feat: Everything needed to create secrets

tower · Nov 8, 2024 · 4e3686f · 4e3686f
1 parent aa4d64a
commit 4e3686f
Show file tree

Hide file tree

Showing 9 changed files with 142 additions and 15 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -19,10 +19,11 @@ clap = { version = "4.5", features = ["derive"] }
 cli-table = "0.4"
 colored = "2"
 config = { path = "crates/config" }
-crypto = { path = "crates/crpyto" }
+crypto = { path = "crates/crypto" }
 dirs = "5"
 glob = "0.3"
 log = "0.4"
+pem = "3"
 promptly = "0.3"
 rand = "0.8"
 reqwest = { version = "0.12", features = ["json", "native-tls-vendored"] }

diff --git a/crates/tower-api/Cargo.toml b/crates/tower-api/Cargo.toml
@@ -7,7 +7,9 @@ edition = "2021"
 chrono = { workspace = true } 
 config = { workspace = true } 
 log = { workspace = true }
+pem = { workspace = true }
 reqwest = { workspace = true }
+rsa = {	workspace = true }
 serde = { workspace = true }
 serde_json = { workspace = true }
 tokio = { workspace = true }

diff --git a/crates/tower-api/src/error.rs b/crates/tower-api/src/error.rs
@@ -1,5 +1,4 @@
 use serde::{Deserialize, Serialize};
-use reqwest::Error;
 
 #[derive(Serialize, Deserialize)]
 pub struct DetailedString {
@@ -31,8 +30,8 @@ pub struct TowerError {
     pub formatted: DetailedString,
 }
 
-impl From<Error> for TowerError {
-    fn from(err: Error) -> Self {
+impl From<reqwest::Error> for TowerError {
+    fn from(err: reqwest::Error) -> Self {
         if err.is_redirect() {
             Self {
                 code: "tower_api_client_redirect_error".to_string(),
@@ -100,3 +99,31 @@ impl From<Error> for TowerError {
         }
     }
 }
+
+
+impl From<pem::PemError> for TowerError {
+    fn from(err: pem::PemError) -> Self {
+        log::debug!("Error decoding PEM: {:?}", err);
+
+        Self {
+            code: "tower_api_client_error".to_string(),
+            domain: "tower_api_client".to_string(),
+            description: DetailedString::from_string("An unexpected or unknown error occured!"),
+            formatted: DetailedString::from_string("An unexpected or unknown error occured!"),
+        }   
+    }
+}
+
+
+impl From<rsa::pkcs1::Error> for TowerError {
+    fn from(err: rsa::pkcs1::Error) -> Self {
+        log::debug!("Error parsing RSA public key: {:?}", err);
+
+        Self {
+            code: "tower_api_client_error".to_string(),
+            domain: "tower_api_client".to_string(),
+            description: DetailedString::from_string("An unexpected or unknown error occured!"),
+            formatted: DetailedString::from_string("An unexpected or unknown error occured!"),
+        }   
+    }
+}
diff --git a/crates/tower-api/src/lib.rs b/crates/tower-api/src/lib.rs
@@ -8,6 +8,10 @@ use reqwest::{
 use serde_json::Value;
 use std::convert::From;
 use config::Config;
+use rsa::{
+    RsaPublicKey,
+    pkcs1::DecodeRsaPublicKey,
+};
 
 mod types;
 mod error;
@@ -61,6 +65,24 @@ struct DeleteSecretResponse {
     secret: Secret,
 }
 
+#[derive(Serialize, Deserialize)]
+struct SecretsKeyResponse {
+    /// public_key is a PEM-encoded RSA public key that can be used to encrypt secrets.
+    public_key: String,
+}
+
+#[derive(Serialize, Deserialize)]
+struct CreateSecretRequest {
+    name: String,
+    encrypted_value: String,
+    preview: String,
+}
+
+#[derive(Serialize, Deserialize)]
+struct CreateSecretResponse {
+    secret: Secret,
+}
+
 pub type Result<T> = std::result::Result<T, TowerError>;
 
 pub struct Client {
@@ -147,6 +169,25 @@ impl Client {
         Ok(res.secret)
     }
 
+    pub async fn secrets_key(&self) -> Result<RsaPublicKey> {
+        let res = self.request::<SecretsKeyResponse>(Method::GET, "/api/secrets/key", None).await?;
+        let decoded = pem::parse(res.public_key)?;
+        let public_key = RsaPublicKey::from_pkcs1_der(&decoded.contents())?;
+        Ok(public_key)
+    }
+
+    pub async fn create_secret(&self, name: &str, encrypted_value: &str, preview: &str) -> Result<Secret> {
+        let data = CreateSecretRequest {
+            name: String::from(name),
+            encrypted_value: String::from(encrypted_value),
+            preview: String::from(preview),
+        };
+
+        let body = serde_json::to_value(data).unwrap();
+        let res = self.request::<CreateSecretResponse>(Method::POST, "/api/secrets", Some(body)).await?;
+        Ok(res.secret)
+    }
+
     async fn request<T>(&self, method: Method, path: &str, body: Option<Value>) -> Result<T>
     where
         T: for<'de> Deserialize<'de>,

