Switch from relative paths to bare names in pointer files
- currentvault now contains just the vault name (e.g., "default") - current-unlocker now contains just the unlocker name (e.g., "passphrase") - current version file now contains just the version (e.g., "20231215.001") - Resolution functions prepend the appropriate directory prefix
This commit is contained in:
@@ -45,16 +45,16 @@ func TestVaultWithRealFilesystem(t *testing.T) {
|
||||
t.Fatalf("Failed to get vault directory: %v", err)
|
||||
}
|
||||
|
||||
// Verify the currentvault file exists and contains the right relative path
|
||||
// Verify the currentvault file exists and contains just the vault name
|
||||
currentVaultPath := filepath.Join(stateDir, "currentvault")
|
||||
currentVaultContents, err := os.ReadFile(currentVaultPath)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to read currentvault file: %v", err)
|
||||
}
|
||||
|
||||
expectedRelativePath := "vaults.d/test-vault"
|
||||
if string(currentVaultContents) != expectedRelativePath {
|
||||
t.Errorf("Expected currentvault to contain %q, got %q", expectedRelativePath, string(currentVaultContents))
|
||||
expectedVaultName := "test-vault"
|
||||
if string(currentVaultContents) != expectedVaultName {
|
||||
t.Errorf("Expected currentvault to contain %q, got %q", expectedVaultName, string(currentVaultContents))
|
||||
}
|
||||
|
||||
// Test that ResolveVaultSymlink correctly resolves the path
|
||||
|
||||
@@ -33,7 +33,7 @@ func isValidVaultName(name string) bool {
|
||||
}
|
||||
|
||||
// ResolveVaultSymlink reads the currentvault file to get the path to the current vault
|
||||
// The file contains a relative path to the vault directory
|
||||
// The file contains just the vault name (e.g., "default")
|
||||
func ResolveVaultSymlink(fs afero.Fs, currentVaultPath string) (string, error) {
|
||||
secret.Debug("resolveVaultSymlink starting", "path", currentVaultPath)
|
||||
|
||||
@@ -44,13 +44,13 @@ func ResolveVaultSymlink(fs afero.Fs, currentVaultPath string) (string, error) {
|
||||
return "", fmt.Errorf("failed to read currentvault file: %w", err)
|
||||
}
|
||||
|
||||
// The file contains a relative path like "vaults.d/default"
|
||||
relativePath := strings.TrimSpace(string(fileData))
|
||||
secret.Debug("Read relative path from file", "relative_path", relativePath)
|
||||
// The file contains just the vault name like "default"
|
||||
vaultName := strings.TrimSpace(string(fileData))
|
||||
secret.Debug("Read vault name from file", "vault_name", vaultName)
|
||||
|
||||
// Resolve to absolute path relative to the state directory
|
||||
// Resolve to absolute path: stateDir/vaults.d/vaultName
|
||||
stateDir := filepath.Dir(currentVaultPath)
|
||||
absolutePath := filepath.Join(stateDir, relativePath)
|
||||
absolutePath := filepath.Join(stateDir, "vaults.d", vaultName)
|
||||
|
||||
secret.Debug("Resolved to absolute path", "absolute_path", absolutePath)
|
||||
|
||||
@@ -256,9 +256,8 @@ func SelectVault(fs afero.Fs, stateDir string, name string) error {
|
||||
return fmt.Errorf("vault %s does not exist", name)
|
||||
}
|
||||
|
||||
// Create or update the currentvault file with the relative path
|
||||
// Create or update the currentvault file with just the vault name
|
||||
currentVaultPath := filepath.Join(stateDir, "currentvault")
|
||||
relativePath := filepath.Join("vaults.d", name)
|
||||
|
||||
// Remove existing file if it exists
|
||||
if _, err := fs.Stat(currentVaultPath); err == nil {
|
||||
@@ -266,9 +265,9 @@ func SelectVault(fs afero.Fs, stateDir string, name string) error {
|
||||
_ = fs.Remove(currentVaultPath)
|
||||
}
|
||||
|
||||
// Write the relative path to the file
