feat(cli, cdn): database keys rollover (#5771)

ovh · Mar 22, 2021 · eafe13d · eafe13d
1 parent bb452c2
commit eafe13d
Show file tree

Hide file tree

Showing 76 changed files with 1,096 additions and 480 deletions.
diff --git a/cli/cdsctl/action.go b/cli/cdsctl/action.go
@@ -344,7 +344,7 @@ func actionBuiltinDocRun(v cli.Values) error {
 		}
 	}
 	if !found {
-		return fmt.Errorf("Invalid given action name %s", n)
+		return cli.NewError("Invalid given action name %s", n)
 	}
 
 	fmt.Println(m.Markdown())

diff --git a/cli/cdsctl/admin_database.go b/cli/cdsctl/admin_database.go
@@ -6,6 +6,7 @@ import (
 	"github.com/spf13/cobra"
 
 	"github.com/ovh/cds/cli"
+	"github.com/ovh/cds/sdk"
 )
 
 var adminDatabaseCmd = cli.Command{
@@ -62,31 +63,50 @@ func adminDatabaseMigrationsListFunc(_ cli.Values) (cli.ListResult, error) {
 	return cli.AsListResult(migrations), nil
 }
 
+const argServiceName = "service"
+
 var adminDatabaseSignatureResume = cli.Command{
 	Name:  "list-signed-data",
 	Short: "List all signed data in database",
+	Args: []cli.Arg{
+		{
+			Name: argServiceName,
+			IsValid: func(s string) bool {
+				return s == sdk.TypeCDN || s == sdk.TypeAPI
+			},
+		},
+	},
 }
 
-func adminDatabaseSignatureResumeFunc(_ cli.Values) (interface{}, error) {
-	return client.AdminDatabaseSignaturesResume()
+func adminDatabaseSignatureResumeFunc(args cli.Values) (interface{}, error) {
+	return client.AdminDatabaseSignaturesResume(args.GetString(argServiceName))
 }
 
 var adminDatabaseSignatureRoll = cli.Command{
 	Name:  "roll-signed-data",
 	Short: "Roll a signed data in database",
+	Args: []cli.Arg{
+		{
+			Name: argServiceName,
+			IsValid: func(s string) bool {
+				return s == sdk.TypeCDN || s == sdk.TypeAPI
+			},
+		},
+	},
 	VariadicArgs: cli.Arg{
-		Name: "entity",
+		Name:       "entity",
+		AllowEmpty: true,
 	},
 }
 
 func adminDatabaseSignatureRollFunc(args cli.Values) error {
 	entities := args.GetStringSlice("entity")
 	if len(entities) == 0 {
-		return client.AdminDatabaseSignaturesRollAllEntities()
+		return client.AdminDatabaseSignaturesRollAllEntities(args.GetString(argServiceName))
 	}
 
 	for _, e := range entities {
-		if err := client.AdminDatabaseSignaturesRollEntity(e); err != nil {
+		if err := client.AdminDatabaseSignaturesRollEntity(args.GetString(argServiceName), e); err != nil {
 			return err
 		}
 	}
@@ -97,32 +117,49 @@ func adminDatabaseSignatureRollFunc(args cli.Values) error {
 var adminDatabaseEncryptionResume = cli.Command{
 	Name:  "list-encrypted-data",
 	Short: "List all encrypted data in database",
+	Args: []cli.Arg{
+		{
+			Name: argServiceName,
+			IsValid: func(s string) bool {
+				return s == sdk.TypeCDN || s == sdk.TypeAPI
+			},
+		},
+	},
 }
 
-func adminDatabaseEncryptionResumeFunc(_ cli.Values) error {
-	entities, err := client.AdminDatabaseListEncryptedEntities()
+func adminDatabaseEncryptionResumeFunc(args cli.Values) error {
+	entities, err := client.AdminDatabaseListEncryptedEntities(args.GetString(argServiceName))
 	for _, e := range entities {
 		fmt.Println(e)
 	}
 	return err
 }
 
 var adminDatabaseEncryptionRoll = cli.Command{
-	Name:  "roll-encrypteddata",
+	Name:  "roll-encrypted-data",
 	Short: "Roll a encrypted data in database",
+	Args: []cli.Arg{
+		{
+			Name: argServiceName,
+			IsValid: func(s string) bool {
+				return s == sdk.TypeCDN || s == sdk.TypeAPI
+			},
+		},
+	},
 	VariadicArgs: cli.Arg{
-		Name: "entity",
+		Name:       "entity",
+		AllowEmpty: true,
 	},
 }
 
 func adminDatabaseEncryptionRollFunc(args cli.Values) error {
 	entities := args.GetStringSlice("entity")
 	if len(entities) == 0 {
-		return client.AdminDatabaseRollAllEncryptedEntities()
+		return client.AdminDatabaseRollAllEncryptedEntities(args.GetString(argServiceName))
 	}
 
