adding validation webhook for controller. adding list command, git sy…

…nc, migrating project and a few bug fixes

.github/workflows/release.yml

@@ -46,13 +46,13 @@ jobs:
           tags: |
             ghcr.io/${{ github.repository }}:latest
             ghcr.io/${{ github.repository }}:${{ github.ref_name }}
-      - name: Release SLV K8s Contoller Image
+      - name: Release SLV K8s Operator Image
         uses: docker/build-push-action@v5
         with:
           platforms: linux/amd64,linux/arm64
-          file: k8s/Dockerfile
+          file: operator/Dockerfile
           context: .
           push: true
           tags: |
-            ghcr.io/${{ github.repository }}/slv-operator:latest
-            ghcr.io/${{ github.repository }}/slv-operator:${{ github.ref_name }}
+            ghcr.io/${{ github.repository }}/operator:latest
+            ghcr.io/${{ github.repository }}/operator:${{ github.ref_name }}

.gitignore

@@ -3,4 +3,4 @@ dist/
 .DS_Store
 slv-dev
 .vscode
-k8s/bin/*
+operator/bin/

.goreleaser.yml

@@ -4,7 +4,7 @@ builds:
     main: ./cli/main
     env:
       - CGO_ENABLED=0
-    ldflags: "-X github.com/amagimedia/slv.Version={{.Version}}"
+    ldflags: "-X savesecrets.org/slv.Version={{.Version}}"
     goarch:
       - amd64
       - arm64
@@ -14,10 +14,10 @@ builds:
       - windows
   - id: slv-operator
     binary: slv-operator
-    main: ./k8s/main
+    main: ./operator/cmd
     env:
       - CGO_ENABLED=0
-    ldflags: "-X github.com/amagimedia/slv.Version={{.Version}}"
+    ldflags: "-X savesecrets.org/slv.Version={{.Version}}"
     goarch:
       - amd64
       - arm64
@@ -40,8 +40,8 @@ nfpms:
   - builds:
       - slv
     vendor: Amagi Media Private Ltd.
-    homepage: https://github.com/amagimedia/slv
-    maintainer: Shibly Meeran <shibly.meeran@amagi.com>
+    homepage: https://savesecrets.org/slv
+    maintainer: Shibly Meeran <shibme@shib.me>
     formats:
       - apk
       - deb
@@ -50,14 +50,14 @@ brews:
   - ids:
       - slv
     name: slv
-    homepage: "https://github.com/amagimedia/slv"
+    homepage: "https://savesecrets.org/slv"
     commit_author:
       name: Shibly Meeran
       email: shibme@shib.me
     repository:
-      owner: amagimedia
+      owner: savesecrets
       name: homebrew-tap
       branch: main
       git:
-        url: 'git@github.com:amagimedia/homebrew-tap.git'
+        url: 'git@github.com:savesecrets/homebrew-tap.git'
         private_key: '{{ .Env.HOMEBREW_SSH_KEY }}'

README.md

@@ -8,6 +8,6 @@ SLV is designed based on the following **key principles**
  ## How to install
  SLV can be installed using brew using the following command
 ```zsh
-brew install amagimedia/tap/slv
+brew install savesecrets/tap/slv
 ```
-Alternatively, you can download the SLV binary from the [releases](https://github.com/amagimedia/slv-beta/releases/latest) page and add it to your path.
+Alternatively, you can download the SLV binary from the [releases](https://github.com/savesecrets/slv/releases/latest) page and add it to your path.

WORKFLOW.md

@@ -182,7 +182,7 @@ sequenceDiagram
 
 **Reading secrets from vault**
  - Service reads the secret from vault by specifying the secret name (foo) and the vault name (vault_abc)
- - SLV reads the environment secret key from cloud credential store (for service environemnts) or system keychain (for user machine) or simply from environment variable (SLV_SECRET_KEY)
+ - SLV reads the environment secret key from cloud credential store (for service environemnts) or system keychain (for user machine) or simply from environment variable (SLV_ENV_SECRET_KEY)
  - SLV reads the encrypted secret value (value of foo from the vaults file)
  - SLV attempts to unlock the vault with the secret key
  - If the given secret key has access to the vault, SLV decrypts and returns the secret
@@ -198,7 +198,7 @@ sequenceDiagram
 
