secrethub · SimonBarendse · Nov 27, 2019 · Oct 4, 2019 · Oct 7, 2019 · Oct 16, 2019
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -5,4 +5,12 @@ jobs:
       - image: circleci/golang:1.12
     steps:
       - checkout
+      - restore_cache:
+          keys:
+            - go-modules-{{ checksum "go.mod" }}
+      - run: go mod download
+      - save_cache:
+          key: go-modules-{{ checksum "go.mod" }}
+          paths:
+            - /go/pkg/mod
       - run: make test
diff --git a/README.md b/README.md
@@ -16,24 +16,22 @@
 
 `secrethub-go` provides a client for various SecretHub APIs.
 
-> [SecretHub][secrethub] is a developer tool to help you keep database passwords, API tokens, and other secrets out of IT automation scripts.
+> [SecretHub][secrethub] is an end-to-end encrypted secret management service that helps developers keep database passwords, API keys, and other secrets out of source code.
 
 <img src="https://secrethub.io/img/secrethub-gopher.png" alt="Gopher" width="160px"/>
 
-## Getting started
+## Usage
 
-### Installation
-
-Install secrethub-go with:
+You can install secrethub-go with:
 
 ```sh
-go get -u github.com/secrethub/secrethub-go
+go get github.com/secrethub/secrethub-go
 ```
 
 Or install a specific version with:
 
 ```sh
-go get -u github.com/secrethub/secrethub-go@vX.Y.Z
+go get github.com/secrethub/secrethub-go@vX.Y.Z
 ```
 
 Then, import it using:
@@ -47,13 +45,13 @@ import (
 > **Note:** only packages inside the `/pkg` directory should be considered library code that you can use in your projects. 
 > All other code is not guaranteed to be backwards compatible and may change in the future.
 
-## Examples
+### Examples
 
 For details on all functionality of this library, see the [GoDoc][godoc] documentation.
 
 Below are a few simple examples:
 
-### Read Secrets
+#### Read Secrets
 ```go
 package main
 
@@ -71,7 +69,7 @@ func main() {
 }
 ```
 
-### Write Secrets
+#### Write Secrets
 ```go
 package main
 
@@ -87,7 +85,7 @@ func main() {
 }
 ```
 
-### Generate Secrets
+#### Generate Secrets
 ```go
 package main
 
@@ -100,16 +98,18 @@ import (
 
 func main() {
     client, _ := secrethub.NewClient()
-    rand, _ := randchar.NewRand(randchar.Alphanumeric)
-    data, _ := rand.Generate(30)
+    data, _ := randchar.Generate(30)
     _, _ = client.Secrets().Write("path/to/secret", data)
 }
 ```
 
-> **Note:** to use the SecretHub Go client, you need to provide a credential for your __SecretHub__ account. 
-> You can create a free developer account by [signing up through the CLI](https://secrethub.io/docs/getting-started/). 
-> 
-> After signup, the credential is located at `$HOME/.secrethub/credential` by default.
+### Credential
+
+To use the SecretHub Go client, you need to provide a credential for your __SecretHub__ account.
+You can create a free developer account by [signing up through the CLI](https://secrethub.io/docs/getting-started/).
+
+After signup, the credential is located at `$HOME/.secrethub/credential` by default.
+`secrethub.NewClient()` automatically uses this credential.
 
 ## Development
 
@@ -135,7 +135,7 @@ pull request][pulls].
 
 ## Getting help
 
-Come chat with us on [Discord][discord] or email us at [support@secrethub.io](mailto:support@secrethub.io)
+If you get stuck or just want advice, come chat with the engineers on [Discord][discord] or send an email to [support@secrethub.io](mailto:support@secrethub.io)
 
 ## Attributions
 

diff --git a/internals/api/account_key.go b/internals/api/account_key.go
@@ -30,6 +30,9 @@ func (req CreateAccountKeyRequest) Validate() error {
 	if len(req.PublicKey) == 0 {
 		return ErrInvalidPublicKey
 	}
+	if req.EncryptedPrivateKey == nil {
+		return ErrMissingField("encrypted_private_key")
+	}
 	if err := req.EncryptedPrivateKey.Validate(); err != nil {
 		return err
 	}

diff --git a/internals/assert/asserts.go b/internals/assert/asserts.go
@@ -2,8 +2,11 @@
 // assertions to help with writing tests.
 package assert
 
