Merge 1.7.0 to main

CHANGELOG.md

@@ -1,3 +1,23 @@
+# v1.7.0
+
+## Features
+
+### CLI
+
+- `stores import csv`: supports interactive credential input, as well as input via flags and environmental
+  variables. [docs](docs/kfutil_stores_import_csv.md)
+
+## Fixes
+
+### CLI
+
+- `stores import csv`: providing a `Password(/StorePassword)` does not crash CLI.
+- `stores import csv`: results CSV retains input header ordering.
+- `stores import csv`: Handle `BOM` characters in an input CSV file.
+- `store-types create`: URL encode `-b` parameter when passed.
+- `store-types create`: Initialize logger before fetching store-type definitions.
+- `stores rot`: Re-enabled and improved logging.
+
 # v1.6.2
 
 ## Fixes

README.md

@@ -298,10 +298,10 @@ set of defined certificates are present in each store that meets a certain set o
 
 ```bash
 echo "Generating cert template file certs_template.csv"
-kfutil stores rot generate-template-rot --type certs
+kfutil stores rot generate-template --type certs
 # edit the certs_template.csv file
 echo "Generating stores template file stores_template.csv"
-kfutil stores rot generate-template-rot --type stores
+kfutil stores rot generate-template --type stores
 # edit the stores_template.csv file
 kfutil stores rot audit --add-certs certs_template.csv --stores stores_template.csv #This will audit the stores and generate a report file
 # review/edit the report file generated `rot_audit.csv`
@@ -317,7 +317,7 @@ For full documentation, see [stores rot generate template](docs/kfutil_stores_ro
 This will write the file `certs_template.csv` to the current directory.
 
 ```bash
-kfutil stores generate-template-rot --type certs
+kfutil stores rot generate-template --type certs
 ```
 
 #### Generate Certificate Store List Template
@@ -327,7 +327,7 @@ For full documentation, see [stores rot generate template](docs/kfutil_stores_ro
 This will write the file `stores_template.csv` to the current directory. For full documentation
 
