FEATURE: --creds can refer to a command line to execute in addition to a file or script (#1521)

* Allow commands for creds file & refactoring * Minor fix * Add shell command ability to docs Signed-off-by: Jan-Philipp Benecke <jan-philipp.benecke@jpbe.de> Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
2024-05-11 05:55:12 +00:00 · 2022-06-06 20:37:45 +02:00
parent 31a279b82c
commit cfa104858d
4 changed files with 45 additions and 22 deletions
--- a/docs/creds-json.md
+++ b/docs/creds-json.md
@@ -175,12 +175,29 @@ The `--creds` flag allows you to specify a different file name.

 * Normally the file is read as a JSON file.
 * Do not end the filename with `.yaml` or `.yml` as some day we hope to support YAML.
-* Rather than specifying a file, you can specify a program to be run. The output of the program must be valid JSON and will be read the same way.
-  * If the name begins with `!`, the remainder of the name is taken to be the command to be run.
+* Rather than specifying a file, you can specify a program or shell command to be run. The output of the program/command must be valid JSON and will be read the same way.
+  * If the name begins with `!`, the remainder of the name is taken to be a shell command or program to be run.
  * If the name is a file that is executable (chmod `+x` bit), it is taken as the command to be run.
  * Exceptions: The `x` bit is not checked if the filename ends with `.yaml`, `.yml` or `.json`.
  * Windows: Executing an external script isn't supported. There's no code that prevents it from trying, but it isn't supported.

+### Example commands
+
+Following commands would execute a program/script:
+``` bash
+dnscontrol preview --creds !./creds.sh
+dnscontrol preview --creds ./creds.sh
+dnscontrol preview --creds creds.sh
+dnscontrol preview --creds !creds.sh
+dnscontrol preview --creds !/some/absolute/path/creds.sh
+dnscontrol preview --creds /some/absolute/path/creds.sh
+```
+
+Following commands would execute a shell command:
+``` bash
+dnscontrol preview --creds "!op inject -i creds.json.tpl"
+```
+
 ## Don't store secrets in a Git repo!

 Do NOT store secrets in a Git repository. That is not secure. For example,
--- a/go.mod
+++ b/go.mod
@@ -60,6 +60,8 @@ require (
 	gopkg.in/yaml.v2 v2.4.0
 )

+require github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
+
 require (
 	cloud.google.com/go/compute v1.6.1 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
--- a/go.sum
+++ b/go.sum
@@ -320,6 +320,8 @@ github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
+github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
--- a/pkg/credsfile/providerConfig.go
+++ b/pkg/credsfile/providerConfig.go
@@ -6,6 +6,7 @@ package credsfile

 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"os"
 	"os/exec"
@@ -14,6 +15,7 @@ import (

 	"github.com/DisposaBoy/JsonConfigReader"
 	"github.com/TomOnTime/utfutil"
+	"github.com/google/shlex"
 )

 func quotedList(l []string) string {
@@ -39,24 +41,14 @@ func LoadProviderConfigs(fname string) (map[string]map[string]string, error) {

 	var dat []byte
 	var err error
+	filesIsExecutable := strings.HasPrefix(fname, "!") || isExecutable(fname)

-	if strings.HasPrefix(fname, "!") {
+	if filesIsExecutable && !strings.HasSuffix(fname, ".json") {
+		// file is executable and is not a .json (needed because in Windows WSL all files are executable).
 		dat, err = executeCredsFile(strings.TrimPrefix(fname, "!"))
 		if err != nil {
 			return nil, err
 		}
-	} else if strings.HasSuffix(fname, ".json") {
-		// .json files are never executable (needed because in Windows WSL
-		// all files are executable).
-		dat, err = readCredsFile(fname)
-		if err != nil {
-			return nil, err
-		}
-	} else if isExecutable(fname) {
-		dat, err = executeCredsFile(fname)
-		if err != nil {
-			return nil, err
-		}
 	} else {
 		// no executable bit found nor marked as executable so read it in
 		dat, err = readCredsFile(fname)
@@ -111,13 +103,23 @@ func readCredsFile(filename string) ([]byte, error) {
 }

 func executeCredsFile(filename string) ([]byte, error) {
-	cmd := filename
-	if !strings.HasPrefix(filename, "/") {
-		// if the path doesn't start with `/` make sure we aren't relying on $PATH.
-		cmd = strings.Join([]string{".", filename}, string(filepath.Separator))
+	cmd, err := shlex.Split(filename)
+	if err != nil {
+		return nil, err
 	}
-	out, err := exec.Command(cmd).Output()
-	return out, err
+	command := cmd[0]
+
+	// check if this is a file and not a command when there is no leading /
+	if fileExists(command) && !strings.HasPrefix(command, "/") {
+		command = strings.Join([]string{".", command}, string(filepath.Separator))
+	}
+
+	return exec.Command(command, cmd[1:]...).Output()
+}
+
+func fileExists(filename string) bool {
+	_, err := os.Stat(filename)
+	return !errors.Is(err, os.ErrNotExist)
 }

 func replaceEnvVars(m map[string]map[string]string) error {