Documentation
¶
Overview ¶
Package credentials adapts cli-common/credstore to cr's command surface.
Index ¶
- Constants
- Variables
- func AllowedKeys() []string
- func BackendEnvVar() string
- func BackendMetadata(flagValue string, flagSet bool, cfg config.File) (credstore.Backend, credstore.Source, error)
- func ExpectedKeysForConfigRef(cfg config.File, ref string) ([]string, error)
- func FindExecutable(name string, lookPath ExecutableLookPath) (string, error)
- func FormatRef(profile string) (string, error)
- func KeyForPurpose(ref config.CredentialRef) (string, error)
- func LLMAPIKeyForProvider(provider config.LLMProvider) (string, error)
- func MissingRequiredKeys(status CredentialStatus) []string
- func MissingRequiredPlannedKeys(specs []KeySpec, plannedWriteKeys []string) []string
- func OpenResolvedStore(_ string, flagSet bool, cfg config.File, resolved ResolvedSecretsStore) (*credstore.Store, error)
- func OpenStore(flagValue string, flagSet bool, cfg config.File) (*credstore.Store, error)
- func PlatformOSBackend(goos string) (credstore.Backend, error)
- func ProbeDetailForError(err error, status ProbeStatus) string
- func RequiredKeysSatisfied(status CredentialStatus) bool
- func StaleReviewerCredentialKeys(entries []PlanEntry) []string
- func StoreOptions(flagValue string, flagSet bool, _ config.File) (credstore.Options, error)
- func StoreOptionsForResolvedStore(flagSet bool, cfg config.File, resolved ResolvedSecretsStore) (credstore.Options, error)
- func TrimSecretIngress(value string) string
- func ValidateAllowedKey(key string) error
- func ValidateAllowedKeyForConfig(cfg config.File, ref, key string) error
- func ValidatePlannedWriteKeys(ref config.CredentialRef, specs []KeySpec, plannedWriteKeys []string) error
- type CredentialStatus
- type ExecutableLookPath
- type KeySpec
- type KeyStatus
- type KeyStatusStore
- type OnePasswordCommandRunner
- type OnePasswordDesktopDiscovery
- type OnePasswordDiscoveredAccount
- type OnePasswordDiscoveredVault
- type OnePasswordDiscovery
- type PlanEntry
- type PlanState
- type ProbeStatus
- type Reader
- func CachingReader(storeID string, base Reader) Reader
- func NewStoreReader(store *credstore.Store) Reader
- func ProgressCachingReader(command string, logger *progress.Logger, storeID string, ...) Reader
- func ProgressStoreReader(command string, logger *progress.Logger, resolved ResolvedSecretsStore, ...) Reader
- type Ref
- type ResolvedSecretsStore
- func ResolveCredentialStore(cfg config.File, storeID string) (ResolvedSecretsStore, error)
- func ResolveSecretsStoreForProfile(cfg config.File, profile config.Profile) (ResolvedSecretsStore, error)
- func ResolveSecretsStoreForRef(cfg config.File, ref string, selectedProfile string) (ResolvedSecretsStore, error)
- type ReviewerCredentialCleanupGroup
- type SecretsStoreSelectionSource
- type StoreIdentity
- type WriteGroup
Constants ¶
const ( // ServiceName is the credential-ref service segment owned by cr. ServiceName = "codereview" // BackendSourceCredentialStore records that an explicit credential-store // destination selected the active credential backend. // #nosec G101 -- this is a backend source label, not a secret value. BackendSourceCredentialStore credstore.Source = "credential_store" // GitTokenKey stores the Git host access token for PAT auth. GitTokenKey = "git_token" // GitHubAppIDKey is a removed legacy key name. App IDs now belong to // non-secret config, not credential bundles. // #nosec G101 -- this is a keyring item name, not a secret value. GitHubAppIDKey = "github_app_id" // GitHubAppPrivateKeyKey stores the GitHub App PEM private key. // #nosec G101 -- this is a keyring item name, not a secret value. GitHubAppPrivateKeyKey = "github_app_private_key" // GitHubAppInstallationIDKey is a removed legacy key name. Installation // routing now belongs to review profile config, not credential bundles. // #nosec G101 -- this is a keyring item name, not a secret value. GitHubAppInstallationIDKey = "github_app_installation_id" // AnthropicAPIKeyKey stores the key name for Anthropic direct API adapters. // #nosec G101 -- this is a keyring item name, not a secret value. AnthropicAPIKeyKey = "anthropic_api_key" // OpenAIAPIKeyKey stores the key name for OpenAI direct API adapters. // #nosec G101 -- this is a keyring item name, not a secret value. OpenAIAPIKeyKey = "openai_api_key" // LegacyLLMAPIKeyKey is the pre-matrix generic key. It is intentionally // not in the v1 allowlist. // #nosec G101 -- this is a keyring item name, not a secret value. LegacyLLMAPIKeyKey = "llm_api_key" )
const DefaultOnePasswordDiscoveryCommandTimeout = 30 * time.Second
DefaultOnePasswordDiscoveryCommandTimeout bounds each 1Password CLI discovery command.
