[PATCH v2 8/9] tools: virsh: Add --interactive flag for secret-set-value command

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Simplify human usage of secret-set-value by adding --interactive which
will read the value of the secret from the terminal.

Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
 docs/manpages/virsh.rst |  7 +++++--
 tools/virsh-secret.c    | 22 +++++++++++++++++++++-
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index dbeac9232f..8841ae1b31 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -6563,14 +6563,17 @@ secret-set-value

 .. code-block::

-   secret-set-value secret (--file filename [--plain] | base64)
+   secret-set-value secret (--file filename [--plain] | --interactive | base64)

 Set the value associated with *secret* (specified by its UUID) to the value
 Base64-encoded value *base64* or Base-64-encoded contents of file named
 *filename*. Using the *--plain* flag is together with *--file* allows to use
 the file contents directly as the secret value.

-Note that *--file* and *base64* options are mutually exclusive.
+If *--interactive* flag is used the secret value is read as a password from the
+terminal.
+
+Note that *--file*, *--interactive* and *base64* options are mutually exclusive.

 Passing secrets via the *base64* option on command line is INSECURE and
 deprecated. Use the *--file* option instead.
diff --git a/tools/virsh-secret.c b/tools/virsh-secret.c
index 87f3cfff16..00a434e997 100644
--- a/tools/virsh-secret.c
+++ b/tools/virsh-secret.c
@@ -186,6 +186,10 @@ static const vshCmdOptDef opts_secret_set_value[] = {
      .type = VSH_OT_BOOL,
      .help = N_("read the secret from file without converting from base64")
     },
+    {.name = "interactive",
+     .type = VSH_OT_BOOL,
+     .help = N_("read the secret from the terminal")
+    },
     {.name = "base64",
      .type = VSH_OT_STRING,
      .help = N_("base64-encoded secret value")
@@ -204,10 +208,14 @@ cmdSecretSetValue(vshControl *ctl, const vshCmd *cmd)
     unsigned char *value;
     size_t value_size;
     bool plain = vshCommandOptBool(cmd, "plain");
+    bool interactive = vshCommandOptBool(cmd, "interactive");
     int res;

     VSH_EXCLUSIVE_OPTIONS("file", "base64");
     VSH_EXCLUSIVE_OPTIONS("plain", "base64");
+    VSH_EXCLUSIVE_OPTIONS("interactive", "base64");
+    VSH_EXCLUSIVE_OPTIONS("interactive", "plain");
+    VSH_EXCLUSIVE_OPTIONS("interactive", "file");

     if (!(secret = virshCommandOptSecret(ctl, cmd, NULL)))
         return false;
@@ -218,7 +226,7 @@ cmdSecretSetValue(vshControl *ctl, const vshCmd *cmd)
     if (vshCommandOptStringReq(ctl, cmd, "file", &filename) < 0)
         return false;

-    if (!base64 && !filename) {
+    if (!base64 && !filename && !interactive) {
         vshError(ctl, _("Input secret value is missing"));
         return false;
     }
@@ -238,6 +246,18 @@ cmdSecretSetValue(vshControl *ctl, const vshCmd *cmd)
         base64 = file_buf;
     }

+    if (interactive) {
+        vshPrint(ctl, "%s", _("Enter new value for secret:"));
+        fflush(stdout);
+
+        if (!(file_buf = getpass(""))) {
+            vshError(ctl, "%s", _("Failed to read secret"));
+            return false;
+        }
+        file_len = strlen(file_buf);
+        plain = true;
+    }
+
     if (plain) {
         value = g_steal_pointer(&file_buf);
         value_size = file_len;
-- 
2.24.1





[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux