diff --git a/.frogbot/frogbot-config.yml b/.frogbot/frogbot-config.yml index 3f54720..8ea69fd 100644 --- a/.frogbot/frogbot-config.yml +++ b/.frogbot/frogbot-config.yml @@ -1,4 +1,4 @@ -- params: +- params: git: repoName: go-client-library-passwordsafe branches: @@ -8,4 +8,4 @@ failOnSecurityIssues: false projects: - workingDirs: - - "." \ No newline at end of file + - "." diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1334eb7..79fc83a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,4 +3,4 @@ updates: - package-ecosystem: github-actions directory: "/" schedule: - interval: "weekly" \ No newline at end of file + interval: "weekly" diff --git a/.github/release.yaml b/.github/release.yaml index f912e85..ae7b6f3 100644 --- a/.github/release.yaml +++ b/.github/release.yaml @@ -1 +1 @@ -releaseType: simple \ No newline at end of file +releaseType: simple diff --git a/.github/settings.yaml b/.github/settings.yaml index 35dff68..af29069 100644 --- a/.github/settings.yaml +++ b/.github/settings.yaml @@ -1,4 +1,3 @@ _extends: .github repository: private: false - diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index f103dcb..ce3bd56 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -12,7 +12,7 @@ permissions: jobs: analyze_on_PR: name: Analyze on PR - if: ${{ github.actor != 'dependabot[bot]' && ( github.event_name == 'pull_request' || github.event_name == 'pull_request_target' )}} + if: ${{ github.actor != 'dependabot[bot]' && ( github.event_name == 'pull_request' || github.event_name == 'pull_request_target' ) }} runs-on: ubuntu-latest strategy: fail-fast: false @@ -21,26 +21,25 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 ref: ${{ github.head_ref }} - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 with: config-file: codeql-config.yml languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - + uses: github/codeql-action/analyze@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 + analyze_on_branch: - name: Analyze on branch + name: Analyze on branch if: ${{ github.actor != 'dependabot[bot]' && ( github.event_name != 'pull_request' && github.event_name != 'pull_request_target' ) }} runs-on: ubuntu-latest strategy: @@ -50,7 +49,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 ref: ${{ github.ref }} @@ -60,13 +59,13 @@ jobs: echo ${{ github.event_name }} - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 with: config-file: codeql-config.yml languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 \ No newline at end of file + uses: github/codeql-action/analyze@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 diff --git a/.github/workflows/frogbot.yml b/.github/workflows/frogbot.yml index 630f2ec..ffe2ddd 100644 --- a/.github/workflows/frogbot.yml +++ b/.github/workflows/frogbot.yml @@ -12,19 +12,19 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - + - name: Set up JFrog - uses: jfrog/setup-jfrog-cli@v4 + uses: jfrog/setup-jfrog-cli@26da2259ee7690e63b5410d7451b2938d08ce1f9 # v4.0.0 env: JF_ENV_1: ${{ secrets.ARTIFACTORY_DEPLOYER }} - + - name: Run XRay scan - uses: jfrog/frogbot@v2.19.10 + uses: jfrog/frogbot@ba42e26db24cec85bd14e096dfc2e01fb85ac29f # v2.19.10 env: JF_URL: https://beyondtrust.jfrog.io JF_ACCESS_TOKEN: ${{ secrets.ARTIFACTORY_FROGBOT_TOKEN }} - JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/golint.yml b/.github/workflows/golint.yml index 8dad076..6262ca9 100644 --- a/.github/workflows/golint.yml +++ b/.github/workflows/golint.yml @@ -5,7 +5,7 @@ on: types: [opened, synchronize] push: branches: - - main + - main workflow_dispatch: permissions: @@ -19,8 +19,8 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - + - name: Go Lint - uses: golangci/golangci-lint-action@v4.0.0 + uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0 with: - version: v1.54 \ No newline at end of file + version: v1.54 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3adf4e3..7cfa83c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,7 +10,7 @@ on: types: [opened, synchronize] push: branches: - - main + - main workflow_dispatch: permissions: @@ -28,7 +28,7 @@ jobs: - name: Build library run: | go build - + - name: Run unit tests run: | cd api @@ -36,13 +36,13 @@ jobs: go tool cover -func="coverage.out" - name: Save unit tests coverage - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: coverage path: api/coverage.out - name: Save built library - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: library path: go-client-library-passwordsafe @@ -55,31 +55,31 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - + - name: Download coverage - uses: actions/download-artifact@v4 + uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 with: name: coverage - name: SonarQube Scan on PR - if: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request' }} - uses: sonarsource/sonarqube-scan-action@master + if: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request' }} + uses: sonarsource/sonarqube-scan-action@69c1a75940dec6249b86dace6b630d3a2ae9d2a7 # v2.0.1 with: projectBaseDir: . args: > -Dsonar.projectKey=${{ github.event.repository.name }} -Dsonar.pullrequest.key=${{ github.event.number }} -Dsonar.pullrequest.branch=${{ github.head_ref }} - -Dsonar.pullrequest.base=${{ github.base_ref }}} + -Dsonar.pullrequest.base=${{ github.base_ref }} -Dsonar.go.coverage.reportPaths=coverage.out -Dsonar.exclusions=api/**/**_test.go,api/entities/**,api/logging/**,api/utils/**,TestClient.go env: SONAR_TOKEN: ${{ env.SONAR_TOKEN }} SONAR_HOST_URL: https://sonar.dev.beyondtrust.com - + - name: SonarQube Scan on branch - if: ${{ github.actor != 'dependabot[bot]' && github.event_name != 'pull_request' }} - uses: sonarsource/sonarqube-scan-action@master + if: ${{ github.actor != 'dependabot[bot]' && github.event_name != 'pull_request' }} + uses: sonarsource/sonarqube-scan-action@69c1a75940dec6249b86dace6b630d3a2ae9d2a7 # v2.0.1 with: projectBaseDir: . args: > @@ -91,12 +91,12 @@ jobs: SONAR_HOST_URL: https://sonar.dev.beyondtrust.com - name: SonarQube Quality Gate check - if: ${{ github.actor != 'dependabot[bot]' && inputs.quality_gate_check }} - uses: sonarsource/sonarqube-quality-gate-action@master + if: ${{ github.actor != 'dependabot[bot]' }} + uses: sonarsource/sonarqube-quality-gate-action@d304d050d930b02a896b0f85935344f023928496 # v1.1.0 timeout-minutes: 5 env: SONAR_TOKEN: ${{ env.SONAR_TOKEN }} - + x-ray: needs: [build, sonarqube] runs-on: ubuntu-latest @@ -107,23 +107,23 @@ jobs: fetch-depth: 0 - name: Jfrog setup - uses: jfrog/setup-jfrog-cli@v4.0.0 + uses: jfrog/setup-jfrog-cli@26da2259ee7690e63b5410d7451b2938d08ce1f9 # v4.0.0 env: JF_ENV_1: ${{ secrets.ARTIFACTORY_DEPLOYER }} - + - name: Setting up artifactory run: | mkdir go-library-passwordsafe - name: Download library binary - uses: actions/download-artifact@v4 + uses: actions/download-artifact@87c55149d96e628cc2ef7e6fc2aab372015aec85 # v4.1.3 with: name: library path: go-library-passwordsafe - - - name: Send artifacts to Jfrog + + - name: Send artifacts to Jfrog run: | - jfrog rt u "go-library-passwordsafe/*" ${{ env.JFROG_SERVER}} + jfrog rt u "go-library-passwordsafe/*" ${{ env.JFROG_SERVER }} - name: Publish Build Information run: | @@ -132,4 +132,4 @@ jobs: jfrog rt build-publish ${{ env.JFROG_CLI_BUILD_NAME }} ${{ env.JFROG_CLI_BUILD_NUMBER }} - name: Scan Build - run: jfrog rt build-scan ${{ env.JFROG_CLI_BUILD_NAME }} ${{ env.JFROG_CLI_BUILD_NUMBER }} \ No newline at end of file + run: jfrog rt build-scan ${{ env.JFROG_CLI_BUILD_NAME }} ${{ env.JFROG_CLI_BUILD_NUMBER }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f2f604..859c226 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ #### Bug Fixes -* solve minnor issues and linting issues ([#30](https://github.com/BeyondTrust/go-client-library-passwordsafe/issues/30)) +* solve minor issues and linting issues ([#30](https://github.com/BeyondTrust/go-client-library-passwordsafe/issues/30)) ### [0.2.0](https://github.com/BeyondTrust/go-client-library-passwordsafe/compare/v0.1.0...v0.2.0) / 2024-02-23 diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index ba39412..060177f 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -112,11 +112,11 @@ community. ## Attribution This Code of Conduct is adapted from the Contributor Covenant, version 2.1, available at -[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. +[v2.1](https://www.contributor-covenant.org/version/2/1/code_of_conduct.html). Community Impact Guidelines were inspired by Mozilla's code of conduct enforcement ladder. For answers to common questions about this code of conduct, see the FAQ at -[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at -[https://www.contributor-covenant.org/translations][translations]. \ No newline at end of file +[FAQ](https://www.contributor-covenant.org/faq). Translations are available at +[translations](https://www.contributor-covenant.org/translations). diff --git a/README.md b/README.md index 7ee35b5..da51d05 100644 --- a/README.md +++ b/README.md @@ -3,66 +3,70 @@ # Go Client Library for Password Safe + The Go client library for Password Safe enables Go developers to easily manage passwords from Password Safe. It provide simplifications that significantly reduce the amount of code you need to write. [![License](https://img.shields.io/badge/license-MIT%20-brightgreen.svg)](LICENSE) ## Prerequisites + The library supports retrieval of secrets from BeyondInsight/Password Safe versions 23.1 or greater. ## Retrieve Secrets + - apiUrl: - - description: BeyondTrust Password Safe API URL. - - type: string - - required: True + - description: BeyondTrust Password Safe API URL. + - type: string + - required: True - clientId: - - description: API OAuth Client ID. - - type: string - - required: True + - description: API OAuth Client ID. + - type: string + - required: True - clientSecret: - - description: API OAuth Client Secret. - - type: string - - required: True + - description: API OAuth Client Secret. + - type: string + - required: True - secretPaths: - - description: List of secrets ["path/title","path/title"] or managed accounts ["ms/ma","ms/ma"] to be retrieved, separated by a comma. - - type: list - - required: True + - description: List of secrets ["path/title","path/title"] or managed accounts ["ms/ma","ms/ma"] to be retrieved, separated by a comma. + - type: list + - required: True - certificate: - - description: Content of the certificate (cert.pem) for use when authenticating with an API key using a Client Certificate. - - type: string - - required: False + - description: Content of the certificate (cert.pem) for use when authenticating with an API key using a Client Certificate. + - type: string + - required: False - certificateKey: - - description: Certificate private key (key.pem). For use when authenticating with an API key. - - type: string - - required: False + - description: Certificate private key (key.pem). For use when authenticating with an API key. + - type: string + - required: False - verifyCA: - - description: Indicates whether to verify the certificate authority on the Secrets Safe instance. Warning: false is insecure, instructs the Secrets Safe custom action not to verify the certificate authority. - - type: boolean - - default: True - - required: False + - description: Indicates whether to verify the certificate authority on the Secrets Safe instance. Warning: false is insecure, instructs the Secrets Safe custom action not to verify the certificate authority. + - type: boolean + - default: True + - required: False - separator - - description: Indicates the separator used for Managed Accounts or Secrets Safe paths. The default separator is forwardslash. Use a different symbol, for example: root1-folder1-title1 - - type: string - - default: / - - required: False + - description: Indicates the separator used for Managed Accounts or Secrets Safe paths. The default separator is forwardslash. Use a different symbol, for example: root1-folder1-title1 + - type: string + - default: / + - required: False - clientTimeOutInSeconds - - description: Timeout specifies a time limit for requests made by this Client. The timeout includes connection time, any redirects, and reading the response body. - - type: int - - default: 30 seconds - - required: False + - description: Timeout specifies a time limit for requests made by this Client. The timeout includes connection time, any redirects, and reading the response body. + - type: int + - default: 30 seconds + - required: False - retryMaxElapsedTimeMinutes - - description: After MaxElapsedTime the ExponentialBackOff returns Stop. - - type: int - - default: 2 minutes - - required: False + - description: After MaxElapsedTime the ExponentialBackOff returns Stop. + - type: int + - default: 2 minutes + - required: False ## Methods + - getSecrets(paths) - - Invoked for Managed Account or Secrets Safe secrets. - - Returns a dictionary of secrets path/secret key value pair. + - Invoked for Managed Account or Secrets Safe secrets. + - Returns a dictionary of secrets path/secret key value pair. - getSecret(path) - - Invoked for Managed Account or Secrets Safe secrets. - - Returns the requested secret. + - Invoked for Managed Account or Secrets Safe secrets. + - Returns the requested secret. ## Example of usage @@ -70,35 +74,42 @@ The TestClient.go provides example usage of the library. and execute: -```sh +```bash go build go run TestClient.go ``` ## Extracting Client Secret + Download the pfx certificate