Use same input mechanism for authorizer and directory commands

aserto-dev · May 13, 2024 · f232e47 · f232e47
1 parent 7d497a1
commit f232e47
Show file tree

Hide file tree

Showing 12 changed files with 204 additions and 169 deletions.
diff --git a/pkg/cli/clients/clients.go b/pkg/cli/clients/clients.go
@@ -1,6 +1,44 @@
 package clients
 
+import (
+	"bufio"
+	"io"
+	"os"
+
+	"github.com/pkg/errors"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/proto"
+)
+
 const (
 	EnvTopazHeaderTenantID  string = "TOPAZ_HEADER_TENANT_ID"
 	EnvTopazHeaderSessionID string = "TOPAZ_HEADER_SESSION_ID"
 )
+
+type Message[T any] interface {
+	proto.Message
+	*T
+}
+
+func UnmarshalRequest[T any, M Message[T]](src string, msg M) error {
+	var bytes []byte
+
+	if src == "-" {
+		reader := bufio.NewReader(os.Stdin)
+		if b, err := io.ReadAll(reader); err == nil {
+			bytes = b
+		} else {
+			return errors.Wrap(err, "failed to read from stdin")
+		}
+	} else if _, err := os.Stat(src); errors.Is(err, os.ErrNotExist) {
+		bytes = []byte(src)
+	} else {
+		if b, err := os.ReadFile(src); err == nil {
+			bytes = b
+		} else {
+			return errors.Wrapf(err, "opening file [%s]", src)
+		}
+	}
+
+	return protojson.Unmarshal(bytes, msg)
+}
diff --git a/pkg/cli/cmd/authorizer/decisiontree.go b/pkg/cli/cmd/authorizer/decisiontree.go
@@ -1,47 +1,64 @@
 package authorizer
 
 import (
+	"github.com/aserto-dev/clui"
 	"github.com/aserto-dev/topaz/pkg/cli/cc"
 	"github.com/aserto-dev/topaz/pkg/cli/clients"
 	"github.com/aserto-dev/topaz/pkg/cli/jsonx"
 	"github.com/pkg/errors"
+	"google.golang.org/protobuf/types/known/structpb"
 
 	"github.com/aserto-dev/go-authorizer/aserto/authorizer/v2"
 	"github.com/aserto-dev/go-authorizer/aserto/authorizer/v2/api"
 )
 
 type DecisionTreeCmd struct {
-	AuthParams `embed:""`
-	Path       string   `name:"path" help:"policy package to evaluate"`
-	Decisions  []string `name:"decisions" default:"*" help:"policy decisions to return"`
+	Request  string `arg:""  type:"string" name:"request" optional:"" help:"json request or file path to decision tree request or '-' to read from stdin"`
+	Template bool   `name:"template" help:"prints a check permission request template on stdout"`
 	clients.AuthorizerConfig
 }
 
 func (cmd *DecisionTreeCmd) Run(c *cc.CommonCtx) error {
+	if cmd.Template {
+		return printDecisionTreeRequest(c.UI)
+	}
 	client, err := clients.NewAuthorizerClient(c, &cmd.AuthorizerConfig)
 	if err != nil {
 		return errors.Wrap(err, "failed to get authorizer client")
 	}
 
-	resource, err := cmd.ResourceContext()
+	var req authorizer.DecisionTreeRequest
+	err = clients.UnmarshalRequest(cmd.Request, &req)
 	if err != nil {
 		return err
 	}
 
-	resp, err := client.DecisionTree(c.Context, &authorizer.DecisionTreeRequest{
+	resp, err := client.DecisionTree(c.Context, &req)
+	if err != nil {
+		return err
+	}
+
+	return jsonx.OutputJSONPB(c.UI.Output(), resp)
+}
+
+func printDecisionTreeRequest(ui *clui.UI) error {
+	req := &authorizer.DecisionTreeRequest{
 		PolicyContext: &api.PolicyContext{
-			Path:      cmd.Path,
-			Decisions: cmd.Decisions,
+			Path:      "",
+			Decisions: []string{"allowed"},
+		},
+		IdentityContext: &api.IdentityContext{
+			Identity: "",
+			Type:     api.IdentityType_IDENTITY_TYPE_NONE,
 		},
-		IdentityContext: cmd.IdentityContext(),
-		ResourceContext: resource,
+		ResourceContext: &structpb.Struct{},
 		Options: &authorizer.DecisionTreeOptions{
 			PathSeparator: authorizer.PathSeparator_PATH_SEPARATOR_DOT,
 		},
-	})
-	if err != nil {
-		return err
+		PolicyInstance: &api.PolicyInstance{
+			Name:          "",
+			InstanceLabel: "",
+		},
 	}
-
-	return jsonx.OutputJSONPB(c.UI.Output(), resp)
+	return jsonx.OutputJSONPB(ui.Output(), req)
 }
diff --git a/pkg/cli/cmd/authorizer/eval.go b/pkg/cli/cmd/authorizer/eval.go
@@ -1,43 +1,60 @@
 package authorizer
 
