rebasing and making some fixes

Author: scottisloud

plugins/redis/provisioner.go

@@ -14,69 +14,41 @@ func redisProvisioner() sdk.Provisioner {
 	return redisArgsProvisioner{}
 }
 
-func (p redisArgsProvisioner) Provision(ctx context.Context, in sdk.ProvisionInput, out *sdk.ProvisionOutput) {
-	listOfPossibleUserInputArguments := []string{
-		"--user",
-		"-h",
-		"-p",
-		"--pass",
-		"-a",
-	}
-
-	var (
-		commandLineContainsUserArgument     bool = false
-		commandLineContainsHostArgument     bool = false
-		commandLineContainsPortArgument     bool = false
-		commandLineContainsPasswordArgument bool = false
-	)
+// Redis CLI flags that, when already supplied by the user, signal that we
+// should not provision the corresponding field from the 1Password item.
+var (
+	hostFlags     = []string{"-h"}
+	portFlags     = []string{"-p"}
+	userFlags     = []string{"--user"}
+	passwordFlags = []string{"-a", "--pass"}
+)
 
-	for i, arg := range out.CommandLine {
-		for _, userArg := range listOfPossibleUserInputArguments {
-			if arg == userArg {
-				// Get the executable "redis-cli", the matched argument we are looking for and its value
-				commandLine := []string{out.CommandLine[0], out.CommandLine[i], out.CommandLine[i+1]}
-				// Remove the matched argument and its value as they will be added to the beginning of the command line
-				out.CommandLine = append(out.CommandLine[:i], out.CommandLine[i+2:]...)
-				// Add the executable "redis-cli", the matched argument and its value to the beginning of the command line
-				commandLine = append(commandLine, out.CommandLine[1:]...)
-				out.CommandLine = commandLine
-				// Controller to check if the user has already provided the argument
-				switch userArg {
-				case "--user":
-					commandLineContainsUserArgument = true
-				case "-h":
-					commandLineContainsHostArgument = true
-				case "-p":
-					commandLineContainsPortArgument = true
-				case "--pass", "-a":
-					commandLineContainsPasswordArgument = true
-				default:
-					break
-				}
-			}
-		}
-	}
+func (p redisArgsProvisioner) Provision(ctx context.Context, in sdk.ProvisionInput, out *sdk.ProvisionOutput) {
+	suppliedFlags := flagSet(out.CommandLine)
 
-	if value, ok := in.ItemFields[fieldname.Password]; ok && !commandLineContainsPasswordArgument {
+	// The password is passed via an environment variable so it never appears in
+	// the process's argument list. Skip it if the user already authenticated on
+	// the command line.
+	if value, ok := in.ItemFields[fieldname.Password]; ok && !containsAny(suppliedFlags, passwordFlags) {
 		out.AddEnvVar("REDISCLI_AUTH", value)
 	}
 
-	if value, ok := in.ItemFields[fieldname.Host]; ok && !commandLineContainsHostArgument {
-		commandLine := []string{out.CommandLine[0], "-h", value}
-		commandLine = append(commandLine, out.CommandLine[1:]...)
-		out.CommandLine = commandLine
+	// Collect the flags to inject first, then prepend them in a single pass.
+	// Mutating out.CommandLine while ranging over it risks index-out-of-range
+	// panics and stale reads, so we never modify it during inspection.
+	var injected []string
+	if value, ok := in.ItemFields[fieldname.Host]; ok && !containsAny(suppliedFlags, hostFlags) {
+		injected = append(injected, "-h", value)
 	}
-
-	if value, ok := in.ItemFields[fieldname.Username]; ok && !commandLineContainsUserArgument {
-		commandLine := []string{out.CommandLine[0], "--user", value}
-		commandLine = append(commandLine, out.CommandLine[1:]...)
-		out.CommandLine = commandLine
+	if value, ok := in.ItemFields[fieldname.Port]; ok && !containsAny(suppliedFlags, portFlags) {
+		injected = append(injected, "-p", value)
+	}
+	if value, ok := in.ItemFields[fieldname.Username]; ok && !containsAny(suppliedFlags, userFlags) {
+		injected = append(injected, "--user", value)
 	}
 
-	if value, ok := in.ItemFields[fieldname.Port]; ok && !commandLineContainsPortArgument {
-		commandLine := []string{out.CommandLine[0], "-p", value}
-		commandLine = append(commandLine, out.CommandLine[1:]...)
-		out.CommandLine = commandLine
+	if len(injected) > 0 {
+		out.CommandLine = prependArgs(out.CommandLine, injected)
 	}
 }
 