-import "testing"
-import "github.com/kylelemons/godebug/pretty"
+import (
+	"testing"
+
+	"github.com/kylelemons/godebug/pretty"
+)
 
 // Equal errors when actual and expected are not the same, printing out the diff.
 func Equal(tb testing.TB, actual, expected interface{}) {

diff --git a/pkg/randchar/generator.go b/pkg/randchar/generator.go
@@ -45,6 +45,11 @@ type Generator interface {
 	Generate(n int) ([]byte, error)
 }
 
+// Generate generates a random slice of alphanumeric characters.
+func Generate(n int) ([]byte, error) {
+	return DefaultRand.Generate(n)
+}
+
 // NewGenerator is a shorthand function to create a new random alphanumeric
 // generator, optionally configured to use symbols too. For more flexibility
 // to configure the random generator, use NewRand instead.

diff --git a/pkg/secrethub/audit.go b/pkg/secrethub/audit.go
@@ -3,6 +3,8 @@ package secrethub
 import (
 	"github.com/secrethub/secrethub-go/internals/api"
 	"github.com/secrethub/secrethub-go/internals/errio"
+	"github.com/secrethub/secrethub-go/pkg/secrethub/internals/http"
+	"github.com/secrethub/secrethub-go/pkg/secrethub/iterator"
 )
 
 func (c *Client) decryptAuditEvents(events ...*api.Audit) error {
@@ -32,3 +34,40 @@ func (c *Client) decryptAuditEvents(events ...*api.Audit) error {
 
 	return nil
 }
+
+func newAuditEventIterator(newPaginator func() (*http.AuditPaginator, error), client *Client) *auditEventIterator {
+	return &auditEventIterator{
+		iterator: iterator.New(func() (iterator.Paginator, error) {
+			return newPaginator()
+		}),
+		decryptAuditEvents: client.decryptAuditEvents,
+	}
+}
+
+type AuditEventIterator interface {
+	Next() (api.Audit, error)
+}
+
+type auditEventIterator struct {
+	iterator           iterator.Iterator
+	decryptAuditEvents func(...*api.Audit) error
+}
+
+func (it *auditEventIterator) Next() (api.Audit, error) {
+	item, err := it.iterator.Next()
+	if err != nil {
+		return api.Audit{}, err
+	}
+	audit := item.(api.Audit)
+	err = it.decryptAuditEvents(&audit)
+	if err != nil {
+		return api.Audit{}, err
+	}
+	return audit, nil
+}
+
+// AuditEventIteratorParams can be used to configure iteration of audit events.
+//
+// For now, there's nothing to configure. We'll add filter options soon.
+// The struct is already added, so that adding parameters is backwards compatible.
+type AuditEventIteratorParams struct{}
diff --git a/pkg/secrethub/audit_test.go b/pkg/secrethub/audit_test.go
@@ -0,0 +1,55 @@
+package secrethub
+
+import (
+	"testing"
+
+	"github.com/secrethub/secrethub-go/internals/api"
+	"github.com/secrethub/secrethub-go/internals/api/uuid"
+	"github.com/secrethub/secrethub-go/internals/assert"
+	"github.com/secrethub/secrethub-go/pkg/secrethub/iterator"
+)
+
+type fakeAuditPaginator struct {
+	events   []api.Audit
+	returned bool
+}
+
+func (pag *fakeAuditPaginator) Next() ([]interface{}, error) {
+	if pag.returned {
+		return []interface{}{}, nil
+	}
+
+	res := make([]interface{}, len(pag.events))
+	for i, event := range pag.events {
+		res[i] = event
+	}
+	pag.returned = true
+	return res, nil
+}
+
+func TestAuditEventIterator_Next(t *testing.T) {
+	events := []api.Audit{
+		{
+			EventID: uuid.New(),
+			Action:  api.AuditActionRead,
+		},
+	}
+
+	iter := auditEventIterator{
+		iterator: iterator.New(func() (iterator.Paginator, error) {
+			return &fakeAuditPaginator{events: events}, nil
+		}),
+		decryptAuditEvents: func(audit ...*api.Audit) error {
+			return nil
+		},
+	}
+
+	for _, event := range events {
+		actual, err := iter.Next()
+
+		assert.Equal(t, err, nil)
+		assert.Equal(t, actual, event)
+	}
+	_, err := iter.Next()
+	assert.Equal(t, err, iterator.Done)
+}
diff --git a/pkg/secrethub/client_options.go b/pkg/secrethub/client_options.go
@@ -3,13 +3,19 @@ package secrethub
 import (
 	"errors"
 	"net/http"
+	"net/url"
 	"time"
 