Variables ¶
var ( // ErrWrongService means a credential name points at another CLI's keyring namespace. ErrWrongService = errors.New("credentials: credential name uses wrong service") // ErrInvalidBackendSelection means a CLI/config backend selector was malformed. ErrInvalidBackendSelection = errors.New("credentials: invalid backend selection") )
Functions ¶
func BackendEnvVar ¶
func BackendEnvVar() string
BackendEnvVar returns cr's backend selector environment variable name.
func BackendMetadata ¶
func BackendMetadata(flagValue string, flagSet bool, cfg config.File) (credstore.Backend, credstore.Source, error)
BackendMetadata reports the selected backend/source without opening the store.
func ExpectedKeysForConfigRef ¶ added in v0.1.34
ExpectedKeysForConfigRef returns the sorted union of expected keys for supported declarations of ref across profiles. Unsupported matching declarations fail only when no supported declaration contributes keys. An undeclared ref returns nil.
func FindExecutable ¶ added in v0.10.234
func FindExecutable(name string, lookPath ExecutableLookPath) (string, error)
FindExecutable resolves an executable with the supplied lookup or os/exec by default.
func KeyForPurpose ¶
func KeyForPurpose(ref config.CredentialRef) (string, error)
KeyForPurpose returns the single required keyring key expected for a configured credential location.
func LLMAPIKeyForProvider ¶ added in v0.1.34
func LLMAPIKeyForProvider(provider config.LLMProvider) (string, error)
LLMAPIKeyForProvider returns the provider-specific key for API-key LLM auth.
func MissingRequiredKeys ¶ added in v0.3.101
func MissingRequiredKeys(status CredentialStatus) []string
MissingRequiredKeys reports required keys that are known-missing.
func MissingRequiredPlannedKeys ¶ added in v0.10.255
MissingRequiredPlannedKeys returns required keys absent from a non-empty staged bundle.
func OpenResolvedStore ¶ added in v0.3.148
func OpenResolvedStore(_ string, flagSet bool, cfg config.File, resolved ResolvedSecretsStore) (*credstore.Store, error)
OpenResolvedStore opens the resolved service-scoped keyring store.
func PlatformOSBackend ¶ added in v0.6.174
PlatformOSBackend returns the non-configurable OS credential backend for goos.
func ProbeDetailForError ¶ added in v0.10.234
func ProbeDetailForError(err error, status ProbeStatus) string
ProbeDetailForError returns the stable user-facing detail for a probe error.
func RequiredKeysSatisfied ¶ added in v0.3.101
func RequiredKeysSatisfied(status CredentialStatus) bool
RequiredKeysSatisfied reports whether every required key is known-present.
func StaleReviewerCredentialKeys ¶ added in v0.10.255
StaleReviewerCredentialKeys returns reviewer bundle keys unused by all active entries sharing a ref.
func StoreOptions ¶
StoreOptions validates backend selectors and returns credstore options.
func StoreOptionsForResolvedStore ¶ added in v0.6.174
func StoreOptionsForResolvedStore(flagSet bool, cfg config.File, resolved ResolvedSecretsStore) (credstore.Options, error)
StoreOptionsForResolvedStore builds credstore options for one resolved credential store.
func TrimSecretIngress ¶
TrimSecretIngress removes the terminal newline produced by echo/heredocs without treating other whitespace as disposable.
func ValidateAllowedKey ¶
ValidateAllowedKey fails when key is not in cr's write allowlist.
func ValidateAllowedKeyForConfig ¶ added in v0.1.34
ValidateAllowedKeyForConfig validates key globally and, when ref is declared in cfg, against the exact key set for that ref.
func ValidatePlannedWriteKeys ¶ added in v0.10.255
func ValidatePlannedWriteKeys(ref config.CredentialRef, specs []KeySpec, plannedWriteKeys []string) error
ValidatePlannedWriteKeys rejects staged keys outside a credential purpose's key specs.
