From 64ccfb88e31207c0ad2090496613939403f50a7d Mon Sep 17 00:00:00 2001
From: Mike Crute <mike@crute.us>
Date: Sat, 21 May 2022 13:15:52 -0700
Subject: cli: support Vault credentials

---
 cli/annotated_config.go | 18 ++++++++++++++----
 cli/tolerant_pflag.go   | 12 +++++++-----
 2 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/cli/annotated_config.go b/cli/annotated_config.go
index 074f8ac..8b89b3b 100644
--- a/cli/annotated_config.go
+++ b/cli/annotated_config.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"log"
 	"reflect"
+	"strings"
 	"time"
 
 	"code.crute.us/mcrute/golib/vault"
@@ -19,7 +20,6 @@ func MustGetConfig(cmd *cobra.Command, out interface{}) {
 func GetConfig(cmd *cobra.Command, out interface{}) error {
 	t := reflect.TypeOf(out).Elem()
 	o := reflect.ValueOf(out).Elem()
-	o.FieldByName("TemplateGlob").Set(reflect.ValueOf("test"))
 
 	for i := 0; i < t.NumField(); i++ {
 		tf := t.Field(i)
@@ -109,7 +109,7 @@ func GetConfig(cmd *cobra.Command, out interface{}) error {
 				if err != nil {
 					return fmt.Errorf("Error getting %s from vault: %w", name, err)
 				}
-				f.Set(reflect.ValueOf(VaultCredential{vk.Username, vk.Password}))
+				f.Set(reflect.ValueOf(VaultCredential{v, vk.Username, vk.Password}))
 			} else {
 				return fmt.Errorf("type %s is not supported for field %s", tf.Type, tf.Name)
 			}
@@ -121,6 +121,15 @@ func GetConfig(cmd *cobra.Command, out interface{}) error {
 	return nil
 }
 
+func inScope(desired, allowed string) bool {
+	for _, i := range strings.Split(allowed, ",") {
+		if strings.TrimSpace(i) == desired {
+			return true
+		}
+	}
+	return false
+}
+
 func AddFlags(cmd *cobra.Command, cfg interface{}, def interface{}, scope string) error {
 	t := reflect.TypeOf(cfg).Elem()
 	d := reflect.ValueOf(def).Elem()
@@ -135,7 +144,8 @@ func AddFlags(cmd *cobra.Command, cfg interface{}, def interface{}, scope string
 		}
 
 		// Non-matching scopes should not bind here (note root is "")
-		if f.Tag.Get("flag-scope") != scope {
+		// Scopes can be a comma separated list
+		if !inScope(scope, f.Tag.Get("flag-scope")) {
 			continue
 		}
 
@@ -188,7 +198,7 @@ func AddFlags(cmd *cobra.Command, cfg interface{}, def interface{}, scope string
 			}
 		case reflect.Struct:
 			if f.Type.AssignableTo(reflect.TypeOf(VaultCredential{})) { // cli.VaultCredential
-				cmd.PersistentFlags().String(name, "", help)
+				cmd.PersistentFlags().String(name, defV.(VaultCredential).Path, help)
 			} else {
 				return fmt.Errorf("type %s is not supported for field %s", f.Type, f.Name)
 			}
diff --git a/cli/tolerant_pflag.go b/cli/tolerant_pflag.go
index b77939c..e9a1423 100644
--- a/cli/tolerant_pflag.go
+++ b/cli/tolerant_pflag.go
@@ -10,7 +10,7 @@ import (
 )
 
 type VaultCredential struct {
-	Username, Password string
+	Path, Username, Password string
 }
 
 type TolerantPflagSet struct {
@@ -43,17 +43,19 @@ func (f *TolerantPflagSet) MayGetStringSlice(n string) []string {
 }
 
 func (f *TolerantPflagSet) MayGetVaultCredential(n string) VaultCredential {
-	vk, err := vault.GetVaultKey(f.MayGetString(n))
+	p := f.MayGetString(n)
+	vk, err := vault.GetVaultKey(p)
 	if err != nil {
 		return VaultCredential{}
 	}
-	return VaultCredential{vk.Username, vk.Password}
+	return VaultCredential{p, vk.Username, vk.Password}
 }
 
 func (f *TolerantPflagSet) MustGetVaultCredential(n string) VaultCredential {
-	vk, err := vault.GetVaultKey(f.MayGetString(n))
+	p := f.MayGetString(n)
+	vk, err := vault.GetVaultKey(p)
 	if err != nil {
 		log.Fatalf("Error getting %s from vault: %w", n, err)
 	}
-	return VaultCredential{vk.Username, vk.Password}
+	return VaultCredential{p, vk.Username, vk.Password}
 }
-- 
cgit v1.2.3