CLI - credsmash put will only auto-increment a secret if the value …

…has changed. You can avoid this behaviour by using `--version`, or `--no-compare`.
3stack-software · Oct 3, 2016 · c7a9fb4 · c7a9fb4
1 parent 081ae66
commit c7a9fb4
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 4 deletions.
diff --git a/HISTORY.md b/HISTORY.md
@@ -137,3 +137,6 @@
    option_1 = a
    option_2 = b
    ```
+
+ - By default `credsmash put` will check if the value of a secret has changed. Use `--version` or `--no-compare` to
+   avoid this comparison.
diff --git a/credsmash/api/put.py b/credsmash/api/put.py
@@ -1,12 +1,16 @@
 from __future__ import absolute_import, division, print_function, unicode_literals
 
+import logging
 
-from credsmash.crypto import seal_secret, ALGO_AES_CTR
+from credsmash.crypto import seal_secret, open_secret, ALGO_AES_CTR
+
+logger = logging.getLogger(__name__)
 
 
 def put_secret(
         storage_service, key_service, secret_name,
-        plaintext, version=None, algorithm=ALGO_AES_CTR, **seal_kwargs
+        plaintext, version=None, compare=True,
+        algorithm=ALGO_AES_CTR, **seal_kwargs
 ):
     sealed = seal_secret(
         key_service,
@@ -21,6 +25,11 @@ def put_secret(
         version = 1
         if latest_secret:
             version += latest_secret['version']
+            if compare:
+                latest_plaintext = open_secret(key_service, latest_secret)
+                if plaintext == latest_plaintext:
+                    logger.debug('secret "%s" is unchanged', secret_name)
+                    return latest_secret['version']
 
     storage_service.put_one(secret_name, version, sealed)
     return version
diff --git a/credsmash/cli.py b/credsmash/cli.py
@@ -340,8 +340,10 @@ def cmd_find_many(ctx, pattern, destination, fmt=None):
 @click.argument('source', type=click.File('rb'))
 @click.option('-f', '--format', 'fmt', default=None)
 @click.option('--version', '-v', default=None, type=click.INT)
+@click.option('--compare/--no-compare', default=True,
+              help="Compare with the latest value, and skip if unchanged.")
 @click.pass_context
-def cmd_put_one(ctx, secret_name, source, fmt=None, version=None):
+def cmd_put_one(ctx, secret_name, source, fmt=None, version=None, compare=True):
     """
     Store a secret
     """
@@ -355,6 +357,7 @@ def cmd_put_one(ctx, secret_name, source, fmt=None, version=None):
         secret_name,
         secret_value,
         version=version,
+        compare=compare,
         algorithm=ctx.obj.algorithm,
         **ctx.obj.algorithm_options
     )
@@ -366,8 +369,10 @@ def cmd_put_one(ctx, secret_name, source, fmt=None, version=None):
 @main.command('put-many')
 @click.argument('source', type=click.File('rb'))
 @click.option('-f', '--format', 'fmt', default=None)
+@click.option('--compare/--no-compare', default=True,
+              help="Compare with the latest value, and skip if unchanged.")
 @click.pass_context
-def cmd_put_many(ctx, source, fmt):
+def cmd_put_many(ctx, source, fmt, compare=True):
     """
     Store many secrets
     """
@@ -382,6 +387,7 @@ def cmd_put_many(ctx, source, fmt):
             secret_name,
             secret_value,
             version=None,
+            compare=compare,
             algorithm=ctx.obj.algorithm,
             **ctx.obj.algorithm_options
         )