secret/internal/cli/version.go

package cli

import (
	"fmt"
	"os"
	"path/filepath"
	"strings"
	"text/tabwriter"

	"git.eeqj.de/sneak/secret/internal/secret"
	"git.eeqj.de/sneak/secret/internal/vault"
	"github.com/spf13/afero"
	"github.com/spf13/cobra"
)

// newVersionCmd returns the version management command
func newVersionCmd() *cobra.Command {
	cli := NewCLIInstance()
	return VersionCommands(cli)
}

// VersionCommands returns the version management commands
func VersionCommands(cli *CLIInstance) *cobra.Command {
	versionCmd := &cobra.Command{
		Use:   "version",
		Short: "Manage secret versions",
		Long:  "Commands for managing secret versions including listing, promoting, and retrieving specific versions",
	}

	// List versions command
	listCmd := &cobra.Command{
		Use:   "list <secret-name>",
		Short: "List all versions of a secret",
		Args:  cobra.ExactArgs(1),
		RunE: func(cmd *cobra.Command, args []string) error {
			return cli.ListVersions(args[0])
		},
	}

	// Promote version command
	promoteCmd := &cobra.Command{
		Use:   "promote <secret-name> <version>",
		Short: "Promote a specific version to current",
		Long:  "Updates the current symlink to point to the specified version without modifying timestamps",
		Args:  cobra.ExactArgs(2),
		RunE: func(cmd *cobra.Command, args []string) error {
			return cli.PromoteVersion(args[0], args[1])
		},
	}

	versionCmd.AddCommand(listCmd, promoteCmd)
	return versionCmd
}

// ListVersions lists all versions of a secret
func (cli *CLIInstance) ListVersions(secretName string) error {
	secret.Debug("Listing versions for secret", "secret_name", secretName)

	// Get current vault
	vlt, err := vault.GetCurrentVault(cli.fs, cli.stateDir)
	if err != nil {
		return fmt.Errorf("failed to get current vault: %w", err)
	}

	// Get vault directory
	vaultDir, err := vlt.GetDirectory()
	if err != nil {
		return fmt.Errorf("failed to get vault directory: %w", err)
	}

	// Convert secret name to storage name
	storageName := strings.ReplaceAll(secretName, "/", "%")
	secretDir := filepath.Join(vaultDir, "secrets.d", storageName)

	// Check if secret exists
	exists, err := afero.DirExists(cli.fs, secretDir)
	if err != nil {
		return fmt.Errorf("failed to check if secret exists: %w", err)
	}
	if !exists {
		return fmt.Errorf("secret %s not found", secretName)
	}

	// Get all versions
	versions, err := secret.ListVersions(cli.fs, secretDir)
	if err != nil {
		return fmt.Errorf("failed to list versions: %w", err)
	}

	if len(versions) == 0 {
		fmt.Println("No versions found")
		return nil
	}

	// Get current version
	currentVersion, err := secret.GetCurrentVersion(cli.fs, secretDir)
	if err != nil {
		secret.Debug("Failed to get current version", "error", err)
		currentVersion = ""
	}

	// Get long-term key for decrypting metadata
	ltIdentity, err := vlt.GetOrDeriveLongTermKey()
	if err != nil {
		return fmt.Errorf("failed to get long-term key: %w", err)
	}

	// Create table writer
	w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
	fmt.Fprintln(w, "VERSION\tCREATED\tSTATUS\tNOT_BEFORE\tNOT_AFTER")

	// Load and display each version's metadata
	for _, version := range versions {
		sv := secret.NewSecretVersion(vlt, secretName, version)

		// Load metadata
		if err := sv.LoadMetadata(ltIdentity); err != nil {
			secret.Debug("Failed to load version metadata", "version", version, "error", err)
			// Display version with error
			status := "error"
			if version == currentVersion {
				status = "current (error)"
			}
			fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\n", version, "-", status, "-", "-")
			continue
		}

		// Determine status
		status := "expired"
		if version == currentVersion {
			status = "current"
		}

		// Format timestamps
		createdAt := "-"
		if sv.Metadata.CreatedAt != nil {
			createdAt = sv.Metadata.CreatedAt.Format("2006-01-02 15:04:05")
		}

		notBefore := "-"
		if sv.Metadata.NotBefore != nil {
			notBefore = sv.Metadata.NotBefore.Format("2006-01-02 15:04:05")
		}

		notAfter := "-"
		if sv.Metadata.NotAfter != nil {
			notAfter = sv.Metadata.NotAfter.Format("2006-01-02 15:04:05")
		}

		fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\n", version, createdAt, status, notBefore, notAfter)
	}

	w.Flush()
	return nil
}

// PromoteVersion promotes a specific version to current
func (cli *CLIInstance) PromoteVersion(secretName string, version string) error {
	secret.Debug("Promoting version", "secret_name", secretName, "version", version)

	// Get current vault
	vlt, err := vault.GetCurrentVault(cli.fs, cli.stateDir)
	if err != nil {
		return fmt.Errorf("failed to get current vault: %w", err)
	}

	// Get vault directory
	vaultDir, err := vlt.GetDirectory()
	if err != nil {
		return fmt.Errorf("failed to get vault directory: %w", err)
	}

	// Convert secret name to storage name
	storageName := strings.ReplaceAll(secretName, "/", "%")
	secretDir := filepath.Join(vaultDir, "secrets.d", storageName)

	// Check if secret exists
	exists, err := afero.DirExists(cli.fs, secretDir)
	if err != nil {
		return fmt.Errorf("failed to check if secret exists: %w", err)
	}
	if !exists {
		return fmt.Errorf("secret %s not found", secretName)
	}

	// Check if version exists
	versionPath := filepath.Join(secretDir, "versions", version)
	exists, err = afero.DirExists(cli.fs, versionPath)
	if err != nil {
		return fmt.Errorf("failed to check if version exists: %w", err)
	}
	if !exists {
		return fmt.Errorf("version %s not found for secret %s", version, secretName)
	}

	// Update current symlink
	if err := secret.SetCurrentVersion(cli.fs, secretDir, version); err != nil {
		return fmt.Errorf("failed to promote version: %w", err)
	}

	fmt.Printf("Promoted version %s to current for secret '%s'\n", version, secretName)
	return nil
}