Skip to content

Commit dda6e34

Browse files
committed
fix(migrate): migrate store password if using matching pam provider
1 parent a71bbdd commit dda6e34

3 files changed

Lines changed: 61 additions & 10 deletions

File tree

cmd/migrate.go

Lines changed: 58 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -117,6 +117,8 @@ var migrateCheckCmd = &cobra.Command{
117117
certStoreGuids[store.Id] = true
118118
}
119119
}
120+
121+
// TODO: check Password field for PAM usage
120122
}
121123

122124
// print out list of Cert Store GUIDs
@@ -356,19 +358,68 @@ var migratePamCmd = &cobra.Command{
356358
fmt.Println("^^^ SECRETS REFORMATTED ^^^")
357359
}
358360

361+
// check Store Password for PAM field, and process migration if applicable
362+
var storePassword *api.UpdateStorePasswordConfig
363+
if certStore.Password.IsManaged { // managed secret, i.e. PAM Provider in use
364+
365+
// check if Pam Secret is using our migrating provider
366+
fmt.Println(*fromPamProvider.Id, " <= from id equals store password id => ", int32(certStore.Password.ProviderId))
367+
fmt.Println(*fromPamProvider.Id == int32(certStore.Password.ProviderId))
368+
if *fromPamProvider.Id == int32(certStore.Password.ProviderId) {
369+
// Pam Secret that Needs to be migrated
370+
var storePasswordInterface map[string]interface{}
371+
// marshal and unmarshal strongly typed store password to match
372+
// expected map[string]interface{} typing for helper function
373+
storePasswordJson, _ := json.Marshal(certStore.Password)
374+
json.Unmarshal(storePasswordJson, &storePasswordInterface)
375+
376+
// migrate secret using helper function
377+
var updateStorePasswordInterface map[string]interface{}
378+
updateStorePasswordInterface = buildMigratedPamSecret(storePasswordInterface, fromProviderLevelParamValues, *migrationTargetPamProvider.Id)
379+
380+
// finally, transform the migrated secret back to the strongly typed input for API client
381+
updateStorePasswordJson, _ := json.Marshal(updateStorePasswordInterface)
382+
json.Unmarshal(updateStorePasswordJson, &storePassword)
383+
} else {
384+
// leave Store Password untouched: set to null
385+
storePassword = nil
386+
}
387+
} else {
388+
// non-managed secret i.e. a KF-encrypted secret, or no value
389+
// instead of reformatting, send null to effect no change
390+
storePassword = nil
391+
}
392+
359393
// update property object
360394
// set required fields, and new Properties
361395
updateStoreArgs := api.UpdateStoreFctArgs{
362-
Id: certStore.Id,
363-
ClientMachine: certStore.ClientMachine,
364-
StorePath: certStore.StorePath,
365-
AgentId: certStore.AgentId,
366-
Properties: certStore.Properties,
367-
Password: &certStore.Password, // TODO: secret field, needs to be processed the same as other secret fields
396+
Id: certStore.Id,
397+
ClientMachine: certStore.ClientMachine,
398+
StorePath: certStore.StorePath,
399+
AgentId: certStore.AgentId,
400+
Properties: certStore.Properties,
401+
Password: storePassword,
402+
// the password should be set to null (omitted) when it is not meant to be updated
403+
// however it will need to be migrated if it is a matching PAM secret
404+
// check formatting to see if it's a PAM secret
405+
// then update to new provider format if it matches
406+
// otherwise omit / set to null
407+
408+
// password PAM format:
409+
// { Provider: integer id,
410+
// Parameters: { paramname:value
411+
// Safe: safe,
412+
// Folder: folder,
413+
// Object: object }}
368414
InventorySchedule: &certStore.InventorySchedule,
369415
CertStoreInventoryJobId: &certStore.CertStoreInventoryJobId,
370416
}
371417

418+
fmt.Println("vvv REQUESTED UPDATE TO STORE vvv")
419+
jobject, _ := json.MarshalIndent(updateStoreArgs, "", " ")
420+
fmt.Println(string(jobject))
421+
fmt.Println("^^^ REQUESTED UPDATE TO STORE ^^^")
422+
372423
// TODO: use updated client when API endpoint available
373424
updatedStore, rErr := legacyClient.UpdateStore(&updateStoreArgs)
374425

@@ -378,7 +429,7 @@ var migratePamCmd = &cobra.Command{
378429
}
379430

380431
fmt.Println("vvv UPDATED STORE vvv")
381-
jobject, _ := json.MarshalIndent(updatedStore, "", " ")
432+
jobject, _ = json.MarshalIndent(updatedStore, "", " ")
382433
fmt.Println(string(jobject))
383434
fmt.Println("^^^ UPDATED STORE ^^^")
384435

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ require (
1111
github.com/Jeffail/gabs v1.4.0
1212
github.com/Keyfactor/keyfactor-auth-client-go v1.3.0
1313
github.com/Keyfactor/keyfactor-go-client-sdk/v2 v2.0.0
14-
github.com/Keyfactor/keyfactor-go-client/v3 v3.1.0
14+
github.com/Keyfactor/keyfactor-go-client/v3 v3.2.0-rc.5
1515
github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2
1616
github.com/creack/pty v1.1.24
1717
github.com/google/go-cmp v0.7.0

go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,8 +22,8 @@ github.com/Keyfactor/keyfactor-auth-client-go v1.3.0 h1:otC213b6CYzqeN9b3CRlH1Qj
2222
github.com/Keyfactor/keyfactor-auth-client-go v1.3.0/go.mod h1:97vCisBNkdCK0l2TuvOSdjlpvQa4+GHsMut1UTyv1jo=
2323
github.com/Keyfactor/keyfactor-go-client-sdk/v2 v2.0.0 h1:ehk5crxEGVBwkC8yXsoQXcyITTDlgbxMEkANrl1dA2Q=
2424
github.com/Keyfactor/keyfactor-go-client-sdk/v2 v2.0.0/go.mod h1:11WXGG9VVKSV0EPku1IswjHbGGpzHDKqD4pe2vD7vas=
25-
github.com/Keyfactor/keyfactor-go-client/v3 v3.1.0 h1:DQgb93m3xHZZ0FxWGFS90XI8prwS5fmIGrXNxP2IfHM=
26-
github.com/Keyfactor/keyfactor-go-client/v3 v3.1.0/go.mod h1:LhIBGzTZeZ6o4i0gNg4qmwpwBnkoI6AfcEz8PLKruvc=
25+
github.com/Keyfactor/keyfactor-go-client/v3 v3.2.0-rc.5 h1:sDdRCGa94GLSBL6mNFiSOuQZ9e9qZmUL1LYpCzESbXo=
26+
github.com/Keyfactor/keyfactor-go-client/v3 v3.2.0-rc.5/go.mod h1:a7voCNCgvf+TbQxEno/xQ3wRJ+wlJRJKruhNco50GV8=
2727
github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2 h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s=
2828
github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2/go.mod h1:HBCaDeC1lPdgDeDbhX8XFpy1jqjK0IBG8W5K+xYqA0w=
2929
github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=

0 commit comments

Comments
 (0)