diff --git a/cmd/root.go b/cmd/root.go index d61985d..a22dd68 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -18,6 +18,7 @@ limitations under the License. import ( "fmt" + "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -56,7 +57,7 @@ Regex are supported`, return checkRequiredFlags(cmd) }, Run: func(cmd *cobra.Command, args []string) { - VaultKvSearch(args, searchObjects, showSecrets, useRegex, crawlingDelay, jsonOutput) + VaultKvSearch(args, searchObjects, showSecrets, useRegex, crawlingDelay, kvVersion, jsonOutput) }, Args: cobra.ExactArgs(2), Example: "vault-kv-search kv/ foo", @@ -68,19 +69,22 @@ func Execute() { cobra.CheckErr(RootCmd.Execute()) } -var crawlingDelay int -var jsonOutput bool -var showSecrets bool -var useRegex bool -var searchObjects []string +var ( + crawlingDelay int + kvVersion int + jsonOutput bool + showSecrets bool + useRegex bool + searchObjects []string +) func init() { RootCmd.Flags().IntVarP(&crawlingDelay, "delay", "d", 15, "Crawling delay in millisconds") + RootCmd.Flags().IntVarP(&kvVersion, "kv-version", "k", 0, "KV version (1,2). Autodetect if not defined") RootCmd.Flags().BoolVarP(&jsonOutput, "json", "j", false, "Output as JSON") RootCmd.Flags().BoolVarP(&showSecrets, "showsecrets", "s", false, "Show secrets values") RootCmd.Flags().BoolVarP(&useRegex, "regex", "r", false, "Enable searching regex substring") RootCmd.Flags().StringSliceVar(&searchObjects, "search", []string{"value"}, "Which Vault objects to "+ "search against. Choices are any and all of the following 'key,value,path'. Can be specified multiple times or "+ "once using format CSV. Defaults to 'value'") - } diff --git a/cmd/vault-kv-search.go b/cmd/vault-kv-search.go index fa0164d..8370d7c 100644 --- a/cmd/vault-kv-search.go +++ b/cmd/vault-kv-search.go @@ -4,13 +4,14 @@ import ( "encoding/json" "errors" "fmt" - vault "github.com/hashicorp/vault/api" "os" "regexp" "strconv" "strings" "sync" "time" + + vault "github.com/hashicorp/vault/api" ) type vaultClient struct { @@ -54,7 +55,7 @@ func (vc *vaultClient) getKvVersion(path string) (int, error) { } // VaultKvSearch is the main function -func VaultKvSearch(args []string, searchObjects []string, showSecrets bool, useRegex bool, crawlingDelay int, jsonOutput bool) { +func VaultKvSearch(args []string, searchObjects []string, showSecrets bool, useRegex bool, crawlingDelay int, version int, jsonOutput bool) { config := vault.DefaultConfig() config.Timeout = time.Second * 5 @@ -70,7 +71,7 @@ func VaultKvSearch(args []string, searchObjects []string, showSecrets bool, useR sys: client.Sys(), crawlingDelay: crawlingDelay, jsonOutput: jsonOutput, - showSecrets: showSecrets, //pragma: allowlist secret + showSecrets: showSecrets, // pragma: allowlist secret useRegex: useRegex, searchObjects: searchObjects, searchString: args[1], @@ -78,10 +79,13 @@ func VaultKvSearch(args []string, searchObjects []string, showSecrets bool, useR } startPath := args[0] - version, err := vc.getKvVersion(startPath) - if err != nil { - fmt.Println(err) - os.Exit(1) + + if version == 0 { + version, err = vc.getKvVersion(startPath) + if err != nil { + fmt.Println(err) + os.Exit(1) + } } if !vc.jsonOutput { @@ -171,7 +175,6 @@ func (vc *vaultClient) digDeeper(version int, data map[string]interface{}, dirEn func (vc *vaultClient) readLeafs(path string, searchObjects []string, version int) { pathList, err := vc.logical.List(path) - if err != nil { fmt.Fprintf(os.Stderr, "Failed to list: %s\n%s", vc.searchString, err) os.Exit(1)