Add galasactl secrets set command (#302)

* feat: Add galasactl secrets delete command

Signed-off-by: Eamonn Mansour <[email protected]>

* feat: Add galasactl secrets get command and formatters

Signed-off-by: Eamonn Mansour <[email protected]>

* feat: Add galasactl secrets set command

Signed-off-by: Eamonn Mansour <[email protected]>

* fix: Remove duplicate console output

Signed-off-by: Eamonn Mansour <[email protected]>

* docs: Add secrets commands to README

Signed-off-by: Eamonn Mansour <[email protected]>

* feat: Add description flag and validation to secrets

Signed-off-by: Eamonn Mansour <[email protected]>

* feat: Add last updated headers to secret summary output

Signed-off-by: Eamonn Mansour <[email protected]>

* fix: Allow secrets set to update description only

Signed-off-by: Eamonn Mansour <[email protected]>

* Empty commit to kick off build

Signed-off-by: Eamonn Mansour <[email protected]>

* fix: Move description to the last column in secrets get

Signed-off-by: Eamonn Mansour <[email protected]>

* chore: Update secrets baseline

Signed-off-by: Eamonn Mansour <[email protected]>

---------

Signed-off-by: Eamonn Mansour <[email protected]>

.secrets.baseline

@@ -151,31 +151,67 @@
         "hashed_secret": "11747ed2a3904f82931baf592443772259ea8dc1",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 25,
+        "line_number": 26,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "679d55ddc3c3d0f6ea2d11275a5d084669c98d56",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 62,
+        "line_number": 67,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "3b938c1150a71e71e5f1ffeadbe6475f0f6a2e36",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 122,
+        "line_number": 127,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "2dfbe3ec00a96d6f711d9a70f78be17f6fd574ca",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 284,
+        "line_number": 289,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "pkg/secrets/secretsSet.go": [
+      {
+        "hashed_secret": "28aa91a8e751e5c49714ac040e98812f9110a1fd",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 54,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "pkg/secrets/secretsSet_test.go": [
+      {
+        "hashed_secret": "89e7fc0c50091804bfeb26cddefc0e701dd60fab",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 316,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "edbd5e119f94badb9f99a67ac6ff4c7a5204ad61",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 822,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "ea531d9e3ac1dc2beec9c298fb0026d59e4e2262",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 825,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -195,7 +231,7 @@
         "hashed_secret": "4d55af37dbbb6a42088d917caa1ca25428ec42c9",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 44,
+        "line_number": 50,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -225,7 +261,7 @@
         "hashed_secret": "679d55ddc3c3d0f6ea2d11275a5d084669c98d56",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 29,
+        "line_number": 32,
         "type": "Secret Keyword",
         "verified_result": null
       }

README.md

@@ -657,6 +657,62 @@ galasactl secrets get --name SYSTEM1 --format yaml
 
 For a complete list of supported parameters see [here](./docs/generated/galasactl_secrets_get.md).
 
+## secrets set
+
+This command can be used to create and update secrets in the Galasa Ecosystem. These secrets can then be used in Galasa tests to authenticate with test systems and perform other secure operations. The name of a secret to create or update must be provided using the `--name` flag.
+
+### Examples
+
+The `--username`, `--password`, and `--token` flags can be used in different combinations to create different types of secret.
+
+For example, a UsernamePassword secret can be created by supplying `--username` and `--password`:
+
+```
+galasactl secrets set --name SYSTEM1 --username "my-username" --password "my-password"
+```
+
+A UsernameToken secret can be created by supplying `--username` and `--token`:
+
+```
+galasactl secrets set --name SYSTEM1 --username "my-username" --token "my-token"
+```
+
+A Token secret can be created by supplying `--token` on its own:
+```
+galasactl secrets set --name SYSTEM1 --token "my-token"
+```
+
+A Username secret can be created by supplying `--username` on its own:
+
+```
+galasactl secrets set --name SYSTEM1 --username "my-username"
+```
+
+Base64-encoded credentials can be supplied using the `--base64-username`, `--base64-password`, and `--base64-token` flags.
+
+For example, to create a UsernamePassword secret where both the username and password are base64-encoded:
+
+```
+galasactl secrets set --name SYSTEM1 --base64-username "my-base64-username" --base64-password "my-base64-password"
+```
+
+It is also possible to mix these flags with their non-encoded variants discussed previously. For example, to create a UsernameToken secret where only the token is base64-encoded:
+
+```
+galasactl secrets set --name SYSTEM1 --username "my-base64-username" --base64-token "my-base64-token"
+```
+
+Once a secret has been created, you can change the type of the secret by supplying your desired secret type using the `--type` flag. When supplying the `--type` flag, all credentials for the new secret type must be provided. To find out what secret types are supported, run `galasactl secrets set --help`.
+
+For example, to create a UsernamePassword secret and then change it to a Token secret:
+
+```
+galasactl secrets set --name SYSTEM1 --username "my-username" --password "my-password"
+galasactl secrets set --name SYSTEM1 --token "my-token" --type Token
+```
+
+For a complete list of supported parameters see [here](./docs/generated/galasactl_secrets_set.md).
+
 ## secrets delete
 
