docker
diff --git a/‎go.work.sum‎
Lines changed: 1 addition & 0 deletions b/‎go.work.sum‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎store/examples/secret.go‎
Lines changed: 7 additions & 2 deletions b/‎store/examples/secret.go‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎store/go.sum‎
Lines changed: 0 additions & 1 deletion b/‎store/go.sum‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎store/keychain/cmd/main.go‎
Lines changed: 6 additions & 8 deletions b/‎store/keychain/cmd/main.go‎
Lines changed: 6 additions & 8 deletions
diff --git a/‎store/keychain/keychain.go‎
Lines changed: 1 addition & 1 deletion b/‎store/keychain/keychain.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎store/keychain/keychain_darwin.go‎
Lines changed: 55 additions & 21 deletions b/‎store/keychain/keychain_darwin.go‎
Lines changed: 55 additions & 21 deletions
diff --git a/‎store/keychain/keychain_darwin_test.go‎
Lines changed: 8 additions & 0 deletions b/‎store/keychain/keychain_darwin_test.go‎
Lines changed: 8 additions & 0 deletions
@@ -18,6 +18,7 @@ github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f h1:
 github.com/envoyproxy/go-control-plane v0.11.1-0.20230524094728-9239064ad72f/go.mod h1:sfYdkwUW4BA3PbKjySwjJy+O4Pu0h62rlqCMHNk+K+Q=
 github.com/envoyproxy/protoc-gen-validate v0.10.1 h1:c0g45+xCJhdgFGw7a5QAfdS4byAbud7miNWJ1WwEVf8=
 github.com/envoyproxy/protoc-gen-validate v0.10.1/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss=
+github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE=
 github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 
@@ -10,7 +10,7 @@ import (
 type secret struct {
 	AccessToken  string
 	RefreshToken string
-	Attributes   map[string]any
+	Attributes   map[string]string
 }
 
 var _ secrets.Secret = &secret{}
@@ -29,6 +29,11 @@ func (s *secret) Unmarshal(data []byte) error {
 	return nil
 }
 
-func (s *secret) Metadata() map[string]any {
+func (s *secret) Metadata() map[string]string {
 	return s.Attributes
 }
+
+func (s *secret) SetMetadata(attr map[string]string) error {
+	s.Attributes = attr
+	return nil
+}
@@ -6,7 +6,6 @@ github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
-github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 
@@ -21,10 +21,8 @@ func newCommand() (*cobra.Command, error) {
 	kc, err := keychain.New(
 		"io.docker.Secrets",
 		"docker-example-cli",
-		func(metadata map[string]any) *mocks.MockCredential {
-			return &mocks.MockCredential{
-				Attributes: metadata,
-			}
+		func() *mocks.MockCredential {
+			return &mocks.MockCredential{}
 		},
 	)
 	if err != nil {
@@ -44,9 +42,9 @@ func newCommand() (*cobra.Command, error) {
 			}
 
 			var e error
-			for _, v := range secrets {
-				fmt.Printf("\nID: %s\n", v.ID)
-				fmt.Printf("\nMetadata: %+v", v.Metadata)
+			for id, v := range secrets {
+				fmt.Printf("\nID: %s\n", id.String())
+				fmt.Printf("\nMetadata: %+v", v.Metadata())
 			}
 			return e
 		},
@@ -66,7 +64,7 @@ func newCommand() (*cobra.Command, error) {
 				return err
 			}
 
-			secretMetadata := make(map[string]any)
+			secretMetadata := make(map[string]string)
 			for _, vals := range metadata {
 				vv := strings.Split(vals, ":")
 				if len(vv) == 2 && vv[0] != "" && vv[1] != "" {
 
@@ -14,7 +14,7 @@ type keychainStore[T store.Secret] struct {
 
 var _ store.Store = &keychainStore[store.Secret]{}
 
-type Factory[T store.Secret] func(metadata map[string]any) T
+type Factory[T store.Secret] func() T
 
 // New creates a new keychain store.
 //
 
@@ -4,9 +4,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"maps"
-	"os"
-	"reflect"
 	"slices"
 	"strings"
 
@@ -70,6 +67,19 @@ func getItemWithData[T store.Secret](id string, k *keychainStore[T]) (*kc.QueryR
 	return &results[0], nil
 }
 
+func convertAttributes(attributes map[string]any) (map[string]string, error) {
+	attr := make(map[string]string, len(attributes))
+	for k, v := range attributes {
+		switch t := any(v).(type) {
+		case string:
+			attr[k] = t
+		default:
+			return nil, fmt.Errorf("attributes of key %s has unsupported type %T", k, t)
+		}
+	}
+	return attr, nil
+}
+
 func (k *keychainStore[T]) Delete(_ context.Context, id store.ID) error {
 	if err := id.Valid(); err != nil {
 		return err
@@ -93,14 +103,22 @@ func (k *keychainStore[T]) Get(_ context.Context, id store.ID) (store.Secret, er
 		return nil, err
 	}
 
-	secret := k.factory(result.Attributes)
+	attr, err := convertAttributes(result.Attributes)
+	if err != nil {
+		return nil, err
+	}
+
+	secret := k.factory()
+	if err := secret.SetMetadata(attr); err != nil {
+		return nil, err
+	}
 	if err := secret.Unmarshal(result.Data); err != nil {
 		return nil, err
 	}
 	return secret, nil
 }
 
