cscli bouncers: increase key size, deprecate and ignore --length option (#2531)
the switch to base64 made the keys shorter (24 characters), this PR increases their size to 32 bytes, 42 chars once encoded Also deprecate the --length option, users can already provide a key
This commit is contained in:
mmetc
GitHub
parent
ec199162dc
commit
76d4bc7788
2 changed files with 30 additions and 19 deletions
|
|
@ -5,7 +5,6 @@ import (
|
|||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"slices"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
|
|
@ -13,12 +12,12 @@ import (
|
|||
"github.com/fatih/color"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"github.com/spf13/cobra"
|
||||
"slices"
|
||||
|
||||
"github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/require"
|
||||
middlewares "github.com/crowdsecurity/crowdsec/pkg/apiserver/middlewares/v1"
|
||||
"github.com/crowdsecurity/crowdsec/pkg/database"
|
||||
"github.com/crowdsecurity/crowdsec/pkg/types"
|
||||
|
||||
"github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/require"
|
||||
)
|
||||
|
||||
func getBouncers(out io.Writer, dbClient *database.Client) error {
|
||||
|
|
@ -26,16 +25,18 @@ func getBouncers(out io.Writer, dbClient *database.Client) error {
|
|||
if err != nil {
|
||||
return fmt.Errorf("unable to list bouncers: %s", err)
|
||||
}
|
||||
if csConfig.Cscli.Output == "human" {
|
||||
|
||||
switch csConfig.Cscli.Output {
|
||||
case "human":
|
||||
getBouncersTable(out, bouncers)
|
||||
} else if csConfig.Cscli.Output == "json" {
|
||||
case "json":
|
||||
enc := json.NewEncoder(out)
|
||||
enc.SetIndent("", " ")
|
||||
if err := enc.Encode(bouncers); err != nil {
|
||||
return fmt.Errorf("failed to unmarshal: %w", err)
|
||||
}
|
||||
return nil
|
||||
} else if csConfig.Cscli.Output == "raw" {
|
||||
case "raw":
|
||||
csvwriter := csv.NewWriter(out)
|
||||
err := csvwriter.Write([]string{"name", "ip", "revoked", "last_pull", "type", "version", "auth_type"})
|
||||
if err != nil {
|
||||
|
|
@ -55,6 +56,7 @@ func getBouncers(out io.Writer, dbClient *database.Client) error {
|
|||
}
|
||||
csvwriter.Flush()
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
@ -78,12 +80,9 @@ func NewBouncersListCmd() *cobra.Command {
|
|||
}
|
||||
|
||||
func runBouncersAdd(cmd *cobra.Command, args []string) error {
|
||||
flags := cmd.Flags()
|
||||
keyLength := 32
|
||||
|
||||
keyLength, err := flags.GetInt("length")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
flags := cmd.Flags()
|
||||
|
||||
key, err := flags.GetString("key")
|
||||
if err != nil {
|
||||
|
|
@ -108,13 +107,14 @@ func runBouncersAdd(cmd *cobra.Command, args []string) error {
|
|||
return fmt.Errorf("unable to create bouncer: %s", err)
|
||||
}
|
||||
|
||||
if csConfig.Cscli.Output == "human" {
|
||||
switch csConfig.Cscli.Output {
|
||||
case "human":
|
||||
fmt.Printf("API key for '%s':\n\n", keyName)
|
||||
fmt.Printf(" %s\n\n", apiKey)
|
||||
fmt.Print("Please keep this key since you will not be able to retrieve it!\n")
|
||||
} else if csConfig.Cscli.Output == "raw" {
|
||||
case "raw":
|
||||
fmt.Printf("%s", apiKey)
|
||||
} else if csConfig.Cscli.Output == "json" {
|
||||
case "json":
|
||||
j, err := json.Marshal(apiKey)
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to marshal api key")
|
||||
|
|
@ -127,19 +127,18 @@ func runBouncersAdd(cmd *cobra.Command, args []string) error {
|
|||
|
||||
func NewBouncersAddCmd() *cobra.Command {
|
||||
cmdBouncersAdd := &cobra.Command{
|
||||
Use: "add MyBouncerName [--length 16]",
|
||||
Use: "add MyBouncerName",
|
||||
Short: "add a single bouncer to the database",
|
||||
Example: `cscli bouncers add MyBouncerName
|
||||
cscli bouncers add MyBouncerName -l 24
|
||||
cscli bouncers add MyBouncerName -k <random-key>`,
|
||||
cscli bouncers add MyBouncerName --key <random-key>`,
|
||||
Args: cobra.ExactArgs(1),
|
||||
DisableAutoGenTag: true,
|
||||
RunE: runBouncersAdd,
|
||||
}
|
||||
|
||||
flags := cmdBouncersAdd.Flags()
|
||||
|
||||
flags.IntP("length", "l", 16, "length of the api key")
|
||||
flags.StringP("length", "l", "", "length of the api key")
|
||||
flags.MarkDeprecated("length", "use --key instead")
|
||||
flags.StringP("key", "k", "", "api key for the bouncer")
|
||||
|
||||
return cmdBouncersAdd
|
||||
|
|
|
|||
|
|
@ -36,6 +36,18 @@ teardown() {
|
|||
assert_output '[]'
|
||||
}
|
||||
|
||||
@test "we can create a bouncer with a known key" {
|
||||
# also test the output formats since we know the key
|
||||
rune -0 cscli bouncers add ciTestBouncer --key "foobarbaz" -o human
|
||||
assert_output --partial 'foobarbaz'
|
||||
rune -0 cscli bouncers delete ciTestBouncer
|
||||
rune -0 cscli bouncers add ciTestBouncer --key "foobarbaz" -o json
|
||||
assert_output '"foobarbaz"'
|
||||
rune -0 cscli bouncers delete ciTestBouncer
|
||||
rune -0 cscli bouncers add ciTestBouncer --key "foobarbaz" -o raw
|
||||
assert_output foobarbaz
|
||||
}
|
||||
|
||||
@test "we can't add the same bouncer twice" {
|
||||
rune -0 cscli bouncers add ciTestBouncer
|
||||
rune -1 cscli bouncers add ciTestBouncer -o json
|
||||
|
|
|
|||
Loading…
Reference in a new issue