|
||||
secret.Debug("Writing currentvault file", "relative_path", relativePath)
|
||||
if err := afero.WriteFile(fs, currentVaultPath, []byte(relativePath), secret.FilePerms); err != nil {
|
||||
// Write just the vault name to the file
|
||||
secret.Debug("Writing currentvault file", "vault_name", name)
|
||||
if err := afero.WriteFile(fs, currentVaultPath, []byte(name), secret.FilePerms); err != nil {
|
||||
return fmt.Errorf("failed to select vault: %w", err)
|
||||
}
|
||||
|
||||
|
||||
@@ -99,23 +99,23 @@ func (v *Vault) GetCurrentUnlocker() (secret.Unlocker, error) {
|
||||
}
|
||||
|
||||
// resolveUnlockerDirectory reads the current-unlocker file to get the unlocker directory path
|
||||
// The file contains a relative path to the unlocker directory
|
||||
// The file contains just the unlocker name (e.g., "passphrase")
|
||||
func (v *Vault) resolveUnlockerDirectory(currentUnlockerPath string) (string, error) {
|
||||
secret.Debug("Reading current-unlocker file", "path", currentUnlockerPath)
|
||||
|
||||
unlockerDirBytes, err := afero.ReadFile(v.fs, currentUnlockerPath)
|
||||
unlockerNameBytes, err := afero.ReadFile(v.fs, currentUnlockerPath)
|
||||
if err != nil {
|
||||
secret.Debug("Failed to read current-unlocker file", "error", err, "path", currentUnlockerPath)
|
||||
|
||||
return "", fmt.Errorf("failed to read current unlocker: %w", err)
|
||||
}
|
||||
|
||||
relativePath := strings.TrimSpace(string(unlockerDirBytes))
|
||||
secret.Debug("Read relative path from file", "relative_path", relativePath)
|
||||
unlockerName := strings.TrimSpace(string(unlockerNameBytes))
|
||||
secret.Debug("Read unlocker name from file", "unlocker_name", unlockerName)
|
||||
|
||||
// Resolve to absolute path relative to the vault directory
|
||||
// Resolve to absolute path: vaultDir/unlockers.d/unlockerName
|
||||
vaultDir := filepath.Dir(currentUnlockerPath)
|
||||
absolutePath := filepath.Join(vaultDir, relativePath)
|
||||
absolutePath := filepath.Join(vaultDir, "unlockers.d", unlockerName)
|
||||
|
||||
secret.Debug("Resolved to absolute path", "absolute_path", absolutePath)
|
||||
|
||||
@@ -277,7 +277,7 @@ func (v *Vault) SelectUnlocker(unlockerID string) error {
|
||||
return fmt.Errorf("unlocker with ID %s not found", unlockerID)
|
||||
}
|
||||
|
||||
// Create/update current-unlocker file with relative path
|
||||
// Create/update current-unlocker file with just the unlocker name
|
||||
currentUnlockerPath := filepath.Join(vaultDir, "current-unlocker")
|
||||
|
||||
// Remove existing file if it exists
|
||||
@@ -289,15 +289,12 @@ func (v *Vault) SelectUnlocker(unlockerID string) error {
|
||||
}
|
||||
}
|
||||
|
||||
// Compute relative path from vault directory to unlocker directory
|
||||
relativePath, err := filepath.Rel(vaultDir, targetUnlockerDir)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to compute relative path: %w", err)
|
||||
}
|
||||
// Get just the unlocker name (basename of the directory)
|
||||
unlockerName := filepath.Base(targetUnlockerDir)
|
||||
|
||||
// Write the relative path to the file
|
||||
secret.Debug("Writing current-unlocker file", "relative_path", relativePath)
|
||||
if err := afero.WriteFile(v.fs, currentUnlockerPath, []byte(relativePath), secret.FilePerms); err != nil {
|
||||
// Write just the unlocker name to the file
|
||||
secret.Debug("Writing current-unlocker file", "unlocker_name", unlockerName)
|
||||
if err := afero.WriteFile(v.fs, currentUnlockerPath, []byte(unlockerName), secret.FilePerms); err != nil {
|
||||
return fmt.Errorf("failed to create current-unlocker file: %w", err)
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user