Compare commits
2 Commits
a02cb3b3bd
...
a3b69a7c88
| Author | SHA1 | Date | |
|---|---|---|---|
| a3b69a7c88 | |||
| 1e277ac209 |
@@ -328,6 +328,12 @@ The following table is giving a list of error codes with explanation:
|
|||||||
| 18 | Module file don't exists or is empty |
|
| 18 | Module file don't exists or is empty |
|
||||||
| 20 | Ambigous realm with autodetection |
|
| 20 | Ambigous realm with autodetection |
|
||||||
| 21 | Unconsistant directory structure with configured realm |
|
| 21 | Unconsistant directory structure with configured realm |
|
||||||
|
| 22 | Required secret management software missing |
|
||||||
|
| 23 | Secret key not found in secret database |
|
||||||
|
| 24 | File is not readable |
|
||||||
|
| 25 | Needed variable not set or not declared |
|
||||||
|
| 26 | Secret reference missing or malformed |
|
||||||
|
| 27 | Unknown secret reference |
|
||||||
| 50..100 | Error in module execution |
|
| 50..100 | Error in module execution |
|
||||||
| 126 | Command exists but is not executable |
|
| 126 | Command exists but is not executable |
|
||||||
| 127 | Command not found |
|
| 127 | Command not found |
|
||||||
@@ -394,7 +400,7 @@ You can mail author to fatalerrors \<at\> geoffray-levasseur \<dot\> org.
|
|||||||
|
|
||||||
-----------------------------------------------------------------------------
|
-----------------------------------------------------------------------------
|
||||||
|
|
||||||
Documentation (c) 2019-2022 Geoffray Levasseur.
|
Documentation (c) 2019-2025 Geoffray Levasseur.
|
||||||
|
|
||||||
This file is distributed under3-clause BSD license. The complete license
|
This file is distributed under3-clause BSD license. The complete license
|
||||||
agreement can be obtained at: https://opensource.org/licenses/BSD-3-Clause
|
agreement can be obtained at: https://opensource.org/licenses/BSD-3-Clause
|
||||||
|
|||||||
@@ -12,12 +12,13 @@
|
|||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# Passbolt
|
# Passbolt
|
||||||
get_passbolt_secret() {
|
get_passbolt_secret()
|
||||||
|
{
|
||||||
local name="$1" secret
|
local name="$1" secret
|
||||||
|
|
||||||
if ! command -v passbolt >/dev/null 2>&1; then
|
if ! command -v passbolt >/dev/null 2>&1; then
|
||||||
prnt E "Passbolt CLI not found (required to fetch passbolt:$name)."
|
prnt E "Passbolt CLI not found (required to fetch passbolt:$name)."
|
||||||
return 3
|
die 22
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Exemple basé sur CLI Passbolt + jq
|
# Exemple basé sur CLI Passbolt + jq
|
||||||
@@ -26,26 +27,28 @@ get_passbolt_secret() {
|
|||||||
|
|
||||||
if [[ -z "$secret" || "$secret" == "null" ]]; then
|
if [[ -z "$secret" || "$secret" == "null" ]]; then
|
||||||
prnt E "Secret '$name' not found in Passbolt."
|
prnt E "Secret '$name' not found in Passbolt."
|
||||||
return 4
|
die 23
|
||||||
fi
|
fi
|
||||||
|
|
||||||
printf '%s' "$secret"
|
printf '%s' "$secret"
|
||||||
}
|
}
|
||||||
|
export -f get_passbolt_secret
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# File
|
# File
|
||||||
get_file_secret() {
|
get_file_secret()
|
||||||
|
{
|
||||||
local path="$1" secret
|
local path="$1" secret
|
||||||
|
|
||||||
if [[ -z "$path" ]]; then
|
if [[ -z "$path" ]]; then
|
||||||
prnt E "get_file_secret: missing path"
|
prnt E "get_file_secret: missing path"
|
||||||
return 5
|
die 10
|
||||||
fi
|
fi
|
||||||
if [[ ! -r "$path" ]]; then
|
if [[ ! -r "$path" ]]; then
|
||||||
prnt E "get_file_secret: '$path' not readable"
|
prnt E "get_file_secret: '$path' not readable"
|
||||||
return 6
|
die 24
|
||||||
fi
|
fi
|
||||||
|
|
||||||
secret=$(<"$path")
|
secret=$(<"$path")
|
||||||
@@ -53,21 +56,23 @@ get_file_secret() {
|
|||||||
secret="${secret%$'\n'}"
|
secret="${secret%$'\n'}"
|
||||||
printf '%s' "$secret"
|
printf '%s' "$secret"
|
||||||
}
|
}
|
||||||
|
export -f get_file_secret
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# Environment variable
|
# Environment variable
|
||||||
get_var_secret() {
|
get_var_secret()
|
||||||
|
{
|
||||||
local var="$1" secret
|
local var="$1" secret
|
||||||
|
|
||||||
if [[ -z "$var" ]]; then
|
if [[ -z "$var" ]]; then
|
||||||
prnt E "get_var_secret: missing variable name"
|
prnt E "get_var_secret: missing variable name"
|
||||||
return 7
|
die 25
|
||||||
fi
|
fi
|
||||||
if ! printenv "$var" >/dev/null 2>&1; then
|
if ! printenv "$var" >/dev/null 2>&1; then
|
||||||
prnt E "get_var_secret: variable '$var' not set"
|
prnt E "get_var_secret: variable '$var' not set"
|
||||||
return 8
|
die 25
|
||||||
fi
|
fi
|
||||||
|
|
||||||
secret="$(printenv "$var")"
|
secret="$(printenv "$var")"
|
||||||
@@ -75,18 +80,20 @@ get_var_secret() {
|
|||||||
secret="${secret%$'\n'}"
|
secret="${secret%$'\n'}"
|
||||||
printf '%s' "$secret"
|
printf '%s' "$secret"
|
||||||
}
|
}
|
||||||
|
export -f get_var_secret
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# Main dispatcher
|
# Main dispatcher
|
||||||
# Usage: fetch_secret "scheme:identifier"
|
# Usage: fetch_secret "scheme:identifier"
|
||||||
fetch_secret() {
|
fetch_secret()
|
||||||
|
{
|
||||||
local ref="$1"
|
local ref="$1"
|
||||||
local scheme identifier func
|
local scheme identifier func
|
||||||
|
|
||||||
if [[ -z "$ref" ]]; then
|
if [[ -z "$ref" ]]; then
|
||||||
prnt E "fetch_secret: no reference provided"
|
prnt E "fetch_secret: no reference provided"
|
||||||
return 1
|
die 26
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# par défaut, si pas de scheme -> "file"
|
# par défaut, si pas de scheme -> "file"
|
||||||
@@ -102,7 +109,7 @@ fetch_secret() {
|
|||||||
|
|
||||||
if ! declare -f "$func" >/dev/null 2>&1; then
|
if ! declare -f "$func" >/dev/null 2>&1; then
|
||||||
prnt E "fetch_secret: unsupported scheme '$scheme' (no function $func)"
|
prnt E "fetch_secret: unsupported scheme '$scheme' (no function $func)"
|
||||||
return 2
|
die 27
|
||||||
fi
|
fi
|
||||||
|
|
||||||
"$func" "$identifier"
|
"$func" "$identifier"
|
||||||
|
|||||||
Reference in New Issue
Block a user