URL / IP-based targeting

Targets can now be specified by URL. If you have multiple aliases for the same Vault (i.e. for specifying different auth parameters), you *must* use the aliases, since `safe` can't figure out which target you truly meant.
egen · Apr 3, 2018 · 36f3b24 · 36f3b24
1 parent 2896870
commit 36f3b24
Show file tree

Hide file tree

Showing 3 changed files with 77 additions and 10 deletions.
diff --git a/ci/release_notes.md b/ci/release_notes.md
@@ -2,3 +2,8 @@
 
 - `safe target` and `safe targets` now support a `--json` flag,
   for getting target information in a script-parseable format.
+
+- Targets can now be specified by URL.  If you have multiple
+  aliases for the same Vault (i.e. for specifying different auth
+  parameters), you *must* use the aliases, since `safe` can't
+  figure out which target you truly meant.
diff --git a/rc/config.go b/rc/config.go
@@ -154,14 +154,18 @@ func (c *Config) Apply(use string) error {
 }
 
 func (c *Config) SetCurrent(alias string, reskip bool) error {
-	if v, ok := c.Vaults[alias]; ok {
-		c.Current = alias
-		if reskip {
-			v.SkipVerify = true
-		}
-		return nil
+	v, ok, err := c.Find(alias)
+	if err != nil {
+		return err
+	}
+	if !ok {
+		return fmt.Errorf("Unknown target '%s'", alias)
 	}
-	return fmt.Errorf("Unknown target '%s'", alias)
+	c.Current = alias
+	if reskip {
+		v.SkipVerify = true
+	}
+	return nil
 }
 
 func (c *Config) SetTarget(alias, url string, skipverify bool) error {
@@ -204,6 +208,31 @@ func (c *Config) Verified() bool {
 	return false
 }
 
+func (c *Config) Find(alias string) (*Vault, bool, error) {
+	if v, ok := c.Vaults[alias]; ok {
+		return v, true, nil
+	}
+
+	var v *Vault
+	n := 0
+	want := strings.TrimSuffix(alias, "/")
+
+	for _, maybe := range c.Vaults {
+		if strings.TrimSuffix(maybe.URL, "/") == want {
+			n++
+			v = maybe
+		}
+	}
+	if n == 1 {
+		return v, true, nil
+	}
+	if n > 1 {
+		return nil, true, fmt.Errorf("More than one target for Vault at '%s' (maybe try an alias?)", alias)
+	}
+
+	return nil, false, nil
+}
+
 func (c *Config) Vault(which string) (*Vault, error) {
 	if which == "" {
 		which = c.Current
@@ -213,8 +242,12 @@ func (c *Config) Vault(which string) (*Vault, error) {
 		return nil, nil /* not an error */
 	}
 
-	if v, ok := c.Vaults[which]; ok {
-		return v, nil
+	v, ok, err := c.Find(which)
+	if err != nil {
+		return nil, err
+	}
+	if !ok {
+		return nil, fmt.Errorf("Current target '%s' not found in ~/.saferc", which)
 	}
-	return nil, fmt.Errorf("Current target vault '%s' not found in ~/.saferc", which)
+	return v, nil
 }
diff --git a/tests b/tests
@@ -295,6 +295,35 @@ for version in ${versions[@]}; do
   clearvault
 
 
+  ########    ###    ########   ######   ######## ########
+     ##      ## ##   ##     ## ##    ##  ##          ##
+     ##     ##   ##  ##     ## ##        ##          ##
+     ##    ##     ## ########  ##   #### ######      ##
+     ##    ######### ##   ##   ##    ##  ##          ##
+     ##    ##     ## ##    ##  ##    ##  ##          ##
+     ##    ##     ## ##     ##  ######   ########    ##
+
+  #######
+  testing $version targeting by ip
+  (run; ./safe target http://127.0.0.1:8199) ; exitok $? 0
+  (run; ./safe -T http://127.0.0.1:8199 env) ; exitok $? 0
+
+  testing $version targeting by alias
+  (run; ./safe target unit-tests)            ; exitok $? 0
+  (run; ./safe -T unit-tests env)            ; exitok $? 0
+
+  testing $version targeting a bad ip
+  (run; ./safe target http://127.0.0.1:8200) ; exitok $? 1
+  (run; ./safe -T http://127.0.0.1:8200 env) ; exitok $? 1
+
+  testing $version ambiguous targets
+  (run; ./safe target alternate \
+                      http://127.0.0.1:8199) ; exitok $? 0
+  (run; ./safe target http://127.0.0.1:8199) ; exitok $? 1
+  (run; ./safe -T http://127.0.0.1:8199 env) ; exitok $? 1
+  restart_vault_server
+
+
    ######  ##     ## ########  ##
   ##    ## ##     ## ##     ## ##
   ##       ##     ## ##     ## ##