feat: allowing to pass in vault name without path for secrets env

aryanjassal · aryanjassal · commit 4a04a9c3fbe2 · 2024-10-18T18:44:24.000+11:00
[ci skip]
diff --git a/src/secrets/CommandEnv.ts b/src/secrets/CommandEnv.ts
@@ -28,6 +28,7 @@ class CommandEnv extends CommandPolykey {
       binParsers.parseEnvArgs,
     );
     this.action(async (args: Array<string>, options) => {
+      console.error(args)
       const { default: PolykeyClient } = await import(
         'polykey/dist/PolykeyClient'
       );
diff --git a/src/utils/parsers.ts b/src/utils/parsers.ts
@@ -8,7 +8,9 @@ import * as gestaltsUtils from 'polykey/dist/gestalts/utils';
 import * as networkUtils from 'polykey/dist/network/utils';
 import * as nodesUtils from 'polykey/dist/nodes/utils';
 
-const secretPathRegex = /^([\w-]+)(?::([^\0\\=]+))?$/;
+const vaultNameRegex = /^(?!.*[:])[ -~\t\n]*$/s;
+const secretPathRegex = /^(?!.*[=])[ -~\t\n]*$/s;
+const vaultNameSecretPathRegex = /^([\w\-\.]+)(?::([^\0\\=]+))?$/;
 const secretPathValueRegex = /^([a-zA-Z_][\w]+)?$/;
 const environmentVariableRegex = /^([a-zA-Z_]+[a-zA-Z0-9_]*)?$/;
 
@@ -80,15 +82,26 @@ function parseSecretPathOptional(
     lastEqualIndex === -1
       ? undefined
       : secretPath.substring(lastEqualIndex + 1);
-  if (!secretPathRegex.test(splitSecretPath)) {
+  if (!vaultNameSecretPathRegex.test(splitSecretPath)) {
     throw new commander.InvalidArgumentError(
       `${secretPath} is not of the format <vaultName>[:<directoryPath>][=<value>]`,
     );
   }
-  const [, vaultName, directoryPath] = splitSecretPath.match(secretPathRegex)!;
+  const [, vaultName, directoryPath] = splitSecretPath.match(
+    vaultNameSecretPathRegex,
+  )!;
   return [vaultName, directoryPath, value];
 }
 
+function parseVaultName(vaultName: string): string {
+  if (!vaultNameRegex.test(vaultName)) {
+    throw new commander.InvalidArgumentError(
+      `${vaultName} is not a valid vault name`,
+    );
+  }
+  return vaultName;
+}
+
 function parseSecretPath(secretPath: string): [string, string, string?] {
   // E.g. If 'vault1:a/b/c', ['vault1', 'a/b/c'] is returned
   //      If 'vault1', an error is thrown
@@ -112,7 +125,39 @@ function parseSecretPathValue(secretPath: string): [string, string, string?] {
 }
 
 function parseSecretPathEnv(secretPath: string): [string, string, string?] {
-  const [vaultName, directoryPath, value] = parseSecretPath(secretPath);
+  // The colon character `:` is prohibited in vaultName, so it's first occurence
+  // means that this is the delimiter between vaultName and secretPath.
+  const colonIndex = secretPath.indexOf(':');
+  // If no colon exists, treat entire string as vault name
+  if (colonIndex === -1) {
+    return [parseVaultName(secretPath), '', undefined];
+  }
+  // Calculate contents before the `=` separator
+  const vaultNamePart = secretPath.substring(0, colonIndex);
+  const secretPathPart = secretPath.substring(colonIndex + 1);
+  // Calculate contents after the `=` separator
+  const equalIndex = secretPathPart.indexOf('=');
+  const splitSecretPath =
+    equalIndex === -1
+      ? secretPathPart
+      : secretPathPart.substring(0, equalIndex);
+  const valueData =
+    equalIndex === -1 ? undefined : secretPathPart.substring(equalIndex + 1);
+  if (splitSecretPath != null && !secretPathRegex.test(splitSecretPath)) {
+    throw new commander.InvalidArgumentError(
+      `${secretPath} is not of the format <vaultName>[:<secretPath>][=<value>]`,
+    );
+  }
+  const parsedVaultName = parseVaultName(vaultNamePart);
+  const parsedSecretPath = splitSecretPath.match(secretPathRegex)?.[0] ?? '/';
+  const [vaultName, directoryPath, value] = [
+    parsedVaultName,
+    parsedSecretPath,
+    valueData,
+  ];
+  console.error('vaultName', vaultName)
+  console.error('directoryPath', directoryPath)
+  console.error('value', value)
   if (value != null && !environmentVariableRegex.test(value)) {
     throw new commander.InvalidArgumentError(
       `${value} is not a valid environment variable name`,
@@ -189,20 +234,24 @@ function parseEnvArgs(
   value: string,
   prev: [Array<[string, string, string?]>, Array<string>] | undefined,
 ): [Array<[string, string, string?]>, Array<string>] {
+  console.error('original value', value)
   const current: [Array<[string, string, string?]>, Array<string>] = prev ?? [
     [],
     [],
   ];
   if (current[1].length === 0) {
     // Parse a secret path
     try {
+      console.error(`parsed. ${parseSecretPathEnv(value)}`)
       current[0].push(parseSecretPathEnv(value));
     } catch (e) {
       if (!(e instanceof commander.InvalidArgumentError)) throw e;
+      console.error('errored. value', value)
       // If we get an invalid argument error then we switch over to parsing args verbatim
       current[1].push(value);
     }
   } else {
+    console.error('added secret path. value', value)
     // Otherwise we just have the cmd args
     current[1].push(value);
   }
@@ -215,13 +264,15 @@ function parseEnvArgs(
 }
 
