Merge pull request #350 from stelligent/issue-344

Prompt user before overwriting password

Author: cplee

Gopkg.lock

@@ -72,10 +72,6 @@
   name = "gopkg.in/src-d/go-git.v4"
   version = "4.7.0"
 
-[[constraint]]
-  branch = "master"
-  name = "github.com/howeyc/gopass"
-
 [[override]]
   name = "k8s.io/api"
   version = "kubernetes-1.11.2"
@@ -98,4 +94,8 @@
 
 [prune]
   go-tests = true
-  unused-packages = true
+  unused-packages = true
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/tcnksm/go-input"

Gopkg.toml

@@ -4,9 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"os"
-	"strings"
 
-	"github.com/howeyc/gopass"
 	"github.com/stelligent/mu/common"
 	"github.com/stelligent/mu/workflows"
 	"github.com/urfave/cli"
@@ -117,10 +115,9 @@ func newDatabaseSetPasswordCommand(ctx *common.Context) *cli.Command {
 				cli.ShowCommandHelp(c, "database")
 				return errors.New("environment must be provided")
 			}
-			var newPassword string
-			byteToken, err := gopass.GetPasswdPrompt("  Database password: ", true, os.Stdin, os.Stdout)
-			if err == nil {
-				newPassword = strings.TrimSpace(string(byteToken))
+			cliExtension := new(common.CliAdditions)
+			newPassword, err := cliExtension.GetPasswdPrompt("  Database password: ")
+			if err != nil {
 				fmt.Println("")
 			}
 			serviceName := c.Args().Get(1)

cli/databases.go

@@ -6,7 +6,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/howeyc/gopass"
 	"github.com/stelligent/mu/common"
 	"github.com/stelligent/mu/workflows"
 	"github.com/urfave/cli"
@@ -73,9 +72,10 @@ func newPipelinesUpsertCommand(ctx *common.Context) *cli.Command {
 			workflow := workflows.NewPipelineUpserter(ctx, func(required bool) string {
 				if required && token == "" {
 					fmt.Println("CodePipeline requires a personal access token from GitHub - https://github.com/settings/tokens")
-					byteToken, err := gopass.GetPasswdPrompt("  GitHub token: ", true, os.Stdin, os.Stdout)
-					if err == nil {
-						token = strings.TrimSpace(string(byteToken))
+					cliExtension := new(common.CliAdditions)
+					var err error
+					token, err = cliExtension.GetPasswdPrompt("  GitHub token: ")
+					if err != nil {
 						fmt.Println("")
 					}
 				}

cli/pipelines.go

@@ -0,0 +1,66 @@
+package common
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	input "github.com/tcnksm/go-input"
+)
+
+// CliExtension is an interface for defining extended cli actions
+type CliExtension interface {
+	Prompt(message string, def bool) (bool, error)
+}
+
+// CliAdditions exposes methods to prompt the user for cli input
+type CliAdditions struct{}
+
+// Prompt prompts the user to answer a yes/no question
+func (cli *CliAdditions) Prompt(message string, def bool) (bool, error) {
+
+	ui := NewUI()
+	defPrompt := "no"
+	if def {
+		defPrompt = "yes"
+	}
+	answer, err := ui.Ask(message, &input.Options{
+		Default:  defPrompt,
+		Required: true,
+		Loop:     true,
+		ValidateFunc: func(s string) error {
+			if s != "y" && s != "n" {
+				return fmt.Errorf("input must be y or n")
+			}
+			return nil
+		},
+	})
+	line := strings.ToLower(answer)
+	if line == "y" {
+		return true, err
+	}
+	if line == "n" {
+		return false, err
+	}
+	return def, err
+}
+
+// GetPasswdPrompt prompts the user to enter a password
+func (cli *CliAdditions) GetPasswdPrompt(message string) (string, error) {
+	ui := NewUI()
+	password, err := ui.Ask(message, &input.Options{
+		Required:    true,
+		Loop:        true,
+		Mask:        true,
+		MaskDefault: true,
+	})
+	return strings.TrimSpace(password), err
+}
+
+// NewUI returns a new input.UI bound to Std(in/out)
+func NewUI() *input.UI {
+	return &input.UI{
+		Writer: os.Stdout,
+		Reader: os.Stdin,
+	}
+}

common/cli_extension.go

@@ -0,0 +1,49 @@
+package common
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/stretchr/testify/mock"
+)
+
+type mockedCliPrompt struct {
+	mock.Mock
+}
+
+func (m *mockedCliPrompt) Prompt(prompt string, def bool) (bool, error) {
+	args := m.Called(prompt, def)
+	return args.Bool(0), args.Error(1)
+}
+
+func TestPrompt_True(t *testing.T) {
+	assert := assert.New(t)
+
+	cli := new(mockedCliPrompt)
+	cli.On("Prompt", "foo", true).Return(true, nil)
+
+	answer, err := cli.Prompt("foo", true)
+
+	assert.Nil(err)
+
+	cli.AssertExpectations(t)
+	cli.AssertNumberOfCalls(t, "Prompt", 1)
+
+	assert.Equal(answer, true)
+}
+func TestPrompt_False(t *testing.T) {
+	assert := assert.New(t)
+
+	cli := new(mockedCliPrompt)
+	cli.On("Prompt", "foo", true).Return(false, nil)
+
+	answer, err := cli.Prompt("foo", true)
+
+	assert.Nil(err)
+
+	cli.AssertExpectations(t)
+	cli.AssertNumberOfCalls(t, "Prompt", 1)
+
+	assert.Equal(answer, false)
+}

common/cli_extension_test.go

@@ -3,6 +3,7 @@ package workflows
 import (
 	"crypto/rand"
 	"fmt"
+	"os"
 	"strconv"
 	"strings"
 
