From bc6505a52381a2c1a36b856b1117d7abbb365176 Mon Sep 17 00:00:00 2001 From: Adrian Lopez Date: Thu, 4 Jan 2024 09:19:50 +0100 Subject: [PATCH] feat: allow to specify kv version to avoid autodetection Avoiding the call the get the mounts, and with the caching of the vault proxy, is it possible to have an offline copy of the vault content. See https://github.com/hashicorp/vault/issues/19879 --- cmd/root.go | 18 +++++++++++------- cmd/vault-kv-search.go | 19 +++++++++++-------- 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index d61985d..a22dd68 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -18,6 +18,7 @@ limitations under the License. import ( "fmt" + "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -56,7 +57,7 @@ Regex are supported`, return checkRequiredFlags(cmd) }, Run: func(cmd *cobra.Command, args []string) { - VaultKvSearch(args, searchObjects, showSecrets, useRegex, crawlingDelay, jsonOutput) + VaultKvSearch(args, searchObjects, showSecrets, useRegex, crawlingDelay, kvVersion, jsonOutput) }, Args: cobra.ExactArgs(2), Example: "vault-kv-search kv/ foo", @@ -68,19 +69,22 @@ func Execute() { cobra.CheckErr(RootCmd.Execute()) } -var crawlingDelay int -var jsonOutput bool -var showSecrets bool -var useRegex bool -var searchObjects []string +var ( + crawlingDelay int + kvVersion int + jsonOutput bool + showSecrets bool + useRegex bool + searchObjects []string +) func init() { RootCmd.Flags().IntVarP(&crawlingDelay, "delay", "d", 15, "Crawling delay in millisconds") + RootCmd.Flags().IntVarP(&kvVersion, "kv-version", "k", 0, "KV version (1,2). Autodetect if not defined") RootCmd.Flags().BoolVarP(&jsonOutput, "json", "j", false, "Output as JSON") RootCmd.Flags().BoolVarP(&showSecrets, "showsecrets", "s", false, "Show secrets values") RootCmd.Flags().BoolVarP(&useRegex, "regex", "r", false, "Enable searching regex substring") RootCmd.Flags().StringSliceVar(&searchObjects, "search", []string{"value"}, "Which Vault objects to "+ "search against. Choices are any and all of the following 'key,value,path'. Can be specified multiple times or "+ "once using format CSV. Defaults to 'value'") - } diff --git a/cmd/vault-kv-search.go b/cmd/vault-kv-search.go index fa0164d..8370d7c 100644 --- a/cmd/vault-kv-search.go +++ b/cmd/vault-kv-search.go @@ -4,13 +4,14 @@ import ( "encoding/json" "errors" "fmt" - vault "github.com/hashicorp/vault/api" "os" "regexp" "strconv" "strings" "sync" "time" + + vault "github.com/hashicorp/vault/api" ) type vaultClient struct { @@ -54,7 +55,7 @@ func (vc *vaultClient) getKvVersion(path string) (int, error) { } // VaultKvSearch is the main function -func VaultKvSearch(args []string, searchObjects []string, showSecrets bool, useRegex bool, crawlingDelay int, jsonOutput bool) { +func VaultKvSearch(args []string, searchObjects []string, showSecrets bool, useRegex bool, crawlingDelay int, version int, jsonOutput bool) { config := vault.DefaultConfig() config.Timeout = time.Second * 5 @@ -70,7 +71,7 @@ func VaultKvSearch(args []string, searchObjects []string, showSecrets bool, useR sys: client.Sys(), crawlingDelay: crawlingDelay, jsonOutput: jsonOutput, - showSecrets: showSecrets, //pragma: allowlist secret + showSecrets: showSecrets, // pragma: allowlist secret useRegex: useRegex, searchObjects: searchObjects, searchString: args[1], @@ -78,10 +79,13 @@ func VaultKvSearch(args []string, searchObjects []string, showSecrets bool, useR } startPath := args[0] - version, err := vc.getKvVersion(startPath) - if err != nil { - fmt.Println(err) - os.Exit(1) + + if version == 0 { + version, err = vc.getKvVersion(startPath) + if err != nil { + fmt.Println(err) + os.Exit(1) + } } if !vc.jsonOutput { @@ -171,7 +175,6 @@ func (vc *vaultClient) digDeeper(version int, data map[string]interface{}, dirEn func (vc *vaultClient) readLeafs(path string, searchObjects []string, version int) { pathList, err := vc.logical.List(path) - if err != nil { fmt.Fprintf(os.Stderr, "Failed to list: %s\n%s", vc.searchString, err) os.Exit(1)