@@ -85,5 +57,40 @@ func (p redisArgsProvisioner) Deprovision(ctx context.Context, in sdk.Deprovisio
 }
 
 func (p redisArgsProvisioner) Description() string {
-	return "Provision redis secrets as command-line arguments."
+	return "Provision redis secrets as command-line arguments and the password as an environment variable."
+}
+
+// flagSet returns the set of arguments present on the command line, excluding
+// the executable name at index 0.
+func flagSet(commandLine []string) map[string]bool {
+	set := make(map[string]bool, len(commandLine))
+	for i, arg := range commandLine {
+		if i == 0 {
+			continue
+		}
+		set[arg] = true
+	}
+	return set
+}
+
+func containsAny(set map[string]bool, flags []string) bool {
+	for _, f := range flags {
+		if set[f] {
+			return true
+		}
+	}
+	return false
+}
+
+// prependArgs inserts args immediately after the executable name (index 0),
+// leaving the rest of the user-supplied command line intact.
+func prependArgs(commandLine []string, args []string) []string {
+	if len(commandLine) == 0 {
+		return append([]string{}, args...)
+	}
+	result := make([]string, 0, len(commandLine)+len(args))
+	result = append(result, commandLine[0])
+	result = append(result, args...)
+	result = append(result, commandLine[1:]...)
+	return result
 }

plugins/redis/user_credentials.go

@@ -19,7 +19,6 @@ func UserCredentials() schema.CredentialType {
 				MarkdownDescription: "Password used to authenticate to Redis server.",
 				Secret:              true,
 				Composition: &schema.ValueComposition{
-					Length: 32,
 					Charset: schema.Charset{
 						Uppercase: true,
 						Lowercase: true,

plugins/redis/user_credentials_test.go

@@ -22,7 +22,49 @@ func TestUserCredentialsProvisioner(t *testing.T) {
 				Environment: map[string]string{
 					"REDISCLI_AUTH": "pjtxpc2gaddifapjvalggspojexample",
 				},
-				CommandLine: []string{"redis-cli", "-p", "6379", "-h", "127.0.0.1", "--user", "example"}, // Each argument is provisioned at index 1, pushing the existing arguments forward to the next index
+				CommandLine: []string{"redis-cli", "-h", "127.0.0.1", "-p", "6379", "--user", "example"},
+			},
+		},
+		// User supplies some flags themselves: we must not duplicate them, but
+		// should still provision the fields they left out (and keep their args).
+		"user-supplied flags are respected": {
+			ItemFields: map[sdk.FieldName]string{
+				fieldname.Password: "pjtxpc2gaddifapjvalggspojexample",
+				fieldname.Username: "example",
+				fieldname.Host:     "127.0.0.1",
+				fieldname.Port:     "6379",
+			},
+			CommandLine: []string{"redis-cli", "-h", "myhost", "PING"},
+			ExpectedOutput: sdk.ProvisionOutput{
+				Environment: map[string]string{
+					"REDISCLI_AUTH": "pjtxpc2gaddifapjvalggspojexample",
+				},
+				CommandLine: []string{"redis-cli", "-p", "6379", "--user", "example", "-h", "myhost", "PING"},
+			},
+		},
+		// A recognized flag as the final token used to cause an index-out-of-range
+		// panic; ensure it is handled gracefully.
+		"recognized flag as last token": {
+			ItemFields: map[sdk.FieldName]string{
+				fieldname.Password: "pjtxpc2gaddifapjvalggspojexample",
+				fieldname.Host:     "127.0.0.1",
+			},
+			CommandLine: []string{"redis-cli", "-h"},
+			ExpectedOutput: sdk.ProvisionOutput{
+				Environment: map[string]string{
+					"REDISCLI_AUTH": "pjtxpc2gaddifapjvalggspojexample",
+				},
+				CommandLine: []string{"redis-cli", "-h"},
+			},
+		},
+		// User authenticates on the command line: don't also set the env var.
+		"password flag skips env var": {
+			ItemFields: map[sdk.FieldName]string{
+				fieldname.Password: "pjtxpc2gaddifapjvalggspojexample",
+			},
+			CommandLine: []string{"redis-cli", "-a", "mypassword"},
+			ExpectedOutput: sdk.ProvisionOutput{
+				CommandLine: []string{"redis-cli", "-a", "mypassword"},
 			},
 		},
 	})

sdk/provisioner.go

@@ -107,20 +107,6 @@ func (out *ProvisionOutput) AddArgs(args ...string) {
 	out.CommandLine = append(out.CommandLine, args...)
 }
 
-// AddArgsAtIndex can be used to add additional arguments to the command line of the provision output, at a specific index.
-func (out *ProvisionOutput) AddArgsAtIndex(index uint, args ...string) {
-	// Provision arguments at the end of the command line input to prevent out of bound errors. But, this isn't entirely a concern is the case of redis-cli where we always provision at index 1 and "redis-cli" is the minimum-required command
-	if index >= uint(len(out.CommandLine)) {
-		out.CommandLine = append(out.CommandLine, args...)
-		return
-	}
-	newCommandLine := []string{}
-	newCommandLine = append(newCommandLine, out.CommandLine[:index]...)
-	newCommandLine = append(newCommandLine, args...)
-	newCommandLine = append(newCommandLine, out.CommandLine[index:]...)
-	out.CommandLine = newCommandLine
-}
-
 // AddSecretFile can be used to add a file containing secrets to the provision output.
 func (out *ProvisionOutput) AddSecretFile(path string, contents []byte) {
 	out.AddFile(path, OutputFile{

sdk/schema/fieldname/names.go

@@ -72,6 +72,7 @@ func ListAll() []sdk.FieldName {
 		AccessToken,
 		Account,
 		AccountID,
+		AccountKey,
 		AccountSID,
 		Address,
 		AppKey,
@@ -111,6 +112,7 @@ func ListAll() []sdk.FieldName {
 		Token,
 		URL,
 		User,
+		UserKey,
 		Username,
 		Website,
 	}