Skip to content

Commit 48ef854

Browse files
pquernapquerna
authored
Merge pull request #16 from ConductorOne/pq/limit_vault_perms
Add --limit-vault-permissions to reduce noise/volume
2 parents af45b86 + 281ee93 commit 48ef854

File tree

1,903 files changed

+4627598
-1996471
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

1,903 files changed

+4627598
-1996471
lines changed

cmd/baton-1password/config.go

Lines changed: 0 additions & 30 deletions
This file was deleted.

cmd/baton-1password/main.go

Lines changed: 38 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -6,67 +6,76 @@ import (
66
"os"
77

88
onepassword "github.com/conductorone/baton-1password/pkg/1password"
9+
config2 "github.com/conductorone/baton-1password/pkg/config"
910
"github.com/conductorone/baton-1password/pkg/connector"
10-
"github.com/conductorone/baton-sdk/pkg/cli"
11+
"github.com/conductorone/baton-sdk/pkg/config"
1112
"github.com/conductorone/baton-sdk/pkg/connectorbuilder"
1213
"github.com/conductorone/baton-sdk/pkg/types"
1314
"github.com/grpc-ecosystem/go-grpc-middleware/logging/zap/ctxzap"
15+
"github.com/spf13/viper"
1416
"go.uber.org/zap"
1517
)
1618

17-
var version = "dev"
18-
var sessionTempFile = "/tmp/baton-1password-session"
19+
var (
20+
connectorName = "baton-1password"
21+
version = "dev"
22+
)
1923

2024
func main() {
2125
ctx := context.Background()
22-
cfg := &config{}
23-
l := ctxzap.Extract(ctx)
24-
cmd, err := cli.NewCmd(ctx, "baton-1password", cfg, validateConfig, getConnector)
26+
27+
_, cmd, err := config.DefineConfiguration(
28+
ctx,
29+
connectorName,
30+
getConnector,
31+
config2.ConfigurationSchema,
32+
)
2533
if err != nil {
2634
fmt.Fprintln(os.Stderr, err.Error())
2735
os.Exit(1)
2836
}
37+
2938
cmd.Version = version
30-
cmdFlags(cmd)
39+
3140
err = cmd.Execute()
3241
if err != nil {
3342
fmt.Fprintln(os.Stderr, err.Error())
3443
os.Exit(1)
3544
}
36-
// remove tmp file
37-
e := os.Remove(sessionTempFile)
38-
if e != nil {
39-
l.Error("error removing file", zap.Error(err))
40-
}
4145
}
4246

43-
func getConnector(ctx context.Context, cfg *config) (types.ConnectorServer, error) {
47+
func getConnector(ctx context.Context, v *viper.Viper) (types.ConnectorServer, error) {
4448
l := ctxzap.Extract(ctx)
45-
// temp file for session token
46-
tmpToken, _ := os.ReadFile(sessionTempFile)
47-
if string(tmpToken) == "" {
48-
token, err := onepassword.SignIn(ctx, cfg.Address)
49-
if err != nil {
50-
l.Error("failed to login: ", zap.Error(err))
51-
return nil, err
52-
}
53-
e := os.WriteFile(sessionTempFile, []byte(token), 0600)
54-
if e != nil {
55-
l.Error("error writing file", zap.Error(e))
49+
limitVaultPerms := v.GetStringSlice(config2.LimitVaultPermissionsField.FieldName)
50+
if len(limitVaultPerms) > 0 {
51+
validPerms := connector.AllVaultPermissions()
52+
for _, perm := range limitVaultPerms {
53+
if !validPerms.Contains(perm) {
54+
l.Error("invalid vault permission", zap.String("permission", perm))
55+
return nil, fmt.Errorf("invalid vault permission: %s", perm)
56+
}
5657
}
5758
}
5859

59-
cb, err := connector.New(ctx, string(tmpToken))
60+
token, err := onepassword.SignIn(ctx, v.GetString(config2.AddressField.FieldName))
6061
if err != nil {
61-
l.Error("error creating connector", zap.Error(err))
62+
l.Error("failed to login: ", zap.Error(err))
6263
return nil, err
6364
}
6465

65-
c, err := connectorbuilder.NewConnector(ctx, cb)
66+
cb, err := connector.New(
67+
ctx,
68+
token,
69+
limitVaultPerms,
70+
)
6671
if err != nil {
6772
l.Error("error creating connector", zap.Error(err))
6873
return nil, err
6974
}
70-
71-
return c, nil
75+
connector, err := connectorbuilder.NewConnector(ctx, cb)
76+
if err != nil {
77+
l.Error("error creating connector", zap.Error(err))
78+
return nil, err
79+
}
80+
return connector, nil
7281
}

go.mod

Lines changed: 64 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -1,96 +1,100 @@
11
module github.com/conductorone/baton-1password
22

