+2

toolbox/cmd/root.go

reviewed

··· 24 24 rootCmd.PersistentFlags().StringVar(&sshUser, "ssh-user", "root", "SSH user") 25 25 rootCmd.PersistentFlags().StringVar(&sshKey, "ssh-key", defaultSSHKey(), "Path to SSH private key") 26 26 rootCmd.PersistentFlags().StringVar(&sshKnownHosts, "ssh-known-hosts", defaultKnownHostsFile(), "Path to SSH known_hosts file") 27 27 + 28 28 + rootCmd.AddCommand(secretsCmd) 27 29 } 28 30 29 31 var rootCmd = &cobra.Command{

+73

toolbox/cmd/secrets.go

reviewed

··· 1 1 + package cmd 2 2 + 3 3 + import ( 4 4 + "context" 5 5 + "fmt" 6 6 + "time" 7 7 + 8 8 + "github.com/charmbracelet/log" 9 9 + "github.com/spf13/cobra" 10 10 + 11 11 + "github.com/khuedoan/cloudlab/toolbox/internal/cluster" 12 12 + "github.com/khuedoan/cloudlab/toolbox/internal/secrets" 13 13 + ) 14 14 + 15 15 + const connectTimeout = 30 * time.Second 16 16 + 17 17 + var settingsFile string 18 18 + 19 19 + func init() { 20 20 + secretsCmd.Flags().StringVar(&settingsFile, "settings", "", "Path to settings YAML file") 21 21 + secretsCmd.MarkFlagRequired("settings") 22 22 + } 23 23 + 24 24 + var secretsCmd = &cobra.Command{ 25 25 + Use: "secrets", 26 26 + Short: "Manage secrets in Vault", 27 27 + PreRunE: func(cmd *cobra.Command, args []string) error { 28 28 + if hostsFile == "" { 29 29 + return fmt.Errorf("--hosts-file is required") 30 30 + } 31 31 + if host == "" { 32 32 + return fmt.Errorf("--host is required") 33 33 + } 34 34 + return nil 35 35 + }, 36 36 + RunE: runSecrets, 37 37 + } 38 38 + 39 39 + func runSecrets(cmd *cobra.Command, args []string) error { 40 40 + config, err := secrets.LoadConfig(settingsFile) 41 41 + if err != nil { 42 42 + return fmt.Errorf("load settings file: %w", err) 43 43 + } 44 44 + 45 45 + entries, err := secrets.ParseAndValidate(config) 46 46 + if err != nil { 47 47 + return fmt.Errorf("validate config: %w", err) 48 48 + } 49 49 + 50 50 + connectCtx, cancel := context.WithTimeout(cmd.Context(), connectTimeout) 51 51 + defer cancel() 52 52 + 53 53 + client, err := cluster.NewClient(connectCtx, cluster.ClientConfig{ 54 54 + HostsFile: hostsFile, 55 55 + Host: host, 56 56 + SSHUser: sshUser, 57 57 + SSHKey: sshKey, 58 58 + SSHKnownHosts: sshKnownHosts, 59 59 + }) 60 60 + if err != nil { 61 61 + return fmt.Errorf("connect to cluster: %w", err) 62 62 + } 63 63 + defer client.Close() 64 64 + log.Debug("connected to cluster") 65 65 + 66 66 + service := secrets.NewService(client.Vault(), secrets.HuhPrompter{}) 67 67 + if err := service.Run(cmd.Context(), entries); err != nil { 68 68 + return err 69 69 + } 70 70 + 71 71 + log.Info("all secrets processed successfully") 72 72 + return nil 73 73 + }