 	for _, e := range entities {
-		if err := client.AdminDatabaseRollEncryptedEntity(e); err != nil {
+		if err := client.AdminDatabaseRollEncryptedEntity(args.GetString(argServiceName), e); err != nil {
 			return err
 		}
 	}

diff --git a/cli/cdsctl/admin_integration.go b/cli/cdsctl/admin_integration.go
@@ -78,7 +78,7 @@ func adminIntegrationModelExportRun(v cli.Values) error {
 
 	b, err := yaml.Marshal(model)
 	if err != nil {
-		return fmt.Errorf("unable to marshal: %v", err)
+		return cli.WrapError(err, "unable to marshal content")
 	}
 
 	fmt.Println(string(b))
@@ -99,12 +99,12 @@ var adminIntegrationModelImportCmd = cli.Command{
 func adminIntegrationModelImportRun(v cli.Values) error {
 	b, err := ioutil.ReadFile(v.GetString("file"))
 	if err != nil {
-		return fmt.Errorf("unable to read file %s: %v", v.GetString("file"), err)
+		return cli.WrapError(err, "unable to read file %s", v.GetString("file"))
 	}
 
 	m := new(sdk.IntegrationModel)
 	if err := yaml.Unmarshal(b, m); err != nil {
-		return fmt.Errorf("unable to load file: %v", err)
+		return cli.WrapError(err, "unable to load file")
 	}
 
 	//Try to load the model to know if we have to add it or update it

diff --git a/cli/cdsctl/admin_metadata.go b/cli/cdsctl/admin_metadata.go
@@ -295,7 +295,7 @@ func adminMetadataWorkflowExportRun(c cli.Values) error {
 			currentDisplay.Printf("%d/%d - %d/%d - fetching workflow %s/%s...", i, len(projects), j, len(proj.WorkflowNames), proj.Key, name.Name)
 			w, err := client.WorkflowGet(proj.Key, name.Name, modsWfs...)
 			if err != nil {
-				return fmt.Errorf("Error while getting %s/%s", proj.Key, name.Name)
+				return cli.NewError("error while getting %s/%s", proj.Key, name.Name)
 			}
 
 			m := sdk.Metadata{}
@@ -431,7 +431,7 @@ func processMetadata(path string, nbColumnsToIgnore int, updateFunc func(key, na
 
 		for index := 0; index < len(metadataKeys); index++ {
 			if index > len(metadataKeys) || nbColumnsToIgnore+index >= len(columns) {
-				return fmt.Errorf("CSV File invalid. Please check number of columns on %s;%s", pkey, name)
+				return cli.NewError("CSV File invalid. Please check number of columns on %s;%s", pkey, name)
 			}
 			metadata[metadataKeys[index]] = columns[nbColumnsToIgnore+index]
 		}

diff --git a/cli/cdsctl/admin_migrations.go b/cli/cdsctl/admin_migrations.go
@@ -3,7 +3,6 @@ package main
 import (
 	"fmt"
 
-	"github.com/ovh/cds/sdk"
 	"github.com/spf13/cobra"
 
 	"github.com/ovh/cds/cli"
@@ -53,7 +52,7 @@ var adminMigrationsCancel = cli.Command{
 func adminMigrationsCancelFunc(v cli.Values) error {
 	id, err := v.GetInt64("id")
 	if err != nil {
-		return sdk.WrapError(err, "Bad id format")
+		return cli.WrapError(err, "bad id format")
 	}
 
 	if err := client.AdminCDSMigrationCancel(id); err != nil {
@@ -74,7 +73,7 @@ var adminMigrationsReset = cli.Command{
 func adminMigrationsResetFunc(v cli.Values) error {
 	id, err := v.GetInt64("id")
 	if err != nil {
-		return sdk.WrapError(err, "Bad id format")
+		return cli.WrapError(err, "bad id format")
 	}
 
 	if err := client.AdminCDSMigrationReset(id); err != nil {

diff --git a/cli/cdsctl/admin_plugin.go b/cli/cdsctl/admin_plugin.go
@@ -58,29 +58,29 @@ var adminPluginsImportCmd = cli.Command{
 func adminPluginsImportFunc(v cli.Values) error {
 	b, err := ioutil.ReadFile(v.GetString("file"))
 	if err != nil {
-		return fmt.Errorf("unable to read file %s: %v", v.GetString("file"), err)
+		return cli.WrapError(err, "unable to read file %s", v.GetString("file"))
 	}
 
 	var expGPRCPlugin exportentities.GRPCPlugin
 	if err := yaml.Unmarshal(b, &expGPRCPlugin); err != nil {
-		return fmt.Errorf("unable to load file: %v", err)
+		return cli.WrapError(err, "unable to load file")
 	}
 
 	m := expGPRCPlugin.GRPCPlugin()
 	existing, err := client.PluginsGet(m.Name)
 	if err != nil && !sdk.ErrorIs(err, sdk.ErrNotFound) {
-		return fmt.Errorf("unable to get plugin: %v", err)
+		return cli.WrapError(err, "unable to get plugin")
 	}
 
 	if existing == nil {
 		if err := client.PluginAdd(m); err != nil {
-			return fmt.Errorf("unable to add plugin: %v", err)
+			return cli.WrapError(err, "unable to add plugin")
 		}
 		return nil
 	}
 
 	if err := client.PluginUpdate(m); err != nil {
-		return fmt.Errorf("unable to update plugin: %v", err)
+		return cli.WrapError(err, "unable to update plugin")
 	}
 
 	return nil
@@ -104,7 +104,7 @@ func adminPluginsExportFunc(v cli.Values) error {
 
 	b, err := yaml.Marshal(p)
 	if err != nil {
-		return fmt.Errorf("unable to marshal: %v", err)
+		return cli.WrapError(err, "unable to marshal")
 	}
 
 	fmt.Println(string(b))
@@ -123,7 +123,7 @@ var adminPluginsDeleteCmd = cli.Command{
 
 func adminPluginsDeleteFunc(v cli.Values) error {
 	if err := client.PluginDelete(v.GetString("name")); err != nil {
-		return fmt.Errorf("unable to delete plugin: %v", err)
+		return cli.WrapError(err, "unable to delete plugin")
 	}
 	return nil
 }
@@ -147,45 +147,45 @@ var adminPluginsAddBinaryCmd = cli.Command{
 func adminPluginsAddBinaryFunc(v cli.Values) error {
 	p, err := client.PluginsGet(v.GetString("name"))
 	if err != nil {
-		return fmt.Errorf("unable to get plugin %s: %v", v.GetString("name"), err)
+		return cli.WrapError(err, "unable to get plugin %s", v.GetString("name"))
 	}
 
 	f, err := os.Open(v.GetString("filename"))
 	if err != nil {
-		return fmt.Errorf("unable to open file %s: %v", v.GetString("filename"), err)
+		return cli.WrapError(err, "unable to open file %s", v.GetString("filename"))
 	}
 
 	fi, err := os.Stat(f.Name())
 	if err != nil {
-		return fmt.Errorf("unable to open file %s: %v", v.GetString("filename"), err)
+		return cli.WrapError(err, "unable to open file %s", v.GetString("filename"))
 	}
 
 	b, err := ioutil.ReadFile(v.GetString("descriptor"))
 	if err != nil {
-		return fmt.Errorf("unable to read file %s: %v", v.GetString("file"), err)
+		return cli.WrapError(err, "unable to read file %s", v.GetString("file"))
 	}
 
 	var desc sdk.GRPCPluginBinary
 	if err := yaml.Unmarshal(b, &desc); err != nil {
-		return fmt.Errorf("unable to load file: %v", err)
+		return cli.WrapError(err, "unable to load file")
 	}
 
 	desc.Name = filepath.Base(f.Name())
 	desc.Perm = uint32(fi.Mode().Perm())
 	desc.FileContent, err = ioutil.ReadFile(f.Name())
 	if err != nil {
-		return fmt.Errorf("unable to open file %s : %v", v.GetString("filename"), err)
+		return cli.WrapError(err, "unable to open file %s ", v.GetString("filename"))
 	}
 
 	desc.Size = int64(len(desc.FileContent))
 	desc.MD5sum, err = sdk.FileMd5sum(v.GetString("filename"))
 	if err != nil {
-		return fmt.Errorf("unable to compute md5sum for file %s: %v", v.GetString("filename"), err)
+		return cli.WrapError(err, "unable to compute md5sum for file %s", v.GetString("filename"))
 	}
 
 	desc.SHA512sum, err = sdk.FileSHA512sum(v.GetString("filename"))
 	if err != nil {
-		return fmt.Errorf("unable to compute sha512sum for file %s: %v", v.GetString("filename"), err)
+		return cli.WrapError(err, "unable to compute sha512sum for file %s", v.GetString("filename"))
 	}
 
 	return client.PluginAddBinary(p, &desc)
@@ -204,12 +204,12 @@ var adminPluginsDocCmd = cli.Command{
 func adminPluginsDocFunc(v cli.Values) error {
 	btes, errRead := ioutil.ReadFile(v.GetString("path"))
 	if errRead != nil {
-		return fmt.Errorf("Error while reading file: %s", errRead)
+		return cli.NewError("error while reading file: %s", errRead)
 	}
 