@@ -17,13 +18,15 @@ func NewDatabaseUpserter(ctx *common.Context, environmentName string) Executor {
 	workflow.codeRevision = ctx.Config.Repo.Revision
 	workflow.repoName = ctx.Config.Repo.Slug
 
+	cliExtension := new(common.CliAdditions)
 	ecsImportParams := make(map[string]string)
 
 	return newPipelineExecutor(
 		workflow.databaseInput(ctx, "", environmentName),
 		workflow.databaseEnvironmentLoader(ctx.Config.Namespace, environmentName, ctx.StackManager, ecsImportParams, ctx.ElbManager),
 		workflow.databaseRolesetUpserter(ctx.RolesetManager, ctx.RolesetManager, environmentName),
-		workflow.databaseDeployer(ctx.Config.Namespace, &ctx.Config.Service, ecsImportParams, environmentName, ctx.StackManager, ctx.StackManager, ctx.RdsManager, ctx.ParamManager),
+		workflow.databaseMasterPassword(ctx.Config.Namespace, &ctx.Config.Service, &ecsImportParams, environmentName, ctx.ParamManager, cliExtension),
+		workflow.databaseDeployer(ctx.Config.Namespace, &ctx.Config.Service, ecsImportParams, environmentName, ctx.StackManager, ctx.StackManager, ctx.RdsManager),
 	)
 }
 
@@ -74,7 +77,47 @@ func (workflow *databaseWorkflow) databaseRolesetUpserter(rolesetUpserter common
 	}
 }
 
-func (workflow *databaseWorkflow) databaseDeployer(namespace string, service *common.Service, stackParams map[string]string, environmentName string, stackUpserter common.StackUpserter, stackWaiter common.StackWaiter, rdsSetter common.RdsIamAuthenticationSetter, paramManager common.ParamManager) Executor {
+// Fetch password parameter if needed
+func (workflow *databaseWorkflow) databaseMasterPassword(namespace string,
+	service *common.Service, params *map[string]string, environmentName string,
+	paramManager common.ParamManager, cliExtension common.CliExtension) Executor {
+	return func() error {
+
+		dbStackName := common.CreateStackName(namespace, common.StackTypeDatabase, workflow.serviceName, environmentName)
+		masterPasswordSSMParam := service.Database.MasterPasswordSSMParam
+		//DatabaseMasterPassword:
+		if masterPasswordSSMParam == "" {
+			dbPassSSMParam := fmt.Sprintf("%s-%s", dbStackName, "DatabaseMasterPassword")
+			dbPassVersion, err := paramManager.ParamVersion(dbPassSSMParam)
+			if err != nil {
+				log.Warningf("Error with ParamVersion for DatabaseMasterPassword, assuming empty: %s", err)
+				answer, err := cliExtension.Prompt("Error retrieving DatabaseMasterPassword. Set a new DatabaseMasterPassword", false)
+				if err != nil {
+					log.Errorf("Error with command input: %s", err)
+					os.Exit(1)
+				}
+				if !answer {
+					os.Exit(126)
+				}
+			}
+			if dbPassVersion == 0 {
+				dbPass := randomPassword(32)
+				err = paramManager.SetParam(dbPassSSMParam, dbPass, workflow.databaseKeyArn)
+				if err != nil {
+					return err
+				}
+				dbPassVersion = 1
+			}
+			masterPasswordSSMParam = fmt.Sprintf("{{resolve:ssm-secure:%s:%d}}", dbPassSSMParam, dbPassVersion)
+		} else {
+			masterPasswordSSMParam = fmt.Sprintf("{{resolve:ssm-secure:%s}}", masterPasswordSSMParam)
+		}
+		(*params)["DatabaseMasterPassword"] = masterPasswordSSMParam
+		return nil
+	}
+}
+
+func (workflow *databaseWorkflow) databaseDeployer(namespace string, service *common.Service, stackParams map[string]string, environmentName string, stackUpserter common.StackUpserter, stackWaiter common.StackWaiter, rdsSetter common.RdsIamAuthenticationSetter) Executor {
 	return func() error {
 
 		if service.Database.Name == "" {
@@ -102,26 +145,6 @@ func (workflow *databaseWorkflow) databaseDeployer(namespace string, service *co
 		stackParams["DatabaseMasterUsername"] = "admin"
 		common.NewMapElementIfNotEmpty(stackParams, "DatabaseMasterUsername", dbConfig.MasterUsername)
 
-		//DatabaseMasterPassword:
-		if service.Database.MasterPasswordSSMParam == "" {
-			dbPassSSMParam := fmt.Sprintf("%s-%s", dbStackName, "DatabaseMasterPassword")
-			dbPassVersion, err := paramManager.ParamVersion(dbPassSSMParam)
-			if err != nil {
-				log.Warningf("Error with ParamVersion for DatabaseMasterPassword, assuming empty: %s", err)
-			}
-			if dbPassVersion == 0 {
-				dbPass := randomPassword(32)
-				err = paramManager.SetParam(dbPassSSMParam, dbPass, workflow.databaseKeyArn)
-				if err != nil {
-					return err
-				}
-				dbPassVersion = 1
-			}
-			service.Database.MasterPasswordSSMParam = fmt.Sprintf("{{resolve:ssm-secure:%s:%d}}", dbPassSSMParam, dbPassVersion)
-		} else {
-			service.Database.MasterPasswordSSMParam = fmt.Sprintf("{{resolve:ssm-secure:%s}}", service.Database.MasterPasswordSSMParam)
-		}
-		stackParams["DatabaseMasterPassword"] = service.Database.MasterPasswordSSMParam
 		stackParams["DatabaseKeyArn"] = workflow.databaseKeyArn
 
 		tags := createTagMap(&DatabaseTags{