Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add tools get-creds command #1220

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/codeql.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
paths-ignore:
- src/pkg/packager/network.go
- src/pkg/utils/network.go
- src/pkg/utils/credentials.go
andrewg-xyz marked this conversation as resolved.
Show resolved Hide resolved
- build/**

query-filters:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ Collection of additional tools to make airgap easier
* [zarf tools archiver](zarf_tools_archiver.md) - Compress/Decompress generic archives, including Zarf packages.
* [zarf tools clear-cache](zarf_tools_clear-cache.md) - Clears the configured git and image cache directory.
* [zarf tools gen-pki](zarf_tools_gen-pki.md) - Generates a Certificate Authority and PKI chain of trust for the given host
* [zarf tools get-git-password](zarf_tools_get-git-password.md) - Returns the push user's password for the Git server
* [zarf tools get-creds](zarf_tools_get-creds.md) - Display a Table of credentials for deployed components. Pass a component name to get a single credential.
* [zarf tools monitor](zarf_tools_monitor.md) - Launch a terminal UI to monitor the connected cluster using K9s.
* [zarf tools registry](zarf_tools_registry.md) - Tools for working with container registries using go-containertools.
* [zarf tools sbom](zarf_tools_sbom.md) - Generates a Software Bill of Materials (SBOM) for the given package
Expand Down
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
## zarf tools get-git-password
## zarf tools get-creds

Returns the push user's password for the Git server
Display a Table of credentials for deployed components. Pass a component name to get a single credential.

### Synopsis

Reads the password for a user with push access to the configured Git server from the zarf-state secret in the zarf namespace
Display a Table of credentials for deployed components. Pass a component name to get a single credential. i.e. 'zarf tools get-creds registry'

```
zarf tools get-git-password [flags]
zarf tools get-creds [flags]
```

### Options

```
-h, --help help for get-git-password
-h, --help help for get-creds
```

### Options inherited from parent commands
Expand Down
35 changes: 30 additions & 5 deletions src/cmd/tools.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@
package cmd

import (
"fmt"
"net/url"
"os"

Expand All @@ -15,6 +14,7 @@ import (
"github.com/defenseunicorns/zarf/src/internal/cluster"
"github.com/defenseunicorns/zarf/src/pkg/message"
"github.com/defenseunicorns/zarf/src/pkg/pki"
"github.com/defenseunicorns/zarf/src/pkg/utils"
k9s "github.com/derailed/k9s/cmd"
craneCmd "github.com/google/go-containerregistry/cmd/crane/cmd"
"github.com/google/go-containerregistry/pkg/crane"
Expand Down Expand Up @@ -75,9 +75,10 @@ var registryCmd = &cobra.Command{
}

var readCredsCmd = &cobra.Command{
Use: "get-git-password",
Short: lang.CmdToolsGetGitPasswdShort,
Long: lang.CmdToolsGetGitPasswdLong,
Use: "get-git-password",
Hidden: true,
Short: lang.CmdToolsGetGitPasswdShort,
Long: lang.CmdToolsGetGitPasswdLong,
Run: func(cmd *cobra.Command, args []string) {
state, err := cluster.NewClusterOrDie().LoadZarfState()
if err != nil || state.Distro == "" {
Expand All @@ -86,7 +87,30 @@ var readCredsCmd = &cobra.Command{
}

message.Note(lang.CmdToolsGetGitPasswdInfo)
fmt.Println(state.GitServer.PushPassword)
message.Warn(lang.CmdToolGetGitDeprecation)
utils.PrintComponentCredential(state, "git")
},
}

var readAllCredsCmd = &cobra.Command{
Use: "get-creds",
Short: lang.CmdToolsGetCredsShort,
Long: lang.CmdToolsGetCredsLong,
Aliases: []string{"gc"},
Args: cobra.MaximumNArgs(1),
Run: func(cmd *cobra.Command, args []string) {
state, err := cluster.NewClusterOrDie().LoadZarfState()
if err != nil || state.Distro == "" {
// If no distro the zarf secret did not load properly
message.Fatalf(nil, lang.ErrLoadState)
}

if len(args) > 0 {
// If a component name is provided, only show that component's credentials
utils.PrintComponentCredential(state, args[0])
} else {
utils.PrintCredentialTable(state, nil)
}
},
}

Expand Down Expand Up @@ -140,6 +164,7 @@ func init() {
toolsCmd.AddCommand(readCredsCmd)
toolsCmd.AddCommand(k9sCmd)
toolsCmd.AddCommand(registryCmd)
toolsCmd.AddCommand(readAllCredsCmd)

toolsCmd.AddCommand(clearCacheCmd)
clearCacheCmd.Flags().StringVar(&config.CommonOptions.CachePath, "zarf-cache", config.ZarfDefaultCachePath, lang.CmdToolsClearCacheFlagCachePath)
Expand Down
4 changes: 4 additions & 0 deletions src/config/lang/english.go
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,7 @@ const (

CmdToolsRegistryShort = "Tools for working with container registries using go-containertools."