     Note over Env,SecretKey: Reading secret from vault
     Env->>SLV: Read secret with a given name (foo)<br/> from the vault (vault_abc)
-    SecretKey-->>SLV: SLV reads the environment secret key <br/> from cloud credential store (for service environemnts) <br/> or system keychain (for user machine) <br/> or simply from environment variable (SLV_SECRET_KEY)
+    SecretKey-->>SLV: SLV reads the environment secret key <br/> from cloud credential store (for service environemnts) <br/> or system keychain (for user machine) <br/> or simply from environment variable (SLV_ENV_SECRET_KEY)
     Vault-->>SLV: SLV reads the encrypted secret value <br/> (value of foo from the vaults file)
     SLV-->>SLV: SLV attempts to unlock the vault with the secret key
     Note over Env,SLV: If the given secret key has access to the vault

cli/cli.go

@@ -3,8 +3,8 @@ package cli
 import (
 	"os"
 
-	"github.com/amagimedia/slv/cli/internal/commands"
-	"github.com/amagimedia/slv/core/environments/providers"
+	"savesecrets.org/slv/cli/internal/commands"
+	"savesecrets.org/slv/core/environments/providers"
 )
 
 func RunCLI() {

cli/internal/commands/commands.go

@@ -19,6 +19,8 @@ var (
 	profileNewCmd  *cobra.Command
 	profileListCmd *cobra.Command
 	profileSetCmd  *cobra.Command
+	profileDelCmd  *cobra.Command
+	profileSyncCmd *cobra.Command
 
 	// Environment Commands
 	envCmd     *cobra.Command
@@ -35,6 +37,7 @@ var (
 	secretCmd      *cobra.Command
 	secretPutCmd   *cobra.Command
 	secretGetCmd   *cobra.Command
+	secretListCmd  *cobra.Command
 	secretRefCmd   *cobra.Command
 	secretDerefCmd *cobra.Command
 )

cli/internal/commands/env.go

@@ -6,10 +6,10 @@ import (
 	"text/tabwriter"
 
 	"github.com/fatih/color"
-	"github.com/amagimedia/slv/core/crypto"
-	"github.com/amagimedia/slv/core/environments"
-	"github.com/amagimedia/slv/core/profiles"
 	"github.com/spf13/cobra"
+	"savesecrets.org/slv/core/crypto"
+	"savesecrets.org/slv/core/environments"
+	"savesecrets.org/slv/core/profiles"
 )
 
 func envCommand() *cobra.Command {
@@ -35,8 +35,8 @@ func showEnv(env environments.Environment, includeEDS bool) {
 	fmt.Fprintln(w, "Name:\t", env.Name)
 	fmt.Fprintln(w, "Email:\t", env.Email)
 	fmt.Fprintln(w, "Tags:\t", env.Tags)
-	if env.ProviderBinding != "" {
-		fmt.Fprintln(w, "Provider Binding:\t", env.ProviderBinding)
+	if env.SecretBinding != "" {
+		fmt.Fprintln(w, "Secret Binding:\t", env.SecretBinding)
 	}
 	if includeEDS {
 		if envDef, err := env.ToEnvData(); err == nil {
@@ -79,13 +79,12 @@ func envNewCommand() *cobra.Command {
 				fmt.Println("\nSecret Key:\t", color.HiBlackString(secretKey.String()))
 			}
 			addToProfileFlag, _ := cmd.Flags().GetBool(envAddFlag.name)
-			var prof *profiles.Profile
 			if addToProfileFlag {
-				prof, err = profiles.GetDefaultProfile()
+				profile, err := profiles.GetDefaultProfile()
 				if err != nil {
 					exitOnError(err)
 				}
-				err = prof.AddEnv(env)
+				err = profile.PutEnv(env)
 				if err != nil {
 					exitOnError(err)
 				}
@@ -115,26 +114,25 @@ func envListCommand() *cobra.Command {
 		Short: "Lists environments from profile",
 		Run: func(cmd *cobra.Command, args []string) {
 			profileName := cmd.Flag(profileNameFlag.name).Value.String()
-			var prof *profiles.Profile
+			var profile *profiles.Profile
 			var err error
 			if profileName != "" {
-				prof, err = profiles.Get(profileName)
+				profile, err = profiles.Get(profileName)
 			} else {
-				prof, err = profiles.GetDefaultProfile()
+				profile, err = profiles.GetDefaultProfile()
 			}
 			if err != nil {
 				exitOnError(err)
 			}
-			envManifest, err := prof.GetEnvManifest()
-			if err != nil {
-				exitOnError(err)
-			}
 			query := cmd.Flag(envSearchFlag.name).Value.String()
 			var envs []*environments.Environment
 			if query != "" {
-				envs = envManifest.SearchEnv(query)
+				envs, err = profile.SearchEnvs(query)
 			} else {
-				envs = envManifest.ListEnv()
+				envs, err = profile.ListEnvs()
+			}
+			if err != nil {
+				exitOnError(err)
 			}
 			for _, env := range envs {
 				showEnv(*env, false)

