[fix-secrets-695] take into account rpc secret from file for cli commands (fix #695)

This commit is contained in:
Alex 2024-02-12 10:42:17 +01:00
parent 198188017c
commit 25e5738568
Signed by: lx
GPG key ID: 0E496D15096376BE
2 changed files with 16 additions and 9 deletions

View file

@ -174,7 +174,9 @@ async fn main() {
} }
async fn cli_command(opt: Opt) -> Result<(), Error> { async fn cli_command(opt: Opt) -> Result<(), Error> {
let config = if opt.secrets.rpc_secret.is_none() || opt.rpc_host.is_none() { let config = if (opt.secrets.rpc_secret.is_none() && opt.secrets.rpc_secret_file.is_none())
|| opt.rpc_host.is_none()
{
Some(garage_util::config::read_config(opt.config_file.clone()) Some(garage_util::config::read_config(opt.config_file.clone())
.err_context(format!("Unable to read configuration file {}. Configuration file is needed because -h or -s is not provided on the command line.", opt.config_file.to_string_lossy()))?) .err_context(format!("Unable to read configuration file {}. Configuration file is needed because -h or -s is not provided on the command line.", opt.config_file.to_string_lossy()))?)
} else { } else {
@ -182,14 +184,19 @@ async fn cli_command(opt: Opt) -> Result<(), Error> {
}; };
// Find and parse network RPC secret // Find and parse network RPC secret
let net_key_hex_str = opt let mut rpc_secret = config.as_ref().and_then(|c| c.rpc_secret.clone());
.secrets secrets::fill_secret(
.rpc_secret &mut rpc_secret,
.as_ref() &config.as_ref().and_then(|c| c.rpc_secret_file.clone()),
.or_else(|| config.as_ref().and_then(|c| c.rpc_secret.as_ref())) &opt.secrets.rpc_secret,
.ok_or("No RPC secret provided")?; &opt.secrets.rpc_secret_file,
"rpc_secret",
true,
)?;
let net_key_hex_str = rpc_secret.ok_or("No RPC secret provided")?;
let network_key = NetworkKey::from_slice( let network_key = NetworkKey::from_slice(
&hex::decode(net_key_hex_str).err_context("Invalid RPC secret key (bad hex)")?[..], &hex::decode(&net_key_hex_str).err_context("Invalid RPC secret key (bad hex)")?[..],
) )
.ok_or("Invalid RPC secret provided (wrong length)")?; .ok_or("Invalid RPC secret provided (wrong length)")?;

View file

@ -83,7 +83,7 @@ pub fn fill_secrets(mut config: Config, secrets: Secrets) -> Result<Config, Erro
Ok(config) Ok(config)
} }
fn fill_secret( pub(crate) fn fill_secret(
config_secret: &mut Option<String>, config_secret: &mut Option<String>,
config_secret_file: &Option<String>, config_secret_file: &Option<String>,
cli_secret: &Option<String>, cli_secret: &Option<String>,