From 132ca352b50b203bcfaae7e665ee05c786be4afc Mon Sep 17 00:00:00 2001 From: jspc Date: Tue, 7 Aug 2018 13:14:33 +0100 Subject: [PATCH 01/14] Store credentials in the system keychain --- keychain/keychain.go | 37 +++++++++++++++++++++++++++++++++++++ okta/get.go | 21 ++++++++++++++++++--- onelogin/get.go | 21 ++++++++++++++++++--- 3 files changed, 73 insertions(+), 6 deletions(-) create mode 100644 keychain/keychain.go diff --git a/keychain/keychain.go b/keychain/keychain.go new file mode 100644 index 0000000..0d0fca9 --- /dev/null +++ b/keychain/keychain.go @@ -0,0 +1,37 @@ +package keychain + +import ( + "github.com/tmc/keyring" +) + +const ( + // KeyChainName is the name of the keychain used to store + // passwords + KeyChainName = "clisso" +) + +// keychain provides an interface to allow for the easy testing +// of this package +type Keychain interface { + Get(string) ([]byte, error) + Set(string, []byte) error +} + +// DefaultKeyChain provides a wrapper around github.com/tmc/keyring +// and provides defaults and abstractions for clisso to get passwords +type DefaultKeychain struct{} + +// Set takes a provider in an argument, and a password from STDIN, and +// sets it in a keychain, should one exist. +func (DefaultKeychain) Set(provider string, password []byte) (err error) { + return keyring.Set(KeyChainName, provider, string(password)) +} + +// Get will, once given a valid provider, return the password associated +// in order for logins to happen +func (DefaultKeychain) Get(provider string) (pw []byte, err error) { + pwString, err := keyring.Get(KeyChainName, provider) + pw = []byte(pwString) + + return +} diff --git a/okta/get.go b/okta/get.go index 44bdef2..0ff73de 100644 --- a/okta/get.go +++ b/okta/get.go @@ -6,12 +6,17 @@ import ( "github.com/allcloud-io/clisso/aws" "github.com/allcloud-io/clisso/config" + "github.com/allcloud-io/clisso/keychain" "github.com/allcloud-io/clisso/saml" "github.com/allcloud-io/clisso/spinner" "github.com/fatih/color" "github.com/howeyc/gopass" ) +var ( + keyChain = keychain.DefaultKeychain{} +) + // Get gets temporary credentials for the given app. func Get(app, provider string, duration int64) (*aws.Credentials, error) { // Get provider config @@ -40,10 +45,20 @@ func Get(app, provider string, duration int64) (*aws.Credentials, error) { fmt.Scanln(&user) } - fmt.Print("Okta password: ") - pass, err := gopass.GetPasswd() + pass, err := keyChain.Get(provider) if err != nil { - return nil, fmt.Errorf("Couldn't read password from terminal") + fmt.Printf("Could not get password from keychain,\n\t%s\n", err.Error()) + + fmt.Print("Please enter Okta password: ") + pass, err := gopass.GetPasswd() + if err != nil { + return nil, fmt.Errorf("Couldn't read password from terminal") + } + + err = keyChain.Set(provider, pass) + if err != nil { + fmt.Printf("Could not save to keychain: %+v", err) + } } // Initialize spinner diff --git a/onelogin/get.go b/onelogin/get.go index 8cd6a45..43faef7 100644 --- a/onelogin/get.go +++ b/onelogin/get.go @@ -7,6 +7,7 @@ import ( "github.com/allcloud-io/clisso/aws" "github.com/allcloud-io/clisso/config" + "github.com/allcloud-io/clisso/keychain" "github.com/allcloud-io/clisso/saml" "github.com/allcloud-io/clisso/spinner" "github.com/fatih/color" @@ -26,6 +27,10 @@ const ( MFAInterval = 1 ) +var ( + keyChain = keychain.DefaultKeychain{} +) + // Get gets temporary credentials for the given app. // TODO Move AWS logic outside this function. func Get(app, provider string, duration int64) (*aws.Credentials, error) { @@ -63,10 +68,20 @@ func Get(app, provider string, duration int64) (*aws.Credentials, error) { fmt.Scanln(&user) } - fmt.Print("OneLogin password: ") - pass, err := gopass.GetPasswd() + pass, err := keyChain.Get(provider) if err != nil { - return nil, fmt.Errorf("Couldn't read password from terminal") + fmt.Printf("Could not get password from keychain,\n\t%s\n", err.Error()) + + fmt.Print("Please enter OneLogin password: ") + pass, err := gopass.GetPasswd() + if err != nil { + return nil, fmt.Errorf("Couldn't read password from terminal") + } + + err = keyChain.Set(provider, pass) + if err != nil { + fmt.Printf("Could not save to keychain: %+v", err) + } } // Generate SAML assertion From 36c5e3471d6a3528a015dd8825369ea6cd813c48 Mon Sep 17 00:00:00 2001 From: Johanan Liebermann Date: Wed, 8 Aug 2018 23:16:15 +0200 Subject: [PATCH 02/14] Add github.com/tmc/keyring dependency --- Gopkg.lock | 13 +++++++++++++ Gopkg.toml | 4 ++++ 2 files changed, 17 insertions(+) diff --git a/Gopkg.lock b/Gopkg.lock index dfdcdd7..8ec8676 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -95,6 +95,12 @@ [[projects]] branch = "master" digest = "1:147d671753effde6d3bcd58fc74c1d67d740196c84c280c762a5417319499972" + name = "github.com/guelfey/go.dbus" + packages = ["."] + revision = "f6a3a2366cc39b8479cadc499d3c735fb10fbdda" + +[[projects]] + branch = "master" name = "github.com/hashicorp/hcl" packages = [ ".", @@ -236,6 +242,12 @@ [[projects]] branch = "master" digest = "1:9171fe485c166e2d78471fabe2fb3497290552201127058205c3132edd71f7eb" + name = "github.com/tmc/keyring" + packages = ["."] + revision = "839169085ae146fc7a34bcb34dfd7ab216d23991" + +[[projects]] + branch = "master" name = "golang.org/x/crypto" packages = ["ssh/terminal"] pruneopts = "" @@ -315,5 +327,6 @@ "github.com/spf13/viper", "golang.org/x/net/publicsuffix", ] + inputs-digest = "caa830ffa78f7b78ee72ef961288759d72300f20461adfe1f69bc671d32c4903" solver-name = "gps-cdcl" solver-version = 1 diff --git a/Gopkg.toml b/Gopkg.toml index ad3f215..d30a8f4 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -56,3 +56,7 @@ [[constraint]] name = "github.com/mattn/go-colorable" version = "0.0.9" + +[[constraint]] + branch = "master" + name = "github.com/tmc/keyring" From dd57652d80660c8f20830b30fb7bc7b978a16023 Mon Sep 17 00:00:00 2001 From: Jonathan Vogt Date: Fri, 7 Sep 2018 09:46:25 +0200 Subject: [PATCH 03/14] remove implict save of credentials --- okta/get.go | 5 ----- onelogin/get.go | 5 ----- 2 files changed, 10 deletions(-) diff --git a/okta/get.go b/okta/get.go index 0ff73de..b32030d 100644 --- a/okta/get.go +++ b/okta/get.go @@ -54,11 +54,6 @@ func Get(app, provider string, duration int64) (*aws.Credentials, error) { if err != nil { return nil, fmt.Errorf("Couldn't read password from terminal") } - - err = keyChain.Set(provider, pass) - if err != nil { - fmt.Printf("Could not save to keychain: %+v", err) - } } // Initialize spinner diff --git a/onelogin/get.go b/onelogin/get.go index 43faef7..4ccda22 100644 --- a/onelogin/get.go +++ b/onelogin/get.go @@ -77,11 +77,6 @@ func Get(app, provider string, duration int64) (*aws.Credentials, error) { if err != nil { return nil, fmt.Errorf("Couldn't read password from terminal") } - - err = keyChain.Set(provider, pass) - if err != nil { - fmt.Printf("Could not save to keychain: %+v", err) - } } // Generate SAML assertion From be0203fe5a33352d4e05ebe7bc0bd7ab1f5836be Mon Sep 17 00:00:00 2001 From: Jonathan Vogt Date: Fri, 7 Sep 2018 09:51:22 +0200 Subject: [PATCH 04/14] remove shadowed password --- okta/get.go | 2 +- onelogin/get.