add tools get-creds command (#1220)

## Description

Add command to easily get credentials printed during zarf init (i.e.
git, logging, registry)

## Related Issue

Fixes #1098 

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

## Checklist before merging

- [ ] Test, docs, adr added or updated as needed
- [ ] [Contributor Guide
Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow)
followed

.github/codeql.yaml

@@ -1,6 +1,7 @@
 paths-ignore:
   - src/pkg/packager/network.go
   - src/pkg/utils/network.go
+  - src/pkg/utils/credentials.go
   - build/**
 
 query-filters:

docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools.md

@@ -25,7 +25,7 @@ Collection of additional tools to make airgap easier
 * [zarf tools archiver](zarf_tools_archiver.md)	 - Compress/Decompress generic archives, including Zarf packages.
 * [zarf tools clear-cache](zarf_tools_clear-cache.md)	 - Clears the configured git and image cache directory.
 * [zarf tools gen-pki](zarf_tools_gen-pki.md)	 - Generates a Certificate Authority and PKI chain of trust for the given host
-* [zarf tools get-git-password](zarf_tools_get-git-password.md)	 - Returns the push user's password for the Git server
+* [zarf tools get-creds](zarf_tools_get-creds.md)	 - Display a Table of credentials for deployed components. Pass a component name to get a single credential.
 * [zarf tools monitor](zarf_tools_monitor.md)	 - Launch a terminal UI to monitor the connected cluster using K9s.
 * [zarf tools registry](zarf_tools_registry.md)	 - Tools for working with container registries using go-containertools.
 * [zarf tools sbom](zarf_tools_sbom.md)	 - Generates a Software Bill of Materials (SBOM) for the given package

docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_get-git-password.md → docs/4-user-guide/1-the-zarf-cli/100-cli-commands/zarf_tools_get-creds.md

@@ -1,19 +1,19 @@
-## zarf tools get-git-password
+## zarf tools get-creds
 
-Returns the push user's password for the Git server
+Display a Table of credentials for deployed components. Pass a component name to get a single credential.
 
 ### Synopsis
 
-Reads the password for a user with push access to the configured Git server from the zarf-state secret in the zarf namespace
+Display a Table of credentials for deployed components. Pass a component name to get a single credential. i.e. 'zarf tools get-creds registry' 
 
 ```
-zarf tools get-git-password [flags]
+zarf tools get-creds [flags]
 ```
 
 ### Options
 
 ```
-  -h, --help   help for get-git-password
+  -h, --help   help for get-creds
 ```
 
 ### Options inherited from parent commands

src/cmd/tools.go

@@ -5,7 +5,6 @@
 package cmd
 
 import (
-	"fmt"
 	"net/url"
 	"os"
 
@@ -15,6 +14,7 @@ import (
 	"github.com/defenseunicorns/zarf/src/internal/cluster"
 	"github.com/defenseunicorns/zarf/src/pkg/message"
 	"github.com/defenseunicorns/zarf/src/pkg/pki"
+	"github.com/defenseunicorns/zarf/src/pkg/utils"
 	k9s "github.com/derailed/k9s/cmd"
 	craneCmd "github.com/google/go-containerregistry/cmd/crane/cmd"
 	"github.com/google/go-containerregistry/pkg/crane"
@@ -75,9 +75,10 @@ var registryCmd = &cobra.Command{
 }
 
 var readCredsCmd = &cobra.Command{
-	Use:   "get-git-password",
-	Short: lang.CmdToolsGetGitPasswdShort,
-	Long:  lang.CmdToolsGetGitPasswdLong,
+	Use:    "get-git-password",
+	Hidden: true,
+	Short:  lang.CmdToolsGetGitPasswdShort,
+	Long:   lang.CmdToolsGetGitPasswdLong,
 	Run: func(cmd *cobra.Command, args []string) {
 		state, err := cluster.NewClusterOrDie().LoadZarfState()
 		if err != nil || state.Distro == "" {
@@ -86,7 +87,30 @@ var readCredsCmd = &cobra.Command{
 		}
 
