refactor: remove confusing dual ID method pattern from Unlocker interface - Removed redundant ID() method from Unlocker interface - Removed ID field from UnlockerMetadata struct - Modified GetID() to generate IDs dynamically based on unlocker type and data - Updated vault package to create unlocker instances when searching by ID - Fixed all tests and CLI code to remove ID field references - IDs are now consistently generated from unlocker data, preventing redundancy

2025-06-11 15:21:20 -07:00
parent 9adf0c0803
commit 03e0ee2f95
9 changed files with 68 additions and 70 deletions
--- a/internal/vault/unlockers.go
+++ b/internal/vault/unlockers.go
@@ -75,7 +75,6 @@ func (v *Vault) GetCurrentUnlocker() (secret.Unlocker, error) {
 	}

 	secret.DebugWith("Parsed unlocker metadata",
-		slog.String("unlocker_id", metadata.ID),
 		slog.String("unlocker_type", metadata.Type),
 		slog.Time("created_at", metadata.CreatedAt),
 		slog.Any("flags", metadata.Flags),
@@ -87,16 +86,16 @@ func (v *Vault) GetCurrentUnlocker() (secret.Unlocker, error) {
 	secretMetadata := secret.UnlockerMetadata(metadata)
 	switch metadata.Type {
 	case "passphrase":
-		secret.Debug("Creating passphrase unlocker instance", "unlocker_id", metadata.ID)
+		secret.Debug("Creating passphrase unlocker instance", "unlocker_type", metadata.Type)
 		unlocker = secret.NewPassphraseUnlocker(v.fs, unlockerDir, secretMetadata)
 	case "pgp":
-		secret.Debug("Creating PGP unlocker instance", "unlocker_id", metadata.ID)
+		secret.Debug("Creating PGP unlocker instance", "unlocker_type", metadata.Type)
 		unlocker = secret.NewPGPUnlocker(v.fs, unlockerDir, secretMetadata)
 	case "keychain":
-		secret.Debug("Creating keychain unlocker instance", "unlocker_id", metadata.ID)
+		secret.Debug("Creating keychain unlocker instance", "unlocker_type", metadata.Type)
 		unlocker = secret.NewKeychainUnlocker(v.fs, unlockerDir, secretMetadata)
 	default:
-		secret.Debug("Unsupported unlocker type", "type", metadata.Type, "unlocker_id", metadata.ID)
+		secret.Debug("Unsupported unlocker type", "type", metadata.Type)
 		return nil, fmt.Errorf("unsupported unlocker type: %s", metadata.Type)
 	}

@@ -200,23 +199,27 @@ func (v *Vault) RemoveUnlocker(unlockerID string) error {
 				continue
 			}

-			if metadata.ID == unlockerID {
-				unlockerDirPath = filepath.Join(unlockersDir, file.Name())
+			unlockerDirPath = filepath.Join(unlockersDir, file.Name())

-				// Convert our metadata to secret.UnlockerMetadata
-				secretMetadata := secret.UnlockerMetadata(metadata)
+			// Convert our metadata to secret.UnlockerMetadata
+			secretMetadata := secret.UnlockerMetadata(metadata)

-				// Create the appropriate unlocker instance
-				switch metadata.Type {
-				case "passphrase":
-					unlocker = secret.NewPassphraseUnlocker(v.fs, unlockerDirPath, secretMetadata)
-				case "pgp":
-					unlocker = secret.NewPGPUnlocker(v.fs, unlockerDirPath, secretMetadata)
-				case "keychain":
-					unlocker = secret.NewKeychainUnlocker(v.fs, unlockerDirPath, secretMetadata)
-				default:
-					return fmt.Errorf("unsupported unlocker type: %s", metadata.Type)
-				}
+			// Create the appropriate unlocker instance
+			var tempUnlocker secret.Unlocker
+			switch metadata.Type {
+			case "passphrase":
+				tempUnlocker = secret.NewPassphraseUnlocker(v.fs, unlockerDirPath, secretMetadata)
+			case "pgp":
+				tempUnlocker = secret.NewPGPUnlocker(v.fs, unlockerDirPath, secretMetadata)
+			case "keychain":
+				tempUnlocker = secret.NewKeychainUnlocker(v.fs, unlockerDirPath, secretMetadata)
+			default:
+				continue
+			}
+
+			// Check if this unlocker's ID matches
+			if tempUnlocker.GetID() == unlockerID {
+				unlocker = tempUnlocker
 				break
 			}
 		}
@@ -266,8 +269,27 @@ func (v *Vault) SelectUnlocker(unlockerID string) error {
 				continue
 			}