from Secrets Safe and extract the certificate and the key. -~~~~ +```bash openssl pkcs12 -in client_certificate.pfx -nocerts -out ps_key.pem -nodes openssl pkcs12 -in client_certificate.pfx -clcerts -nokeys -out ps_cert.pem -~~~~ +``` Copy the text from the ps_key.pem to a secret. -``` + +```text -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- ``` + Copy the text from the ps_cert.pem to a secret. -``` ------BEGIN CERTIFICATE----- -... + +```text +-----BEGIN CERTIFICATE----- +... -----END CERTIFICATE----- ``` + ## Logging Abstraction + This library supports Zap, Logr, and go log package. The library can be extended to support other logging packages, see logging.go. -``` + +```go // create a zap logger logger, _ := zap.NewProduction() // logger, _ := zap.NewDevelopment() @@ -106,35 +117,39 @@ logger, _ := zap.NewProduction() // create a zap logger wrapper zapLogger := logging.NewZapLogger(logger) ``` + ## Unit Tests -``` + +```bash go-client-library-passwordsafe\api\authentication> go test go-client-library-passwordsafe\api\managed_account> go test go-client-library-passwordsafe\api\secrets> go test ``` ## License + This software is distributed under the Massachusetts Institute of Technology (MIT) License. See `LICENSE.txt` for more information. ## Get Help + Contact [BeyondTrust support](https://www.beyondtrust.com/docs/index.htm#support) ## Release Please App usage -In order to use Release Please App, we need to use [Conventional commits](https://beyondtrust.atlassian.net/wiki/spaces/DEVOPS/pages/380699165/Releasing+Software#4.-Trigger-the-app), but [here](https://github.com/angular/angular/blob/22b96b9/CONTRIBUTING.md#type) is a more comprehensive guide about some conventional commits that we can use. +In order to use Release Please App, we need to use conventional commits, but [here](https://github.com/angular/angular/blob/22b96b9/CONTRIBUTING.md#type) is a more comprehensive guide about some conventional commits that we can use. Some of the more important and common commit types are: -|Type |Description |Triggers Release Please| -|:-------|:------------------------------------------------------------|:----------------------| -|feat! |Introduce a major change e.g. v1.0.0 to v2.0.0 |Yes | -|feat |Introduce a minor change e.g. v1.0.0 to v1.1.0 |Yes | -|fix |Introduce a patch change e.g. v1.0.0 to v1.0.1 |Yes | -|chore |Could introduce a BREAKING CHANGE into the CHANGELOG |Yes | -|docs |Documentation update |No | -|refactor|A code change that neither fixes a bug nor adds a feature |No | -|test |Adding or modifying tests |No | -|build |Changes that affect the build system or external dependencies|No | -|ci |Changes to CI configuration files and scripts |No | - -Remember, Release Please App will trigger once a PR with the conventional commit structure are merged into the main branch, so if you are working on features that are related to a Jira ticket, you can still use **feat** while developing, and because we can squash the commits once we want to merge the PR, only one commit with the conventional syntax will be on the history and on the changelog. \ No newline at end of file +| Type | Description | Triggers Release Please | +|:---------|:--------------------------------------------------------------|:-------------------------| +| feat! | Introduce a major change e.g. v1.0.0 to v2.0.0 | Yes | +| feat | Introduce a minor change e.g. v1.0.0 to v1.1.0 | Yes | +| fix | Introduce a patch change e.g. v1.0.0 to v1.0.1 | Yes | +| chore | Could introduce a BREAKING CHANGE into the CHANGELOG | Yes | +| docs | Documentation update | No | +| refactor | A code change that neither fixes a bug nor adds a feature | No | +| test | Adding or modifying tests | No | +| build | Changes that affect the build system or external dependencies | No | +| ci | Changes to CI configuration files and scripts | No | + +Remember, Release Please App will trigger once a PR with the conventional commit structure are merged into the main branch, so if you are working on features that are related to a Jira ticket, you can still use **feat** while developing, and because we can squash the commits once we want to merge the PR, only one commit with the conventional syntax will be on the history and on the changelog. diff --git a/codeql-config.yml b/codeql-config.yml index aca1e77..4f182fc 100644 --- a/codeql-config.yml +++ b/codeql-config.yml @@ -1,3 +1,3 @@ name: "CodeQL Config" -paths-ignore: \ No newline at end of file +paths-ignore: