Remove secret generate cmd and its implementation

This command is obsolete and can be safely removed. All the secrets functionality now is part of SOPS krm function and phases. Change-Id: Ia8244e51aa8c28f1ac07734e4f4afc6ee59e4021 Signed-off-by: Ruslan Aliev <raliev@mirantis.com> Relates-To: #588
2021-05-27 12:53:42 -05:00 · 2021-05-27 12:53:42 -05:00 · f5daa32ef9
parent df55f50cb6
commit f5daa32ef9
13 changed files with 0 additions and 498 deletions
--- a/cmd/root.go
+++ b/cmd/root.go
@ -29,7 +29,6 @@ import (
 	"opendev.org/airship/airshipctl/cmd/document"
 	"opendev.org/airship/airshipctl/cmd/phase"
 	"opendev.org/airship/airshipctl/cmd/plan"
-	"opendev.org/airship/airshipctl/cmd/secret"
 	cfg "opendev.org/airship/airshipctl/pkg/config"
 	"opendev.org/airship/airshipctl/pkg/log"
 )
@ -82,7 +81,6 @@ func AddDefaultAirshipCTLCommands(cmd *cobra.Command, factory cfg.Factory) *cobr
 	cmd.AddCommand(completion.NewCompletionCommand())
 	cmd.AddCommand(document.NewDocumentCommand(factory))
 	cmd.AddCommand(config.NewConfigCommand(factory))
-	cmd.AddCommand(secret.NewSecretCommand())
 	cmd.AddCommand(phase.NewPhaseCommand(factory))
 	cmd.AddCommand(plan.NewPlanCommand(factory))
 	cmd.AddCommand(NewVersionCommand())
--- a/cmd/secret/generate/encryptionkey/encryptionkey.go
+++ b/cmd/secret/generate/encryptionkey/encryptionkey.go
@ -1,69 +0,0 @@
-/*
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
-     https://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-*/
-
-package encryptionkey
-
-import (
-	"fmt"
-
-	"github.com/spf13/cobra"
-
-	"opendev.org/airship/airshipctl/pkg/errors"
-	"opendev.org/airship/airshipctl/pkg/secret/generate"
-)
-
-const (
-	cmdLong = `
-Generates a secure encryption key or passphrase.
-
-If regex arguments are passed the encryption key created would match the regular expression passed.
-`
-
-	cmdExample = `
-Generates a secure encryption key or passphrase.
-# airshipctl secret generate encryptionkey
-
-Generates a secure encryption key or passphrase matching the regular expression
-# airshipctl secret generate encryptionkey --regex Xy[a-c][0-9]!a*
-`
-)
-
-// NewGenerateEncryptionKeyCommand creates a new command for generating secret information
-func NewGenerateEncryptionKeyCommand() *cobra.Command {
-	var regex string
-	var limit int
-
-	encryptionKeyCmd := &cobra.Command{
-		Use:     "encryptionkey",
-		Short:   "Airshipctl command to generate a secure encryption key or passphrase",
-		Long:    cmdLong[1:],
-		Example: cmdExample,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			if cmd.Flags().Changed("limit") && !cmd.Flags().Changed("regex") {
-				return fmt.Errorf("required Regex flag with limit option")
-			}
-			if cmd.Flags().Changed("regex") && cmd.Flags().Changed("limit") {
-				return errors.ErrNotImplemented{What: "Regex support not implemented yet!"}
-			}
-			engine := generate.NewEncryptionKeyEngine(nil)
-			encryptionKey := engine.GenerateEncryptionKey()
-			fmt.Fprintln(cmd.OutOrStdout(), encryptionKey)
-			return nil
-		},
-	}
-
-	encryptionKeyCmd.Flags().StringVar(&regex, "regex", "", "regular expression string")
-	encryptionKeyCmd.Flags().IntVar(&limit, "limit", 5, "limit number of characters for + or * regex")
-	return encryptionKeyCmd
-}
--- a/cmd/secret/generate/encryptionkey/encryptionkey_test.go
+++ b/cmd/secret/generate/encryptionkey/encryptionkey_test.go
@ -1,43 +0,0 @@
-/*
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
-     https://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-*/
-
-package encryptionkey_test
-
-import (
-	"fmt"
-	"testing"
-
-	"opendev.org/airship/airshipctl/cmd/secret/generate/encryptionkey"
-	"opendev.org/airship/airshipctl/testutil"
-)
-
-func TestGenerateEncryptionKey(t *testing.T) {
-	cmdTests := []*testutil.CmdTest{
-		{
-			Name:    "generate-encryptionkey-cmd-with-help",
-			CmdLine: "--help",
-			Cmd:     encryptionkey.NewGenerateEncryptionKeyCommand(),
-		},
-		{
-			Name:    "generate-encryptionkey-cmd-error",
-			CmdLine: "--limit 10",
-			Error:   fmt.Errorf("required Regex flag with limit option"),
-			Cmd:     encryptionkey.NewGenerateEncryptionKeyCommand(),
-		},
-	}
-
-	for _, tt := range cmdTests {
-		testutil.RunTest(t, tt)
-	}
-}
--- a/cmd/secret/generate/encryptionkey/testdata/TestGenerateEncryptionKeyGoldenOutput/generate-encryptionkey-cmd-error.golden
+++ b/cmd/secret/generate/encryptionkey/testdata/TestGenerateEncryptionKeyGoldenOutput/generate-encryptionkey-cmd-error.golden
@ -1,18 +0,0 @@
-Error: required Regex flag with limit option
-Usage:
-  encryptionkey [flags]
-
-Examples:
-
-Generates a secure encryption key or passphrase.
