Cleanup command line options for auth / share input.

Not sure this is the "right" way since we're duplicating a structure, just w/ different clap stuff ... it works.
oxidecomputer · Dec 16, 2024 · 16ceca8 · 16ceca8
1 parent 78695dd
commit 16ceca8
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 23 deletions.
diff --git a/src/main.rs b/src/main.rs
@@ -26,7 +26,7 @@ use oks::{
     },
     hsm::Hsm,
     secret_reader::{
-        self, PasswordReader, SecretInputArg, StdioPasswordReader,
+        self, AuthInputArg, PasswordReader, ShareInputArg, StdioPasswordReader,
     },
     secret_writer::{self, SecretOutputArg},
     util,
@@ -75,7 +75,7 @@ struct Args {
 enum Command {
     Ca {
         #[clap(flatten)]
-        auth_method: SecretInputArg,
+        auth_method: AuthInputArg,
 
         #[command(subcommand)]
         command: CaCommand,
@@ -159,7 +159,7 @@ enum HsmCommand {
     /// Generate keys in YubiHSM from specification.
     Generate {
         #[clap(flatten)]
-        auth_method: SecretInputArg,
+        auth_method: AuthInputArg,
 
         #[clap(long, env, default_value = "input")]
         key_spec: PathBuf,
@@ -185,7 +185,7 @@ enum HsmCommand {
         backups: PathBuf,
 
         #[clap(flatten)]
-        share_method: SecretInputArg,
+        share_method: ShareInputArg,
 
         #[clap(long, env, default_value = "input/verifier.json")]
         verifier: PathBuf,
@@ -194,7 +194,7 @@ enum HsmCommand {
     /// Get serial number from YubiHSM and dump to console.
     SerialNumber {
         #[clap(flatten)]
-        auth_method: SecretInputArg,
+        auth_method: AuthInputArg,
     },
 }
 
@@ -239,7 +239,7 @@ fn get_auth_id(auth_id: Option<Id>, command: &HsmCommand) -> Id {
 /// the user with a password prompt.
 fn get_passwd(
     auth_id: Option<Id>,
-    auth_method: &SecretInputArg,
+    auth_method: &AuthInputArg,
     command: &HsmCommand,
 ) -> Result<Zeroizing<String>> {
     let passwd = match env::var(ENV_PASSWORD).ok() {

diff --git a/src/secret_reader.rs b/src/secret_reader.rs
@@ -28,15 +28,6 @@ pub enum SecretInput {
     Stdio,
 }
 
-#[derive(Args, Clone, Debug, Default, PartialEq)]
-pub struct SecretInputArg {
-    #[clap(long, env)]
-    auth_method: SecretInput,
-
-    #[clap(long, env)]
-    auth_dev: Option<PathBuf>,
-}
-
 impl From<SecretInput> for ArgPredicate {
     fn from(val: SecretInput) -> Self {
         let rep = match val {
@@ -58,20 +49,29 @@ impl From<SecretInput> for &str {
     }
 }
 
+#[derive(Args, Clone, Debug, Default, PartialEq)]
+pub struct AuthInputArg {
+    #[clap(long = "auth-method", env)]
+    method: SecretInput,
+
+    #[clap(long = "auth-device", env)]
+    device: Option<PathBuf>,
+}
+
 pub trait PasswordReader {
     fn read(&mut self, prompt: &str) -> Result<Zeroizing<String>>;
 }
 
 pub fn get_passwd_reader(
-    input: &SecretInputArg,
+    input: &AuthInputArg,
 ) -> Result<Box<dyn PasswordReader>> {
-    Ok(match input.auth_method {
+    Ok(match input.method {
         SecretInput::Cdr => {
-            let cdr = CdReader::new(input.auth_dev.as_ref());
+            let cdr = CdReader::new(input.device.as_ref());
             Box::new(CdrPasswordReader::new(cdr))
         }
         SecretInput::Iso => {
-            Box::new(IsoPasswordReader::new(input.auth_dev.as_ref())?)
+            Box::new(IsoPasswordReader::new(input.device.as_ref())?)
         }
         SecretInput::Stdio => Box::new(StdioPasswordReader {}),
     })
@@ -139,17 +139,26 @@ impl PasswordReader for CdrPasswordReader {
     }
 }
 
+#[derive(Args, Clone, Debug, Default, PartialEq)]
+pub struct ShareInputArg {
+    #[clap(long = "share-method", env)]
+    method: SecretInput,
+
+    #[clap(long = "share-device", env)]
+    device: Option<PathBuf>,
+}
+
 pub fn get_share_reader(
-    input: &SecretInputArg,
+    input: &ShareInputArg,
     verifier: Verifier,
 ) -> Result<Box<dyn Iterator<Item = Result<Zeroizing<Share>>>>> {
-    Ok(match input.auth_method {
+    Ok(match input.method {
         SecretInput::Cdr => {
-            let cdr = CdReader::new(input.auth_dev.as_ref());
+            let cdr = CdReader::new(input.device.as_ref());
             Box::new(CdrShareReader::new(cdr, verifier))
         }
         SecretInput::Iso => {
-            Box::new(IsoShareReader::new(input.auth_dev.as_ref(), verifier)?)
+            Box::new(IsoShareReader::new(input.device.as_ref(), verifier)?)
         }
         SecretInput::Stdio => Box::new(StdioShareReader::new(verifier)),
     })