[libvirt] [PATCH 2/4] virsh: secret: Allow getting secret's value without base64 encoding

Peter Krempa posted 4 patches 6 weeks ago

[libvirt] [PATCH 2/4] virsh: secret: Allow getting secret's value without base64 encoding

Posted by Peter Krempa 6 weeks ago
Users might want to get the raw value instead of dealing with base64
encoding. This might be useful for redirection to file and also for
simple human-readable secrets.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 docs/manpages/virsh.rst |  6 +++++-
 tools/virsh-secret.c    | 16 ++++++++++++++--
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index 03364684b5..fcc8ef6758 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -6586,11 +6586,15 @@ secret-get-value

 .. code-block::

-   secret-get-value secret
+   secret-get-value [--plain] secret

 Output the value associated with *secret* (specified by its UUID) to stdout,
 encoded using Base64.

+If the *--plain* flag is used the value is not base64 encoded, but rather
+printed raw. Note that unless virsh is started in quiet mode (*virsh -q*) it
+prints a newline at the end of the command. This newline is not part of the
+secret.

 secret-undefine
 ---------------
diff --git a/tools/virsh-secret.c b/tools/virsh-secret.c
index 9f64be6b14..6d95ed9d5d 100644
--- a/tools/virsh-secret.c
+++ b/tools/virsh-secret.c
@@ -303,6 +303,10 @@ static const vshCmdOptDef opts_secret_get_value[] = {
      .help = N_("secret UUID"),
      .completer = virshSecretUUIDCompleter,
     },
+    {.name = "plain",
+     .type = VSH_OT_BOOL,
+     .help = N_("get value without converting to base64")
+    },
     {.name = NULL}
 };

@@ -313,6 +317,7 @@ cmdSecretGetValue(vshControl *ctl, const vshCmd *cmd)
     VIR_AUTODISPOSE_STR base64 = NULL;
     unsigned char *value;
     size_t value_size;
+    bool plain = vshCommandOptBool(cmd, "plain");
     bool ret = false;

     secret = virshCommandOptSecret(ctl, cmd, NULL);
@@ -323,9 +328,16 @@ cmdSecretGetValue(vshControl *ctl, const vshCmd *cmd)
     if (value == NULL)
         goto cleanup;

-    base64 = g_base64_encode(value, value_size);
+    if (plain) {
+        if (fwrite(value, 1, value_size, stdout) != value_size) {
+            vshError(ctl, "failed to write secret");
+            goto cleanup;
+        }
+    } else {
+        base64 = g_base64_encode(value, value_size);

-    vshPrint(ctl, "%s", base64);
+        vshPrint(ctl, "%s", base64);
+    }
     ret = true;

  cleanup:
-- 
2.24.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 2/4] virsh: secret: Allow getting secret's value without base64 encoding

Posted by Daniel P. Berrangé 4 weeks ago
On Fri, Jan 10, 2020 at 04:42:42PM +0100, Peter Krempa wrote:
> Users might want to get the raw value instead of dealing with base64
> encoding. This might be useful for redirection to file and also for
> simple human-readable secrets.
> 
> Signed-off-by: Peter Krempa <pkrempa@redhat.com>
> ---
>  docs/manpages/virsh.rst |  6 +++++-
>  tools/virsh-secret.c    | 16 ++++++++++++++--
>  2 files changed, 19 insertions(+), 3 deletions(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|