Types ¶
type CredentialStatus ¶ added in v0.3.101
type CredentialStatus struct {
Purpose string
Ref string
Mode string
Provider string
Keys []KeyStatus
}
CredentialStatus reports declared ref context and per-key presence state.
func CredentialRefStatus ¶ added in v0.3.101
func CredentialRefStatus(store KeyStatusStore, ref config.CredentialRef, storeErr error) (CredentialStatus, error)
CredentialRefStatus returns per-key presence state for one declared ref.
func CredentialStatuses ¶ added in v0.3.101
func CredentialStatuses(store KeyStatusStore, refs []config.CredentialRef, storeErr error) ([]CredentialStatus, error)
CredentialStatuses returns per-ref, per-key presence state for declared refs.
type ExecutableLookPath ¶ added in v0.10.234
ExecutableLookPath resolves an executable name.
type KeySpec ¶ added in v0.1.34
KeySpec describes one key in a declared credential bundle.
func KeySpecsForPurpose ¶ added in v0.1.34
func KeySpecsForPurpose(ref config.CredentialRef) ([]KeySpec, error)
KeySpecsForPurpose returns the exact keyring keys expected for a configured credential location.
type KeyStatus ¶ added in v0.3.101
KeyStatus reports the presence state for one declared keyring key.
type KeyStatusStore ¶ added in v0.3.101
KeyStatusStore is the read-only store surface needed for credential health inspection.
type OnePasswordCommandRunner ¶ added in v0.10.234
OnePasswordCommandRunner executes a 1Password CLI command and returns its stdout.
type OnePasswordDesktopDiscovery ¶ added in v0.10.234
type OnePasswordDesktopDiscovery struct {
Accounts []OnePasswordDiscoveredAccount
Err error
}
OnePasswordDesktopDiscovery contains discovered 1Password accounts or the account-list error.
func (OnePasswordDesktopDiscovery) AccountChoiceCount ¶ added in v0.10.234
func (d OnePasswordDesktopDiscovery) AccountChoiceCount() int
AccountChoiceCount returns the number of displayable discovered accounts.
func (OnePasswordDesktopDiscovery) Counts ¶ added in v0.10.234
func (d OnePasswordDesktopDiscovery) Counts() (int, int)
Counts returns the discovered account and vault counts.
func (OnePasswordDesktopDiscovery) HasAccountChoices ¶ added in v0.10.234
func (d OnePasswordDesktopDiscovery) HasAccountChoices() bool
HasAccountChoices reports whether discovery returned a displayable account.
func (OnePasswordDesktopDiscovery) HasVaultChoices ¶ added in v0.10.234
func (d OnePasswordDesktopDiscovery) HasVaultChoices() bool
HasVaultChoices reports whether any account has a discovered vault.
type OnePasswordDiscoveredAccount ¶ added in v0.10.234
type OnePasswordDiscoveredAccount struct {
ID string
Name string
URL string
Shorthand string
Email string
Vaults []OnePasswordDiscoveredVault
}
OnePasswordDiscoveredAccount describes an account returned by the 1Password CLI.
func (OnePasswordDiscoveredAccount) CommandValue ¶ added in v0.10.234
func (a OnePasswordDiscoveredAccount) CommandValue() string
CommandValue returns the best account identifier for an op --account argument.
func (OnePasswordDiscoveredAccount) DisplayName ¶ added in v0.10.234
func (a OnePasswordDiscoveredAccount) DisplayName() string
DisplayName returns the best human-readable account identifier.
func (OnePasswordDiscoveredAccount) Label ¶ added in v0.10.234
func (a OnePasswordDiscoveredAccount) Label() string
Label returns the account's display label.