3-
go 1.20
3+
go 1.22.0
44

55
require (
6-
github.com/conductorone/baton-sdk v0.1.8
6+
github.com/conductorone/baton-sdk v0.2.40
7+
github.com/deckarep/golang-set/v2 v2.6.0
78
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
8-
github.com/spf13/cobra v1.7.0
9-
go.uber.org/zap v1.26.0
9+
go.uber.org/zap v1.27.0
1010
)
1111

1212
require (
13+
filippo.io/age v1.2.0 // indirect
14+
filippo.io/edwards25519 v1.1.0 // indirect
15+
github.com/allegro/bigcache/v3 v3.1.0 // indirect
1316
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
17+
github.com/ncruces/go-strftime v0.1.9 // indirect
1418
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
19+
github.com/spf13/cobra v1.8.1 // indirect
20+
go.opentelemetry.io/otel v1.30.0 // indirect
21+
go.opentelemetry.io/otel/metric v1.30.0 // indirect
1522
)
1623

1724
require (
18-
github.com/aws/aws-sdk-go-v2 v1.21.2 // indirect
19-
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.14 // indirect
20-
github.com/aws/aws-sdk-go-v2/config v1.18.45 // indirect
21-
github.com/aws/aws-sdk-go-v2/credentials v1.13.43 // indirect
22-
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
23-
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.90 // indirect
24-
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
25-
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
26-
github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect
27-
github.com/aws/aws-sdk-go-v2/internal/v4a v1.1.6 // indirect
28-
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.15 // indirect
29-
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.38 // indirect
30-
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect
31-
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.6 // indirect
32-
github.com/aws/aws-sdk-go-v2/service/s3 v1.40.2 // indirect
33-
github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect
34-
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
35-
github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 // indirect
36-
github.com/aws/smithy-go v1.15.0 // indirect
25+
github.com/aws/aws-sdk-go-v2 v1.32.2 // indirect
26+
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.6 // indirect
27+
github.com/aws/aws-sdk-go-v2/config v1.27.43 // indirect
28+
github.com/aws/aws-sdk-go-v2/credentials v1.17.41 // indirect
29+
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17 // indirect
30+
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.31 // indirect
31+
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 // indirect
32+
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 // indirect
33+
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
34+
github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.21 // indirect
35+
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect
36+
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.2 // indirect
37+
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 // indirect
38+
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.2 // indirect
39+
github.com/aws/aws-sdk-go-v2/service/s3 v1.65.2 // indirect
40+
github.com/aws/aws-sdk-go-v2/service/sso v1.24.2 // indirect
41+
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2 // indirect
42+
github.com/aws/aws-sdk-go-v2/service/sts v1.32.2 // indirect
43+
github.com/aws/smithy-go v1.22.0 // indirect
3744
github.com/benbjohnson/clock v1.3.5 // indirect
38-
github.com/doug-martin/goqu/v9 v9.18.0 // indirect
45+
github.com/doug-martin/goqu/v9 v9.19.0 // indirect
3946
github.com/dustin/go-humanize v1.0.1 // indirect
40-
github.com/envoyproxy/protoc-gen-validate v1.0.2 // indirect
41-
github.com/fsnotify/fsnotify v1.6.0 // indirect
42-
github.com/glebarez/go-sqlite v1.21.2 // indirect
43-
github.com/go-jose/go-jose/v3 v3.0.0 // indirect
47+
github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
48+
github.com/fsnotify/fsnotify v1.7.0 // indirect
49+
github.com/glebarez/go-sqlite v1.22.0 // indirect
50+
github.com/go-jose/go-jose/v3 v3.0.3 // indirect
4451
github.com/go-ole/go-ole v1.3.0 // indirect
45-
github.com/golang/protobuf v1.5.3 // indirect