cli/internal/commands/flags.go

@@ -28,6 +28,16 @@ var (
 		usage:     "Profile name",
 	}
 
+	profileGitURI = FlagDef{
+		name:  "git-uri",
+		usage: "Profile git URI",
+	}
+
+	profileGitBranch = FlagDef{
+		name:  "git-branch",
+		usage: "Profile git branch",
+	}
+
 	profileEnvDefFlag = FlagDef{
 		name:      "env",
 		shorthand: "e",
@@ -131,6 +141,16 @@ var (
 		usage: "Replaces the secret if it exists already",
 	}
 
+	secretListFormatFlag = FlagDef{
+		name:  "format",
+		usage: "List secrets as one of [json, yaml, table, envars]. Defaults to table.",
+	}
+
+	secretEncodeBase64Flag = FlagDef{
+		name:  "base64",
+		usage: "Encode the returned secret as base64",
+	}
+
 	secretRefFileFlag = FlagDef{
 		name:      "file",
 		shorthand: "f",

cli/internal/commands/kms.go

@@ -3,9 +3,9 @@ package commands
 import (
 	"os"
 
-	"github.com/amagimedia/slv/core/environments"
-	"github.com/amagimedia/slv/core/profiles"
 	"github.com/spf13/cobra"
+	"savesecrets.org/slv/core/environments"
+	"savesecrets.org/slv/core/profiles"
 )
 
 func newKMSEnvCommand(kmsName, kmsProviderDesc string, keyIdFlag FlagDef) *cobra.Command {
@@ -39,13 +39,12 @@ func newKMSEnvCommand(kmsName, kmsProviderDesc string, keyIdFlag FlagDef) *cobra
 			env.AddTags(tags...)
 			showEnv(*env, true)
 			addToProfileFlag, _ := cmd.Flags().GetBool(envAddFlag.name)
-			var prof *profiles.Profile
 			if addToProfileFlag {
-				prof, err = profiles.GetDefaultProfile()
+				profile, err := profiles.GetDefaultProfile()
 				if err != nil {
 					exitOnError(err)
 				}
-				err = prof.AddEnv(env)
+				err = profile.PutEnv(env)
 				if err != nil {
 					exitOnError(err)
 				}

cli/internal/commands/profile.go

@@ -4,9 +4,9 @@ import (
 	"fmt"
 
 	"github.com/fatih/color"
-	"github.com/amagimedia/slv/core/environments"
-	"github.com/amagimedia/slv/core/profiles"
 	"github.com/spf13/cobra"
+	"savesecrets.org/slv/core/environments"
+	"savesecrets.org/slv/core/profiles"
 )
 
 func profileCommand() *cobra.Command {
@@ -25,6 +25,8 @@ func profileCommand() *cobra.Command {
 	profileCmd.AddCommand(profileDefaultCommand())
 	profileCmd.AddCommand(profileListCommand())
 	profileCmd.AddCommand(profileAddEnvCommand())
+	profileCmd.AddCommand(profileDeleteCommand())
+	profileCmd.AddCommand(profileSyncCommand())
 	return profileCmd
 }
 
