Bips 16625 (#43)

* fix: enhance validation

README.md

@@ -39,7 +39,7 @@ The library supports retrieval of secrets from BeyondInsight/Password Safe versi
   - type: string
   - required: False
 - verifyCA:
-  - description: Indicates whether to verify the certificate authority on the Secrets Safe instance. Warning: false is insecure, instructs the Secrets Safe custom action not to verify the certificate authority.
+  - description: Indicates whether to verify the certificate authority on the Secrets Safe instance. Warning: false is insecure, instructs not to verify the certificate authority.
   - type: boolean
   - default: True
   - required: False

TestClient.go

@@ -7,7 +7,6 @@ import (
 	managed_accounts "go-client-library-passwordsafe/api/managed_account"
 	"go-client-library-passwordsafe/api/secrets"
 	"go-client-library-passwordsafe/api/utils"
-	"strings"
 
 	"go.uber.org/zap"
 )
@@ -54,45 +53,35 @@ func main() {
 	// instantiating secret obj
 	secretObj, _ := secrets.NewSecretObj(*authenticate, zapLogger)
 
-	paths := "fake/text1,fake/text2"
-	errors_in_path := utils.ValidatePath(paths)
-	if errors_in_path != nil {
-		return
-	}
+	secretPaths := []string{"fake/Client", "fake/test_file_1"}
 
-	// getting secrets
-	secretPaths := strings.Split(paths, ",")
 	gotSecrets, _ := secretObj.GetSecrets(secretPaths, separator)
 
 	// WARNING: Do not log secrets in production code, the following log statement logs test secrets for testing purposes:
-	zapLogger.Info(fmt.Sprintf("%v", gotSecrets))
+	zapLogger.Warn(fmt.Sprintf("%v", gotSecrets))
 
 	// getting single secret
-	gotSecret, _ := secretObj.GetSecret("fake/text1", separator)
+	gotSecret, _ := secretObj.GetSecret("fake/Test1", separator)
 
 	// WARNING: Do not log secrets in production code, the following log statement logs test secrets for testing purposes:
-	zapLogger.Info(fmt.Sprintf("Secret Test: %v", gotSecret))
+	zapLogger.Warn(fmt.Sprintf("Secret Test: %v", gotSecret))
 
 	// instantiating managed account obj
 	manageAccountObj, _ := managed_accounts.NewManagedAccountObj(*authenticate, zapLogger)
 
-	paths = "fake/account01,fake/account02"
-	errors_in_path = utils.ValidatePath(paths)
-	if errors_in_path != nil {
-		return
-	}
+	newSecretPaths := []string{"fake/account01", "fake/account01"}
 
-	managedAccountList := strings.Split(paths, ",")
-	gotManagedAccounts, _ := manageAccountObj.GetSecrets(managedAccountList, separator)
+	//managedAccountList := strings.Split(paths, ",")
+	gotManagedAccounts, _ := manageAccountObj.GetSecrets(newSecretPaths, separator)
 
 	// WARNING: Do not log secrets in production code, the following log statement logs test secrets for testing purposes:
-	zapLogger.Info(fmt.Sprintf("%v", gotManagedAccounts))
+	zapLogger.Warn(fmt.Sprintf("%v", gotManagedAccounts))
 
 	// getting single managed account
-	gotManagedAccount, _ := manageAccountObj.GetSecret("fake/account01", separator)
+	gotManagedAccount, _ := manageAccountObj.GetSecret("fake/account04", separator)
 
 	// WARNING: Do not log secrets in production code, the following log statement logs test secrets for testing purposes:
-	zapLogger.Info(fmt.Sprintf("%v", gotManagedAccount))
+	zapLogger.Warn(fmt.Sprintf("%v", gotManagedAccount))
 