-			if metadata.ID == unlockerID {
-				targetUnlockerDir = filepath.Join(unlockersDir, file.Name())
+			unlockerDirPath := filepath.Join(unlockersDir, file.Name())
+
+			// Convert our metadata to secret.UnlockerMetadata
+			secretMetadata := secret.UnlockerMetadata(metadata)
+
+			// Create the appropriate unlocker instance
+			var tempUnlocker secret.Unlocker
+			switch metadata.Type {
+			case "passphrase":
+				tempUnlocker = secret.NewPassphraseUnlocker(v.fs, unlockerDirPath, secretMetadata)
+			case "pgp":
+				tempUnlocker = secret.NewPGPUnlocker(v.fs, unlockerDirPath, secretMetadata)
+			case "keychain":
+				tempUnlocker = secret.NewKeychainUnlocker(v.fs, unlockerDirPath, secretMetadata)
+			default:
+				continue
+			}
+
+			// Check if this unlocker's ID matches
+			if tempUnlocker.GetID() == unlockerID {
+				targetUnlockerDir = unlockerDirPath
 				break
 			}
 		}
@@ -298,8 +320,7 @@ func (v *Vault) CreatePassphraseUnlocker(passphrase string) (*secret.PassphraseU
 		return nil, fmt.Errorf("failed to get vault directory: %w", err)
 	}

-	// Create unlocker directory with timestamp
-	timestamp := time.Now().Format("2006-01-02.15.04")
+	// Create unlocker directory
 	unlockerDir := filepath.Join(vaultDir, "unlockers.d", "passphrase")
 	if err := v.fs.MkdirAll(unlockerDir, secret.DirPerms); err != nil {
 		return nil, fmt.Errorf("failed to create unlocker directory: %w", err)
@@ -331,9 +352,7 @@ func (v *Vault) CreatePassphraseUnlocker(passphrase string) (*secret.PassphraseU
 	}

 	// Create metadata
-	unlockerID := fmt.Sprintf("%s-passphrase", timestamp)
 	metadata := UnlockerMetadata{
-		ID:        unlockerID,
 		Type:      "passphrase",
 		CreatedAt: time.Now(),
 		Flags:     []string{},
@@ -368,13 +387,16 @@ func (v *Vault) CreatePassphraseUnlocker(passphrase string) (*secret.PassphraseU
 		return nil, fmt.Errorf("failed to write encrypted long-term private key: %w", err)
 	}

-	// Select this unlocker as current
-	if err := v.SelectUnlocker(unlockerID); err != nil {
-		return nil, fmt.Errorf("failed to select new unlocker: %w", err)
-	}
-
 	// Convert our metadata to secret.UnlockerMetadata for the constructor
 	secretMetadata := secret.UnlockerMetadata(metadata)

-	return secret.NewPassphraseUnlocker(v.fs, unlockerDir, secretMetadata), nil
+	// Create the unlocker instance
+	unlocker := secret.NewPassphraseUnlocker(v.fs, unlockerDir, secretMetadata)
+
+	// Select this unlocker as current
+	if err := v.SelectUnlocker(unlocker.GetID()); err != nil {
+		return nil, fmt.Errorf("failed to select new unlocker: %w", err)
+	}
+
+	return unlocker, nil
 }