@@ -37,7 +39,9 @@ func profileNewCommand() *cobra.Command {
 		Short: "Creates a new profile",
 		Run: func(cmd *cobra.Command, args []string) {
 			name, _ := cmd.Flags().GetString(profileNameFlag.name)
-			err := profiles.New(name)
+			gitURI, _ := cmd.Flags().GetString(profileGitURI.name)
+			gitBranch, _ := cmd.Flags().GetString(profileGitBranch.name)
+			err := profiles.New(name, gitURI, gitBranch)
 			if err == nil {
 				fmt.Println("Created profile: ", color.GreenString(name))
 				safeExit()
@@ -47,6 +51,8 @@ func profileNewCommand() *cobra.Command {
 		},
 	}
 	profileNewCmd.Flags().StringP(profileNameFlag.name, profileNameFlag.shorthand, "", profileNameFlag.usage)
+	profileNewCmd.Flags().StringP(profileGitURI.name, profileGitURI.shorthand, "", profileGitURI.usage)
+	profileNewCmd.Flags().StringP(profileGitBranch.name, profileGitBranch.shorthand, "", profileGitBranch.usage)
 	profileNewCmd.MarkFlagRequired(profileNameFlag.name)
 	return profileNewCmd
 }
@@ -120,11 +126,11 @@ func profileAddEnvCommand() *cobra.Command {
 				exitOnError(err)
 			}
 			profileName := cmd.Flag(profileNameFlag.name).Value.String()
-			var prof *profiles.Profile
+			var profile *profiles.Profile
 			if profileName != "" {
-				prof, err = profiles.Get(profileName)
+				profile, err = profiles.Get(profileName)
 			} else {
-				prof, err = profiles.GetDefaultProfile()
+				profile, err = profiles.GetDefaultProfile()
 			}
 			if err != nil {
 				exitOnError(err)
@@ -138,18 +144,18 @@ func profileAddEnvCommand() *cobra.Command {
 				var env *environments.Environment
 				if env, err = environments.FromEnvData(envdef); err == nil && env != nil {
 					if setAsRoot {
-						err = prof.SetRoot(env)
-						successMessage = fmt.Sprintf("Successfully set %s as root environment for profile %s", color.GreenString(env.Name), color.GreenString(prof.Name()))
+						err = profile.SetRoot(env)
+						successMessage = fmt.Sprintf("Successfully set %s as root environment for profile %s", color.GreenString(env.Name), color.GreenString(profile.Name()))
 					} else {
-						err = prof.AddEnv(env)
+						err = profile.PutEnv(env)
 					}
 				}
 				if err != nil {
 					exitOnError(err)
 				}
 			}
 			if successMessage == "" {
-				successMessage = fmt.Sprintf("Successfully added %d environments to profile %s", len(envdefs), color.GreenString(prof.Name()))
+				successMessage = fmt.Sprintf("Successfully added %d environments to profile %s", len(envdefs), color.GreenString(profile.Name()))
 			}
 			fmt.Println(successMessage)
 			safeExit()
@@ -161,3 +167,48 @@ func profileAddEnvCommand() *cobra.Command {
 	envAddCmd.MarkFlagRequired(profileEnvDefFlag.name)
 	return envAddCmd
 }
+
+func profileDeleteCommand() *cobra.Command {
+	if profileDelCmd != nil {
+		return profileDelCmd
+	}
+	profileDelCmd = &cobra.Command{
+		Use:     "delete",
+		Aliases: []string{"del", "rm", "remove"},
+		Short:   "Deletes a profile",
+		Run: func(cmd *cobra.Command, args []string) {
+			name, _ := cmd.Flags().GetString(profileNameFlag.name)
+			if err := profiles.Delete(name); err != nil {
+				exitOnError(err)
+			} else {
+				fmt.Println("Deleted profile: ", color.GreenString(name))
+				safeExit()
+			}
+		},
+	}
+	profileDelCmd.Flags().StringP(profileNameFlag.name, profileNameFlag.shorthand, "", profileNameFlag.usage)
+	profileDelCmd.MarkFlagRequired(profileNameFlag.name)
+	return profileDelCmd
+}
+
+func profileSyncCommand() *cobra.Command {
+	if profileSyncCmd != nil {
+		return profileSyncCmd
+	}
+	profileSyncCmd = &cobra.Command{
+		Use:     "sync",
+		Aliases: []string{"pull"},
+		Short:   "Sync current profile from remote repository",
+		Run: func(cmd *cobra.Command, args []string) {
+			profile, err := profiles.GetDefaultProfile()
+			if err != nil {
+				exitOnError(err)
+			}
+			if err = profile.Sync(); err != nil {
+				exitOnError(err)
+			}
+			fmt.Printf("Successfully synced profile: %s\n", color.GreenString(profile.Name()))
+		},
+	}
+	return profileSyncCmd
+}