-# airshipctl secret generate encryptionkey
-
-Generates a secure encryption key or passphrase matching the regular expression
-# airshipctl secret generate encryptionkey --regex Xy[a-c][0-9]!a*
-
-
-Flags:
-  -h, --help           help for encryptionkey
-      --limit int      limit number of characters for + or * regex (default 5)
-      --regex string   regular expression string
-
--- a/cmd/secret/generate/encryptionkey/testdata/TestGenerateEncryptionKeyGoldenOutput/generate-encryptionkey-cmd-with-help.golden
+++ b/cmd/secret/generate/encryptionkey/testdata/TestGenerateEncryptionKeyGoldenOutput/generate-encryptionkey-cmd-with-help.golden
@ -1,20 +0,0 @@
-Generates a secure encryption key or passphrase.
-
-If regex arguments are passed the encryption key created would match the regular expression passed.
-
-Usage:
-  encryptionkey [flags]
-
-Examples:
-
-Generates a secure encryption key or passphrase.
-# airshipctl secret generate encryptionkey
-
-Generates a secure encryption key or passphrase matching the regular expression
-# airshipctl secret generate encryptionkey --regex Xy[a-c][0-9]!a*
-
-
-Flags:
-  -h, --help           help for encryptionkey
-      --limit int      limit number of characters for + or * regex (default 5)
-      --regex string   regular expression string
--- a/cmd/secret/generate/generate.go
+++ b/cmd/secret/generate/generate.go
@ -1,34 +0,0 @@
-/*
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
-     https://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-*/
-
-package generate
-
-import (
-	"github.com/spf13/cobra"
-
-	"opendev.org/airship/airshipctl/cmd/secret/generate/encryptionkey"
-)
-
-// NewGenerateCommand creates a new command for generating secret information
-func NewGenerateCommand() *cobra.Command {
-	generateRootCmd := &cobra.Command{
-		Use: "generate",
-		// TODO(howell): Make this more expressive
-		Short: "Airshipctl command to generate secrets",
-	}
-
-	generateRootCmd.AddCommand(encryptionkey.NewGenerateEncryptionKeyCommand())
-
-	return generateRootCmd
-}
--- a/cmd/secret/secret.go
+++ b/cmd/secret/secret.go
@ -1,35 +0,0 @@
-/*
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
-     https://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-*/
-
-package secret
-
-import (
-	"github.com/spf13/cobra"
-
-	"opendev.org/airship/airshipctl/cmd/secret/generate"
-)
-
-// NewSecretCommand creates a new command for managing airshipctl secrets
-func NewSecretCommand() *cobra.Command {
-	secretRootCmd := &cobra.Command{
-		Use: "secret",
-		// TODO(howell): Make this more expressive
-		Short: "Airshipctl command to manage secrets",
-		Long:  "Commands and sub-commnads defined can be used to manage secrets.",
-	}
-
-	secretRootCmd.AddCommand(generate.NewGenerateCommand())
-
-	return secretRootCmd
-}
--- a/cmd/testdata/TestRootGoldenOutput/rootCmd-with-default-subcommands.golden
+++ b/cmd/testdata/TestRootGoldenOutput/rootCmd-with-default-subcommands.golden
@ -14,7 +14,6 @@ Available Commands:
  help        Help about any command
  phase       Airshipctl command to manage phases
  plan        Airshipctl command to manage plans
-  secret      Airshipctl command to manage secrets
  version     Airshipctl command to display the current version number

 Flags:
--- a/docs/source/cli/airshipctl.rst
+++ b/docs/source/cli/airshipctl.rst
@ -33,6 +33,5 @@ SEE ALSO
 * :ref:`airshipctl document <airshipctl_document>` 	 - Airshipctl command to manage site manifest documents
 * :ref:`airshipctl phase <airshipctl_phase>` 	 - Airshipctl command to manage phases
 * :ref:`airshipctl plan <airshipctl_plan>` 	 - Airshipctl command to manage plans