 	"github.com/secrethub/secrethub-go/pkg/secrethub/configdir"
 	"github.com/secrethub/secrethub-go/pkg/secrethub/credentials"
 	httpclient "github.com/secrethub/secrethub-go/pkg/secrethub/internals/http"
 )
 
+// Errors
+var (
+	ErrInvalidServerURL = errClient.Code("invalid_server_url").ErrorPref("%s")
+)
+
 // ClientOption is an option that can be set on a secrethub.Client.
 type ClientOption func(*Client) error
 
@@ -22,9 +28,14 @@ func WithTimeout(timeout time.Duration) ClientOption {
 }
 
 // WithServerURL overrides the default server endpoint URL used by the HTTP client.
-func WithServerURL(url string) ClientOption {
+func WithServerURL(serverURL string) ClientOption {
 	return func(c *Client) error {
-		c.httpClient.Options(httpclient.WithServerURL(url))
+		parsedURL, err := url.Parse(serverURL)
+		if err != nil {
+			return ErrInvalidServerURL(err)
+		}
+
+		c.httpClient.Options(httpclient.WithServerURL(*parsedURL))
 		return nil
 	}
 }

diff --git a/pkg/secrethub/dir.go b/pkg/secrethub/dir.go
@@ -1,15 +1,24 @@
 package secrethub
 
 import (
+	"strings"
+
 	"github.com/secrethub/secrethub-go/internals/api"
 	"github.com/secrethub/secrethub-go/internals/api/uuid"
 	"github.com/secrethub/secrethub-go/internals/errio"
+	"github.com/secrethub/secrethub-go/pkg/secretpath"
 )
 
 // DirService handles operations on directories from SecretHub.
 type DirService interface {
 	// Create a directory at a given path.
 	Create(path string) (*api.Dir, error)
+	// CreateAll creates all directories in the given path that do not exist yet.
+	//
+	// Contrary to Create, it doesn't return an error when the directories already exist.
+	CreateAll(path string) error
+	// Exists returns whether a directory where you have access to exists at a given path.
+	Exists(path string) (bool, error)
 	// Get returns the directory with the given ID.
 	GetByID(id uuid.UUID) (*api.Dir, error)
 	// Delete removes the directory at the given path.
@@ -149,6 +158,17 @@ func (s dirService) Create(path string) (*api.Dir, error) {
 	return dir, errio.Error(err)
 }
 
+// Exists returns whether a directory where you have access to exists at a given path.
+func (s dirService) Exists(path string) (bool, error) {
+	_, err := s.GetTree(path, 0, false)
+	if err == api.ErrDirNotFound || err == api.ErrRepoNotFound {
+		return false, nil
+	} else if err != nil {
+		return false, err
+	}
+	return true, nil
+}
+
 // Delete removes the directory at the given path.
 func (s dirService) Delete(path string) error {
 	p, err := api.NewDirPath(path)
@@ -169,6 +189,43 @@ func (s dirService) Delete(path string) error {
 	return nil
 }
 
+// CreateAll creates all directories in the given path that do not exist yet.
+//
+// Contrary to Create, it doesn't return an error when the directories already exist.
+func (s dirService) CreateAll(path string) error {
+	err := api.ValidateDirPath(path)
+	if err != nil {
+		return err
+	}
+	return s.createAll(path)
+}
+
+func (s dirService) createAll(path string) error {
+	if len(strings.Split(path, "/")) < 3 {
+		return nil
+	}
+
+	exists, err := s.Exists(path)
+	if err != nil {
+		return err
+	}
+	if exists {
+		return nil
+	}
+
+	err = s.createAll(secretpath.Parent(path))
+	if err != nil {
+		return err
+	}
+
+	_, err = s.Create(path)
+	if err == api.ErrDirAlreadyExists {
+		return nil
+	}
+	// err might be nil
+	return err
+}
+
 // listDirAccounts list the accounts with read permission.
 func (c *Client) listDirAccounts(path api.BlindNamePath) ([]*api.Account, error) {
 	blindName, err := c.convertPathToBlindName(path)