keystore commands for ox #588

cvaroqui · 2024-08-27T13:00:14Z

No description provided.

For cfg, sec and usr objects. Example: $ curl -s -k -o- -u cva:xxx -X PATCH -H "Content-Type: application/json" --data '[{"key": "foo1", "bytes": "YmFyCg==", "action": "add"},{"key": "foo2", "string": "bar", "action": "add"}]' https://localhost:1215/object/path/test/cfg/hdoc/keys $ om test/cfg/hdoc decode --key foo1 bar $ om test/cfg/hdoc decode --key foo2 bar

GET /object/path/:ns/:kind/:name/kvstore?key=k1&key=k2 PATCH /object/path/:ns/:kind/:name/kvstore GET /object/path/:ns/:kind/:name/kvstore/entry?key=... POST /object/path/:ns/:kind/:name/kvstore/entry?key=... DELETE /object/path/:ns/:kind/:name/kvstore/entry?key=...

GET /object/path/:ns/:kind/:name/kvstore/keys

This code was in object.Keystore instances. Move it to util/uri so omcmd and oxcmd can use it. Remove these from the Keystore interface: * AddKeyFrom * PrepareAddKeyFrom * ChangeKeyFrom * PrepareChangeKeyFrom It's much more sane to have the client download or read local files himself, instead of allowing a read privilege escalation via the daemon api or "sudo om cfg add --key".

Example: root@dev2n1:~/dev/om3# bin/ox system/** keys OBJECT NODE KEY system/sec/ca dev2n1 private_key system/sec/ca dev2n1 certificate system/sec/ca dev2n1 certificate_chain system/sec/ca dev2n1 fullpem system/sec/cert dev2n1 private_key system/sec/cert dev2n1 certificate system/sec/cert dev2n1 certificate_chain system/sec/cert dev2n1 fullpem system/usr/cva dev2n1 password

Example: $ bin/ox '**' keys OBJECT NODE KEY SIZE system/sec/cert dev2n1 private_key 4606 system/sec/cert dev2n1 certificate 2582 system/sec/cert dev2n1 certificate_chain 4658 system/sec/cert dev2n1 fullpem 8982 test/cfg/hdoc dev2n1 config.json 1159 test/cfg/hdoc dev2n1 foo1 15 test/cfg/hdoc dev2n1 hosts 8 test/cfg/hdoc dev2n1 protocols 4199 test/cfg/hdoc dev2n1 foo2 4199 system/sec/ca dev2n1 private_key 4606 system/sec/ca dev2n1 certificate 2642 system/sec/ca dev2n1 certificate_chain 2642 system/sec/ca dev2n1 fullpem 6962 system/usr/cva dev2n1 password 194 cfg/foo2 dev2n2 foo 11

* Implement the "add|change --from <dir>" * Make change behave as a upsert. add is the action to use when you don't want to overwrite existing keys. * Use the PATCH /object/path/:ns/:kd/:name/kvstore handler to add and change keys, as --from <dir> can feed multiple keys at once. The change is transactional: either all or no key changes are commited.

object.New<interface> should verify the type cast worked, and raise a new object.ErrWrongType error if not. The api handlers now emit a "Bad Request" response if they get a object.ErrWrongType, and "Internal Server Error" is still used for all other errors.

For example: $ om foo set --kw fs#1type=flag would panic on: panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x30 pc=0xc8b545] goroutine 1 [running]: github.com/cvaroqui/ini.(*Key).Value(...) /root/go/pkg/mod/github.com/cvaroqui/[email protected]/key.go:110 github.com/opensvc/om3/core/xconfig.(*T).set.func1({{{0xc003da00d0, 0x8}, {0x0, 0x0}}, 0x1, {0xc003da00d9, 0x4}, 0x0}) /root/dev/om3/core/xconfig/main.go:527 +0x65 Add a test, so that this bogus set would produce a clean: Error: invalid key in fs#1type=flag

cvaroqui added 11 commits August 26, 2024 14:40

Add one more kvstore handler

7be39d0

GET /object/path/:ns/:kind/:name/kvstore/keys

Implement the "ox <keystore> add|change|remove|keys" commands

a696fe0

Implement "ox <sel> decode --key ..."

7a67709

cvaroqui merged commit 7d4efa9 into opensvc:main Aug 29, 2024
1 check passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

keystore commands for ox #588

keystore commands for ox #588

cvaroqui commented Aug 27, 2024

keystore commands for ox #588

keystore commands for ox #588

Conversation

cvaroqui commented Aug 27, 2024