 	// signing out
 	_ = authenticate.SignOut(fmt.Sprintf("%v%v", authenticate.ApiUrl, "Auth/Signout"))

api/authentication/authetication.go

@@ -17,6 +17,7 @@ import (
 	backoff "github.com/cenkalti/backoff/v4"
 )
 
+// AuthenticationObj responsbile for authentication request data.
 type AuthenticationObj struct {
 	ApiUrl             string
 	clientId           string
@@ -151,12 +152,13 @@ func (authenticationObj *AuthenticationObj) SignAppin(endpointUrl string, access
 		authenticationObj.log.Error(err.Error())
 		return entities.SignApinResponse{}, err
 	}
-	authenticationObj.log.Debug("Successfully Signed App In")
+	authenticationObj.log.Info("Successfully Signed App In")
 	return userObject, nil
 }
 
 // SignOut is responsible for closing the PS API session and cleaning up idle connections.
-// Warn: should only be called one time for all data sources.
+// Warn: should only be called one time for all data sources. The session is closed server
+// side automatically after 20 minutes of uninterupted inactivity.
 func (authenticationObj *AuthenticationObj) SignOut(url string) error {
 	authenticationObj.log.Debug(url)
 
@@ -176,6 +178,6 @@ func (authenticationObj *AuthenticationObj) SignOut(url string) error {
 	}
 
 	defer authenticationObj.HttpClient.HttpClient.CloseIdleConnections()
-	authenticationObj.log.Debug("Successfully Signed out.")
+	authenticationObj.log.Info("Successfully Signed out.")
 	return nil
 }

api/entities/entities.go

@@ -2,25 +2,29 @@
 // Package entities implements DTO's used by Beyondtrust Secret Safe API.
 package entities
 
+// SignApinResponse responsbile for API sign in information.
 type SignApinResponse struct {
 	UserId       int    `json:"UserId"`
 	EmailAddress string `json:"EmailAddress"`
 	UserName     string `json:"UserName"`
 	Name         string `json:"Name"`
 }
 
+// ManagedAccount responsible for managed account response data.
 type ManagedAccount struct {
 	SystemId  int
 	AccountId int
 }
 
+// Secret responsible for secrets-safe response data.
 type Secret struct {
 	Id         string
 	Title      string
 	Password   string
 	SecretType string
 }
 
+// GetTokenResponse responsible for token response data.
 type GetTokenResponse struct {
 	AccessToken string `json:"access_token"`
 	ExpiresIn   int    `json:"expires_in"`

api/logging/logging.go

@@ -1,3 +1,5 @@
+// Copyright 2024 BeyondTrust. All rights reserved.
+// Package logging abstraction.
 package logging
 
 import (
@@ -13,6 +15,7 @@ type Logger interface {
 	Info(msg string)
 	Error(msg string)
 	Debug(msg string)
+	Warn(msg string)
 }
 
 // ZapLogger is a struct that implements the Logger interface using zap
@@ -30,11 +33,16 @@ func (z *ZapLogger) Error(msg string) {
 	z.logger.Error(msg)
 }
 
-// Error logs a message at error level
+// Debug logs a message at error level
 func (z *ZapLogger) Debug(msg string) {
 	z.logger.Debug(msg)
 }
 
+// Warn logs a message at error level
+func (z *ZapLogger) Warn(msg string) {
+	z.logger.Warn(msg)
+}
+
 // logr.logger
 type LogrLogger struct {
 	logger *logr.Logger
@@ -54,6 +62,10 @@ func (r *LogrLogger) Debug(msg string) {
 	r.logger.Info(msg)
 }
 
+func (r *LogrLogger) Warn(msg string) {
+	r.logger.Info(msg)
+}
+
 // log.logger
 type LogLogger struct {
 	logger *log.Logger
@@ -80,6 +92,13 @@ func (l *LogLogger) Debug(msg string) {
 	l.logger.Println(msg)
 }
 
