Read subcommand: Read one secret at a time. (#17)

* Read subcommand: Read one secret at a time. * Add --quiet and --version flags to read subcommand * Newline after --quiet. Add docs about latest being -1 * Tighten up var
segmentio · Aug 21, 2017 · 8968828 · 8968828
1 parent 58a665a
commit 8968828
Show file tree

Hide file tree

Showing 4 changed files with 85 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -58,6 +58,15 @@ $ chamber exec <service...> -- <your executable>
 
 Secrets from services are loaded in the order specified in the command.  For example, if you do `chamber exec app apptwo -- ...` and both apps have a secret named `api_key`, the `api_key` from `apptwo` will be the one set in your environment.
 
+### Reading
+```bash
+$ chamber read service key
+Key             Value                           Version         LastModified    User
+key             secret                          1               06-09 17:30:56  daniel-fuentes
+```
+
+`read` provides the ability to print out the value of a single secret, as well as the secret's additional metadata. It does not provide the ability to print out multiple secrets in order to discourage accessing extra secret material that is unneeded. Parameter store automatically versions secrets and passing the `--version/-v` flag to read can print older versions of the secret. Default version (-1) is the latest secret.
+
 ## Releasing
 
 To cut a new release, just push a tag named `v<semver>` where `<semver>` is a valid semver version.  This tag will be used by Circle to automatically publish a github release.
diff --git a/cmd/exec.go b/cmd/exec.go
@@ -26,8 +26,8 @@ var execCmd = &cobra.Command{
 
 func init() {
 	RootCmd.AddCommand(execCmd)
-
 }
+
 func execRun(cmd *cobra.Command, args []string) error {
 	dashIx := cmd.ArgsLenAtDash()
 	if dashIx == -1 {

diff --git a/cmd/read.go b/cmd/read.go
@@ -0,0 +1,75 @@
+package cmd
+
+import (
+	"fmt"
+	"os"
+	"strings"
+	"text/tabwriter"
+
+	"github.com/segmentio/chamber/store"
+	"github.com/spf13/cobra"
+)
+
+var (
+	version int
+	quiet   bool
+
+	// readCmd represents the read command
+	readCmd = &cobra.Command{
+		Use:   "read <service> <key>",
+		Short: "Read a specific secret from the parameter store",
+		RunE:  read,
+	}
+)
+
+func init() {
+	readCmd.Flags().IntVarP(&version, "version", "v", -1, "The version number of the secret. Defaults to latest.")
+	readCmd.Flags().BoolVarP(&quiet, "quiet", "q", false, "Only print the secret")
+	RootCmd.AddCommand(readCmd)
+}
+
+func read(cmd *cobra.Command, args []string) error {
+	if len(args) < 2 {
+		return ErrTooFewArguments
+	}
+	if len(args) > 2 {
+		return ErrTooManyArguments
+	}
+
+	service := strings.ToLower(args[0])
+	if err := validateService(service); err != nil {
+		return err
+	}
+
+	key := strings.ToLower(args[1])
+	if err := validateKey(key); err != nil {
+		return err
+	}
+
+	secretStore := store.NewSSMStore()
+	secretId := store.SecretId{
+		Service: service,
+		Key:     key,
+	}
+
+	secret, err := secretStore.Read(secretId, version)
+	if err != nil {
+		return err
+	}
+
+	if quiet {
+		fmt.Fprintf(os.Stdout, "%s\n", *secret.Value)
+		return nil
+	}
+
+	w := tabwriter.NewWriter(os.Stdout, 0, 8, 2, '\t', 0)
+	fmt.Fprintln(w, "Key\tValue\tVersion\tLastModified\tUser")
+	fmt.Fprintf(w, "%s\t%s\t%d\t%s\t%s\n",
+		key,
+		*secret.Value,
+		secret.Meta.Version,
+		secret.Meta.Created.Local().Format(ShortTimeFormat),
+		secret.Meta.CreatedBy)
+	w.Flush()
+	return nil
+}
diff --git a/cmd/root.go b/cmd/root.go
@@ -40,9 +40,6 @@ func Execute() {
 	}
 }
 
-func init() {
-}
-
 func validateService(service string) error {
 	if !validServiceFormat.MatchString(service) {
 		return fmt.Errorf("Failed to validate service name '%s'.  Only alphanumeric, dashes, and underscores are allowed for service names", service)