 This command deletes a secret with the given name from the Galasa Ecosystem's credentials store. The name of the secret to be deleted must be provided using the `--name` flag.

docs/generated/errors-list.md

@@ -167,7 +167,7 @@ The `galasactl` tool can generate the following errors:
 - GAL1169E: An attempt to delete a secret named '{}' failed. Unexpected http status code {} received from the server. Error details from the server are not in a valid json format. Cause: '{}'
 - GAL1170E: An attempt to delete a secret named '{}' failed. Unexpected http status code {} received from the server. Error details from the server are: '{}'
 - GAL1171E: An attempt to delete a secret named '{}' failed. Unexpected http status code {} received from the server. Error details from the server are not in the json format.
-- GAL1172E: Invalid secret name provided. The name provided with the --name flag cannot be empty or contain spaces, and must only contain characters in the Latin-1 character set.
+- GAL1172E: Invalid secret name provided. The name provided with the --name flag cannot be empty, contain spaces or dots (.), and must only contain characters in the Latin-1 character set.
 - GAL1173E: An attempt to delete a secret named '{}' failed. Sending the delete request to the Galasa service failed. Cause is {}
 - GAL1174E: An attempt to get a secret named '{}' failed. Unexpected http status code {} received from the server.
 - GAL1175E: An attempt to get a secret named '{}' failed. Unexpected http status code {} received from the server. Error details from the server could not be read. Cause: {}
@@ -181,6 +181,15 @@ The `galasactl` tool can generate the following errors:
 - GAL1183E: Failed to get secrets. Unexpected http status code {} received from the server. Error details from the server are: '{}'
 - GAL1184E: Failed to get secrets. Unexpected http status code {} received from the server. Error details from the server are not in the json format.
 - GAL1185E: Failed to get secrets. Sending the get request to the Galasa service failed. Cause is {}
+- GAL1186E: Invalid secret type provided. Supported secret types are: {}. Check your provided command parameters and try again.
+- GAL1187E: Failed to set a secret named '{}'. Unexpected http status code {} received from the server.
+- GAL1188E: Failed to set a secret named '{}'. Unexpected http status code {} received from the server. Error details from the server could not be read. Cause: {}
+- GAL1189E: Failed to set a secret named '{}'. Unexpected http status code {} received from the server. Error details from the server are not in a valid json format. Cause: '{}'
+- GAL1190E: Failed to set a secret named '{}'. Unexpected http status code {} received from the server. Error details from the server are: '{}'
+- GAL1191E: Failed to set a secret named '{}'. Unexpected http status code {} received from the server. Error details from the server are not in the json format.
+- GAL1192E: Failed to set a secret named '{}'. Sending the put request to the Galasa service failed. Cause is {}
+- GAL1193E: Invalid flag combination provided. --username cannot be provided with --base64-username, --password cannot be provided with --base64-password, and --token cannot be provided with --base64-token. Use the --help flag for more information, or refer to the documentation at https://galasa.dev/docs/reference/cli-commands.
+- GAL1194E: Invalid secret description provided. The description provided with the --description flag cannot be an empty string, and must only contain characters in the Latin-1 character set.
 - GAL1225E: Failed to open file '{}' cause: {}. Check that this file exists, and that you have read permissions.
 - GAL1226E: Internal failure. Contents of gzip could be read, but not decoded. New gzip reader failed: file: {} error: {}
 - GAL1227E: Internal failure. Contents of gzip could not be decoded. {} error: {}