 import (
+	"github.com/aserto-dev/clui"
 	"github.com/aserto-dev/go-authorizer/aserto/authorizer/v2"
 	"github.com/aserto-dev/go-authorizer/aserto/authorizer/v2/api"
 	"github.com/aserto-dev/topaz/pkg/cli/cc"
 	"github.com/aserto-dev/topaz/pkg/cli/clients"
 	"github.com/aserto-dev/topaz/pkg/cli/jsonx"
 	"github.com/pkg/errors"
+	"google.golang.org/protobuf/types/known/structpb"
 )
 
 type EvalCmd struct {
-	AuthParams `embed:""`
-	Path       string   `name:"path" required:"" help:"policy package to evaluate"`
-	Decisions  []string `name:"decisions" required:"" help:"policy decisions to return"`
+	Request  string `arg:""  type:"string" name:"request" optional:"" help:"json request or file path to eval policy request or '-' to read from stdin"`
+	Template bool   `name:"template" help:"prints a check permission request template on stdout"`
 	clients.AuthorizerConfig
 }
 
 func (cmd *EvalCmd) Run(c *cc.CommonCtx) error {
+	if cmd.Template {
+		return printIsRequest(c.UI)
+	}
 	client, err := clients.NewAuthorizerClient(c, &cmd.AuthorizerConfig)
 	if err != nil {
 		return errors.Wrap(err, "failed to get authorizer client")
 	}
 
-	resource, err := cmd.ResourceContext()
+	var req authorizer.IsRequest
+	err = clients.UnmarshalRequest(cmd.Request, &req)
 	if err != nil {
 		return err
 	}
 
-	resp, err := client.Is(c.Context, &authorizer.IsRequest{
-		PolicyContext: &api.PolicyContext{
-			Path:      cmd.Path,
-			Decisions: cmd.Decisions,
-		},
-		IdentityContext: cmd.IdentityContext(),
-		ResourceContext: resource,
-	})
+	resp, err := client.Is(c.Context, &req)
 	if err != nil {
 		return err
 	}
 
 	return jsonx.OutputJSONPB(c.UI.Output(), resp)
 }
+
+func printIsRequest(ui *clui.UI) error {
+	req := &authorizer.IsRequest{
+		PolicyContext: &api.PolicyContext{
+			Path:      "",
+			Decisions: []string{"allowed"},
+		},
+		IdentityContext: &api.IdentityContext{
+			Identity: "",
+			Type:     api.IdentityType_IDENTITY_TYPE_NONE,
+		},
+		PolicyInstance: &api.PolicyInstance{
+			Name:          "",
+			InstanceLabel: "",
+		},
+		ResourceContext: &structpb.Struct{},
+	}
+	return jsonx.OutputJSONPB(ui.Output(), req)
+}
diff --git a/pkg/cli/cmd/authorizer/get.go b/pkg/cli/cmd/authorizer/get.go
@@ -1,35 +1,54 @@
 package authorizer
 
 import (
+	"github.com/aserto-dev/clui"
 	"github.com/aserto-dev/go-authorizer/aserto/authorizer/v2"
 	"github.com/aserto-dev/go-authorizer/aserto/authorizer/v2/api"
 	"github.com/aserto-dev/topaz/pkg/cli/cc"
 	"github.com/aserto-dev/topaz/pkg/cli/clients"
 	"github.com/aserto-dev/topaz/pkg/cli/jsonx"
 	"github.com/pkg/errors"
+	"google.golang.org/protobuf/types/known/fieldmaskpb"
 )
 
 type GetPolicyCmd struct {
-	ID            string `name:"ID" default:"" required:"true" help:"ID of the policy module"`
-	PolicyName    string `name:"policy-name" default:"" required:"false" help:"policy name"`
-	InstanceLabel string `name:"instance-label" default:"" required:"false" help:"policy's instance label"`
+	Request  string `arg:""  type:"string" name:"request" optional:"" help:"json request or file path to get policy request or '-' to read from stdin"`
+	Template bool   `name:"template" help:"prints a check permission request template on stdout"`
 	clients.AuthorizerConfig
 }
 
