-
Notifications
You must be signed in to change notification settings - Fork 25
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use same input mechanism for authorizer and directory commands
- Loading branch information
1 parent
7d497a1
commit f232e47
Showing
12 changed files
with
204 additions
and
169 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,44 @@ | ||
package clients | ||
|
||
import ( | ||
"bufio" | ||
"io" | ||
"os" | ||
|
||
"github.com/pkg/errors" | ||
"google.golang.org/protobuf/encoding/protojson" | ||
"google.golang.org/protobuf/proto" | ||
) | ||
|
||
const ( | ||
EnvTopazHeaderTenantID string = "TOPAZ_HEADER_TENANT_ID" | ||
EnvTopazHeaderSessionID string = "TOPAZ_HEADER_SESSION_ID" | ||
) | ||
|
||
type Message[T any] interface { | ||
proto.Message | ||
*T | ||
} | ||
|
||
func UnmarshalRequest[T any, M Message[T]](src string, msg M) error { | ||
var bytes []byte | ||
|
||
if src == "-" { | ||
reader := bufio.NewReader(os.Stdin) | ||
if b, err := io.ReadAll(reader); err == nil { | ||
bytes = b | ||
} else { | ||
return errors.Wrap(err, "failed to read from stdin") | ||
} | ||
} else if _, err := os.Stat(src); errors.Is(err, os.ErrNotExist) { | ||
bytes = []byte(src) | ||
} else { | ||
if b, err := os.ReadFile(src); err == nil { | ||
bytes = b | ||
} else { | ||
return errors.Wrapf(err, "opening file [%s]", src) | ||
} | ||
} | ||
|
||
return protojson.Unmarshal(bytes, msg) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,47 +1,64 @@ | ||
package authorizer | ||
|
||
import ( | ||
"github.com/aserto-dev/clui" | ||
"github.com/aserto-dev/topaz/pkg/cli/cc" | ||
"github.com/aserto-dev/topaz/pkg/cli/clients" | ||
"github.com/aserto-dev/topaz/pkg/cli/jsonx" | ||
"github.com/pkg/errors" | ||
"google.golang.org/protobuf/types/known/structpb" | ||
|
||
"github.com/aserto-dev/go-authorizer/aserto/authorizer/v2" | ||
"github.com/aserto-dev/go-authorizer/aserto/authorizer/v2/api" | ||
) | ||
|
||
type DecisionTreeCmd struct { | ||
AuthParams `embed:""` | ||
Path string `name:"path" help:"policy package to evaluate"` | ||
Decisions []string `name:"decisions" default:"*" help:"policy decisions to return"` | ||
Request string `arg:"" type:"string" name:"request" optional:"" help:"json request or file path to decision tree request or '-' to read from stdin"` | ||
Template bool `name:"template" help:"prints a check permission request template on stdout"` | ||
clients.AuthorizerConfig | ||
} | ||
|
||
func (cmd *DecisionTreeCmd) Run(c *cc.CommonCtx) error { | ||
if cmd.Template { | ||
return printDecisionTreeRequest(c.UI) | ||
} | ||
client, err := clients.NewAuthorizerClient(c, &cmd.AuthorizerConfig) | ||
if err != nil { | ||
return errors.Wrap(err, "failed to get authorizer client") | ||
} | ||
|
||
resource, err := cmd.ResourceContext() | ||
var req authorizer.DecisionTreeRequest | ||
err = clients.UnmarshalRequest(cmd.Request, &req) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
resp, err := client.DecisionTree(c.Context, &authorizer.DecisionTreeRequest{ | ||
resp, err := client.DecisionTree(c.Context, &req) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
return jsonx.OutputJSONPB(c.UI.Output(), resp) | ||
} | ||
|
||
func printDecisionTreeRequest(ui *clui.UI) error { | ||
req := &authorizer.DecisionTreeRequest{ | ||
PolicyContext: &api.PolicyContext{ | ||
Path: cmd.Path, | ||
Decisions: cmd.Decisions, | ||
Path: "", | ||
Decisions: []string{"allowed"}, | ||
}, | ||
IdentityContext: &api.IdentityContext{ | ||
Identity: "", | ||
Type: api.IdentityType_IDENTITY_TYPE_NONE, | ||
}, | ||
IdentityContext: cmd.IdentityContext(), | ||
ResourceContext: resource, | ||