docs/generated/galasactl_secrets.md

@@ -25,4 +25,5 @@ The parent command for operations to manipulate secrets in the Galasa service's
 * [galasactl](galasactl.md)	 - CLI for Galasa
 * [galasactl secrets delete](galasactl_secrets_delete.md)	 - Deletes a secret from the credentials store
 * [galasactl secrets get](galasactl_secrets_get.md)	 - Get secrets from the credentials store
+* [galasactl secrets set](galasactl_secrets_set.md)	 - Creates or updates a secret in the credentials store
 

docs/generated/galasactl_secrets_set.md

@@ -0,0 +1,39 @@
+## galasactl secrets set
+
+Creates or updates a secret in the credentials store
+
+### Synopsis
+
+Creates or updates a secret in the credentials store
+
+```
+galasactl secrets set [flags]
+```
+
+### Options
+
+```
+      --base64-password string   a base64-encoded password to set into a secret
+      --base64-token string      a base64-encoded token to set into a secret
+      --base64-username string   a base64-encoded username to set into a secret
+      --description string       the description to associate with the secret being created or updated
+  -h, --help                     Displays the options for the 'secrets set' command.
+      --name string              A mandatory flag that identifies the secret to be created or manipulated.
+      --password string          a password to set into a secret
+      --token string             a token to set into a secret
+      --type string              the desired secret type to convert an existing secret into. Supported types are: [UsernamePassword Username UsernameToken Token].
+      --username string          a username to set into a secret
+```
+
+### Options inherited from parent commands
+
+```
+  -b, --bootstrap string    Bootstrap URL. Should start with 'http://' or 'file://'. If it starts with neither, it is assumed to be a fully-qualified path. If missing, it defaults to use the 'bootstrap.properties' file in your GALASA_HOME. Example: http://example.com/bootstrap, file:///user/myuserid/.galasa/bootstrap.properties , file://C:/Users/myuserid/.galasa/bootstrap.properties
+      --galasahome string   Path to a folder where Galasa will read and write files and configuration settings. The default is '${HOME}/.galasa'. This overrides the GALASA_HOME environment variable which may be set instead.
+  -l, --log string          File to which log information will be sent. Any folder referred to must exist. An existing file will be overwritten. Specify "-" to log to stderr. Defaults to not logging.
+```
+
+### SEE ALSO
+
+* [galasactl secrets](galasactl_secrets.md)	 - Manage secrets stored in the Galasa service's credentials store
+

pkg/cmd/commandCollection.go

@@ -61,6 +61,7 @@ const (
 	COMMAND_NAME_RESOURCES_DELETE         = "resources delete"
 	COMMAND_NAME_SECRETS                  = "secrets"
 	COMMAND_NAME_SECRETS_GET              = "secrets get"
+	COMMAND_NAME_SECRETS_SET              = "secrets set"
 	COMMAND_NAME_SECRETS_DELETE           = "secrets delete"
 	COMMAND_NAME_USERS                    = "users"
 	COMMAND_NAME_USERS_GET                = "users get"
@@ -387,6 +388,7 @@ func (commands *commandCollectionImpl) addSecretsCommands(factory spi.Factory, r
 	var err error
 	var secretsCommand spi.GalasaCommand
 	var secretsGetCommand spi.GalasaCommand
+	var secretsSetCommand spi.GalasaCommand
 	var secretsDeleteCommand spi.GalasaCommand
 
 	secretsCommand, err = NewSecretsCmd(rootCommand)
@@ -395,13 +397,18 @@ func (commands *commandCollectionImpl) addSecretsCommands(factory spi.Factory, r
 		secretsGetCommand, err = NewSecretsGetCommand(factory, secretsCommand, rootCommand)
 	}
 
+	if err == nil {
+		secretsSetCommand, err = NewSecretsSetCommand(factory, secretsCommand, rootCommand)
+	}
+
 	if err == nil {
 		secretsDeleteCommand, err = NewSecretsDeleteCommand(factory, secretsCommand, rootCommand)
 	}
 
 	if err == nil {
 		commands.commandMap[secretsCommand.Name()] = secretsCommand
 		commands.commandMap[secretsGetCommand.Name()] = secretsGetCommand
+		commands.commandMap[secretsSetCommand.Name()] = secretsSetCommand
 		commands.commandMap[secretsDeleteCommand.Name()] = secretsDeleteCommand
 	}