 ```bash
-kfutil stores generate-template-rot --type stores
+kfutil stores rot generate-template --type stores
 ```
 
 #### Run Root of Trust Audit

cmd/constants.go

@@ -30,10 +30,14 @@ const (
 	FlagGitRef                = "git-ref"
 	FlagGitRepo               = "repo"
 	FlagFromFile              = "from-file"
-	DebugFuncEnter            = "entered: %s"
-	DebugFuncExit             = "exiting: %s"
-	DebugFuncCall             = "calling: %s"
+	DebugFuncEnter            = "entered:"
+	DebugFuncExit             = "exiting:"
+	DebugFuncCall             = "calling:"
 	MinHttpTimeout            = 3
+
+	EnvStoresImportCSVServerUsername = "KFUTIL_CSV_SERVER_USERNAME"
+	EnvStoresImportCSVServerPassword = "KFUTIL_CSV_SERVER_PASSWORD"
+	EnvStoresImportCSVStorePassword  = "KFUTIL_CSV_STORE_PASSWORD"
 )
 
 var ProviderTypeChoices = []string{

cmd/helpers.go

@@ -23,15 +23,15 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"slices"
 	"strconv"
 	"time"
 
 	"github.com/google/uuid"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
-
-	stdlog "log"
+	//stdlog "log"
 )
 
 func boolToPointer(b bool) *bool {
@@ -132,7 +132,7 @@ func csvToMap(filename string) ([]map[string]string, error) {
 
 			// Populate the map with data from the row
 			for i, column := range header {
-				rowMap[column] = row[i]
+				rowMap[column] = stripAllBOMs(row[i])
 			}
 
 			// Append the map to the data slice
@@ -190,12 +190,23 @@ func informDebug(debugFlag bool) {
 }
 
 func initLogger() {
-	stdlog.SetOutput(io.Discard)
-	zerolog.TimeFieldFormat = zerolog.TimeFormatUnix
-	zerolog.SetGlobalLevel(zerolog.Disabled) // default to disabled
-	log.Logger = log.With().Caller().Logger()
+	// Configure zerolog to include caller information
+	log.Logger = log.With().Caller().Logger().Output(
+		zerolog.ConsoleWriter{
+			Out:        os.Stdout,
+			TimeFormat: time.RFC3339,
+			FormatCaller: func(caller interface{}) string {
+				if c, ok := caller.(string); ok {
+					return c // This will include the full file path and line number
+				}
+				return ""
+			},
+		},
+	)
 	log.Logger = log.Output(zerolog.ConsoleWriter{Out: os.Stdout, TimeFormat: time.RFC3339})
 
+	initStdLogger()
+
 }
 
 func intToPointer(i int) *int {
@@ -282,27 +293,32 @@ func logGlobals() {
 
 }
 
-func mapToCSV(data []map[string]string, filename string) error {
-	file, err := os.Create(filename)
-	if err != nil {
-		return err
+func mapToCSV(data []map[string]string, filename string, inputHeader []string) error {
+	file, fErr := os.Create(filename)
+	if fErr != nil {
+		return fErr
 	}
 	defer file.Close()
 
 	writer := csv.NewWriter(file)
 	defer writer.Flush()
 
 	// Write the header using keys from the first map
-	var header []string
-	if len(data) > 0 {
+	var header = inputHeader
+	if len(header) <= 0 && len(data) > 0 {
 		for key := range data[0] {
-			header = append(header, key)
-		}
-		if err := writer.Write(header); err != nil {
-			return err
+			header = append(header, stripAllBOMs(key))
 		}
 	}
 
+	errorColFound := slices.Contains(header, "Errors")
+	if !errorColFound {
+		header = append(header, "Errors")
+	}
+	if hErr := writer.Write(header); hErr != nil {
+		return hErr
+	}
+
 	// Write map data to CSV
 	for _, row := range data {
 		var record []string

cmd/logging.go

@@ -0,0 +1,45 @@
+package cmd
+
+import (
+	"strings"
+
+	"github.com/rs/zerolog/log"
+)
+
+// zerologWriter implements io.Writer and forwards standard log output to zerolog
+type zerologWriter struct{}
+
+func (w zerologWriter) Write(p []byte) (n int, err error) {
+	// Clean up the log message (remove timestamp, etc.)
+	msg := string(p)
+	msg = strings.TrimSpace(msg)
+
+	// Check if it's a debug message
+	if strings.Contains(msg, "[DEBUG]") {
+		msg = strings.Replace(msg, "[DEBUG]", "", 1)
+		log.Debug().Msg(strings.TrimSpace(msg))
+	} else if strings.Contains(msg, "[ERROR]") {
+		msg = strings.Replace(msg, "[ERROR]", "", 1)
+		log.Error().Msg(strings.TrimSpace(msg))
+	} else if strings.Contains(msg, "[INFO]") {
+		msg = strings.Replace(msg, "[INFO]", "", 1)
+		log.Info().Msg(strings.TrimSpace(msg))
+
+	} else if strings.Contains(msg, "[WARN]") {
+		msg = strings.Replace(msg, "[WARN]", "", 1)
+		log.Warn().Msg(strings.TrimSpace(msg))
+
+	} else if strings.Contains(msg, "[FATAL]") {
+		msg = strings.Replace(msg, "[FATAL]", "", 1)
+		log.Fatal().Msg(strings.TrimSpace(msg))
+
+	} else if strings.Contains(msg, "[TRACE]") {
+		msg = strings.Replace(msg, "[TRACE]", "", 1)
+		log.Trace().Msg(strings.TrimSpace(msg))
+	} else {
+		// Default to info level
+		log.Info().Msg(msg)
+	}
+
+	return len(p), nil
+}

cmd/login.go

@@ -17,8 +17,6 @@ package cmd
 import (
 	"bufio"
 	"fmt"
-	"io"
-	stdlog "log"
 	"os"
 	"path"
 	"strings"
@@ -70,7 +68,7 @@ WARNING: This will write the environmental credentials to disk and will be store
 		if debugErr != nil {
 			return debugErr
 		}
-		stdlog.SetOutput(io.Discard)
+		//stdlog.SetOutput(io.Discard)
 		informDebug(debugFlag)
 		logGlobals()
 
@@ -237,14 +235,32 @@ WARNING: This will write the environmental credentials to disk and will be store
 		}
 
 		if authType == "oauth" {
-			log.Debug().Msg("attempting to authenticate via OAuth")
+			log.Debug().
+				Str("profile", profile).
+				Str("configFile", configFile).
+				Str("host", outputServer.Host).
+				Str("authType", authType).
+				Str("accessToken", hashSecretValue(kfcOAuth.AccessToken)).
+				Str("clientID", kfcOAuth.ClientID).
+				Str("clientSecret", hashSecretValue(kfcOAuth.ClientSecret)).
+				Str("apiPath", kfcOAuth.CommandAPIPath).
+				Msg("attempting to authenticate via OAuth")
 			aErr := kfcOAuth.Authenticate()
 			if aErr != nil {
 				log.Error().Err(aErr)
 				return aErr
 			}
 		} else if authType == "basic" {
-			log.Debug().Msg("attempting to authenticate via Basic Auth")
+			log.Debug().
+				Str("profile", profile).
+				Str("configFile", configFile).
+				Str("host", outputServer.Host).
+				Str("authType", authType).
+				Str("username", kfcBasicAuth.Username).
+				Str("domain", kfcBasicAuth.Domain).
+				Str("password", hashSecretValue(kfcBasicAuth.Password)).
+				Str("apiPath", kfcBasicAuth.CommandAPIPath).
+				Msg("attempting to authenticate via Basic Auth")
 			aErr := kfcBasicAuth.Authenticate()
 			if aErr != nil {
 				log.Error().Err(aErr)

cmd/logout.go

@@ -16,8 +16,6 @@ package cmd
 
 import (
 	"fmt"
-	"io"
-	stdlog "log"
 	"os"
 
 	"github.com/Keyfactor/keyfactor-auth-client-go/auth_providers"
@@ -39,7 +37,7 @@ var logoutCmd = &cobra.Command{
 		if debugErr != nil {
 			return debugErr
 		}
-		stdlog.SetOutput(io.Discard)
+		//stdlog.SetOutput(io.Discard)
 		informDebug(debugFlag)
 
 		logGlobals()