accept multiple key/recipient file in the env var

glehmann · Feb 9, 2024 · 776fcd1 · 776fcd1
1 parent f56b374
commit 776fcd1
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 16 deletions.
diff --git a/src/cli.rs b/src/cli.rs
@@ -58,7 +58,7 @@ pub struct PubkeyArgs {
     /// If the filename is -, the keys are read from the standard input.
     ///
     /// May be repeated.
-    #[clap(name = "KEY_FILE", env = "YAGE_KEY_FILE")]
+    #[clap(name = "KEY_FILE", env = "YAGE_KEY_FILE", value_delimiter = ENV_PATH_SEP)]
     pub key_files: Vec<PathBuf>,
 
     /// The private keys
@@ -123,7 +123,8 @@ pub struct EditArgs {
         short = 'K',
         long = "key-file",
         name = "KEY_FILE",
-        env = "YAGE_KEY_FILE"
+        env = "YAGE_KEY_FILE",
+        value_delimiter = ENV_PATH_SEP,
     )]
     pub key_files: Vec<PathBuf>,
 
@@ -148,7 +149,8 @@ pub struct EditArgs {
         short = 'R',
         long = "recipient-file",
         name = "RECIPIENT_FILE",
-        env = "YAGE_RECIPIENT_FILE"
+        env = "YAGE_RECIPIENT_FILE",
+        value_delimiter = ENV_PATH_SEP,
     )]
     pub recipient_files: Vec<PathBuf>,
 
@@ -198,7 +200,8 @@ pub struct EncryptArgs {
         short = 'R',
         long = "recipient-file",
         name = "RECIPIENT_FILE",
-        env = "YAGE_RECIPIENT_FILE"
+        env = "YAGE_RECIPIENT_FILE",
+        value_delimiter = ENV_PATH_SEP,
     )]
     pub recipient_files: Vec<PathBuf>,
 
@@ -249,7 +252,8 @@ pub struct DecryptArgs {
         short = 'K',
         long = "key-file",
         name = "KEY_FILE",
-        env = "YAGE_KEY_FILE"
+        env = "YAGE_KEY_FILE",
+        value_delimiter = ENV_PATH_SEP,
     )]
     pub key_files: Vec<PathBuf>,
 
@@ -298,7 +302,8 @@ pub struct EnvArgs {
         short = 'K',
         long = "key-file",
         name = "KEY_FILE",
-        env = "YAGE_KEY_FILE"
+        env = "YAGE_KEY_FILE",
+        value_delimiter = ENV_PATH_SEP,
     )]
     pub key_files: Vec<PathBuf>,
 
@@ -324,6 +329,11 @@ pub struct CheckArgs {
     pub files: Vec<PathBuf>,
 }
 
+#[cfg(windows)]
+const ENV_PATH_SEP: char = ';';
+#[cfg(not(windows))]
+const ENV_PATH_SEP: char = ':';
+
 #[test]
 fn verify_cli() {
     use clap::CommandFactory;

diff --git a/tests/encrypt.rs b/tests/encrypt.rs
@@ -145,6 +145,7 @@ fn encrypt_recipients_from_env() {
     let (key_path1, pub_path1) = create_key(&tmp);
     let (key_path2, pub_path2) = create_key(&tmp);
     let (key_path3, pub_path3) = create_key(&tmp);
+    let (key_path4, pub_path4) = create_key(&tmp);
     let yaml_path = tmp.child("file.yaml");
     write(&yaml_path, YAML_CONTENT);
     let encrypted_path = tmp.child("file.enc.yaml");
@@ -153,14 +154,17 @@ fn encrypt_recipients_from_env() {
             "YAGE_RECIPIENT",
             format!("{},{}", read(&pub_path1).trim(), read(&pub_path2).trim()),
         )
-        .env("YAGE_RECIPIENT_FILE", &pub_path3)
+        .env(
+            "YAGE_RECIPIENT_FILE",
+            std::env::join_paths(vec![&pub_path3, &pub_path4]).unwrap(),
+        )
         .assert()
         .success()
         .stdout(is_empty())
         .stderr(is_empty());
     let data: sy::Value = sy::from_str(&YAML_CONTENT).unwrap();
     let encrypted_data: sy::Value = sy::from_str(&read(&encrypted_path)).unwrap();
-    for key_path in vec![key_path1, key_path2, key_path3] {
+    for key_path in vec![key_path1, key_path2, key_path3, key_path4] {
         let identities = yage::load_identities(&vec![], &vec![key_path]).unwrap();
         let decrypted_data = yage::decrypt_yaml(&encrypted_data, &identities).unwrap();
         assert_eq!(data, decrypted_data);

diff --git a/tests/pubkey.rs b/tests/pubkey.rs
@@ -32,17 +32,25 @@ fn pubkey_from_env() {
     let tmp = temp_dir();
     let (key_path1, pub_path1) = create_key(&tmp);
     let (key_path2, pub_path2) = create_key(&tmp);
+    let (key_path3, pub_path3) = create_key(&tmp);
+    let (key_path4, pub_path4) = create_key(&tmp);
     yage_cmd!("pubkey")
         .env(
             "YAGE_KEY",
             format!("{},{}", read(&key_path1).trim(), read(&key_path2).trim()),
         )
+        .env(
+            "YAGE_KEY_FILE",
+            std::env::join_paths(vec![&key_path3, &key_path4]).unwrap(),
+        )
         .assert()
         .success()
         .stdout(contains(format!(
-            "{}{}",
+            "{}{}{}{}",
             read(&pub_path1),
-            read(&pub_path2)
+            read(&pub_path2),
+            read(&pub_path3),
+            read(&pub_path4),
         )))
         .stderr(is_empty());
 }
@@ -55,9 +63,9 @@ fn pubkey_from_options_files_and_env() {
     let (key_path3, pub_path3) = create_key(&tmp);
     let (key_path4, pub_path4) = create_key(&tmp);
     let (key_path5, _) = create_key(&tmp);
-    let (key_path6, _) = create_key(&tmp);
     let (key_path7, pub_path7) = create_key(&tmp);
     let (key_path8, pub_path8) = create_key(&tmp);
+    let (key_path9, _) = create_key(&tmp);
     yage_cmd!(
         "pubkey",
         &key_path1,
@@ -68,10 +76,8 @@ fn pubkey_from_options_files_and_env() {
         "-",
         &key_path4
     )
-    .env(
-        "YAGE_KEY",
-        format!("{}{}", read(&key_path5).trim(), read(&key_path6).trim()),
-    )
+    .env("YAGE_KEY", read(&key_path5).trim())
+    .env("YAGE_KEY_FILE", &key_path9)
     .write_stdin(format!("{}{}", read(&key_path7), read(&key_path8)))
     .assert()
     .success()
@@ -81,11 +87,12 @@ fn pubkey_from_options_files_and_env() {
         read(&pub_path3),
         // YAGE_KEY env var is overridden by the -k option
         // read(&pub_path5),
-        // read(&pub_path6),
         read(&pub_path1),
         read(&pub_path7),
         read(&pub_path8),
         read(&pub_path4),
+        // YAGE_KEY_FILE env var is overridden by the command line args
+        // read(&pub_path9),
     )))
     .stderr(is_empty());
 }