Update the cli for attributes.

Author: brotskydotcom

examples/cli.rs

@@ -1,6 +1,7 @@
 extern crate keyring;
 
 use clap::Parser;
+use std::collections::HashMap;
 
 use keyring::{Entry, Error, Result};
 
@@ -21,40 +22,57 @@ fn main() {
     };
     match &args.command {
         Command::Set { .. } => {
-            let (secret, password) = args.get_password();
+            let (secret, password, attributes) = args.get_password_and_attributes();
+            if secret.is_none() && password.is_none() && attributes.is_none() {
+                eprintln!("You must provide either a password or attributes to the set command");
+                std::process::exit(1);
+            }
             if let Some(secret) = secret {
                 match entry.set_secret(&secret) {
-                    Ok(()) => args.success_message_for(Some(&secret), None),
+                    Ok(()) => args.success_message_for(Some(&secret), None, None),
                     Err(err) => args.error_message_for(err),
                 }
-            } else if let Some(password) = password {
+            }
+            if let Some(password) = password {
                 match entry.set_password(&password) {
-                    Ok(()) => args.success_message_for(None, Some(&password)),
+                    Ok(()) => args.success_message_for(None, Some(&password), None),
                     Err(err) => args.error_message_for(err),
                 }
-            } else {
-                if args.verbose {
-                    eprintln!("You must provide a password to the set command");
+            }
+            if let Some(attributes) = attributes {
+                let attrs: HashMap<&str, &str> = attributes
+                    .iter()
+                    .map(|(key, value)| (key.as_str(), value.as_str()))
+                    .collect();
+                match entry.update_attributes(&attrs) {
+                    Ok(()) => args.success_message_for(None, None, Some(attributes)),
+                    Err(err) => args.error_message_for(err),
                 }
-                std::process::exit(1)
             }
         }
         Command::Password => match entry.get_password() {
             Ok(password) => {
                 println!("{password}");
-                args.success_message_for(None, Some(&password));
+                args.success_message_for(None, Some(&password), None);
             }
             Err(err) => args.error_message_for(err),
         },
         Command::Secret => match entry.get_secret() {
             Ok(secret) => {
                 println!("{}", secret_string(&secret));
-                args.success_message_for(Some(&secret), None);
+                args.success_message_for(Some(&secret), None, None);
+            }
+            Err(err) => args.error_message_for(err),
+        },
+        Command::Attributes => match entry.get_attributes() {
+            Ok(attributes) => {
+                println!("{}", attributes_string(&attributes));
+                args.success_message_for(None, None, Some(attributes));
             }
             Err(err) => args.error_message_for(err),
         },
         Command::Delete => match entry.delete_credential() {
-            Ok(()) => args.success_message_for(None, None),
+            Ok(()) => args.success_message_for(None, None, None),
             Err(err) => args.error_message_for(err),
         },
     }
@@ -87,8 +105,15 @@ pub struct Cli {
 
 #[derive(Debug, Parser)]
 pub enum Command {
-    /// Set the password in the secure store
+    /// Set the password and, optionally, attributes in the secure store
     Set {
+        #[clap(short, long, action)]
+        /// The password is base64-encoded binary
+        binary: bool,
+
+        #[clap(short, long, value_parser, default_value = "")]
+        attributes: String,
+
         #[clap(value_parser)]
         /// The password to set into the secure store.
         /// If it's a valid base64 encoding (with padding),
@@ -105,7 +130,8 @@ pub enum Command {
     /// Retrieve the (binary) secret from the secure store
     /// and write it in base64 encoding to the standard output.
     Secret,
-    /// Delete the underlying credential from the secure store.
+    /// Retrieve attributes available in the secure store.
+    Attributes,
     Delete,
 }
 
@@ -146,6 +172,9 @@ impl Cli {
                     Command::Secret => {
                         eprintln!("Couldn't get secret for '{description}': {err}");
                     }
+                    Command::Attributes => {
+                        eprintln!("Couldn't get attributes for '{description}': {err}");
+                    }
                     Command::Delete => {
                         eprintln!("Couldn't delete credential for '{description}': {err}");
                     }
@@ -155,7 +184,12 @@ impl Cli {
         std::process::exit(1)
     }
 
