cli: allow saving collector credential to file; update help text #617
Conversation
|
@jbr any thoughts on this PR? |
cli/src/collector_credentials.rs
Outdated
| // of the output settings of this CLI. The credential file should be treated as | ||
| // opaque, so we don't grant user control over its encoding. | ||
| if save { | ||
| let mut file = File::create(name + ".json")?; |
There was a problem hiding this comment.
This seems like an unconventional way to construct a path in rust (using +). I'm also slightly concerned that we haven't guarded against name including dangerous path characters like slashes, dots, and tildes. On one hand, people are unlikely to script this particular part of divviup-api with untrusted inputs. On the other, we probably should do something reasonable regardless of the --name.
| let mut file = File::create(name + ".json")?; | |
| let path = std::path::Path::new(name).with_extension("json"); | |
| let mut file = File::create(path)?; |
or maybe
| let mut file = File::create(name + ".json")?; | |
| let path = std::env::current_dir()?.with_file_name(name).with_extension("json"); | |
| let mut file = File::create(path)?; |
or with the same behavior but slightly more conventional appearance:
| let mut file = File::create(name + ".json")?; | |
| let mut file = File::create(format!("{name}.json"))?; |
There was a problem hiding this comment.
we may also want something like
println!("Saved collector credential to {path}. Keep this somewhere safe!");There was a problem hiding this comment.
I liked the current_dir()... approach, since that offloads all the platform-specific gotchas onto std.
Alternative approach to divviup/janus#2221, let the user provide
--saveto save the correctly encoded credentials to file, and make it more explicit as to what portions of the CLI output need to be saved.Also update the help text to use the
collector credentialnomenclature.