diff --git a/main.go b/main.go index b805891a4..4ebf1aa6c 100644 --- a/main.go +++ b/main.go @@ -106,7 +106,6 @@ const ( const defaultDirMode = os.FileMode(0775) // subject to umask -// FIXME: should this carry SSH keys? if so, sub-structs? type credential struct { URL string `json:"url"` Username string `json:"username"` @@ -832,21 +831,27 @@ func main() { } } - if *flPassword != "" && *flPasswordFile != "" { - handleConfigError(log, true, "ERROR: only one of --password and --password-file may be specified") - } if *flUsername != "" { if *flPassword == "" && *flPasswordFile == "" { - handleConfigError(log, true, "ERROR: --password or --password-file must be set when --username is specified") + handleConfigError(log, true, "ERROR: --password or --password-file must be specified when --username is specified") + } + if *flPassword != "" && *flPasswordFile != "" { + handleConfigError(log, true, "ERROR: only one of --password and --password-file may be specified") + } + } else { + if *flPassword != "" { + handleConfigError(log, true, "ERROR: --password may only be specified when --username is specified") + } + if *flPasswordFile != "" { + handleConfigError(log, true, "ERROR: --password-file may only be specified when --username is specified") } } //FIXME: mutex wih flCredentials? - credentials := []credential{} if len(*flCredentials) > 0 { for _, cred := range *flCredentials { if cred.URL == "" { - //FIXME: can it default to --repo? + //FIXME: can it default to --repo? Then --username can be deprecated handleConfigError(log, true, "ERROR: --credential URL must be specified") } if cred.Username == "" { @@ -858,8 +863,6 @@ func main() { if cred.Password != "" && cred.PasswordFile != "" { handleConfigError(log, true, "ERROR: only one of --credential password and password-file may be specified") } - //FIXME: askpass for this purpose, too? - credentials = append(credentials, cred) } } @@ -919,6 +922,17 @@ func main() { absLink := makeAbsPath(*flLink, absRoot) absTouchFile := makeAbsPath(*flTouchFile, absRoot) + // Merge credential sources. + if *flUsername != "" { + cred := credential{ + URL: *flRepo, + Username: *flUsername, + Password: *flPassword, + PasswordFile: *flPasswordFile, + } + *flCredentials = append([]credential{cred}, (*flCredentials)...) + } + if *flAddUser { if err := addUser(); err != nil { log.Error(err, "ERROR: can't add user") @@ -965,19 +979,9 @@ func main() { os.Exit(1) } - // FIXME: merge into flCredentials - if *flUsername != "" { - if *flPasswordFile != "" { - passwordFileBytes, err := os.ReadFile(*flPasswordFile) - if err != nil { - log.Error(err, "can't read password file", "file", *flPasswordFile) - os.Exit(1) - } - *flPassword = string(passwordFileBytes) - } - } - //FIXME: merge - for _, cred := range credentials { + // Finish populating credentials. + for i := range *flCredentials { + cred := &(*flCredentials)[i] if cred.PasswordFile != "" { passwordFileBytes, err := os.ReadFile(cred.PasswordFile) if err != nil { @@ -1107,14 +1111,8 @@ func main() { // Craft a function that can be called to refresh credentials when needed. refreshCreds := func(ctx context.Context) error { - //FIXME: still mutually exclusive? // These should all be mutually-exclusive configs. - if *flUsername != "" { - if err := git.StoreCredentials(ctx, git.repo, *flUsername, *flPassword); err != nil { - return err - } - } - for _, cred := range credentials { + for _, cred := range *flCredentials { if err := git.StoreCredentials(ctx, cred.URL, cred.Username, cred.Password); err != nil { return err } @@ -1292,6 +1290,11 @@ func logSafeFlags() []string { arg := fl.Name val := fl.Value.String() + // Don't log empty values + if val == "" { + return + } + // Handle --password if arg == "password" { val = redactedString @@ -1302,11 +1305,14 @@ func logSafeFlags() []string { } // Handle --credential if arg == "credential" { - //FIXME: convert the flag to a []credential and blank fields here - } - // Don't log empty values - if val == "" { - return + slv := *(fl.Value.(*credentialSliceValue)) // make a copy + for i := range slv.value { + cred := &slv.value[i] + if cred.Password != "" { + cred.Password = redactedString + } + } + val = slv.String() } ret = append(ret, "--"+arg+"="+val)