diff options
author | Alex Auvolat <alex@adnab.me> | 2024-02-12 10:42:17 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2024-02-12 10:42:17 +0100 |
commit | 25e5738568b2a021de3a79af3282b2b5feaee9e8 (patch) | |
tree | c1884e31cfc049d37db8cd7ceb6f1bed3a866767 /src/garage | |
parent | 198188017cc7b956885e4b51c979cb3554276e4f (diff) | |
download | garage-25e5738568b2a021de3a79af3282b2b5feaee9e8.tar.gz garage-25e5738568b2a021de3a79af3282b2b5feaee9e8.zip |
[fix-secrets-695] take into account rpc secret from file for cli commands (fix #695)
Diffstat (limited to 'src/garage')
-rw-r--r-- | src/garage/main.rs | 23 | ||||
-rw-r--r-- | src/garage/secrets.rs | 2 |
2 files changed, 16 insertions, 9 deletions
diff --git a/src/garage/main.rs b/src/garage/main.rs index 5c92dae4..1a6a6e32 100644 --- a/src/garage/main.rs +++ b/src/garage/main.rs @@ -174,7 +174,9 @@ async fn main() { } async fn cli_command(opt: Opt) -> Result<(), Error> { - let config = if opt.secrets.rpc_secret.is_none() || opt.rpc_host.is_none() { + let config = if (opt.secrets.rpc_secret.is_none() && opt.secrets.rpc_secret_file.is_none()) + || opt.rpc_host.is_none() + { Some(garage_util::config::read_config(opt.config_file.clone()) .err_context(format!("Unable to read configuration file {}. Configuration file is needed because -h or -s is not provided on the command line.", opt.config_file.to_string_lossy()))?) } else { @@ -182,14 +184,19 @@ async fn cli_command(opt: Opt) -> Result<(), Error> { }; // Find and parse network RPC secret - let net_key_hex_str = opt - .secrets - .rpc_secret - .as_ref() - .or_else(|| config.as_ref().and_then(|c| c.rpc_secret.as_ref())) - .ok_or("No RPC secret provided")?; + let mut rpc_secret = config.as_ref().and_then(|c| c.rpc_secret.clone()); + secrets::fill_secret( + &mut rpc_secret, + &config.as_ref().and_then(|c| c.rpc_secret_file.clone()), + &opt.secrets.rpc_secret, + &opt.secrets.rpc_secret_file, + "rpc_secret", + true, + )?; + + let net_key_hex_str = rpc_secret.ok_or("No RPC secret provided")?; let network_key = NetworkKey::from_slice( - &hex::decode(net_key_hex_str).err_context("Invalid RPC secret key (bad hex)")?[..], + &hex::decode(&net_key_hex_str).err_context("Invalid RPC secret key (bad hex)")?[..], ) .ok_or("Invalid RPC secret provided (wrong length)")?; diff --git a/src/garage/secrets.rs b/src/garage/secrets.rs index 8c89a262..a2c64cef 100644 --- a/src/garage/secrets.rs +++ b/src/garage/secrets.rs @@ -83,7 +83,7 @@ pub fn fill_secrets(mut config: Config, secrets: Secrets) -> Result<Config, Erro Ok(config) } -fn fill_secret( +pub(crate) fn fill_secret( config_secret: &mut Option<String>, config_secret_file: &Option<String>, cli_secret: &Option<String>, |