 func (cmd *GetPolicyCmd) Run(c *cc.CommonCtx) error {
+	if cmd.Template {
+		return printGetPolicyRequest(c.UI)
+	}
+
 	client, err := clients.NewAuthorizerClient(c, &cmd.AuthorizerConfig)
 	if err != nil {
 		return errors.Wrap(err, "failed to get authorizer client")
 	}
+	var req authorizer.GetPolicyRequest
+	err = clients.UnmarshalRequest(cmd.Request, &req)
+	if err != nil {
+		return err
+	}
 
-	resp, err := client.GetPolicy(c.Context, &authorizer.GetPolicyRequest{
-		Id: cmd.ID,
-		PolicyInstance: &api.PolicyInstance{
-			Name:          cmd.PolicyName,
-			InstanceLabel: cmd.InstanceLabel},
-	})
+	resp, err := client.GetPolicy(c.Context, &req)
 	if err != nil {
 		return err
 	}
 	return jsonx.OutputJSONPB(c.UI.Output(), resp)
 }
+
+func printGetPolicyRequest(ui *clui.UI) error {
+	req := &authorizer.GetPolicyRequest{
+		Id: "",
+		FieldMask: &fieldmaskpb.FieldMask{
+			Paths: []string{},
+		},
+		PolicyInstance: &api.PolicyInstance{
+			Name:          "",
+			InstanceLabel: "",
+		},
+	}
+	return jsonx.OutputJSONPB(ui.Output(), req)
+}
diff --git a/pkg/cli/cmd/authorizer/list.go b/pkg/cli/cmd/authorizer/list.go
@@ -1,32 +1,54 @@
 package authorizer
 
 import (
+	"github.com/aserto-dev/clui"
 	"github.com/aserto-dev/go-authorizer/aserto/authorizer/v2"
 	"github.com/aserto-dev/go-authorizer/aserto/authorizer/v2/api"
 	"github.com/aserto-dev/topaz/pkg/cli/cc"
 	"github.com/aserto-dev/topaz/pkg/cli/clients"
 	"github.com/aserto-dev/topaz/pkg/cli/jsonx"
 	"github.com/pkg/errors"
+	"google.golang.org/protobuf/types/known/fieldmaskpb"
 )
 
 type ListPoliciesCmd struct {
-	PolicyName    string `name:"policy-name" default:"" required:"false" help:"policy name"`
-	InstanceLabel string `name:"instance-label" default:"" required:"false" help:"policy's instance label"`
+	Request  string `arg:""  type:"string" name:"request" optional:"" help:"json request or file path to list request or '-' to read from stdin"`
+	Template bool   `name:"template" help:"prints a check permission request template on stdout"`
 	clients.AuthorizerConfig
 }
 
 func (cmd *ListPoliciesCmd) Run(c *cc.CommonCtx) error {
+	if cmd.Template {
+		return printListRequest(c.UI)
+	}
+
 	client, err := clients.NewAuthorizerClient(c, &cmd.AuthorizerConfig)
 	if err != nil {
 		return errors.Wrap(err, "failed to get authorizer client")
 	}
+	var req authorizer.ListPoliciesRequest
+	err = clients.UnmarshalRequest(cmd.Request, &req)
+	if err != nil {
+		return err
+	}
 
-	resp, err := client.ListPolicies(c.Context, &authorizer.ListPoliciesRequest{
-		PolicyInstance: &api.PolicyInstance{Name: cmd.PolicyName, InstanceLabel: cmd.InstanceLabel},
-	})
+	resp, err := client.ListPolicies(c.Context, &req)
 	if err != nil {
 		return err
 	}
 
 	return jsonx.OutputJSONPB(c.UI.Output(), resp)
 }
+
+func printListRequest(ui *clui.UI) error {
+	req := &authorizer.ListPoliciesRequest{
+		FieldMask: &fieldmaskpb.FieldMask{
+			Paths: []string{},
+		},
+		PolicyInstance: &api.PolicyInstance{
+			Name:          "",
+			InstanceLabel: "",
+		},
+	}
+	return jsonx.OutputJSONPB(ui.Output(), req)
+}
diff --git a/pkg/cli/cmd/authorizer/params.go b/pkg/cli/cmd/authorizer/params.go