 		message.Note(lang.CmdToolsGetGitPasswdInfo)
-		fmt.Println(state.GitServer.PushPassword)
+		message.Warn(lang.CmdToolGetGitDeprecation)
+		utils.PrintComponentCredential(state, "git")
+	},
+}
+
+var readAllCredsCmd = &cobra.Command{
+	Use:     "get-creds",
+	Short:   lang.CmdToolsGetCredsShort,
+	Long:    lang.CmdToolsGetCredsLong,
+	Aliases: []string{"gc"},
+	Args:    cobra.MaximumNArgs(1),
+	Run: func(cmd *cobra.Command, args []string) {
+		state, err := cluster.NewClusterOrDie().LoadZarfState()
+		if err != nil || state.Distro == "" {
+			// If no distro the zarf secret did not load properly
+			message.Fatalf(nil, lang.ErrLoadState)
+		}
+
+		if len(args) > 0 {
+			// If a component name is provided, only show that component's credentials
+			utils.PrintComponentCredential(state, args[0])
+		} else {
+			utils.PrintCredentialTable(state, nil)
+		}
 	},
 }
 
@@ -140,6 +164,7 @@ func init() {
 	toolsCmd.AddCommand(readCredsCmd)
 	toolsCmd.AddCommand(k9sCmd)
 	toolsCmd.AddCommand(registryCmd)
+	toolsCmd.AddCommand(readAllCredsCmd)
 
 	toolsCmd.AddCommand(clearCacheCmd)
 	clearCacheCmd.Flags().StringVar(&config.CommonOptions.CachePath, "zarf-cache", config.ZarfDefaultCachePath, lang.CmdToolsClearCacheFlagCachePath)

src/config/lang/english.go

@@ -150,6 +150,7 @@ const (
 
 	CmdToolsRegistryShort = "Tools for working with container registries using go-containertools."
 
+	CmdToolGetGitDeprecation  = "Deprecated: This command has been replaced by 'zarf tools get-creds git' and will be removed in a future release."
 	CmdToolsGetGitPasswdShort = "Returns the push user's password for the Git server"
 	CmdToolsGetGitPasswdLong  = "Reads the password for a user with push access to the configured Git server from the zarf-state secret in the zarf namespace"
 	CmdToolsGetGitPasswdInfo  = "Git Server Push Password: "
@@ -168,6 +169,9 @@ const (
 	CmdToolsSbomShort = "Generates a Software Bill of Materials (SBOM) for the given package"
 	CmdToolsSbomErr   = "Unable to create sbom (syft) CLI"
 
+	CmdToolsGetCredsShort = "Display a Table of credentials for deployed components. Pass a component name to get a single credential."
+	CmdToolsGetCredsLong  = "Display a Table of credentials for deployed components. Pass a component name to get a single credential. i.e. 'zarf tools get-creds registry' "
+
 	// zarf version
 	CmdVersionShort = "SBOM tools provided by Anchore Syft"
 	CmdVersionLong  = "Displays the version of the Zarf release that the Zarf binary was built from."