+// Warn logs a message at debug level
+func (l *LogLogger) Warn(msg string) {
+	prefix := fmt.Sprintf("%v :", "Warn")
+	l.logger.SetPrefix(prefix)
+	l.logger.Println(msg)
+}
+
 // NewZapLogger creates a new ZapLogger with the given zap.Logger
 func NewZapLogger(logger *zap.Logger) *ZapLogger {
 	return &ZapLogger{logger: logger}
@@ -90,6 +109,7 @@ func NewLogrLogger(logger *logr.Logger) *LogrLogger {
 	return &LogrLogger{logger: logger}
 }
 
+// NewLogLogger creates a new go log logger
 func NewLogLogger(logger *log.Logger) *LogLogger {
 	return &LogLogger{logger: logger}
 }

api/managed_account/managed_account.go

@@ -1,6 +1,5 @@
 // Copyright 2024 BeyondTrust. All rights reserved.
 // Package managed_accounts implements Get managed account logic
-
 package managed_accounts
 
 import (
@@ -18,6 +17,7 @@ import (
 	backoff "github.com/cenkalti/backoff/v4"
 )
 
+// ManagedAccountstObj responsible for session requests.
 type ManagedAccountstObj struct {
 	log               logging.Logger
 	authenticationObj authentication.AuthenticationObj
@@ -51,10 +51,10 @@ func (managedAccounObj *ManagedAccountstObj) GetSecret(secretPath string, separa
 // ManageAccountFlow is responsible for creating a dictionary of managed account system/name and secret key-value pairs.
 func (managedAccounObj *ManagedAccountstObj) ManageAccountFlow(secretsToRetrieve []string, separator string, paths map[string]string) (map[string]string, error) {
 
+	secretsToRetrieve = utils.ValidatePaths(secretsToRetrieve, true, separator, managedAccounObj.log)
+	managedAccounObj.log.Info(fmt.Sprintf("Retrieving %v Secrets", len(secretsToRetrieve)))
 	secretDictionary := make(map[string]string)
 
-	secretsToRetrieve, _ = utils.ValidatePaths(secretsToRetrieve, separator, managedAccounObj.log)
-
 	for _, secretToRetrieve := range secretsToRetrieve {
 		secretData := strings.Split(secretToRetrieve, separator)
 

api/secrets/secrets.go

@@ -10,13 +10,15 @@ import (
 	"go-client-library-passwordsafe/api/authentication"
 	"go-client-library-passwordsafe/api/entities"
 	"go-client-library-passwordsafe/api/logging"
+	"go-client-library-passwordsafe/api/utils"
 	"io"
 	"net/url"
 	"strings"
 
 	backoff "github.com/cenkalti/backoff/v4"
 )
 
+// SecretObj responsible for session requests.
 type SecretObj struct {
 	log               logging.Logger
 	authenticationObj authentication.AuthenticationObj
@@ -50,6 +52,8 @@ func (secretObj *SecretObj) GetSecret(secretPath string, separator string) (stri
 // GetSecretFlow is responsible for creating a dictionary of secrets safe secret paths and secret key-value pairs.
 func (secretObj *SecretObj) GetSecretFlow(secretsToRetrieve []string, separator string) (map[string]string, error) {
 
+	secretsToRetrieve = utils.ValidatePaths(secretsToRetrieve, false, separator, secretObj.log)
+	secretObj.log.Info(fmt.Sprintf("Retrieving %v Secrets", len(secretsToRetrieve)))
 	secretDictionary := make(map[string]string)
 
 	for _, secretToRetrieve := range secretsToRetrieve {

api/utils/httpclient.go

@@ -1,3 +1,5 @@
+// Copyright 2024 BeyondTrust. All rights reserved.
+// utils responsible for utility functions.
 package utils
 
 import (
@@ -11,6 +13,7 @@ import (
 	"time"
 )
 
+// HttpClientObj responsible for http request instance.
 type HttpClientObj struct {
 	HttpClient *http.Client
 	log        logging.Logger