diff options
Diffstat (limited to 'barbicanclient/barbican_cli/v1/secrets.py')
-rw-r--r-- | barbicanclient/barbican_cli/v1/secrets.py | 62 |
1 files changed, 39 insertions, 23 deletions
diff --git a/barbicanclient/barbican_cli/v1/secrets.py b/barbicanclient/barbican_cli/v1/secrets.py index db91c62..dca35aa 100644 --- a/barbicanclient/barbican_cli/v1/secrets.py +++ b/barbicanclient/barbican_cli/v1/secrets.py @@ -13,11 +13,13 @@ """ Command-line interface sub-commands related to secrets. """ +import os + from cliff import command from cliff import lister from cliff import show -from barbicanclient.v1 import secrets +from barbicanclient import secrets class DeleteSecret(command.Command): @@ -38,22 +40,18 @@ class GetSecret(show.ShowOne): def get_parser(self, prog_name): parser = super(GetSecret, self).get_parser(prog_name) parser.add_argument('URI', help='The URI reference for the secret.') - parser.add_argument('--decrypt', '-d', - help='if specified, retrieve the ' - 'unencrypted secret data; ' - 'the data type can be specified with ' - '--payload_content_type.', - action='store_true') - parser.add_argument('--payload', '-p', - help='if specified, retrieve the ' - 'unencrypted secret data; ' - 'the data type can be specified with ' - '--payload_content_type. If the user' - ' wishes to only retrieve the value of' - ' the payload they must add ' - '"-f value" to format returning only' - ' the value of the payload', - action='store_true') + payload_params = parser.add_mutually_exclusive_group(required=False) + payload_params.add_argument('--decrypt', '-d', + help='if specified, retrieve the ' + 'unencrypted secret data.', + action='store_true') + payload_params.add_argument('--payload', '-p', + help='if specified, retrieve the ' + 'unencrypted secret data.', + action='store_true') + payload_params.add_argument('--file', '-F', metavar='<filename>', + help='if specified, save the payload to a ' + 'new file with the given filename.') parser.add_argument('--payload_content_type', '-t', default='text/plain', help='the content type of the decrypted' @@ -61,7 +59,7 @@ class GetSecret(show.ShowOne): return parser def take_action(self, args): - if args.decrypt or args.payload: + if args.decrypt or args.payload or args.file: entity = self.app.client_manager.key_manager.secrets.get( args.URI, args.payload_content_type) return (('Payload',), @@ -71,6 +69,18 @@ class GetSecret(show.ShowOne): secret_ref=args.URI) return entity._get_formatted_entity() + def produce_output(self, parsed_args, column_names, data): + if parsed_args.file: + if os.path.exists(parsed_args.file): + raise ValueError("ERROR: file already exists.") + with open(parsed_args.file, 'wb') as f: + f.write(data[0]) + + else: + super(GetSecret, self).produce_output( + parsed_args, column_names, data + ) + class UpdateSecret(command.Command): """Update a secret with no payload in Barbican.""" @@ -134,10 +144,6 @@ class StoreSecret(show.ShowOne): parser = super(StoreSecret, self).get_parser(prog_name) parser.add_argument('--name', '-n', help='a human-friendly name.') - parser.add_argument('--payload', '-p', - help='the unencrypted secret; if provided, ' - 'you must also provide a ' - 'payload_content_type') parser.add_argument('--secret-type', '-s', default='opaque', help='the secret type; must be one of symmetric, ' 'public, private, certificate, passphrase, ' @@ -163,11 +169,21 @@ class StoreSecret(show.ShowOne): parser.add_argument('--expiration', '-x', help='the expiration time for the secret in ' 'ISO 8601 format.') + payload_params = parser.add_mutually_exclusive_group(required=False) + payload_params.add_argument('--payload', '-p', + help='the unencrypted secret data.') + payload_params.add_argument('--file', '-F', metavar='<filename>', + help='file containing the secret payload') return parser def take_action(self, args): + data = None + if args.file: + with open(args.file, 'rb') as f: + data = f.read() + entity = self.app.client_manager.key_manager.secrets.create( - name=args.name, payload=args.payload, + name=args.name, payload=args.payload or data, payload_content_type=args.payload_content_type, payload_content_encoding=args.payload_content_encoding, algorithm=args.algorithm, bit_length=args.bit_length, |