src/pkg/packager/deploy.go

@@ -520,32 +520,6 @@ func (p *Packager) printTablesForDeployment(componentsToDeploy []types.DeployedC
 		message.PrintConnectStringTable(connectStrings)
 	} else {
 		// otherwise, print the init config connection and passwords
-		loginTableHeader := pterm.TableData{
-			{"     Application", "Username", "Password", "Connect"},
-		}
-
-		loginTable := pterm.TableData{}
-		if p.cfg.State.RegistryInfo.InternalRegistry {
-			loginTable = append(loginTable, pterm.TableData{{"     Registry", p.cfg.State.RegistryInfo.PushUsername, p.cfg.State.RegistryInfo.PushPassword, "zarf connect registry"}}...)
-		}
-
-		for _, component := range componentsToDeploy {
-			// Show message if including logging stack
-			if component.Name == "logging" {
-				loginTable = append(loginTable, pterm.TableData{{"     Logging", "zarf-admin", p.cfg.State.LoggingSecret, "zarf connect logging"}}...)
-			}
-			// Show message if including git-server
-			if component.Name == "git-server" {
-				loginTable = append(loginTable, pterm.TableData{
-					{"     Git", p.cfg.State.GitServer.PushUsername, p.cfg.State.GitServer.PushPassword, "zarf connect git"},
-					{"     Git (read-only)", p.cfg.State.GitServer.PullUsername, p.cfg.State.GitServer.PullPassword, "zarf connect git"},
-				}...)
-			}
-		}
-
-		if len(loginTable) > 0 {
-			loginTable = append(loginTableHeader, loginTable...)
-			_ = pterm.DefaultTable.WithHasHeader().WithData(loginTable).Render()
-		}
+		utils.PrintCredentialTable(p.cfg.State, componentsToDeploy)
 	}
 }

src/pkg/utils/credentials.go

@@ -0,0 +1,66 @@
+package utils
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/defenseunicorns/zarf/src/pkg/message"
+	"github.com/defenseunicorns/zarf/src/types"
+	"github.com/pterm/pterm"
+)
+
+// Display credentials in a table
+func PrintCredentialTable(state types.ZarfState, componentsToDeploy []types.DeployedComponent) {
+	if len(componentsToDeploy) == 0 {
+		componentsToDeploy = []types.DeployedComponent{{Name: "logging"}, {Name: "git-server"}}
+	}
+
+	pterm.Println()
+	loginTableHeader := pterm.TableData{
+		{"     Application", "Username", "Password", "Connect"},
+	}
+
+	loginTable := pterm.TableData{}
+	if state.RegistryInfo.InternalRegistry {
+		loginTable = append(loginTable, pterm.TableData{{"     Registry", state.RegistryInfo.PushUsername, state.RegistryInfo.PushPassword, "zarf connect registry"}}...)
+	}
+
+	for _, component := range componentsToDeploy {
+		// Show message if including logging stack
+		if component.Name == "logging" {
+			loginTable = append(loginTable, pterm.TableData{{"     Logging", "zarf-admin", state.LoggingSecret, "zarf connect logging"}}...)
+		}
+		// Show message if including git-server
+		if component.Name == "git-server" {
+			loginTable = append(loginTable, pterm.TableData{
+				{"     Git", state.GitServer.PushUsername, state.GitServer.PushPassword, "zarf connect git"},
+				{"     Git (read-only)", state.GitServer.PullUsername, state.GitServer.PullPassword, "zarf connect git"},
+			}...)
+		}
+	}
+
+	if len(loginTable) > 0 {
+		loginTable = append(loginTableHeader, loginTable...)
+		_ = pterm.DefaultTable.WithHasHeader().WithData(loginTable).Render()
+	}
+}
+
+// Display credentials for a single component
+func PrintComponentCredential(state types.ZarfState, componentName string) {
+	switch strings.ToLower(componentName) {
+	case "logging":
+		message.Note("Logging credentials (username: zarf-admin):")
+		fmt.Println(state.LoggingSecret)
+	case "git":
+		message.Note("Git Server push password (username: " + state.GitServer.PushUsername + "):")
+		fmt.Println(state.GitServer.PushPassword)
+	case "git-readonly":
+		message.Note("Git Server (read-only) password (username: " + state.GitServer.PullUsername + "):")
+		fmt.Println(state.GitServer.PullPassword)
+	case "registry":
+		message.Note("Image Registry password (username: " + state.RegistryInfo.PushUsername + "):")
+		fmt.Println(state.RegistryInfo.PushPassword)
+	default:
+		message.Warn("Unknown component: " + componentName)
+	}
+}