ResourceContext: &structpb.Struct{}, | ||
Options: &authorizer.DecisionTreeOptions{ | ||
PathSeparator: authorizer.PathSeparator_PATH_SEPARATOR_DOT, | ||
}, | ||
}) | ||
if err != nil { | ||
return err | ||
PolicyInstance: &api.PolicyInstance{ | ||
Name: "", | ||
InstanceLabel: "", | ||
}, | ||
} | ||
|
||
return jsonx.OutputJSONPB(c.UI.Output(), resp) | ||
return jsonx.OutputJSONPB(ui.Output(), req) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,43 +1,60 @@ | ||
package authorizer | ||
|
||
import ( | ||
"github.com/aserto-dev/clui" | ||
"github.com/aserto-dev/go-authorizer/aserto/authorizer/v2" | ||
"github.com/aserto-dev/go-authorizer/aserto/authorizer/v2/api" | ||
"github.com/aserto-dev/topaz/pkg/cli/cc" | ||
"github.com/aserto-dev/topaz/pkg/cli/clients" | ||
"github.com/aserto-dev/topaz/pkg/cli/jsonx" | ||
"github.com/pkg/errors" | ||
"google.golang.org/protobuf/types/known/structpb" | ||
) | ||
|
||
type EvalCmd struct { | ||
AuthParams `embed:""` | ||
Path string `name:"path" required:"" help:"policy package to evaluate"` | ||
Decisions []string `name:"decisions" required:"" help:"policy decisions to return"` | ||
Request string `arg:"" type:"string" name:"request" optional:"" help:"json request or file path to eval policy request or '-' to read from stdin"` | ||
Template bool `name:"template" help:"prints a check permission request template on stdout"` | ||
clients.AuthorizerConfig | ||
} | ||
|
||
func (cmd *EvalCmd) Run(c *cc.CommonCtx) error { | ||
if cmd.Template { | ||
return printIsRequest(c.UI) | ||
} | ||
client, err := clients.NewAuthorizerClient(c, &cmd.AuthorizerConfig) | ||
if err != nil { | ||
return errors.Wrap(err, "failed to get authorizer client") | ||
} | ||
|
||
resource, err := cmd.ResourceContext() | ||
var req authorizer.IsRequest | ||
err = clients.UnmarshalRequest(cmd.Request, &req) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
resp, err := client.Is(c.Context, &authorizer.IsRequest{ | ||
PolicyContext: &api.PolicyContext{ | ||
Path: cmd.Path, | ||
Decisions: cmd.Decisions, | ||
}, | ||
IdentityContext: cmd.IdentityContext(), | ||
ResourceContext: resource, | ||
}) | ||
resp, err := client.Is(c.Context, &req) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
return jsonx.OutputJSONPB(c.UI.Output(), resp) | ||
} | ||
|
||
func printIsRequest(ui *clui.UI) error { | ||
req := &authorizer.IsRequest{ | ||
PolicyContext: &api.PolicyContext{ | ||
Path: "", | ||
Decisions: []string{"allowed"}, | ||
}, | ||
IdentityContext: &api.IdentityContext{ | ||
Identity: "", | ||
Type: api.IdentityType_IDENTITY_TYPE_NONE, | ||
}, | ||
PolicyInstance: &api.PolicyInstance{ | ||
Name: "", | ||
InstanceLabel: "", | ||
}, | ||
ResourceContext: &structpb.Struct{}, | ||
} | ||
return jsonx.OutputJSONPB(ui.Output(), req) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,35 +1,54 @@ | ||
package authorizer | ||
|
||
import ( | ||
"github.com/aserto-dev/clui" | ||
"github.com/aserto-dev/go-authorizer/aserto/authorizer/v2" | ||
"github.com/aserto-dev/go-authorizer/aserto/authorizer/v2/api" | ||
"github.com/aserto-dev/topaz/pkg/cli/cc" | ||
"github.com/aserto-dev/topaz/pkg/cli/clients" | ||
"github.com/aserto-dev/topaz/pkg/cli/jsonx" | ||
"github.com/pkg/errors" | ||
"google.golang.org/protobuf/types/known/fieldmaskpb" | ||
) | ||
|
||
type GetPolicyCmd struct { | ||
ID string `name:"ID" default:"" required:"true" help:"ID of the policy module"` | ||
PolicyName string `name:"policy-name" default:"" required:"false" help:"policy name"` | ||
InstanceLabel string `name:"instance-label" default:"" required:"false" help:"policy's instance label"` | ||
