.0 to v1.1.0 |Yes | -|fix |Introduce a patch change e.g. v1.0.0 to v1.0.1 |Yes | -|chore |Could introduce a BREAKING CHANGE into the CHANGELOG |Yes | -|docs |Documentation update |No | -|refactor|A code change that neither fixes a bug nor adds a feature |No | -|test |Adding or modifying tests |No | -|build |Changes that affect the build system or external dependencies|No | -|ci |Changes to CI configuration files and scripts |No | - -Remember, Release Please App will trigger once a PR with the conventional commit structure are merged into the main branch, so if you are working on features that are related to a Jira ticket, you can still use **feat** while developing, and because we can squash the commits once we want to merge the PR, only one commit with the conventional syntax will be on the history and on the changelog. \ No newline at end of file +| Type | Description | Triggers Release Please | +|--:-------|--:------------------------------------------------------------|--:----------------------| +| feat! | Introduce a major change e.g. v1.0.0 to v2.0.0 | Yes | +| feat | Introduce a minor change e.g. v1.0.0 to v1.1.0 | Yes | +| fix | Introduce a patch change e.g. v1.0.0 to v1.0.1 | Yes | +| chore | Could introduce a BREAKING CHANGE into the CHANGELOG | Yes | +| docs | Documentation update | No | +| refactor | A code change that neither fixes a bug nor adds a feature | No | +| test | Adding or modifying tests | No | +| build | Changes that affect the build system or external dependencies | No | +| ci | Changes to CI configuration files and scripts | No | + +Remember, Release Please App will trigger once a PR with the conventional commit structure are merged into the main branch, so if you are working on features that are related to a Jira ticket, you can still use **feat** while developing, and because we can squash the commits once we want to merge the PR, only one commit with the conventional syntax will be on the history and on the changelog. diff --git a/codeql-config.yml b/codeql-config.yml index aca1e77..4f182fc 100644 --- a/codeql-config.yml +++ b/codeql-config.yml @@ -1,3 +1,3 @@ name: "CodeQL Config" -paths-ignore: \ No newline at end of file +paths-ignore: