Skip to content
Permalink
Browse files
changed open header params for authorization. Networks now manages cr…
…edentials instead of user:pass
  • Loading branch information
jcabrerizo committed May 27, 2019
1 parent 0d988d4 commit 628b9aedcdb8e0e96ac2e4e2e18405d0fb7dc3e3
Showing 5 changed files with 132 additions and 129 deletions.
@@ -32,16 +32,21 @@ import (

func main() {
config := io.GetConfig()
skipSslChecks := config.GetSkipSslChecks()
credentialsRequired := config.GetCredentialsRequired()
userHeaders := config.GetUserHeaders()
target, username, password, err := config.GetNetworkCredentials()
target, credentials, err := config.GetNetworkCredentials()
authType, err := config.GetAuthType(target)
if err != nil && requiresLogin(os.Args) {
error_handler.ErrorExit(err)
}


//target, username, password := "http://192.168.50.101:8081", "brooklyn", "Sns4Hh9j7l"
network := net.NewNetwork(target, username, password, skipSslChecks, verbosity(os.Args), credentialsRequired, userHeaders)
network := &net.Network{
BrooklynUrl: target,
Credentials: credentials,
SkipSslChecks: config.GetSkipSslChecks(),
AuthorizationType: authType,
Verbosity: verbosity(os.Args),
}
cmdFactory := command_factory.NewFactory(network, config)

args, scope := scope.ScopeArguments(os.Args)
@@ -19,6 +19,7 @@
package commands

import (
"encoding/base64"
"fmt"
"syscall"
"bufio"
@@ -37,9 +38,17 @@ import (
"golang.org/x/crypto/ssh/terminal"
)

const authorizationParam = "authorization"
const skipSslChecksParam = "skipSslChecks"

const BASIC_AUTH = "Basic"
const BEARER_AUTH = "Bearer"

type Login struct {
network *net.Network
config *io.Config
network *net.Network
config *io.Config
brooklynUser string
brooklynPass string
}

func NewLogin(network *net.Network, config *io.Config) (cmd *Login) {
@@ -55,9 +64,9 @@ func (cmd *Login) Metadata() command_metadata.CommandMetadata {
Description: "Login to brooklyn",
Usage: "BROOKLYN_NAME login URL [USER [PASSWORD]]",
Flags: []cli.Flag{
cli.BoolFlag{Name: "skipSslChecks", Usage: "Skip SSL Checks"},
cli.BoolFlag{Name: "noCredentials", Usage: "No user/password needed"},
cli.StringSliceFlag{Name: "header, H", Usage: "Optional headers. Format: 'hedaderName'='header value'"},
cli.BoolFlag{Name: skipSslChecksParam, Usage: "Skip SSL Checks"},
cli.StringFlag{Name: authorizationParam+", A", Usage: "Type of authentication header. Format: 'authorization=Basic'" +
" or 'authorization=Bearer:xxxxx.yyyyyy.zzzzz'"},
},
}
}
@@ -87,33 +96,55 @@ func (cmd *Login) promptAndReadPassword() (password string) {
}

func (cmd *Login) getCredentialsFromCommandLineIfNeeded() {
if !cmd.network.CredentialsRequired {
if !cmd.isBasicAuth() {
return
}
if cmd.network.Credentials != ""{
return
}

// Prompt for username if not supplied
if cmd.network.BrooklynUser == "" {
cmd.network.BrooklynUser = cmd.promptAndReadUsername()
if cmd.brooklynUser == "" {
cmd.brooklynUser = cmd.promptAndReadUsername()
}

// Prompt for password if not supplied (password is not echoed to screen
if cmd.network.BrooklynUser != "" && cmd.network.BrooklynPass == "" {
cmd.network.BrooklynPass = cmd.promptAndReadPassword()
if cmd.brooklynUser!= "" && cmd.brooklynPass == "" {
cmd.brooklynPass = cmd.promptAndReadPassword()
}

cmd.network.Credentials = base64.StdEncoding.EncodeToString([]byte(cmd.brooklynUser + ":" + cmd.brooklynPass))
}

func (cmd *Login) getCredentialsFromAuthParamIfNeeded(authParam string) {
if cmd.isBasicAuth() {
return
}
if cmd.network.Credentials=="" {
credentials := cmd.parseAuthorizationParam(authParam)
if len(credentials) != 2 {
error_handler.ErrorExit("Use authorization=type:value")
} else {
cmd.network.Credentials = credentials[1]
}
}
}

func parseHeaders(parsedHeaders []string) (headerMap map[string]interface{}) {
if len(parsedHeaders)>0{
headerMap = make(map[string]interface{})
for _, header:=range parsedHeaders {
if strings.Contains(header,"="){
keyValue := strings.SplitN(header,"=",2)
headerMap[keyValue[0]]=keyValue[1]
}else{
headerMap[header]=""
func (cmd *Login) getAuthorizationType(authorizationParamInput string) (authorizationType string) {
if authorizationParamInput !=""{
if strings.EqualFold(BASIC_AUTH,authorizationParamInput){
authorizationType = BASIC_AUTH
}else {
authorizationType = cmd.parseAuthorizationParam(authorizationParamInput)[0]
if strings.EqualFold(authorizationType,BEARER_AUTH) {
authorizationType=BEARER_AUTH
}
}
}else {
// default authentication
authorizationType = BASIC_AUTH
}
return
return authorizationType
}

func (cmd *Login) Run(scope scope.Scope, c *cli.Context) {
@@ -123,11 +154,13 @@ func (cmd *Login) Run(scope scope.Scope, c *cli.Context) {

// If an argument was not supplied, it is set to empty string
cmd.network.BrooklynUrl = c.Args().Get(0)
cmd.network.BrooklynUser = c.Args().Get(1)
cmd.network.BrooklynPass = c.Args().Get(2)
cmd.brooklynUser = c.Args().Get(1)
cmd.brooklynPass = c.Args().Get(2)
cmd.network.SkipSslChecks = c.Bool("skipSslChecks")
cmd.network.CredentialsRequired = !c.Bool("noCredentials")
cmd.network.UserHeaders = parseHeaders(c.StringSlice("header"))
cmd.network.AuthorizationType = cmd.getAuthorizationType(c.String(authorizationParam))

//clear Credentials credentials
cmd.network.Credentials=""

config := io.GetConfig()

@@ -143,20 +176,25 @@ func (cmd *Login) Run(scope scope.Scope, c *cli.Context) {
cmd.network.BrooklynUrl = cmd.network.BrooklynUrl[0 : len(cmd.network.BrooklynUrl)-1]
}

if cmd.network.BrooklynUrl != "" && cmd.network.BrooklynUser == "" && cmd.network.CredentialsRequired {
if cmd.network.BrooklynUrl != "" && cmd.brooklynUser == "" && c.String(authorizationParam)==""{
// if only target supplied at command line see if it already exists in the config file
if username, password, err := config.GetNetworkCredentialsForTarget(cmd.network.BrooklynUrl); err == nil {
cmd.network.BrooklynUser = username
cmd.network.BrooklynPass = password
if credentials, err := config.GetNetworkCredentialsForTarget(cmd.network.BrooklynUrl); err == nil {
cmd.network.Credentials = credentials
}
if authorizationType, err := config.GetAuthType(cmd.network.BrooklynUrl); err == nil{
// TODO remove
//fmt.Printf("authorizationType from file %s\n",authorizationType)
cmd.network.AuthorizationType = authorizationType
}
}

cmd.getCredentialsFromCommandLineIfNeeded()
cmd.getCredentialsFromAuthParamIfNeeded(c.String(authorizationParam))

// now persist these credentials to the yaml file
cmd.config.SetNetworkCredentials(cmd.network.BrooklynUrl, cmd.network.BrooklynUser, cmd.network.BrooklynPass)
cmd.config.SetNetworkCredentials(cmd.network.BrooklynUrl, cmd.network.Credentials)
cmd.config.SetAuthType(cmd.network.BrooklynUrl, cmd.network.AuthorizationType)
cmd.config.SetSkipSslChecks(cmd.network.SkipSslChecks)
cmd.config.SetCredentialsRequired(cmd.network.CredentialsRequired)
cmd.config.SetUserHeaders(cmd.network.UserHeaders)
cmd.config.Write()

loginVersion, code, err := version.Version(cmd.network)
@@ -168,3 +206,13 @@ func (cmd *Login) Run(scope scope.Scope, c *cli.Context) {
}
fmt.Printf("Connected to Brooklyn version %s at %s\n", loginVersion.Version, cmd.network.BrooklynUrl)
}

func (cmd *Login) isBasicAuth() bool {
return strings.EqualFold(cmd.network.AuthorizationType,BASIC_AUTH)
}

func (cmd *Login) parseAuthorizationParam(authParam string) []string {
return strings.SplitN(authParam, ":", 2)
}


@@ -23,24 +23,21 @@ import (
"os"
"path/filepath"

"github.com/apache/brooklyn-client/cli/error_handler"
"bytes"
"encoding/base64"
"errors"
"strings"
"bytes"
"github.com/apache/brooklyn-client/cli/error_handler"
)

// Deprecated: support old style of .brooklyn_cli format for version <= 0.11.0
const authKey = "auth"

const credentialsKey = "credentials"
const optionsKey = "options"
const usernameKey = "username"
const passwordKey = "password"
const targetKey = "target"
const skipSslChecksKey = "skipSslChecks"
const headersKey = "headers"
const credentialsRequiredKey = "credentialsRequired"
const authTypeKey = "authType"

type Config struct {
FilePath string
@@ -114,32 +111,20 @@ func (config *Config) read() {
// "target": "http://geoffs-macbook-pro.local:8081"
//}

func (config *Config) getCredentials(target string) (username string, password string, err error) {
credentials, found := config.Map[credentialsKey].(map[string]interface{})
func (config *Config) getCredentials(target string) (credentials string, err error) {
credentialsMap, found := config.Map[credentialsKey].(map[string]interface{})
if !found {
err = errors.New("No credentials found in configuration")
return
}

creds, found := credentials[target].(string)
credentials, found = credentialsMap[target].(string)
if !found {
err = errors.New("No credentials found in configuration for " + target)
return
}

if decoded, errd := base64.StdEncoding.DecodeString(creds); errd != nil {
err = errors.New("Could not decode credentials for " + target)
return
} else {
userAndPassword := strings.SplitN(string(decoded), ":", 2)
if len(userAndPassword) != 2 {
err = errors.New("Invalid credentials for " + target)
return
}
username = userAndPassword[0]
password = userAndPassword[1]
}
return username, password, err
return credentials, err
}

// Deprecated:
@@ -187,19 +172,20 @@ func (config *Config) initialize() {
if _, found := config.Map[credentialsKey]; !found {
config.Map[credentialsKey] = make(map[string]interface{})
}
if _, found := config.Map[authTypeKey]; !found {
config.Map[authTypeKey] = make(map[string]interface{})
}
}

func (config *Config) setCredential(target string, username string, password string) {
func (config *Config) setCredential(target string, credentials string) {
credentialsMap := config.Map[credentialsKey].(map[string]interface{})
userAndPassword := username + ":" + password
encodedCredentials := base64.StdEncoding.EncodeToString([]byte(userAndPassword))
credentialsMap[target] = encodedCredentials
credentialsMap[target] = credentials
}

func (config *Config) SetNetworkCredentials(target string, username string, password string) {
func (config *Config) SetNetworkCredentials(target string, credentials string) {
config.initialize()
config.adaptLegacyCredentialFormat()
config.setCredential(target, username, password)
config.setCredential(target, credentials)
config.Map[targetKey] = target

// Overwrite old style format from version <= 0.11.0
@@ -219,26 +205,31 @@ func (config *Config) adaptLegacyCredentialFormat() {
password, found = creds[passwordKey].(string)
}
if found {
config.setCredential(url, username, password)
credentials := base64.StdEncoding.EncodeToString([]byte(username + ":" + password))
config.setCredential(url, credentials)
}
}
}

func (config *Config) GetNetworkCredentialsForTarget(target string) (username string, password string, err error) {
if username, password, err = config.getCredentials(target); err != nil {
func (config *Config) GetNetworkCredentialsForTarget(target string) (credentials string, err error) {
if credentials, err = config.getCredentials(target); err != nil {
var username, password string
username, password, err = config.getCredentialsOldStyle(target)
if err == nil{
credentials = base64.StdEncoding.EncodeToString([]byte(username + ":" + password))
}
}
return
}

func (config *Config) GetNetworkCredentials() (target string, username string, password string, err error) {
func (config *Config) GetNetworkCredentials() (target string, credentials string, err error) {
target, found := config.Map[targetKey].(string)
if found {
username, password, err = config.GetNetworkCredentialsForTarget(target)
credentials, err = config.GetNetworkCredentialsForTarget(target)
} else {
err = errors.New("Not logged in")
}
return target, username, password, err
return target, credentials, err
}

func (config *Config) GetSkipSslChecks() bool {
@@ -253,24 +244,19 @@ func (config *Config) SetSkipSslChecks(skipSslChecks bool) {
config.Map[skipSslChecksKey] = skipSslChecks
}

func (config *Config) GetUserHeaders() (headerMap map[string]interface{}){
headerMap, _ = config.Map[headersKey].(map[string]interface{})
return
}
func (config *Config) SetUserHeaders(headerMap map[string]interface{}) {
config.Map[headersKey] = headerMap
}

func (config *Config) GetCredentialsRequired() bool {
if config.Map == nil {
config.Map = make(map[string]interface{})
func (config *Config) GetAuthType(target string) (authType string, err error){
authTypeMap, found := config.Map[authTypeKey].(map[string]interface{})
if found{
authType, found = authTypeMap[target].(string)
}
credentialsRequired, found := config.Map[credentialsRequiredKey].(bool)
if !found{
credentialsRequired=true
// default behaviour
if! found{
authType = "Basic"
}
return credentialsRequired
return authType, err
}
func (config *Config) SetCredentialsRequired(credentialsRequired bool) {
config.Map[credentialsRequiredKey] = credentialsRequired

func (config *Config) SetAuthType(target string, authType string) {
authTypeMap := config.Map[authTypeKey].(map[string]interface{})
authTypeMap[target] = authType
}

This file was deleted.

0 comments on commit 628b9ae

Please sign in to comment.