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/okta/get.go b/okta/get.go index b32030d..b60af38 100644 --- a/okta/get.go +++ b/okta/get.go @@ -50,7 +50,7 @@ func Get(app, provider string, duration int64) (*aws.Credentials, error) { fmt.Printf("Could not get password from keychain,\n\t%s\n", err.Error()) fmt.Print("Please enter Okta password: ") - pass, err := gopass.GetPasswd() + pass, err = gopass.GetPasswd() if err != nil { return nil, fmt.Errorf("Couldn't read password from terminal") } diff --git a/onelogin/get.go b/onelogin/get.go index 4ccda22..99960da 100644 --- a/onelogin/get.go +++ b/onelogin/get.go @@ -73,7 +73,7 @@ func Get(app, provider string, duration int64) (*aws.Credentials, error) { fmt.Printf("Could not get password from keychain,\n\t%s\n", err.Error()) fmt.Print("Please enter OneLogin password: ") - pass, err := gopass.GetPasswd() + pass, err = gopass.GetPasswd() if err != nil { return nil, fmt.Errorf("Couldn't read password from terminal") } From c64a53170fb3b0a00eab5de34368ef6365eb0d59 Mon Sep 17 00:00:00 2001 From: Jonathan Vogt Date: Fri, 7 Sep 2018 09:55:07 +0200 Subject: [PATCH 05/14] Add command to save provider password --- cmd/providers.go | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/cmd/providers.go b/cmd/providers.go index 4ef3ace..5b445a0 100644 --- a/cmd/providers.go +++ b/cmd/providers.go @@ -6,7 +6,9 @@ import ( "sort" "strconv" + "github.com/allcloud-io/clisso/keychain" "github.com/fatih/color" + "github.com/howeyc/gopass" "github.com/spf13/cobra" "github.com/spf13/viper" ) @@ -50,6 +52,7 @@ func init() { // Build command tree RootCmd.AddCommand(cmdProviders) cmdProviders.AddCommand(cmdProvidersList) + cmdProviders.AddCommand(cmdProvidersPassword) cmdProviders.AddCommand(cmdProvidersCreate) cmdProvidersCreate.AddCommand(cmdProvidersCreateOneLogin) cmdProvidersCreate.AddCommand(cmdProvidersCreateOkta) @@ -85,6 +88,25 @@ var cmdProvidersList = &cobra.Command{ }, } +var cmdProvidersPassword = &cobra.Command{ + Use: "passwd", + Short: "Save password in KeyChain for provider", + Long: "Save password in KeyChain for provider, see github.com/tmc/keyring for supported stores.", + Args: cobra.ExactArgs(1), + + Run: func(cmd *cobra.Command, args []string) { + provider := args[0] + pass, err := gopass.GetPasswd() + + keyChain := keychain.DefaultKeychain{} + + err = keyChain.Set(provider, pass) + if err != nil { + fmt.Printf("Could not save to keychain: %+v", err) + } + }, +} + var cmdProvidersCreate = &cobra.Command{ Use: "create", Short: "Create a new provider", From 889152f074d61d62cf8bab157b34f27e4a7a07fa Mon Sep 17 00:00:00 2001 From: Jonathan Vogt Date: Fri, 7 Sep 2018 10:04:21 +0200 Subject: [PATCH 06/14] Better prompt handling --- cmd/providers.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cmd/providers.go b/cmd/providers.go index 5b445a0..c0dd332 100644 --- a/cmd/providers.go +++ b/cmd/providers.go @@ -96,7 +96,11 @@ var cmdProvidersPassword = &cobra.Command{ Run: func(cmd *cobra.Command, args []string) { provider := args[0] + fmt.Printf("Please enter the password for the '%s' provider: ", provider) pass, err := gopass.GetPasswd() + if err != nil { + log.Fatalf(color.RedString("Could not read password")) + } keyChain := keychain.DefaultKeychain{} @@ -104,6 +108,7 @@ var cmdProvidersPassword = &cobra.Command{ if err != nil { fmt.Printf("Could not save to keychain: %+v", err) } + log.Printf(color.GreenString("Saved password for Provider '%s'"), provider) }, } From e4ad67a4b0cdc85e50ec3f9daeaffb2191fd8b77 Mon