diff --git a/crates/tower-cmd/Cargo.toml b/crates/tower-cmd/Cargo.toml
@@ -8,6 +8,7 @@ clap = { workspace = true }
 cli-table = { workspace = true }
 colored = { workspace = true }
 config = { workspace = true }
+crypto = { workspace = true }
 log = { workspace = true }
 promptly = { workspace = true }
 rpassword = { workspace = true }

diff --git a/crates/tower-cmd/src/apps.rs b/crates/tower-cmd/src/apps.rs
@@ -64,7 +64,6 @@ pub async fn do_list_apps(_config: Config, client: Client) {
 pub async fn do_create_app(_config: Config, client: Client, args: &ArgMatches) {
     let name = args.get_one::<String>("name").unwrap_or_else(|| {
         output::die("App name (--name) is required");
-        std::process::exit(1);
     });
 
     let description = args.get_one::<String>("description").unwrap();
@@ -89,7 +88,6 @@ pub async fn do_create_app(_config: Config, client: Client, args: &ArgMatches) {
 pub async fn do_delete_app(_config: Config, client: Client, cmd: Option<(&str, &ArgMatches)>) {
     let opts = cmd.unwrap_or_else(|| {
         output::die("App name (e.g. tower apps delete <name>) is required");
-        std::process::exit(1);
     });
 
     let spinner = output::spinner("Deleting app...");

diff --git a/crates/tower-cmd/src/output.rs b/crates/tower-cmd/src/output.rs
@@ -94,7 +94,7 @@ pub fn newline() {
     io::stdout().write_all("\n".as_bytes()).unwrap();
 }
 
-pub fn die(msg: &str) {
+pub fn die(msg: &str) -> ! {
     let line = format!("{} {}\n", "Error:".red(), msg);
     io::stdout().write_all(line.as_bytes()).unwrap();
     std::process::exit(1);

diff --git a/crates/tower-cmd/src/secrets.rs b/crates/tower-cmd/src/secrets.rs
@@ -2,6 +2,7 @@ use colored::Colorize;
 use clap::{value_parser, Arg, ArgMatches, Command};
 use config::Config;
 use tower_api::Client;
+use crypto::encrypt;
 
 use crate::output;
 
@@ -11,7 +12,7 @@ pub fn secrets_cmd() -> Command {
         .arg_required_else_help(true)
         .subcommand(
             Command::new("list")
-                .about("List all of your apps`")
+                .about("List all of your secrets")
         )
         .subcommand(
             Command::new("create")
@@ -22,18 +23,17 @@ pub fn secrets_cmd() -> Command {
                         .action(clap::ArgAction::Set)
                 )
                 .arg(
-                    Arg::new("description")
-                        .long("description")
+                    Arg::new("value")
+                        .long("value")
                         .value_parser(value_parser!(String))
-                        .default_value("")
                         .action(clap::ArgAction::Set)
                 )
-                .about("Create a new app in Tower")
+                .about("Create a new secret in your Tower account")
         )
         .subcommand(
             Command::new("delete")
                 .allow_external_subcommands(true)
-                .about("Delete an app in Tower")
+                .about("Delete a secret in Tower")
         )
 }
 
@@ -63,13 +63,44 @@ pub async fn do_list_secrets(_config: Config, client: Client) {
 }
 
 pub async fn do_create_secret(_config: Config, client: Client, args: &ArgMatches) {
-    todo!()
+    let name = args.get_one::<String>("name").unwrap_or_else(|| {
+        output::die("Secret name (--name) is required");
+    });
+
+    let value = args.get_one::<String>("value").unwrap_or_else(|| {
+        output::die("Secret value (--value) is required");
+    });
+
+    let spinner = output::spinner("Creating secret...");
+
+    match client.secrets_key().await {
+        Ok(public_key) => {
+            let encrypted_value = encrypt(public_key, value.to_string());
+            let preview = create_preview(value);
+
+            match client.create_secret(&name, &encrypted_value, &preview).await {
+                Ok(secret) => {
+                    spinner.success();
+
+                    let line = format!("Secret \"{}\" was created", secret.name);
+                    output::success(&line);
+                },
+                Err(err) => {
+                    spinner.failure();
+                    output::tower_error(err);
+                }
+            }
+        },
+        Err(err) => {
+            spinner.failure();
+            output::tower_error(err);
+        }
+    }
 }
 
 pub async fn do_delete_secret(_config: Config, client: Client, cmd: Option<(&str, &ArgMatches)>) {
     let opts = cmd.unwrap_or_else(|| {
         output::die("Secret name (e.g. tower secrets delete <name>) is required");
-        std::process::exit(1);
     });
 
     let spinner = output::spinner("Deleting secret...");
@@ -88,3 +119,16 @@ pub async fn do_delete_secret(_config: Config, client: Client, cmd: Option<(&str
         }
     }
 }
+
+fn create_preview(value: &str) -> String {
+    let len = value.len();
+    let preview_len = 10;
+    let suffix_length = 4;
+
+    if len <= preview_len {
+        "XXXXXXXXXX".to_string()
+    } else {
+        let suffix = &value[value.char_indices().rev().nth(suffix_length - 1).unwrap().0..];
+        format!("XXXXXX{}", suffix)
+    }
+}