Various Refactorings (#1002)

* Minor refactorings

Signed-off-by: Volkan Ozcelik <[email protected]>

* Fixed unit tests.

Signed-off-by: Volkan Ozcelik <[email protected]>

* Add version number to docs.

Signed-off-by: Volkan Ozcelik <[email protected]>

* Minor change.

Signed-off-by: Volkan Ozcelik <[email protected]>

* Doc update.

Signed-off-by: Volkan Ozcelik <[email protected]>

* Inline comment update

Signed-off-by: Volkan Ozcelik <[email protected]>

* Add newline

Signed-off-by: Volkan Ozcelik <[email protected]>

---------

Signed-off-by: Volkan Ozcelik <[email protected]>

app/safe/internal/state/io/disk.go

@@ -18,7 +18,6 @@ import (
 	"path"
 	"strconv"
 	"sync"
-	"time"
 
 	"github.com/pkg/errors"
 
@@ -77,14 +76,14 @@ func PersistToDisk(secret entity.SecretStored, errChan chan<- error) {
 	// Save the secret
 	dataPath := path.Join(env.DataPathForSafe(), secret.Name+".age")
 
-	err := saveSecretToDisk(secret, dataPath)
+	err := backoff.RetryExponential("PersistToDisk", func() error {
+		return saveSecretToDisk(secret, dataPath)
+	})
+
 	if err != nil {
-		// Retry once more.
-		time.Sleep(500 * time.Millisecond)
-		err := saveSecretToDisk(secret, dataPath)
-		if err != nil {
-			errChan <- err
-		}
+		errChan <- err
+		// Do not proceed, since the primary save was not successful.
+		return
 	}
 
 	lastBackupIndexLock.Lock()
@@ -103,9 +102,10 @@ func PersistToDisk(secret entity.SecretStored, errChan chan<- error) {
 		secret.Name+"-"+strconv.Itoa(int(newIndex))+"-"+".age.backup",
 	)
 
-	err = backoff.RetryExponential("PersistToDisk", func() error {
-		return saveSecretToDisk(secret, dataPath)
-	})
+	err = backoff.RetryExponential(
+		"PersistBackupToDisk", func() error {
+			return saveSecretToDisk(secret, dataPath)
+		})
 
 	if err != nil {
 		errChan <- err

core/crypto/value.go

@@ -26,7 +26,7 @@ import "github.com/pkg/errors"
 //
 // Example Usage:
 //
-//	result, _ := Generate(`foo[\w]{8}bar`)
+//	result, _ := Generate(`football[\w]{8}bartender`)
 //	log.Printf("result0=%v", result)
 //	result, _ = Generate(`admin[a-z0-9]{3}`)
 //	log.Printf("result1=%v", result)
@@ -38,20 +38,20 @@ import "github.com/pkg/errors"
 //	log.Printf("result3=%v", result)
 //	result, err := Generate(`pass[z-a]{8}`)
 //	log.Printf("result4=%v; err=%v", result, err)
-//	result, _ = Generate(`foo[\d]{8}bar`)
+//	result, _ = Generate(`football[\d]{8}bartender`)
 //	log.Printf("result5=%v", result)
-//	result, _ = Generate(`foo[\symbol]{4}`)
+//	result, _ = Generate(`football[\symbol]{4}`)
 //	log.Printf("result5=%v", result)
 //
 // Example Output:
 //
-//	2024/01/04 06:37:30 result0=foo{A?1o!u9bar
+//	2024/01/04 06:37:30 result0=football{A?1o!u9bartender
 //	2024/01/04 06:37:30 result1=admin7sg
 //	2024/01/04 06:37:30 result1=adminsw8something^5^
 //	2024/01/04 06:37:30 result2=passqWv04txU5sKs
 //	2024/01/04 06:37:30 result3=passlRxDTdMz
 //	2024/01/04 06:37:30 result4=; err=invalid range specified: z-a
-//	2024/01/04 06:37:30 result5=foo73579557bar
+//	2024/01/04 06:37:30 result5=football73579557bartender
 func GenerateValue(template string) (string, error) {
 	result := template
 

core/crypto/value_test.go

@@ -25,15 +25,15 @@ func TestGenerateValue(t *testing.T) {
 		{
 			name: "Success case for alphanumeric",
 			args: args{
-				template: `foo[\w]{8}bar`,
+				template: `football[\w]{8}bartender`,
 			},
 			wantErr:     false,
 			errorOutput: "",
 		},
 		{
 			name: "Success case for alphanumeric and symbol",
 			args: args{
-				template: `foo[\x]{4}bar`,
+				template: `football[\x]{4}bartender`,
 			},
 			wantErr:     false,
 			errorOutput: "",

core/template/filter.go

@@ -0,0 +1,50 @@
+/*
+|    Protect your secrets, protect your sensitive data.
+:    Explore VMware Secrets Manager docs at https://vsecm.com/
+</
+<>/  keep your secrets... secret
+>/
+<>/' Copyright 2023-present VMware Secrets Manager contributors.
+>/'  SPDX-License-Identifier: BSD-2-Clause
+*/
+
+package template
+
+import "strings"
+
+const separator = ","
+const delimiter = ":"
+
+// empty is a constant string representing an empty value.
+// This value is generated by the go templating engine
+// when a key-value pair has no value. Don't change this value.
+const empty = "<no value>"
+
+// removeKeyValueWithNoValue takes an input string containing key-value pairs
+// and filters out pairs where the value is "<no value>". It splits the input
+// string into key-value pairs, iterates through them, and retains only the
+// pairs with values that are not equal to "<no value>".
+// The function then joins the filtered pairs back into a string and returns the
+// resulting string. This function effectively removes key-value pairs with
+// "<no value>" from the input string. Helpful for data cleaning and filtering
+// when you want to omit certain key/value pairs from a template.
+func removeKeyValueWithNoValue(input string) string {
+	// Split the input string into key-value pairs
+	pairs := strings.Split(input, separator)
+
+	// Initialize a slice to store the filtered pairs
+	var filteredPairs []string
+
+	for _, pair := range pairs {
+		keyValue := strings.SplitN(pair, delimiter, 2)
+		if len(keyValue) == 2 && keyValue[1] != empty {
+			// Add the pair to the filtered pairs if the value is not
+			// "<no value>"
+			filteredPairs = append(filteredPairs, pair)
+		}
+	}
+
+	// Join the filtered pairs back into a string
+	result := strings.Join(filteredPairs, ",")
+	return result
+}

