From 76d4bc77883c65d6e0ba49a2dae39df0c72e6247 Mon Sep 17 00:00:00 2001 From: mmetc <92726601+mmetc@users.noreply.github.com> Date: Fri, 24 Nov 2023 15:01:13 +0100 Subject: [PATCH] cscli bouncers: increase key size, deprecate and ignore --length option (#2531) the switch to base64 made the keys shorter (24 characters), this PR increases their size to 32 bytes, 42 chars once encoded Also deprecate the --length option, users can already provide a key --- cmd/crowdsec-cli/bouncers.go | 37 ++++++++++++++++++------------------ test/bats/10_bouncers.bats | 12 ++++++++++++ 2 files changed, 30 insertions(+), 19 deletions(-) diff --git a/cmd/crowdsec-cli/bouncers.go b/cmd/crowdsec-cli/bouncers.go index 7f5c4b597..9ce98d4b6 100644 --- a/cmd/crowdsec-cli/bouncers.go +++ b/cmd/crowdsec-cli/bouncers.go @@ -5,7 +5,6 @@ import ( "encoding/json" "fmt" "io" - "slices" "strings" "time" @@ -13,12 +12,12 @@ import ( "github.com/fatih/color" log "github.com/sirupsen/logrus" "github.com/spf13/cobra" + "slices" + "github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/require" middlewares "github.com/crowdsecurity/crowdsec/pkg/apiserver/middlewares/v1" "github.com/crowdsecurity/crowdsec/pkg/database" "github.com/crowdsecurity/crowdsec/pkg/types" - - "github.com/crowdsecurity/crowdsec/cmd/crowdsec-cli/require" ) func getBouncers(out io.Writer, dbClient *database.Client) error { @@ -26,16 +25,18 @@ func getBouncers(out io.Writer, dbClient *database.Client) error { if err != nil { return fmt.Errorf("unable to list bouncers: %s", err) } - if csConfig.Cscli.Output == "human" { + + switch csConfig.Cscli.Output { + case "human": getBouncersTable(out, bouncers) - } else if csConfig.Cscli.Output == "json" { + case "json": enc := json.NewEncoder(out) enc.SetIndent("", " ") if err := enc.Encode(bouncers); err != nil { return fmt.Errorf("failed to unmarshal: %w", err) } return nil - } else if csConfig.Cscli.Output == "raw" { + case "raw": csvwriter := csv.NewWriter(out) err := csvwriter.Write([]string{"name", "ip", "revoked", "last_pull", "type", "version", "auth_type"}) if err != nil { @@ -55,6 +56,7 @@ func getBouncers(out io.Writer, dbClient *database.Client) error { } csvwriter.Flush() } + return nil } @@ -78,12 +80,9 @@ func NewBouncersListCmd() *cobra.Command { } func runBouncersAdd(cmd *cobra.Command, args []string) error { - flags := cmd.Flags() + keyLength := 32 - keyLength, err := flags.GetInt("length") - if err != nil { - return err - } + flags := cmd.Flags() key, err := flags.GetString("key") if err != nil { @@ -108,13 +107,14 @@ func runBouncersAdd(cmd *cobra.Command, args []string) error { return fmt.Errorf("unable to create bouncer: %s", err) } - if csConfig.Cscli.Output == "human" { + switch csConfig.Cscli.Output { + case "human": fmt.Printf("API key for '%s':\n\n", keyName) fmt.Printf(" %s\n\n", apiKey) fmt.Print("Please keep this key since you will not be able to retrieve it!\n") - } else if csConfig.Cscli.Output == "raw" { + case "raw": fmt.Printf("%s", apiKey) - } else if csConfig.Cscli.Output == "json" { + case "json": j, err := json.Marshal(apiKey) if err != nil { return fmt.Errorf("unable to marshal api key") @@ -127,19 +127,18 @@ func runBouncersAdd(cmd *cobra.Command, args []string) error { func NewBouncersAddCmd() *cobra.Command { cmdBouncersAdd := &cobra.Command{ - Use: "add MyBouncerName [--length 16]", + Use: "add MyBouncerName", Short: "add a single bouncer to the database", Example: `cscli bouncers add MyBouncerName -cscli bouncers add MyBouncerName -l 24 -cscli bouncers add MyBouncerName -k `, +cscli bouncers add MyBouncerName --key `, Args: cobra.ExactArgs(1), DisableAutoGenTag: true, RunE: runBouncersAdd, } flags := cmdBouncersAdd.Flags() - - flags.IntP("length", "l", 16, "length of the api key") + flags.StringP("length", "l", "", "length of the api key") + flags.MarkDeprecated("length", "use --key instead") flags.StringP("key", "k", "", "api key for the bouncer") return cmdBouncersAdd diff --git a/test/bats/10_bouncers.bats b/test/bats/10_bouncers.bats index 79ba0eda8..3f6167ff6 100644 --- a/test/bats/10_bouncers.bats +++ b/test/bats/10_bouncers.bats @@ -36,6 +36,18 @@ teardown() { assert_output '[]' } +@test "we can create a bouncer with a known key" { + # also test the output formats since we know the key + rune -0 cscli bouncers add ciTestBouncer --key "foobarbaz" -o human + assert_output --partial 'foobarbaz' + rune -0 cscli bouncers delete ciTestBouncer + rune -0 cscli bouncers add ciTestBouncer --key "foobarbaz" -o json + assert_output '"foobarbaz"' + rune -0 cscli bouncers delete ciTestBouncer + rune -0 cscli bouncers add ciTestBouncer --key "foobarbaz" -o raw + assert_output foobarbaz +} + @test "we can't add the same bouncer twice" { rune -0 cscli bouncers add ciTestBouncer rune -1 cscli bouncers add ciTestBouncer -o json