 export {
+  vaultNameRegex,
   secretPathRegex,
   secretPathValueRegex,
   environmentVariableRegex,
   validateParserToArgParser,
   validateParserToArgListParser,
   parseCoreCount,
   parseSecretPathOptional,
+  parseVaultName,
   parseSecretPath,
   parseSecretPathValue,
   parseSecretPathEnv,
diff --git a/src/vaults/CommandClone.ts b/src/vaults/CommandClone.ts
@@ -11,7 +11,11 @@ class CommandClone extends CommandPolykey {
     super(...args);
     this.name('clone');
     this.description('Clone a Vault from Another Node');
-    this.argument('<vaultNameOrId>', 'Name or Id of the vault to be cloned');
+    this.argument(
+      '<vaultName>',
+      'Name of the vault to be cloned',
+      binParsers.parseVaultName,
+    );
     this.argument(
       '<nodeId>',
       'Id of the node to clone the vault from',
diff --git a/src/vaults/CommandCreate.ts b/src/vaults/CommandCreate.ts
@@ -4,14 +4,19 @@ import CommandPolykey from '../CommandPolykey';
 import * as binUtils from '../utils';
 import * as binOptions from '../utils/options';
 import * as binProcessors from '../utils/processors';
+import * as binParsers from '../utils/parsers';
 
 class CommandCreate extends CommandPolykey {
   constructor(...args: ConstructorParameters<typeof CommandPolykey>) {
     super(...args);
     this.name('create');
     this.aliases(['touch']);
     this.description('Create a new Vault');
-    this.argument('<vaultName>', 'Name of the new vault to be created');
+    this.argument(
+      '<vaultName>',
+      'Name of the new vault to be created',
+      binParsers.parseVaultName,
+    );
     this.addOption(binOptions.nodeId);
     this.addOption(binOptions.clientHost);
     this.addOption(binOptions.clientPort);
diff --git a/src/vaults/CommandDelete.ts b/src/vaults/CommandDelete.ts
@@ -3,13 +3,18 @@ import CommandPolykey from '../CommandPolykey';
 import * as binUtils from '../utils';
 import * as binOptions from '../utils/options';
 import * as binProcessors from '../utils/processors';
+import * as binParsers from '../utils/parsers';
 
 class CommandDelete extends CommandPolykey {
   constructor(...args: ConstructorParameters<typeof CommandPolykey>) {
     super(...args);
     this.name('delete');
     this.description('Delete an Existing Vault');
-    this.argument('<vaultName>', 'Name of the vault to be deleted');
+    this.argument(
+      '<vaultName>',
+      'Name of the vault to be deleted',
+      binParsers.parseVaultName,
+    );
     this.addOption(binOptions.nodeId);
     this.addOption(binOptions.clientHost);
     this.addOption(binOptions.clientPort);
diff --git a/src/vaults/CommandLog.ts b/src/vaults/CommandLog.ts
@@ -4,13 +4,18 @@ import CommandPolykey from '../CommandPolykey';
 import * as binUtils from '../utils';
 import * as binOptions from '../utils/options';
 import * as binProcessors from '../utils/processors';
+import * as binParsers from '../utils/parsers';
 
 class CommandLog extends CommandPolykey {
   constructor(...args: ConstructorParameters<typeof CommandPolykey>) {
     super(...args);
     this.name('log');
     this.description('Get the Version History of a Vault');
-    this.argument('<vaultName>', 'Name of the vault to obtain the log from');
+    this.argument(
+      '<vaultName>',
+      'Name of the vault to obtain the log from',
+      binParsers.parseVaultName,
+    );
     this.addOption(binOptions.commitId);
     this.addOption(binOptions.depth);
     this.addOption(binOptions.nodeId);
diff --git a/src/vaults/CommandPermissions.ts b/src/vaults/CommandPermissions.ts
@@ -3,14 +3,15 @@ import * as binProcessors from '../utils/processors';
 import * as binUtils from '../utils';
 import CommandPolykey from '../CommandPolykey';
 import * as binOptions from '../utils/options';
+import * as binParsers from '../utils/parsers';
 