core/template/template.go

@@ -13,7 +13,6 @@ package template
 import (
 	"bytes"
 	"encoding/json"
-	"strings"
 	"text/template"
 
 	"gopkg.in/yaml.v3"
@@ -85,32 +84,3 @@ func TryParse(tmpStr, jason string) string {
 
 	return removeKeyValueWithNoValue(tpl.String())
 }
-
-// removeKeyValueWithNoValue takes an input string containing key-value pairs
-// and filters out pairs where the value is "<no value>". It splits the input
-// string into key-value pairs, iterates through them, and retains only the
-// pairs with values that are not equal to "<no value>".
-// The function then joins the filtered pairs back into a string and returns the
-// resulting string. This function effectively removes key-value pairs with
-// "<no value>" from the input string. Helpful when key-val pairs in template
-// differs from the contents of the secret.
-func removeKeyValueWithNoValue(input string) string {
-	// Split the input string into key-value pairs
-	pairs := strings.Split(input, ",")
-
-	// Initialize a slice to store the filtered pairs
-	var filteredPairs []string
-
-	for _, pair := range pairs {
-		keyValue := strings.SplitN(pair, ":", 2)
-		if len(keyValue) == 2 && keyValue[1] != "<no value>" {
-			// Add the pair to the filtered pairs if the value is not
-			// "<no value>"
-			filteredPairs = append(filteredPairs, pair)
-		}
-	}
-
-	// Join the filtered pairs back into a string
-	result := strings.Join(filteredPairs, ",")
-	return result
-}

docs/config.toml

@@ -22,3 +22,4 @@ smart_punctuation = true
 
 [extra]
 author = "VMware Secrets Manager Contributors"
+version = "0.25.4"

docs/content/documentation/usage/cli.md

@@ -482,7 +482,7 @@ the output of `kubectl exec $SENTINEL -n vsecm-system -- safe -l -e`.
 **VSecM Sentinel** can generate random secrets based on a pattern. Here are
 some of the patterns that you can use:
 
-* `foo[\w]{8}bar`: will generate a random string that starts with `foo`,
+* `footballt[\w]{8}bar`: will generate a random string that starts with `football`,
   ends with `bar`, and has 8 characters in between.
 * `admin[a-z0-9]{3}`: will generate a random string that starts with `admin`,
   and has 3 characters in between, which can be either lowercase letters or
@@ -493,7 +493,7 @@ some of the patterns that you can use:
 * `pass[a-zA-Z0-9]{12}`: will generate a random string that starts with `pass`,
   and has 12 characters in between, which can be either lowercase letters,
   uppercase letters, or numbers.
-* `foo[\d]{8}bar`: will generate a random string that starts with `foo`,
+* `football[\d]{8}bar`: will generate a random string that starts with `football`,
   ends with `bar`, and has 8 digits in between.
 
 To use these patterns, simply prefix the `-v` flag with `gen:` (*or
@@ -503,7 +503,7 @@ to override it*) as follows:
 ```bash
 kubectl exec "$SENTINEL" -n vsecm-system -- safe \
   -w "example" \
-  -s "gen:foo[\w]{8}bar"
+  -s "gen:football[\w]{8}bartender"
 # The secret will be randomized based on the pattern above.  
 
 ```

docs/templates/index.html

@@ -17,6 +17,7 @@
                 <a class="header__logo white" href="{{ config.base_url }}" style="font-weight:100;color:#95e3fc;">
                     <img src="{{ get_url(path="vsecm-64.png") }}" alt="VSecM" style="vertical-align:middle">
                     VMware Secrets Manager
+                    <em style="font-size:0.62em;color:#ffffff">v{{ config.extra.version }}</em>
                 </a>
                 <a class="white" href="{{ get_url(path="@/documentation/_index.md") }}" class="nav-link">
                 <svg

sdk/sentry/fetch.go

@@ -46,7 +46,7 @@ func Fetch() (reqres.SecretFetchResponse, error) {
 
 	cid, _ := crypto.RandomString(8)
 	if cid == "" {
-		cid = "VSECMSDK"
+		panic("Unable to create a secure correlation id.")
 	}
 
 	var source *workloadapi.X509Source

sdk/sentry/watch.go

@@ -30,7 +30,7 @@ func Watch() {
 
 	cid, _ := crypto.RandomString(8)
 	if cid == "" {
-		cid = "VSECMSDK"
+		panic("Unable to create a secure correlation id.")
 	}
 
 	for {

sdk/startup/watch.go

@@ -38,7 +38,7 @@ func Watch(waitTimeBeforeExit time.Duration) {
 
 	cid, _ := crypto.RandomString(8)
 	if cid == "" {
-		cid = "VSECMSDK"
+		panic("Unable to create a secure correlation id.")
 	}
 
 	for {