Request string `arg:"" type:"string" name:"request" optional:"" help:"json request or file path to get policy request or '-' to read from stdin"` | ||
Template bool `name:"template" help:"prints a check permission request template on stdout"` | ||
clients.AuthorizerConfig | ||
} | ||
|
||
func (cmd *GetPolicyCmd) Run(c *cc.CommonCtx) error { | ||
if cmd.Template { | ||
return printGetPolicyRequest(c.UI) | ||
} | ||
|
||
client, err := clients.NewAuthorizerClient(c, &cmd.AuthorizerConfig) | ||
if err != nil { | ||
return errors.Wrap(err, "failed to get authorizer client") | ||
} | ||
var req authorizer.GetPolicyRequest | ||
err = clients.UnmarshalRequest(cmd.Request, &req) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
resp, err := client.GetPolicy(c.Context, &authorizer.GetPolicyRequest{ | ||
Id: cmd.ID, | ||
PolicyInstance: &api.PolicyInstance{ | ||
Name: cmd.PolicyName, | ||
InstanceLabel: cmd.InstanceLabel}, | ||
}) | ||
resp, err := client.GetPolicy(c.Context, &req) | ||
if err != nil { | ||
return err | ||
} | ||
return jsonx.OutputJSONPB(c.UI.Output(), resp) | ||
} | ||
|
||
func printGetPolicyRequest(ui *clui.UI) error { | ||
req := &authorizer.GetPolicyRequest{ | ||
Id: "", | ||
FieldMask: &fieldmaskpb.FieldMask{ | ||
Paths: []string{}, | ||
}, | ||
PolicyInstance: &api.PolicyInstance{ | ||
Name: "", | ||
InstanceLabel: "", | ||
}, | ||
} | ||
return jsonx.OutputJSONPB(ui.Output(), req) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,32 +1,54 @@ | ||
package authorizer | ||
|
||
import ( | ||
"github.com/aserto-dev/clui" | ||
"github.com/aserto-dev/go-authorizer/aserto/authorizer/v2" | ||
"github.com/aserto-dev/go-authorizer/aserto/authorizer/v2/api" | ||
"github.com/aserto-dev/topaz/pkg/cli/cc" | ||
"github.com/aserto-dev/topaz/pkg/cli/clients" | ||
"github.com/aserto-dev/topaz/pkg/cli/jsonx" | ||
"github.com/pkg/errors" | ||
"google.golang.org/protobuf/types/known/fieldmaskpb" | ||
) | ||
|
||
type ListPoliciesCmd struct { | ||
PolicyName string `name:"policy-name" default:"" required:"false" help:"policy name"` | ||
InstanceLabel string `name:"instance-label" default:"" required:"false" help:"policy's instance label"` | ||
Request string `arg:"" type:"string" name:"request" optional:"" help:"json request or file path to list request or '-' to read from stdin"` | ||
Template bool `name:"template" help:"prints a check permission request template on stdout"` | ||
clients.AuthorizerConfig | ||
} | ||
|
||
func (cmd *ListPoliciesCmd) Run(c *cc.CommonCtx) error { | ||
if cmd.Template { | ||
return printListRequest(c.UI) | ||
} | ||
|
||
client, err := clients.NewAuthorizerClient(c, &cmd.AuthorizerConfig) | ||
if err != nil { | ||
return errors.Wrap(err, "failed to get authorizer client") | ||
} | ||
var req authorizer.ListPoliciesRequest | ||
err = clients.UnmarshalRequest(cmd.Request, &req) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
resp, err := client.ListPolicies(c.Context, &authorizer.ListPoliciesRequest{ | ||
PolicyInstance: &api.PolicyInstance{Name: cmd.PolicyName, InstanceLabel: cmd.InstanceLabel}, | ||
}) | ||
resp, err := client.ListPolicies(c.Context, &req) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
return jsonx.OutputJSONPB(c.UI.Output(), resp) | ||
} | ||
|
||
func printListRequest(ui *clui.UI) error { | ||
req := &authorizer.ListPoliciesRequest{ | ||
FieldMask: &fieldmaskpb.FieldMask{ | ||
Paths: []string{}, | ||
}, | ||
PolicyInstance: &api.PolicyInstance{ | ||
Name: "", | ||
InstanceLabel: "", | ||
}, | ||
} | ||
return jsonx.OutputJSONPB(ui.Output(), req) | ||
} |
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.