-    fn success_message_for(&self, secret: Option<&[u8]>, password: Option<&str>) {
+    fn success_message_for(
+        &self,
+        secret: Option<&[u8]>,
+        password: Option<&str>,
+        attributes: Option<HashMap<String, String>>,
+    ) {
         if !self.verbose {
             return;
         }
@@ -169,6 +203,10 @@ impl Cli {
                     let secret = secret_string(secret);
                     eprintln!("Set secret for '{description}' to decode of '{secret}'");
                 }
+                if let Some(attributes) = attributes {
+                    eprintln!("Set attributes for '{description}' to:");
+                    eprint_attributes(attributes);
+                }
             }
             Command::Password => {
                 let pw = password.unwrap();
@@ -178,23 +216,48 @@ impl Cli {
                 let secret = secret_string(secret.unwrap());
                 eprintln!("Secret for '{description}' encodes as {secret}");
             }
+            Command::Attributes => {
+                let attributes = attributes.unwrap();
+                if attributes.is_empty() {
+                    eprintln!("No attributes found for '{description}'");
+                } else {
+                    eprintln!("Attributes for '{description}' are:");
+                    eprint_attributes(attributes);
+                }
+            }
             Command::Delete => {
                 eprintln!("Successfully deleted credential for '{description}'");
             }
         }
     }
 
-    fn get_password(&self) -> (Option<Vec<u8>>, Option<String>) {
-        match &self.command {
-            Command::Set { password: Some(pw) } => password_or_secret(pw),
-            Command::Set { password: None } => {
-                if let Ok(password) = rpassword::prompt_password("Password: ") {
-                    password_or_secret(&password)
-                } else {
-                    (None, None)
-                }
-            }
-            _ => (None, None),
+    fn get_password_and_attributes(
+        &self,
+    ) -> (
+        Option<Vec<u8>>,
+        Option<String>,
+        Option<HashMap<String, String>>,
+    ) {
+        if let Command::Set {
+            binary,
+            attributes,
+            password,
+        } = &self.command
+        {
+            let secret = if *binary {
+                Some(decode_secret(password))
+            } else {
+                None
+            };
+            let password = if !*binary {
+                Some(read_password(password))
+            } else {
+                None
+            };
+            let attributes = parse_attributes(attributes);
+            (secret, password, attributes)
+        } else {
+            panic!("Can't happen: asking for password and attributes on non-set command")
         }
     }
 }
@@ -205,11 +268,62 @@ fn secret_string(secret: &[u8]) -> String {
     BASE64_STANDARD.encode(secret)
 }
 
-fn password_or_secret(input: &str) -> (Option<Vec<u8>>, Option<String>) {
+fn eprint_attributes(attributes: HashMap<String, String>) {
+    for (key, value) in attributes {
+        println!("    {key}: {value}");
+    }
+}
+
+fn decode_secret(input: &Option<String>) -> Vec<u8> {
     use base64::prelude::*;
 
-    match BASE64_STANDARD.decode(input) {
-        Ok(secret) => (Some(secret), None),
-        Err(_) => (None, Some(input.to_string())),
+    let encoded = if let Some(input) = input {
+        input.clone()
+    } else {
+        rpassword::prompt_password("Base64 encoding: ").unwrap_or_else(|_| String::new())
+    };
+    if encoded.is_empty() {
+        return Vec::new();
+    }
+    match BASE64_STANDARD.decode(encoded) {
+        Ok(secret) => secret,
+        Err(err) => {
+            eprintln!("Sorry, the provided secret data is not base64-encoded: {err}");
+            std::process::exit(1);
+        }
+    }
+}
+
+fn read_password(input: &Option<String>) -> String {
+    let password = if let Some(input) = input {
+        input.clone()
+    } else {
+        rpassword::prompt_password("Password: ").unwrap_or_else(|_| String::new())
+    };
+    password
+}
+
+fn attributes_string(attributes: &HashMap<String, String>) -> String {
+    let strings = attributes
+        .iter()
+        .map(|(k, v)| format!("{}={}", k, v))
+        .collect::<Vec<_>>();
+    strings.join(",")
+}
+
+fn parse_attributes(input: &String) -> Option<HashMap<String, String>> {
+    if input.is_empty() {
+        return None;
+    }
+    let mut attributes = HashMap::new();
+    let parts = input.split(',');
+    for s in parts.into_iter() {
+        let parts: Vec<&str> = s.split("=").collect();
+        if parts.len() != 2 || parts[0].is_empty() {
+            eprintln!("Sorry, this part of the attributes string is not a key=val pair: {s}");
+            std::process::exit(1);
+        }
+        attributes.insert(parts[0].to_string(), parts[1].to_string());
     }
+    Some(attributes)
 }