-* :ref:`airshipctl secret <airshipctl_secret>` 	 - Airshipctl command to manage secrets
 * :ref:`airshipctl version <airshipctl_version>` 	 - Airshipctl command to display the current version number

--- a/docs/source/cli/index.rst
+++ b/docs/source/cli/index.rst
@ -14,5 +14,4 @@ Commands
   help/index
   phase/index
   plan/index
-   secret/index
   version/index
--- a/pkg/secret/generate/encryptionkey.go
+++ b/pkg/secret/generate/encryptionkey.go
@ -1,112 +0,0 @@
-/*
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
-     https://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-*/
-
-package generate
-
-import (
-	"math/rand"
-	"strings"
-)
-
-const (
-	defaultLength = 24
-
-	asciiLowers  = "abcdefghijklmnopqrstuvwxyz"
-	asciiUppers  = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-	asciiNumbers = "0123456789"
-	asciiSymbols = "@#&-+=?"
-)
-
-var (
-	// pool is the complete collection of characters that can be used for a
-	// passphrase
-	pool []byte
-)
-
-func init() {
-	pool = append(pool, []byte(asciiLowers)...)
-	pool = append(pool, []byte(asciiUppers)...)
-	pool = append(pool, []byte(asciiNumbers)...)
-	pool = append(pool, []byte(asciiSymbols)...)
-}
-
-// EncryptionKeyEngine is used to generate secure random passphrases
-type EncryptionKeyEngine struct {
-	rng  *rand.Rand
-	pool []byte
-}
-
-// NewEncryptionKeyEngine creates an PassphraseEngine using src. If src is nil,
-// the returned PassphraseEngine will use the default Source
-func NewEncryptionKeyEngine(src rand.Source) *EncryptionKeyEngine {
-	if src == nil {
-		src = &Source{}
-	}
-	return &EncryptionKeyEngine{
-		rng:  rand.New(src), //nolint:gosec
-		pool: pool,
-	}
-}
-
-// GenerateEncryptionKey returns a secure random string of length 24,
-// containing at least one of each from the following sets:
-// [0-9]
-// [a-z]
-// [A-Z]
-// [@#&-+=?]
-func (e *EncryptionKeyEngine) GenerateEncryptionKey() string {
-	return e.GenerateEncryptionKeyN(defaultLength)
-}
-
-// GenerateEncryptionKeyN returns a secure random string containing at least
-// one of each from the following sets. Its length will be max(length, 24)
-// [0-9]
-// [a-z]
-// [A-Z]
-// [@#&-+=?]
-func (e *EncryptionKeyEngine) GenerateEncryptionKeyN(length int) string {
-	if length < defaultLength {
-		length = defaultLength
-	}
-	var encryptionkey string
-	for !e.isValidEncryptionKey(encryptionkey) {
-		var sb strings.Builder
-		for i := 0; i < length; i++ {
-			randIndex := e.rng.Intn(len(e.pool))
-			randChar := e.pool[randIndex]
-			sb.WriteString(string(randChar))
-		}
-		encryptionkey = sb.String()
-	}
-	return encryptionkey
-}
-
-func (e *EncryptionKeyEngine) isValidEncryptionKey(encryptionkey string) bool {
-	if len(encryptionkey) < defaultLength {
-		return false
-	}
-
-	charSets := []string{
-		asciiLowers,
-		asciiUppers,
-		asciiNumbers,
-		asciiSymbols,
-	}
-	for _, charSet := range charSets {
-		if !strings.ContainsAny(encryptionkey, charSet) {
-			return false
-		}
-	}
-	return true
-}
--- a/pkg/secret/generate/encryptionkey_test.go
+++ b/pkg/secret/generate/encryptionkey_test.go
@ -1,115 +0,0 @@
-/*
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
-     https://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-*/
-
-package generate_test
-
-import (
-	"math/rand"
-	"strings"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-
-	"opendev.org/airship/airshipctl/pkg/secret/generate"
-)
-
-const (
-	asciiLowers  = "abcdefghijklmnopqrstuvwxyz"
-	asciiUppers  = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-	asciiNumbers = "0123456789"
-	asciiSymbols = "@#&-+=?"
