AWS polish

pkg/secrethub/client.go

@@ -4,6 +4,7 @@ import (
 	"github.com/secrethub/secrethub-go/internals/api"
 	"github.com/secrethub/secrethub-go/internals/crypto"
 	"github.com/secrethub/secrethub-go/internals/errio"
+	"github.com/secrethub/secrethub-go/pkg/secrethub/configdir"
 	"github.com/secrethub/secrethub-go/pkg/secrethub/credentials"
 	"github.com/secrethub/secrethub-go/pkg/secrethub/internals/http"
 )
@@ -47,7 +48,8 @@ type Client struct {
 	// These are cached
 	repoIndexKeys map[api.RepoPath]*crypto.SymmetricKey
 
-	appInfo *AppInfo
+	appInfo   *AppInfo
+	ConfigDir *configdir.Dir
 }
 
 // AppInfo contains information about the application that is using the SecretHub client.
@@ -80,6 +82,7 @@ func NewClient(with ...ClientOption) (*Client, error) {
 	client := &Client{
 		httpClient:    http.NewClient(),
 		repoIndexKeys: make(map[api.RepoPath]*crypto.SymmetricKey),
+		ConfigDir:     &configdir.Dir{},
 	}
 	for _, option := range with {
 		err := option(client)
@@ -88,6 +91,15 @@ func NewClient(with ...ClientOption) (*Client, error) {
 		}
 	}
 
+	// ConfigDir should be fully initialized before loading any default credentials.
+	if client.ConfigDir == nil {
+		configDir, err := configdir.Default()
+		if err != nil {
+			return nil, err
+		}
+		client.ConfigDir = configDir
+	}
+
 	// Try to use default key credentials if none provided explicitly
 	if client.decrypter == nil {
 		err := WithCredentials(credentials.UseKey(nil, nil))(client)

pkg/secrethub/client_options.go

@@ -5,6 +5,7 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/secrethub/secrethub-go/pkg/secrethub/configdir"
 	"github.com/secrethub/secrethub-go/pkg/secrethub/credentials"
 	httpclient "github.com/secrethub/secrethub-go/pkg/secrethub/internals/http"
 )
@@ -47,6 +48,13 @@ func WithAppInfo(appInfo *AppInfo) ClientOption {
 	}
 }
 
+func WithConfigDir(configDir configdir.Dir) ClientOption {
+	return func(c *Client) error {
+		c.ConfigDir = &configDir
+		return nil
+	}
+}
+
 // WithCredentials sets the credential to be used for authenticating to the API and decrypting the account key.
 func WithCredentials(provider credentials.Provider) ClientOption {
 	return func(c *Client) error {

pkg/secrethub/configdir/dir.go

@@ -0,0 +1,71 @@
+package configdir
+
+import (
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	"github.com/mitchellh/go-homedir"
+)
+
+type Dir struct {
+	Path string
+}
+
+func Default() (*Dir, error) {
+	// TODO: move to constant?
+	envDir := os.Getenv("SECRETHUB_CONFIG_DIR")
+	if envDir != "" {
+		return &Dir{
+			Path: envDir,
+		}, nil
+	}
+
+	homeDir, err := homedir.Dir()
+	if err != nil {
+		return &Dir{}, fmt.Errorf("cannot get home directory: %v", err)
+	}
+	return &Dir{
+		Path: filepath.Join(homeDir, ".secrethub"),
+	}, nil
+}
+
+func (c Dir) Credential() *CredentialFile {
+	return &CredentialFile{
+		Path: filepath.Join(c.Path, "credential"),
+	}
+}
+
+type CredentialFile struct {
+	Path string
+}
+
+func (f *CredentialFile) Write(p []byte) error {
+	// TOOD: correct permission?
+	err := os.MkdirAll(filepath.Dir(f.Path), 0600)
+	if err != nil {
+		return err
+	}
+	// TOOD: correct permission?
+	return ioutil.WriteFile(f.Path, p, 0600)
+}
+
+func (f *CredentialFile) Exists() bool {
+	if _, err := os.Stat(f.Path); os.IsNotExist(err) {
+		return false
+	}
+	return true
+}
+
+func (f *CredentialFile) Read() ([]byte, error) {
+	file, err := os.Open(f.Path)
+	if os.IsNotExist(err) {
+		// TOOD: return more usable error
+		return nil, errors.New("credential not found. Please signup first")
+	} else if err != nil {
+		return nil, err
+	}
+	return ioutil.ReadAll(file)
+}