46-
github.com/google/uuid v1.3.1 // indirect
52+
github.com/golang/protobuf v1.5.4 // indirect
53+
github.com/google/uuid v1.6.0 // indirect
4754
github.com/hashicorp/hcl v1.0.0 // indirect
4855
github.com/inconshreveable/mousetrap v1.1.0 // indirect
49-
github.com/jmespath/go-jmespath v0.4.0 // indirect
50-
github.com/klauspost/compress v1.17.0 // indirect
51-
github.com/lufia/plan9stats v0.0.0-20230326075908-cb1d2100619a // indirect
56+
github.com/klauspost/compress v1.17.10 // indirect
57+
github.com/lufia/plan9stats v0.0.0-20240909124753-873cd0166683 // indirect
5258
github.com/magiconair/properties v1.8.7 // indirect
53-
github.com/mattn/go-isatty v0.0.19 // indirect
59+
github.com/mattn/go-isatty v0.0.20 // indirect
5460
github.com/mitchellh/mapstructure v1.5.0 // indirect
55-
github.com/pelletier/go-toml/v2 v2.1.0 // indirect
56-
github.com/power-devops/perfstat v0.0.0-20221212215047-62379fc7944b // indirect
61+
github.com/pelletier/go-toml/v2 v2.2.3 // indirect
62+
github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
5763
github.com/pquerna/xjwt v0.2.0 // indirect
5864
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
59-
github.com/sagikazarmark/locafero v0.3.0 // indirect
65+
github.com/sagikazarmark/locafero v0.6.0 // indirect
6066
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
6167
github.com/segmentio/ksuid v1.0.4 // indirect
62-
github.com/shirou/gopsutil/v3 v3.23.9 // indirect
68+
github.com/shirou/gopsutil/v3 v3.24.5 // indirect
6369
github.com/shoenig/go-m1cpu v0.1.6 // indirect
6470
github.com/sourcegraph/conc v0.3.0 // indirect
65-
github.com/spf13/afero v1.10.0 // indirect
66-
github.com/spf13/cast v1.5.1 // indirect
71+
github.com/spf13/afero v1.11.0 // indirect
72+
github.com/spf13/cast v1.7.0 // indirect
6773
github.com/spf13/pflag v1.0.5 // indirect
68-
github.com/spf13/viper v1.17.0 // indirect
74+
github.com/spf13/viper v1.19.0
6975
github.com/stretchr/testify v1.9.0
7076
github.com/subosito/gotenv v1.6.0 // indirect
71-
github.com/tklauser/go-sysconf v0.3.12 // indirect
72-
github.com/tklauser/numcpus v0.6.1 // indirect
73-
github.com/yusufpapurcu/wmi v1.2.3 // indirect
77+
github.com/tklauser/go-sysconf v0.3.14 // indirect
78+
github.com/tklauser/numcpus v0.9.0 // indirect
79+
github.com/yusufpapurcu/wmi v1.2.4 // indirect
7480
go.uber.org/multierr v1.11.0 // indirect
75-
go.uber.org/ratelimit v0.3.0 // indirect
76-
golang.org/x/crypto v0.14.0 // indirect
77-
golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
78-
golang.org/x/net v0.17.0 // indirect
79-
golang.org/x/oauth2 v0.13.0 // indirect
80-
golang.org/x/sync v0.4.0 // indirect
81-
golang.org/x/sys v0.13.0 // indirect
82-
golang.org/x/term v0.13.0 // indirect
83-
golang.org/x/text v0.13.0 // indirect
84-
google.golang.org/appengine v1.6.8 // indirect
85-
google.golang.org/genproto/googleapis/rpc v0.0.0-20231012201019-e917dd12ba7a // indirect
86-
google.golang.org/grpc v1.58.3 // indirect
87-
google.golang.org/protobuf v1.31.0 // indirect
81+
go.uber.org/ratelimit v0.3.1 // indirect
82+
golang.org/x/crypto v0.28.0 // indirect
83+
golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect
84+
golang.org/x/net v0.30.0 // indirect
85+
golang.org/x/oauth2 v0.23.0 // indirect
86+
golang.org/x/sync v0.8.0 // indirect
87+
golang.org/x/sys v0.26.0 // indirect
88+
golang.org/x/text v0.19.0 // indirect
89+
google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 // indirect
90+
google.golang.org/grpc v1.67.1 // indirect
91+
google.golang.org/protobuf v1.35.1 // indirect
8892
gopkg.in/ini.v1 v1.67.0 // indirect
8993
gopkg.in/square/go-jose.v2 v2.6.0 // indirect
9094
gopkg.in/yaml.v2 v2.4.0 // indirect
9195
gopkg.in/yaml.v3 v3.0.1 // indirect
92-
modernc.org/libc v1.24.1 // indirect
96+
modernc.org/libc v1.61.0 // indirect
9397
modernc.org/mathutil v1.6.0 // indirect
94-
modernc.org/memory v1.7.2 // indirect
95-
modernc.org/sqlite v1.26.0 // indirect
98+
modernc.org/memory v1.8.0 // indirect
99+
modernc.org/sqlite v1.33.1 // indirect
96100
)

0 commit comments

Comments
 (0)