-func (k *keychainStore[T]) GetAll(context.Context) ([]store.SecretMetadata, error) {
+func (k *keychainStore[T]) GetAll(context.Context) (map[store.ID]store.Secret, error) {
 	item := newKeychainItem("", k)
 
 	// We use the MatchLimitAll attribute to query for multiple items from the
@@ -113,16 +131,21 @@ func (k *keychainStore[T]) GetAll(context.Context) ([]store.SecretMetadata, erro
 		return nil, mapKeychainError(err)
 	}
 
-	creds := make([]store.SecretMetadata, len(results))
-	for i, result := range results {
+	creds := make(map[store.ID]store.Secret, len(results))
+	for _, result := range results {
 		id, err := store.ParseID(result.Account)
 		if err != nil {
 			continue
 		}
-		creds[i] = store.SecretMetadata{
-			ID:       id,
-			Metadata: result.Attributes,
+		attr, err := convertAttributes(result.Attributes)
+		if err != nil {
+			return nil, err
+		}
+		secret := k.factory()
+		if err := secret.SetMetadata(attr); err != nil {
+			return nil, err
 		}
+		creds[id] = secret
 	}
 	return creds, nil
 }
@@ -144,7 +167,9 @@ func (k *keychainStore[T]) Save(_ context.Context, id store.ID, secret store.Sec
 	item.SetLabel(k.itemLabel(id))
 
 	metadata := make(map[string]any)
-	maps.Copy(metadata, secret.Metadata())
+	for k, v := range secret.Metadata() {
+		metadata[k] = v
+	}
 	parts := strings.SplitSeq(id.String(), "/")
 	for p := range parts {
 		if p == "" {
@@ -158,23 +183,22 @@ func (k *keychainStore[T]) Save(_ context.Context, id store.ID, secret store.Sec
 	return mapKeychainError(kc.AddItem(item))
 }
 
-func hasAttribute(attributes map[string]any, result kc.QueryResult) bool {
-	if attributes == nil {
+func hasAttribute(searchAttributes, queryAttributes map[string]string) bool {
+	if searchAttributes == nil {
 		return true
 	}
-	fmt.Fprintf(os.Stdout, "Attributes: %v\n", result.Attributes)
-	allMatches := make([]bool, len(attributes))
+	allMatches := make([]bool, len(searchAttributes))
 	var i int
-	for k, v := range result.Attributes {
-		if needle, ok := attributes[k]; ok && reflect.DeepEqual(needle, v) {
+	for k, v := range queryAttributes {
+		if needle, ok := searchAttributes[k]; ok && strings.EqualFold(needle, v) {
 			allMatches[i] = true
 			i++
 		}
 	}
 	return !slices.Contains(allMatches, false)
 }
 
-func (k *keychainStore[T]) Filter(ctx context.Context, id store.ID, attributes map[string]any) (map[store.ID]store.Secret, error) {
+func (k *keychainStore[T]) Filter(ctx context.Context, id store.ID, attributes map[string]string) (map[store.ID]store.Secret, error) {
 	item := newKeychainItem("", k)
 
 	// We use the MatchLimitAll attribute to query for multiple items from the
@@ -183,7 +207,9 @@ func (k *keychainStore[T]) Filter(ctx context.Context, id store.ID, attributes m
 	item.SetMatchLimit(kc.MatchLimitAll)
 
 	metadata := make(map[string]any)
-	maps.Copy(metadata, attributes)
+	for k, v := range attributes {
+		metadata[k] = v
+	}
 	parts := strings.SplitSeq(id.String(), "/")
 	for p := range parts {
 		if p == "" {
@@ -206,7 +232,12 @@ func (k *keychainStore[T]) Filter(ctx context.Context, id store.ID, attributes m
 			continue
 		}
 
-		if !hasAttribute(attributes, result) {
+		attr, err := convertAttributes(result.Attributes)
+		if err != nil {
+			return nil, err
+		}
+
+		if !hasAttribute(attributes, attr) {
 			continue
 		}
 
@@ -215,7 +246,10 @@ func (k *keychainStore[T]) Filter(ctx context.Context, id store.ID, attributes m
 			return nil, err
 		}
 
-		secret := k.factory(i.Attributes)
+		secret := k.factory()
+		if err := secret.SetMetadata(attr); err != nil {
+			return nil, err
+		}
 		if err := secret.Unmarshal(i.Data); err != nil {
 			return nil, err
 		}
 
@@ -0,0 +1,8 @@
+//go:build cgo && darwin
+
+package keychain
+
+import "testing"
+
+func TestSecretAttributes(t *testing.T) {
+}
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ import (`
`10`	`10`	`type secret struct {`
`11`	`11`	`AccessToken string`
`12`	`12`	`RefreshToken string`
`13`		`- Attributes map[string]any`
	`13`	`+ Attributes map[string]string`
`14`	`14`	`}`
`15`	`15`
`16`	`16`	`var _ secrets.Secret = &secret{}`
`@@ -29,6 +29,11 @@ func (s *secret) Unmarshal(data []byte) error {`
`29`	`29`	`return nil`
`30`	`30`	`}`
`31`	`31`
`32`		`-func (s *secret) Metadata() map[string]any {`
	`32`	`+func (s *secret) Metadata() map[string]string {`
`33`	`33`	`return s.Attributes`
`34`	`34`	`}`
	`35`	`+`
	`36`	`+func (s *secret) SetMetadata(attr map[string]string) error {`
	`37`	`+ s.Attributes = attr`
	`38`	`+ return nil`
	`39`	`+}`