type OnePasswordDiscoveredVault ¶ added in v0.10.234
OnePasswordDiscoveredVault describes a vault returned by the 1Password CLI.
func ParseOnePasswordVaults ¶ added in v0.10.234
func ParseOnePasswordVaults(data []byte) ([]OnePasswordDiscoveredVault, error)
ParseOnePasswordVaults decodes and orders a 1Password CLI vault list.
func (OnePasswordDiscoveredVault) DisplayName ¶ added in v0.10.234
func (v OnePasswordDiscoveredVault) DisplayName() string
DisplayName returns the vault name, falling back to its ID.
type OnePasswordDiscovery ¶ added in v0.10.234
type OnePasswordDiscovery struct {
// contains filtered or unexported fields
}
OnePasswordDiscovery discovers desktop-app accounts and vaults through the 1Password CLI.
func NewOnePasswordDiscovery ¶ added in v0.10.234
func NewOnePasswordDiscovery(run OnePasswordCommandRunner, timeout time.Duration) OnePasswordDiscovery
NewOnePasswordDiscovery builds a 1Password CLI discovery probe. A nil runner uses os/exec, and a non-positive timeout uses the default.
func (OnePasswordDiscovery) DiscoverDesktop ¶ added in v0.10.234
func (d OnePasswordDiscovery) DiscoverDesktop(ctx context.Context) OnePasswordDesktopDiscovery
DiscoverDesktop lists 1Password accounts and the accessible vaults in each account.
type PlanEntry ¶ added in v0.10.255
type PlanEntry struct {
Ref config.CredentialRef
PreviousRef *config.CredentialRef
SecretsStore ResolvedSecretsStore
KeySpecs []KeySpec
PlannedWriteKeys []string
MissingRequiredKeys []string
State PlanState
}
PlanEntry describes one pure credential transition.
type PlanState ¶ added in v0.10.255
type PlanState string
PlanState describes the credential transition init must apply.
const ( // PlanStateKeepExisting preserves an unchanged credential reference. PlanStateKeepExisting PlanState = "keep_existing" // PlanStateDefer leaves credential setup for a later command. PlanStateDefer PlanState = "defer" // PlanStateOverwriteRef replaces a changed credential reference. // #nosec G101 -- planner state label, not secret material. PlanStateOverwriteRef PlanState = "overwrite_ref" // PlanStateWrite writes the staged credential keys. PlanStateWrite PlanState = "write" // PlanStateClearRef removes a credential reference no longer desired. PlanStateClearRef PlanState = "clear_ref" // PlanStateMissingRequired reports an incomplete staged credential bundle. PlanStateMissingRequired PlanState = "missing_required" )
func ClassifyPlanEntry ¶ added in v0.10.255
ClassifyPlanEntry returns the transition state for a planned entry.
type ProbeStatus ¶ added in v0.10.234
type ProbeStatus string
ProbeStatus classifies credential-backend discovery outcomes.
const ( // ProbeAvailable means a credential backend probe succeeded. ProbeAvailable ProbeStatus = "available" // ProbeNotFound means the probed executable or resource was not found. ProbeNotFound ProbeStatus = "not found" // ProbeSkipped means discovery policy disabled the probe. ProbeSkipped ProbeStatus = "skipped" ProbeUnavailable ProbeStatus = "unavailable" )
func ProbeStatusForError ¶ added in v0.10.234
func ProbeStatusForError(err error) ProbeStatus
ProbeStatusForError classifies a credential-backend probe error.
type Reader ¶ added in v0.10.209
Reader is the minimal read-only credential surface used by runtime consumers.
func CachingReader ¶ added in v0.10.209
CachingReader wraps one underlying reader with a process-local read-through cache. Runtime assembly creates one wrapper per resolved store, so cache entries are isolated by reader instance and keyed by profile/key within that instance.
func NewStoreReader ¶ added in v0.10.209
NewStoreReader adapts a credstore-backed implementation to the read-only seam.
func ProgressCachingReader ¶ added in v0.10.209
func ProgressCachingReader(command string, logger *progress.Logger, storeID string, resolved ResolvedSecretsStore, base Reader) Reader
ProgressCachingReader wraps a caching reader with cache hit/miss breadcrumbs.