 class CommandPermissions extends CommandPolykey {
   constructor(...args: ConstructorParameters<typeof CommandPolykey>) {
     super(...args);
     this.name('permissions');
     this.alias('perms');
     this.description('Sets the permissions of a vault for Node Ids');
-    this.argument('<vaultName>', 'Name or ID of the vault');
+    this.argument('<vaultName', 'Name of the vault', binParsers.parseVaultName);
     this.addOption(binOptions.nodeId);
     this.addOption(binOptions.clientHost);
     this.addOption(binOptions.clientPort);
diff --git a/src/vaults/CommandPull.ts b/src/vaults/CommandPull.ts
@@ -11,7 +11,11 @@ class CommandPull extends CommandPolykey {
     super(...args);
     this.name('pull');
     this.description('Pull a Vault from Another Node');
-    this.argument('<vaultNameOrId>', 'Name of the vault to be pulled into');
+    this.argument(
+      '<vaultName>',
+      'Name of the vault to be pulled into',
+      binParsers.parseVaultName,
+    );
     this.argument(
       '[targetNodeId]',
       '(Optional) target node to pull from',
diff --git a/src/vaults/CommandRename.ts b/src/vaults/CommandRename.ts
@@ -3,14 +3,23 @@ import CommandPolykey from '../CommandPolykey';
 import * as binUtils from '../utils';
 import * as binOptions from '../utils/options';
 import * as binProcessors from '../utils/processors';
+import * as binParsers from '../utils/parsers';
 
 class CommandRename extends CommandPolykey {
   constructor(...args: ConstructorParameters<typeof CommandPolykey>) {
     super(...args);
     this.name('rename');
     this.description('Rename an Existing Vault');
-    this.argument('<vaultName>', 'Name of the vault to be renamed');
-    this.argument('<newVaultName>', 'New name of the vault');
+    this.argument(
+      '<vaultName>',
+      'Name of the vault to be renamed',
+      binParsers.parseVaultName,
+    );
+    this.argument(
+      '<newVaultName>',
+      'New name of the vault',
+      binParsers.parseVaultName,
+    );
     this.addOption(binOptions.nodeId);
     this.addOption(binOptions.clientHost);
     this.addOption(binOptions.clientPort);
diff --git a/src/vaults/CommandShare.ts b/src/vaults/CommandShare.ts
@@ -11,7 +11,11 @@ class CommandShare extends CommandPolykey {
     super(...args);
     this.name('share');
     this.description('Set the Permissions of a Vault for a Node');
-    this.argument('<vaultName>', 'Name of the vault to be shared');
+    this.argument(
+      '<vaultName>',
+      'Name of the vault to be shared',
+      binParsers.parseVaultName,
+    );
     this.argument(
       '<nodeId>',
       'Id of the node to share to',
diff --git a/src/vaults/CommandUnshare.ts b/src/vaults/CommandUnshare.ts
@@ -11,7 +11,11 @@ class CommandUnshare extends CommandPolykey {
     super(...args);
     this.name('unshare');
     this.description('Unset the Permissions of a Vault for a Node');
-    this.argument('<vaultName>', 'Name of the vault to be unshared');
+    this.argument(
+      '<vaultName>',
+      'Name of the vault to be unshared',
+      binParsers.parseVaultName,
+    );
     this.argument(
       '<nodeId>',
       'Id of the node to unshare with',
diff --git a/src/vaults/CommandVersion.ts b/src/vaults/CommandVersion.ts
@@ -3,13 +3,18 @@ import CommandPolykey from '../CommandPolykey';
 import * as binUtils from '../utils';
 import * as binOptions from '../utils/options';
 import * as binProcessors from '../utils/processors';
+import * as binParsers from '../utils/parsers';
 
 class CommandVersion extends CommandPolykey {
   constructor(...args: ConstructorParameters<typeof CommandPolykey>) {
     super(...args);
     this.name('version');
     this.description('Set a Vault to a Particular Version in its History');
-    this.argument('<vaultName>', 'Name of the vault to change the version of');
+    this.argument(
+      '<vaultName>',
+      'Name of the vault to change the version of',
+      binParsers.parseVaultName,
+    );
     this.argument('<versionId>', 'Id of the commit that will be changed to');
     this.addOption(binOptions.nodeId);
     this.addOption(binOptions.clientHost);
diff --git a/tests/secrets/env.test.ts b/tests/secrets/env.test.ts
@@ -193,8 +193,10 @@ describe('commandEnv', () => {
     const result = await testUtils.pkExec([...command], {
       env: { PK_PASSWORD: password },
     });
+    console.error(result.stderr)
     expect(result.exitCode).toBe(0);
     const jsonOut = JSON.parse(result.stdout);
+    console.log(jsonOut);
     expect(jsonOut['SECRET_NEW']).toBeUndefined();
     expect(jsonOut['SECRET1']).toBe('this is the secret1');
     expect(jsonOut['SECRET2']).toBe('this is the secret2');
