added caller identity check

added search
small refactor

Author: enrichman

biscuit/biscuit.go

@@ -2,41 +2,43 @@ package biscuit
 
 import (
 	"bytes"
-	"log"
-	"os"
 	"os/exec"
+	"sort"
 	"strings"
+
+	"github.com/pkg/errors"
 )
 
-type Client struct {
-	filename string
+func KmsCallerIdentity() error {
+	cmd := exec.Command("biscuit", "kms", "get-caller-identity")
+	_, err := handleCommand(cmd)
+	return err
 }
 
-func NewClient(filename string) (*Client, error) {
-	if _, err := os.Open(filename); err != nil {
+func List(filename string) ([]string, error) {
+	out, err := handleCommand(exec.Command("biscuit", "list", "-f", filename))
+	if err != nil {
 		return nil, err
 	}
-	return &Client{filename: filename}, nil
-}
 
-func (c *Client) List() ([]string, error) {
-	out, err := exec.Command("biscuit", "list", "-f", c.filename).Output()
-	if err != nil {
-		log.Fatal(err)
-	}
+	secrets := strings.Split(out, "\n")
+	sort.Strings(secrets)
+
+	return secrets, nil
+}
 
-	return strings.Split(strings.TrimSpace(string(out)), "\n"), nil
+func Get(filename, secret string) (string, error) {
+	cmd := exec.Command("biscuit", "get", "-f", filename, secret)
+	return handleCommand(cmd)
 }
 
-func (c *Client) Get(secret string) (string, error) {
-	cmd := exec.Command("biscuit", "get", "-f", c.filename, secret)
+func handleCommand(cmd *exec.Cmd) (string, error) {
 	var stderr bytes.Buffer
 	cmd.Stderr = &stderr
 
 	out, err := cmd.Output()
 	if err != nil {
-		return stderr.String(), err
+		return "", errors.New(stderr.String())
 	}
-
-	return string(out), nil
+	return strings.TrimSpace(string(out)), nil
 }

go.mod

@@ -5,4 +5,5 @@ go 1.15
 require (
 	github.com/manifoldco/promptui v0.8.0
 	github.com/mitchellh/gox v1.0.1 // indirect
+	github.com/pkg/errors v0.9.1
 )

go.sum

@@ -21,5 +21,7 @@ github.com/mitchellh/gox v1.0.1 h1:x0jD3dcHk9a9xPSDN6YEL4xL6Qz0dvNYm8yZqui5chI=
 github.com/mitchellh/gox v1.0.1/go.mod h1:ED6BioOGXMswlXa2zxfh/xdd5QhwYliBFn9V18Ap4z4=
 github.com/mitchellh/iochan v1.0.0 h1:C+X3KsSTLFVBr/tK1eYN/vs4rJcvsiLU338UhYPJWeY=
 github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

main.go

@@ -5,6 +5,7 @@ import (
 	"flag"
 	"fmt"
 	"os"
+	"strings"
 
 	"github.com/enrichman/ringo/biscuit"
 	"github.com/manifoldco/promptui"
@@ -16,34 +17,49 @@ func main() {
 	flag.StringVar(&secretsFilename, "filename", "config/secrets.yml", "the file containing the secrets to decrypt")
 	flag.Parse()
 
-	biscuit, err := biscuit.NewClient(secretsFilename)
-	if err != nil {
+	if _, err := os.Open(secretsFilename); err != nil {
 		if errors.Is(err, os.ErrNotExist) {
 			fmt.Println("'config/secrets.yml' file not found!\nYou can use the -filename flag for a different path")
 			return
 		}
 		panic(err)
 	}
 
-	list, err := biscuit.List()
+	if err := biscuit.KmsCallerIdentity(); err != nil {
+		fmt.Print(err)
+		os.Exit(1)
+	}
+
+	list, err := biscuit.List(secretsFilename)
 	if err != nil {
-		panic(err)
+		fmt.Print(err)
+		os.Exit(1)
 	}
 
 	prompt := promptui.Select{
 		Label: "Select a secret to decrypt",
 		Items: list,
+		Size:  10,
+		Searcher: func(input string, index int) bool {
+			name := strings.Replace(strings.ToLower(list[index]), " ", "", -1)
+			input = strings.Replace(strings.ToLower(input), " ", "", -1)
+			return strings.Contains(name, input)
+		},
 	}
+
 	_, result, err := prompt.Run()
 	if err != nil {
+		// this happens when you ^C the prompt
 		return
 	}
 
 	fmt.Printf("Decrypting %q\n", result)
-	res, err := biscuit.Get(result)
+
+	res, err := biscuit.Get(secretsFilename, result)
 	if err != nil {
-		fmt.Println(res)
-		return
+		fmt.Print(err)
+		os.Exit(1)
 	}
+
 	fmt.Println(res)
 }