-
-	defaultLength = 24
-)
-
-func TestDeterministicGenerateValidEncryptionKey(t *testing.T) {
-	assert := assert.New(t)
-	testSource := rand.NewSource(42)
-	engine := generate.NewEncryptionKeyEngine(testSource)
-
-	// pre-calculated for rand.NewSource(42)
-	expectedEncryptionKey := []string{
-		"erx&97vfqd7LN3HJ?t@oPhds",
-		"##Xeuvf5Njy@hNWSaRoleFkf",
-		"jB=kirg7acIt-=fx1Fb-tZ+7",
-		"eOS#W8yoAljSThPL2oT&aUZu",
-		"vlaQqKr-jXSCJfXYnvGik3b1",
-		"rBKtHZkOmFUM75?c2UWiZjdh",
-		"9g?QV?w6BCWN2EKAc+dZ-Jun",
-		"X@IIyqAg7Mz@Wm8eRE6KMEf3",
-		"7JpQkLd3ufhj4bLB8S=ipjNP",
-		"XC?bDaHTa3mrBYLMG@#B=Q0B",
-	}
-
-	for i, expected := range expectedEncryptionKey {
-		actual := engine.GenerateEncryptionKey()
-		assert.Equal(expected, actual, "Test #%d failed", i)
-	}
-}
-
-func TestNondeterministicGenerateValidEncryptionKey(t *testing.T) {
-	assert := assert.New(t)
-	// Due to the nondeterminism of random number generators, this
-	// functionality is impossible to fully test. Let's just generate
-	// enough passphrases that we can be confident in the randomness.
-	// Fortunately, Go is pretty fast, so we can do upward of 10,000 of
-	// these without slowing down the test too much
-	charSets := []string{
-		asciiLowers,
-		asciiUppers,
-		asciiNumbers,
-		asciiSymbols,
-	}
-
-	engine := generate.NewEncryptionKeyEngine(nil)
-	for i := 0; i < 10000; i++ {
-		passphrase := engine.GenerateEncryptionKey()
-		assert.Truef(len(passphrase) >= defaultLength,
-			"%s does not meet the length requirement", passphrase)
-
-		for _, charSet := range charSets {
-			assert.Truef(strings.ContainsAny(passphrase, charSet),
-				"%s does not contain any characters from [%s]",
-				passphrase, charSet)
-		}
-	}
-}
-
-func TestGenerateValidEncryptionKeyN(t *testing.T) {
-	assert := assert.New(t)
-	testSource := rand.NewSource(42)
-	engine := generate.NewEncryptionKeyEngine(testSource)
-	tests := []struct {
-		inputLegth     int
-		expectedLength int
-	}{
-		{
-			inputLegth:     10,
-			expectedLength: defaultLength,
-		},
-		{
-			inputLegth:     -5,
-			expectedLength: defaultLength,
-		},
-		{
-			inputLegth:     30,
-			expectedLength: 30,
-		},
-	}
-
-	for _, tt := range tests {
-		passphrase := engine.GenerateEncryptionKeyN(tt.inputLegth)
-		assert.Len(passphrase, tt.expectedLength)
-	}
-}
--- a/pkg/secret/generate/rngsource.go
+++ b/pkg/secret/generate/rngsource.go
@ -1,47 +0,0 @@
-/*
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
-     https://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-*/
-
-package generate
-
-import (
-	crypto "crypto/rand"
-	"encoding/binary"
-	"math/rand"
-
-	"opendev.org/airship/airshipctl/pkg/log"
-)
-
-// Source implements rand.Source
-type Source struct{}
-
-var _ rand.Source = &Source{}
-
-// Uint64 returns a secure random uint64 in the range [0, 1<<64]. It will fail
-// if an error is returned from the system's secure random number generator
-func (s *Source) Uint64() uint64 {
-	var value uint64
-	err := binary.Read(crypto.Reader, binary.BigEndian, &value)
-	if err != nil {
-		log.Fatalf("could not generate a random number: %s", err.Error())
-	}
-	return value
-}
-
-// Int63 returns a secure random int64 in the range [0, 1<<63]
-func (s *Source) Int63() int64 {
-	return int64(s.Uint64() & ^(uint64(1 << 63)))
-}
-
-// Seed does nothing, since Source will use the crypto library
-func (s *Source) Seed(_ int64) {}