Sep 17 00:00:00 2001 From: Jonathan Vogt Date: Fri, 7 Sep 2018 10:05:11 +0200 Subject: [PATCH 07/14] make keychain fail transparently on windows --- keychain/keychain.go | 15 +++++++++++++-- okta/get.go | 2 -- onelogin/get.go | 2 -- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/keychain/keychain.go b/keychain/keychain.go index 0d0fca9..381ebec 100644 --- a/keychain/keychain.go +++ b/keychain/keychain.go @@ -1,6 +1,11 @@ package keychain import ( + "errors" + "log" + "runtime" + + "github.com/fatih/color" "github.com/tmc/keyring" ) @@ -10,26 +15,32 @@ const ( KeyChainName = "clisso" ) -// keychain provides an interface to allow for the easy testing +// Keychain provides an interface to allow for the easy testing // of this package type Keychain interface { Get(string) ([]byte, error) Set(string, []byte) error } -// DefaultKeyChain provides a wrapper around github.com/tmc/keyring +// DefaultKeychain provides a wrapper around github.com/tmc/keyring // and provides defaults and abstractions for clisso to get passwords type DefaultKeychain struct{} // Set takes a provider in an argument, and a password from STDIN, and // sets it in a keychain, should one exist. func (DefaultKeychain) Set(provider string, password []byte) (err error) { + if runtime.GOOS == "windows" { + log.Fatal(color.RedString("Storing passwords is not supported on windows")) + } return keyring.Set(KeyChainName, provider, string(password)) } // Get will, once given a valid provider, return the password associated // in order for logins to happen func (DefaultKeychain) Get(provider string) (pw []byte, err error) { + if runtime.GOOS == "windows" { + return nil, errors.New("Platform is not supported yet") + } pwString, err := keyring.Get(KeyChainName, provider) pw = []byte(pwString) diff --git a/okta/get.go b/okta/get.go index b60af38..fe3e2a4 100644 --- a/okta/get.go +++ b/okta/get.go @@ -47,8 +47,6 @@ func Get(app, provider string, duration int64) (*aws.Credentials, error) { pass, err := keyChain.Get(provider) if err != nil { - fmt.Printf("Could not get password from keychain,\n\t%s\n", err.Error()) - fmt.Print("Please enter Okta password: ") pass, err = gopass.GetPasswd() if err != nil { diff --git a/onelogin/get.go b/onelogin/get.go index 99960da..d2a2daa 100644 --- a/onelogin/get.go +++ b/onelogin/get.go @@ -70,8 +70,6 @@ func Get(app, provider string, duration int64) (*aws.Credentials, error) { pass, err := keyChain.Get(provider) if err != nil { - fmt.Printf("Could not get password from keychain,\n\t%s\n", err.Error()) - fmt.Print("Please enter OneLogin password: ") pass, err = gopass.GetPasswd() if err != nil { From bd521c31f0e8d2b1cd3b4bd50b2b00d4c34465a7 Mon Sep 17 00:00:00 2001 From: Jonathan Vogt Date: Fri, 7 Sep 2018 10:38:19 +0200 Subject: [PATCH 08/14] add info to readme --- README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README.md b/README.md index 682f0be..788bcb9 100644 --- a/README.md +++ b/README.md @@ -265,6 +265,15 @@ To save the credentials to a custom file, use the `-w` flag. To print the credentials to the shell instead of storing them in a file, use the `-s` flag. This will output shell commands which can be pasted in any shell to use the credentials. +### Storing the password in the keychain + +> WARNING: Storing the password without having MFA enabled is a security risk. It allows anyone +> to assume your roles who has access to your computer. + +Storing a password for a provider is as simple as running: + + clisso providers passwd my-provider + ### Selecting an App You can **select** an app by using the following command: @@ -278,6 +287,8 @@ apps using `clisso apps ls`. ## Caveats and Limitations - No support for Okta applications with MFA enabled **at the application level**. +- No support for storing passwords on Windows. +>>>>>>> add info to readme ## Contributing From 12c3a0db5726f658dcfcb28b2e200d3745e75555 Mon Sep 17 00:00:00 2001 From: Jonathan Vogt Date: Wed, 12 Sep 2018 16:34:15 +0200 Subject: [PATCH 09/14] fix missed conflict line --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 788bcb9..d612f5f 100644 --- a/README.md +++ b/README.md @@ -288,7 +288,6 @@ apps using `clisso apps ls`. - No support for Okta applications with MFA enabled **at the application level**. - No support for storing passwords on Windows. ->>>>>>> add info to readme ## Contributing From 9572b15edea688885ffc8628b9ac5fa84b752916 Mon Sep 17 00:00:00 2001 From: Jonathan Vogt Date: Wed, 12 Sep 2018 16:43:52 +0200 Subject: [PATCH 10/14] fix windows build is broken --- keychain/keychain.go | 22 ++-------------------- 1 file changed, 2 insertions(+), 20 deletions(-) diff --git a/keychain/keychain.go b/keychain/keychain.go index 381ebec..ae0f7d8 100644 --- a/keychain/keychain.go +++ b/keychain/keychain.go @@ -1,14 +1,5 @@ package keychain -import ( - "errors" - "log" - "runtime" - - "github.com/fatih/color" - "github.com/tmc/keyring" -) - const ( // KeyChainName is the name of the keychain used to store // passwords @@ -29,20 +20,11 @@ type DefaultKeychain struct{} // Set takes a provider in an argument, and a password from STDIN, and // sets it in a keychain, should one exist. func (DefaultKeychain) Set(provider string, password []byte) (err error) { - if runtime.GOOS == "windows" { - log.Fatal(color.RedString("Storing passwords is not supported on windows")) - } - return keyring.Set(KeyChainName, provider, string(password)) + return set(provider, password) } // Get will, once given a valid provider, return the password associated // in order for logins to happen func (DefaultKeychain) Get(provider string) (pw []byte, err error) { - if runtime.GOOS == "windows" { - return nil, errors.New("Platform is not supported yet") - } - pwString, err := keyring.Get(KeyChainName, provider) - pw = []byte(pwString) - - return + return get(provider) } From 4c4e3098d3fb6f3e4ec32d999d8cd0e3717cb795 Mon Sep 17 00:00:00 2001 From: Jonathan Vogt Date: Wed, 12 Sep 2018 16:50:01 +0200 Subject: [PATCH 11/14] add missing files Move duplicate code to keychain package --- keychain/keychain.go | 19 +++++++++++++++++-- keychain/keychain_unix.go | 15 +++++++++++++++ keychain/keychain_windows.go | 19 +++++++++++++++++++ okta/get.go | 8 -------- onelogin/get.go | 8 -------- 5 files changed, 51 insertions(+), 18 deletions(-) create mode 100644 keychain/keychain_unix.go create mode 100644 keychain/keychain_windows.go diff --git a/keychain/keychain.go b/keychain/keychain.go index ae0f7d8..890744d 100644 --- a/keychain/keychain.go +++ b/keychain/keychain.go @@ -1,5 +1,11 @@ package keychain +import ( + "fmt" + + "github.com/howeyc/gopass" +) + const ( // KeyChainName is the name of the keychain used to store // passwords @@ -24,7 +30,16 @@ func (DefaultKeychain) Set(provider string, password []byte) (err error) { } // Get will, once given a valid provider, return the password associated -// in order for logins to happen +// in order for logins to happen. If no password is found, it will prompt +// the user. func (DefaultKeychain) Get(provider string) (pw []byte, err error) { - return get(provider) + pass, err := get(provider) + if err != nil { + fmt.Printf("Please enter %s password: ", provider) + pass, err = gopass.GetPasswd() + if err != nil { + return nil, fmt.Errorf("Couldn't read password from terminal") + } + } + return pass, nil } diff --git a/keychain/keychain_unix.go b/keychain/keychain_unix.go new file mode 100644 index 0000000..fcea11f --- /dev/null +++ b/keychain/keychain_unix.go @@ -0,0 +1,15 @@ +// +build !windows + +package keychain + +import "github.com/tmc/keyring" + +func set(provider string, password []byte) (err error) { + return keyring.Set(KeyChainName, provider, string(password)) +} + +func get(provider string) (pw []byte, err error) { + pwString, err := keyring.Get(KeyChainName, provider) + pw = []byte(pwString) + return +} diff --git a/keychain/keychain_windows.go b/keychain/keychain_windows.go new file mode 100644 index 0000000..27a74cf --- /dev/null +++ b/keychain/keychain_windows.go @@ -0,0 +1,19 @@ +// +build windows + +package keychain + +import ( + "errors" + "log" + + "github.com/fatih/color" +) + +func set(provider string, password []byte) (err error) { + log.Fatal(color.RedString("Storing passwords is not supported on windows")) + return +} + +func get(provider string) (pw []byte, err error) { + return nil, errors.New("Platform is not supported yet") +} diff --git a/okta/get.go b/okta/get.go index fe3e2a4..586a193 100644 --- a/okta/get.go +++ b/okta/get.go @@ -10,7 +10,6 @@ import ( "github.com/allcloud-io/clisso/saml" "github.com/allcloud-io/clisso/spinner" "github.com/fatih/color" - "github.com/howeyc/gopass" ) var ( @@ -46,13 +45,6 @@ func Get(app, provider string, duration int64) (*aws.Credentials, error) { } pass, err := keyChain.Get(provider) - if err != nil { - fmt.Print("Please enter Okta password: ") - pass, err = gopass.GetPasswd() - if err != nil { - return nil, fmt.Errorf("Couldn't read password from terminal") - } - } // Initialize spinner var s = spinner.New() diff --git a/onelogin/get.go b/onelogin/get.go index d2a2daa..e74db5c 100644 --- a/onelogin/get.go +++ b/onelogin/get.go @@ -11,7 +11,6 @@ import ( "github.com/allcloud-io/clisso/saml" "github.com/allcloud-io/clisso/spinner" "github.com/fatih/color" - "github.com/howeyc/gopass" ) const ( @@ -69,13 +68,6 @@ func Get(app, provider string, duration int64) (*aws.Credentials, error) { } pass, err := keyChain.Get(provider) - if err != nil { - fmt.Print("Please enter OneLogin password: ") - pass, err = gopass.GetPasswd() - if err != nil { - return nil, fmt.Errorf("Couldn't read password from terminal") - } - } // Generate SAML assertion pSAML := GenerateSamlAssertionParams{ From c46244f823b614db6708149c634e8219e1d71c9c Mon Sep 17 00:00:00 2001 From: Jonathan Vogt Date: Wed, 12 Sep 2018 16:53:30 +0200 Subject: [PATCH 12/14] ran dep ensure --- Gopkg.lock | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/Gopkg.lock b/Gopkg.lock index 8ec8676..20d2066 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -94,13 +94,15 @@ [[projects]] branch = "master" - digest = "1:147d671753effde6d3bcd58fc74c1d67d740196c84c280c762a5417319499972" + digest = "1:30ab9deaf9ab00ba3e5ff2ea6dbedc83720b1563e311a05d2605dd62aa4fdc3f" name = "github.com/guelfey/go.dbus" packages = ["."] + pruneopts = "" revision = "f6a3a2366cc39b8479cadc499d3c735fb10fbdda" [[projects]] branch = "master" + digest = "1:147d671753effde6d3bcd58fc74c1d67d740196c84c280c762a5417319499972" name = "github.com/hashicorp/hcl" packages = [ ".", @@ -241,13 +243,15 @@ [[projects]] branch = "master" - digest = "1:9171fe485c166e2d78471fabe2fb3497290552201127058205c3132edd71f7eb" + digest = "1:477097b49b467b18aabe6dd53c5ec6d262723d9880ddade6fe5200200b2e6827" name = "github.com/tmc/keyring" packages = ["."] + pruneopts = "" revision = "839169085ae146fc7a34bcb34dfd7ab216d23991" [[projects]] branch = "master" + digest = "1:9171fe485c166e2d78471fabe2fb3497290552201127058205c3132edd71f7eb" name = "golang.org/x/crypto" packages = ["ssh/terminal"] pruneopts = "" @@ -325,8 +329,8 @@ "github.com/mitchellh/go-homedir", "github.com/spf13/cobra", "github.com/spf13/viper", + "github.com/tmc/keyring", "golang.org/x/net/publicsuffix", ] - inputs-digest = "caa830ffa78f7b78ee72ef961288759d72300f20461adfe1f69bc671d32c4903" solver-name = "gps-cdcl" solver-version = 1 From 5e9ac85519bade283db67ac7c77de194449b2663 Mon Sep 17 00:00:00 2001 From: Jonathan Vogt Date: Tue, 4 Dec 2018 08:53:48 +0100 Subject: [PATCH 13/14] dep ensure --- Gopkg.lock | 1 + 1 file changed, 1 insertion(+) diff --git a/Gopkg.lock b/Gopkg.lock index 20d2066..6d53edf 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -318,6 +318,7 @@ input-imports = [ "github.com/PuerkitoBio/goquery", "github.com/aws/aws-sdk-go/aws", + "github.com/aws/aws-sdk-go/aws/awserr", "github.com/aws/aws-sdk-go/aws/session", "github.com/aws/aws-sdk-go/service/sts", "github.com/briandowns/spinner", From e59b7007015f0d9c1a53fe31f3cdabec09a996d8 Mon Sep 17 00:00:00 2001 From: Jonathan Vogt Date: Fri, 7 Dec 2018 17:45:31 +0100 Subject: [PATCH 14/14] fixed issues found by pullrequest.com --- cmd/providers.go | 2 +- keychain/keychain.go | 9 ++++++--- keychain/keychain_windows.go | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/cmd/providers.go b/cmd/providers.go index c0dd332..41b12a6 100644 --- a/cmd/providers.go +++ b/cmd/providers.go @@ -106,7 +106,7 @@ var cmdProvidersPassword = &cobra.Command{ err = keyChain.Set(provider, pass) if err != nil { - fmt.Printf("Could not save to keychain: %+v", err) + fmt.Fatalf("Could not save to keychain: %+v", err) } log.Printf(color.GreenString("Saved password for Provider '%s'"), provider) }, diff --git a/keychain/keychain.go b/keychain/keychain.go index 890744d..7a58265 100644 --- a/keychain/keychain.go +++ b/keychain/keychain.go @@ -30,15 +30,18 @@ func (DefaultKeychain) Set(provider string, password []byte) (err error) { } // Get will, once given a valid provider, return the password associated -// in order for logins to happen. If no password is found, it will prompt -// the user. +// in order for logins to happen. +// If any error occours while talking to the keychain provider, we silently swallow it +// and just ask the user for the password instead. Error could be anything from access denied to +// password not found. func (DefaultKeychain) Get(provider string) (pw []byte, err error) { pass, err := get(provider) if err != nil { + // If we ever implement a logfile we might want to log what error occurred. fmt.Printf("Please enter %s password: ", provider) pass, err = gopass.GetPasswd() if err != nil { - return nil, fmt.Errorf("Couldn't read password from terminal") + return nil, fmt.Errorf("couldn't read password from terminal") } } return pass, nil diff --git a/keychain/keychain_windows.go b/keychain/keychain_windows.go index 27a74cf..e81a66a 100644 --- a/keychain/keychain_windows.go +++ b/keychain/keychain_windows.go @@ -15,5 +15,5 @@ func set(provider string, password []byte) (err error) { } func get(provider string) (pw []byte, err error) { - return nil, errors.New("Platform is not supported yet") + return nil, errors.New("windows platform is not supported yet") }