CmdToolGetGitDeprecation = "Deprecated: This command has been replaced by 'zarf tools get-creds git' and will be removed in a future release."
CmdToolsGetGitPasswdShort = "Returns the push user's password for the Git server"
CmdToolsGetGitPasswdLong = "Reads the password for a user with push access to the configured Git server from the zarf-state secret in the zarf namespace"
CmdToolsGetGitPasswdInfo = "Git Server Push Password: "
Expand All @@ -168,6 +169,9 @@ const (
CmdToolsSbomShort = "Generates a Software Bill of Materials (SBOM) for the given package"
CmdToolsSbomErr = "Unable to create sbom (syft) CLI"

CmdToolsGetCredsShort = "Display a Table of credentials for deployed components. Pass a component name to get a single credential."
CmdToolsGetCredsLong = "Display a Table of credentials for deployed components. Pass a component name to get a single credential. i.e. 'zarf tools get-creds registry' "

// zarf version
CmdVersionShort = "SBOM tools provided by Anchore Syft"
CmdVersionLong = "Displays the version of the Zarf release that the Zarf binary was built from."
Expand Down
28 changes: 1 addition & 27 deletions src/pkg/packager/deploy.go
Original file line number Diff line number Diff line change
Expand Up @@ -520,32 +520,6 @@ func (p *Packager) printTablesForDeployment(componentsToDeploy []types.DeployedC
message.PrintConnectStringTable(connectStrings)
} else {
// otherwise, print the init config connection and passwords
loginTableHeader := pterm.TableData{
{" Application", "Username", "Password", "Connect"},
}

loginTable := pterm.TableData{}
if p.cfg.State.RegistryInfo.InternalRegistry {
loginTable = append(loginTable, pterm.TableData{{" Registry", p.cfg.State.RegistryInfo.PushUsername, p.cfg.State.RegistryInfo.PushPassword, "zarf connect registry"}}...)
}

for _, component := range componentsToDeploy {
// Show message if including logging stack
if component.Name == "logging" {
loginTable = append(loginTable, pterm.TableData{{" Logging", "zarf-admin", p.cfg.State.LoggingSecret, "zarf connect logging"}}...)
}
// Show message if including git-server
if component.Name == "git-server" {
loginTable = append(loginTable, pterm.TableData{
{" Git", p.cfg.State.GitServer.PushUsername, p.cfg.State.GitServer.PushPassword, "zarf connect git"},
{" Git (read-only)", p.cfg.State.GitServer.PullUsername, p.cfg.State.GitServer.PullPassword, "zarf connect git"},
}...)
}
}

if len(loginTable) > 0 {
loginTable = append(loginTableHeader, loginTable...)
_ = pterm.DefaultTable.WithHasHeader().WithData(loginTable).Render()
}
utils.PrintCredentialTable(p.cfg.State, componentsToDeploy)
}
}
66 changes: 66 additions & 0 deletions src/pkg/utils/credentials.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
package utils

import (
"fmt"
"strings"

"github.com/defenseunicorns/zarf/src/pkg/message"
"github.com/defenseunicorns/zarf/src/types"
"github.com/pterm/pterm"
)

// Display credentials in a table
func PrintCredentialTable(state types.ZarfState, componentsToDeploy []types.DeployedComponent) {
if len(componentsToDeploy) == 0 {
componentsToDeploy = []types.DeployedComponent{{Name: "logging"}, {Name: "git-server"}}
}

pterm.Println()
loginTableHeader := pterm.TableData{
{" Application", "Username", "Password", "Connect"},
}

loginTable := pterm.TableData{}
if state.RegistryInfo.InternalRegistry {
loginTable = append(loginTable, pterm.TableData{{" Registry", state.RegistryInfo.PushUsername, state.RegistryInfo.PushPassword, "zarf connect registry"}}...)
}

for _, component := range componentsToDeploy {
// Show message if including logging stack
if component.Name == "logging" {
loginTable = append(loginTable, pterm.TableData{{" Logging", "zarf-admin", state.LoggingSecret, "zarf connect logging"}}...)
}
// Show message if including git-server
if component.Name == "git-server" {
loginTable = append(loginTable, pterm.TableData{
{" Git", state.GitServer.PushUsername, state.GitServer.PushPassword, "zarf connect git"},
{" Git (read-only)", state.GitServer.PullUsername, state.GitServer.PullPassword, "zarf connect git"},
}...)
}
}

if len(loginTable) > 0 {
loginTable = append(loginTableHeader, loginTable...)
_ = pterm.DefaultTable.WithHasHeader().WithData(loginTable).Render()
}
}

// Display credentials for a single component
func PrintComponentCredential(state types.ZarfState, componentName string) {
switch strings.ToLower(componentName) {
case "logging":
message.Note("Logging credentials (username: zarf-admin):")
fmt.Println(state.LoggingSecret)
case "git":
message.Note("Git Server push password (username: " + state.GitServer.PushUsername + "):")
fmt.Println(state.GitServer.PushPassword)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

[Sensitive data returned by an access to PushPassword](1) flows to a logging call.
case "git-readonly":
message.Note("Git Server (read-only) password (username: " + state.GitServer.PullUsername + "):")
fmt.Println(state.GitServer.PullPassword)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

[Sensitive data returned by an access to PullPassword](1) flows to a logging call.
case "registry":
message.Note("Image Registry password (username: " + state.RegistryInfo.PushUsername + "):")
fmt.Println(state.RegistryInfo.PushPassword)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

[Sensitive data returned by an access to PushPassword](1) flows to a logging call.
default:
message.Warn("Unknown component: " + componentName)
}
}