 	var expGPRCPlugin exportentities.GRPCPlugin
 	if err := yaml.Unmarshal(btes, &expGPRCPlugin); err != nil {
-		return fmt.Errorf("unable to load file: %v", err)
+		return cli.WrapError(err, "unable to load file")
 	}
 
 	plg := expGPRCPlugin.GRPCPlugin()

diff --git a/cli/cdsctl/admin_services.go b/cli/cdsctl/admin_services.go
@@ -139,7 +139,7 @@ var adminServiceDeleteCmd = cli.Command{
 
 func adminServiceDeleteRun(v cli.Values) error {
 	if v.GetString("name") == "" {
-		return fmt.Errorf("name for service is mandatory")
+		return cli.NewError("name for service is mandatory")
 	}
 	for _, n := range strings.Split(v.GetString("name"), ",") {
 		if err := client.ServiceDelete(n); err != nil {

diff --git a/cli/cdsctl/config.go b/cli/cdsctl/config.go
@@ -40,6 +40,7 @@ func loadConfig(cmd *cobra.Command) (string, *cdsclient.Config, error) {
 	}
 	var verbose, _ = cmd.Flags().GetBool("verbose")
 	verbose = verbose || os.Getenv("CDS_VERBOSE") == "true"
+	cli.Verbose = verbose
 	var insecureSkipVerifyTLS, _ = cmd.Flags().GetBool("insecure")
 	insecureSkipVerifyTLS = insecureSkipVerifyTLS || os.Getenv("CDS_INSECURE") == "true"
 	var contextName, _ = cmd.Flags().GetString("context")
@@ -71,16 +72,16 @@ func loadConfig(cmd *cobra.Command) (string, *cdsclient.Config, error) {
 	if _, err := os.Stat(configFile); !os.IsNotExist(err) {
 		f, err := os.Open(configFile)
 		if err != nil {
-			return "", nil, fmt.Errorf("unable to read file %s: %v", configFile, err)
+			return "", nil, cli.WrapError(err, "unable to read file %s", configFile)
 		}
 		defer f.Close()
 
 		if contextName != "" {
 			if cdsctx, err = internal.GetContext(f, contextName); err != nil {
-				return "", nil, fmt.Errorf("unable to load the current context from %s", contextName)
+				return "", nil, cli.NewError("unable to load the current context from %s", contextName)
 			}
 		} else if cdsctx, err = internal.GetCurrentContext(f); err != nil {
-			return "", nil, fmt.Errorf("unable to load the current context from %s", configFile)
+			return "", nil, cli.NewError("unable to load the current context from %s", configFile)
 		}
 
 		if verbose {
@@ -114,7 +115,7 @@ func loadConfig(cmd *cobra.Command) (string, *cdsclient.Config, error) {
 	cdsctx.Verbose = verbose
 
 	if cdsctx.Host == "" {
-		return "", nil, fmt.Errorf("invalid cdsctl configuration to reach a CDS API")
+		return "", nil, cli.NewError("invalid cdsctl configuration to reach a CDS API")
 	}
 
 	config := &cdsclient.Config{
@@ -140,10 +141,10 @@ func recreateSessionToken(configFile string, cdsctx internal.CDSContext, context
 	})
 	res, err := client.AuthConsumerSignin(sdk.ConsumerBuiltin, req)
 	if err != nil {
-		return nil, fmt.Errorf("cannot signin: %v", err)
+		return nil, cli.WrapError(err, "cannot signin")
 	}
 	if res.Token == "" || res.User == nil {
-		return nil, fmt.Errorf("invalid username or token returned by sign in token")
+		return nil, cli.NewError("invalid username or token returned by sign in token")
 	}
 	cdsctx.Session = res.Token
 	// resave session token
@@ -153,7 +154,7 @@ func recreateSessionToken(configFile string, cdsctx internal.CDSContext, context
 
 	fi, err := os.OpenFile(configFile, os.O_RDONLY, 0600)
 	if err != nil {
-		return nil, fmt.Errorf("Error while opening file %s: %v", configFile, err)
+		return nil, cli.WrapError(err, "Error while opening file %s", configFile)
 	}
 	wdata := &bytes.Buffer{}
 	if err := internal.StoreContext(fi, wdata, cdsctx); err != nil {
@@ -162,7 +163,7 @@ func recreateSessionToken(configFile string, cdsctx internal.CDSContext, context
 	}
 
 	if err := fi.Close(); err != nil {
-		return nil, fmt.Errorf("Error while closing file %s: %v", configFile, err)
+		return nil, cli.WrapError(err, "Error while closing file %s", configFile)
 	}
 	if err := writeConfigFile(configFile, wdata); err != nil {
 		return nil, err