func ProgressStoreReader ¶ added in v0.10.209
func ProgressStoreReader(command string, logger *progress.Logger, resolved ResolvedSecretsStore, store *credstore.Store) Reader
ProgressStoreReader adapts a credstore-backed reader and logs backend reads.
type ResolvedSecretsStore ¶ added in v0.10.238
type ResolvedSecretsStore struct {
ID string
Label string
Backend string
Source config.EffectiveSecretsStoreSource
SelectionSource SecretsStoreSelectionSource
}
ResolvedSecretsStore is the typed runtime store-selection result.
func ResolveCredentialStore ¶ added in v0.6.174
func ResolveCredentialStore(cfg config.File, storeID string) (ResolvedSecretsStore, error)
ResolveCredentialStore resolves one explicit credential-store ID.
func ResolveSecretsStoreForProfile ¶ added in v0.10.238
func ResolveSecretsStoreForProfile(cfg config.File, profile config.Profile) (ResolvedSecretsStore, error)
ResolveSecretsStoreForProfile resolves the effective credential store for one review profile.
func ResolveSecretsStoreForRef ¶ added in v0.10.238
func ResolveSecretsStoreForRef(cfg config.File, ref string, selectedProfile string) (ResolvedSecretsStore, error)
ResolveSecretsStoreForRef resolves the effective credential store for a low-level credential-name write/read, optionally narrowed by the global --profile selection.
func (ResolvedSecretsStore) DisplayName ¶ added in v0.10.238
func (r ResolvedSecretsStore) DisplayName() string
DisplayName returns the best user-facing label for the resolved store.
func (ResolvedSecretsStore) Equal ¶ added in v0.10.238
func (r ResolvedSecretsStore) Equal(other ResolvedSecretsStore) bool
Equal reports whether two resolved credential-store selections point at the same logical credential store.
func (ResolvedSecretsStore) Identity ¶ added in v0.10.255
func (r ResolvedSecretsStore) Identity() StoreIdentity
Identity returns the comparable identity used to group resolved stores.
func (ResolvedSecretsStore) IsNamed ¶ added in v0.10.238
func (r ResolvedSecretsStore) IsNamed() bool
IsNamed reports whether the selection came from an explicit named credential store.
type ReviewerCredentialCleanupGroup ¶ added in v0.10.255
type ReviewerCredentialCleanupGroup struct {
Resolved ResolvedSecretsStore
Entries map[string][]PlanEntry
}
ReviewerCredentialCleanupGroup collects reviewer refs requiring stale-key cleanup in one store.
func GroupStaleReviewerCredentialCleanupsByStore ¶ added in v0.10.255
func GroupStaleReviewerCredentialCleanupsByStore(cfg config.File, entries []PlanEntry) ([]ReviewerCredentialCleanupGroup, error)
GroupStaleReviewerCredentialCleanupsByStore finds in-place reviewer auth changes and protects keys used by every active profile.
type SecretsStoreSelectionSource ¶ added in v0.10.238
type SecretsStoreSelectionSource string
SecretsStoreSelectionSource identifies why a credential store was selected.
const ( // SecretsStoreSelectionExplicit means the credential location selected a // configured store directly. SecretsStoreSelectionExplicit SecretsStoreSelectionSource = "profile" // SecretsStoreSelectionBuiltInOS means the credential location selected // the built-in OS credential store. SecretsStoreSelectionBuiltInOS SecretsStoreSelectionSource = "local_os" )
type StoreIdentity ¶ added in v0.10.255
type StoreIdentity struct {
ID string
Source config.EffectiveSecretsStoreSource
Backend string
}
StoreIdentity is the comparable identity of a resolved credential store.
type WriteGroup ¶ added in v0.10.255
type WriteGroup struct {
Resolved ResolvedSecretsStore
Writes map[string]map[string]string
OverwriteRefs map[string]bool
}
WriteGroup collects staged writes targeting one resolved credential store.
func GroupWritesByStore ¶ added in v0.10.255
func GroupWritesByStore(entries []PlanEntry, writes map[string]map[string]string, overwriteRefs map[string]bool) ([]WriteGroup, error)
GroupWritesByStore groups staged credential bundles by comparable store identity.