more flexible user options for gocd encryption #17556

tomzo · tomzo · commit 2e8b57499a40 · 2019-04-22T14:55:02.000Z
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+### 0.6.2 (2019-Apr-22)
+
+ * more flexible user options for gocd encryption in encrypt_with_gocd_top
+
 ### 0.6.1 (2019-Apr-22)
 
  * setup publish task
diff --git a/src/secret-ops b/src/secret-ops
@@ -52,16 +52,24 @@ function secret_ops::encrypt_with_gocd_common {
 # Encrypts any string, uses GoCD server.
 function secret_ops::encrypt_with_gocd_top {
   local variable_to_encrypt=${1?variable_to_encrypt not set}
-
-  url_dir="${USER}"
-  if [[ "${USER}" == "go" ]]; then
-    url_dir="gocd"
+  local user=${2:-}
+  url_dir=$user
+  if [ -z ${user} ]; then
+    user="$(whoami)"
+    url_dir=$user
+    if [[ "${url_dir}" == "go" ]]; then
+      url_dir="gocd"
+    fi
+  fi
+  if [ -z ${url_dir} ]; then
+    echo "Unknown user name"
+    exit 5
   fi
   local my_gocd_pass
   my_gocd_pass=$(vault read -field=value secret/${url_dir}/gocd_password)
   if [[ $? != "0" ]]; then exit 1; fi
 
-  secret_ops::encrypt_with_gocd_common "${variable_to_encrypt}" "go.ai-traders.com" "-u ${USER}:${my_gocd_pass}"
+  secret_ops::encrypt_with_gocd_common "${variable_to_encrypt}" "go.ai-traders.com" "-u ${user}:${my_gocd_pass}"
 }
 function secret_ops::encrypt_with_gocd_base {
   local variable_to_encrypt=${1?variable_to_encrypt not set}
diff --git a/tasks b/tasks
@@ -65,7 +65,6 @@ case "${command}" in
         --file secret-ops.tar.gz
       ;;
   generate_vault_token)
-      set -e
       vault_token=$(vault token create -ttl=48h -policy=gocd -field token -metadata gocd_renew=true)
       secured_token_gocd=$(secret_ops::encrypt_with_gocd_top "${vault_token}")
       echo "Generated token: ${vault_token} and encrypted by GoCD server"
diff --git a/test/bats/01.bats b/test/bats/01.bats
@@ -10,7 +10,7 @@ load '/opt/bats-assert/load.bash'
 }
 
 @test "secret_ops::encrypt_with_gocd_top fails if USER cannot read secret" {
-  run /bin/bash -c "source src/secret-ops && USER=dummy secret_ops::encrypt_with_gocd_top mydata"
+  run /bin/bash -c "source src/secret-ops && secret_ops::encrypt_with_gocd_top mydata dummy"
   # do not test for output, because it may be different on workstation and on
   # go-agent (due to different vault policies)
   assert_equal "$status" 1

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ load '/opt/bats-assert/load.bash'`
`10`	`10`	`}`
`11`	`11`
`12`	`12`	`@test "secret_ops::encrypt_with_gocd_top fails if USER cannot read secret" {`
`13`		`- run /bin/bash -c "source src/secret-ops && USER=dummy secret_ops::encrypt_with_gocd_top mydata"`
	`13`	`+ run /bin/bash -c "source src/secret-ops && secret_ops::encrypt_with_gocd_top mydata dummy"`
`14`	`14`	`# do not test for output, because it may be different on workstation and on`
`15`	`15`	`# go-agent (due to different vault policies)`
`16`	`16`	`assert_equal "$status" 1`