-
Notifications
You must be signed in to change notification settings - Fork 17
/
bootstrap.go
81 lines (71 loc) · 2.29 KB
/
bootstrap.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
package cmd
import (
"context"
"github.com/knadh/koanf"
"github.com/knadh/koanf/parsers/yaml"
"github.com/knadh/koanf/providers/file"
"github.com/spf13/cobra"
"github.com/caraml-dev/mlp/api/log"
"github.com/caraml-dev/mlp/api/pkg/authz/enforcer"
)
type BootstrapConfig struct {
KetoRemoteRead string
KetoRemoteWrite string
ProjectReaders []string
MLPAdmins []string
}
var (
bootstrapConfigFile string
bootstrapCmd = &cobra.Command{
Use: "bootstrap",
Short: "Start bootstrap job to populate Keto",
Run: func(cmd *cobra.Command, args []string) {
bootstrapConfig, err := loadBootstrapConfig(bootstrapConfigFile)
if err != nil {
log.Panicf("unable to load role members from input file: %v", err)
}
authEnforcer, err := enforcer.NewEnforcerBuilder().
KetoEndpoints(bootstrapConfig.KetoRemoteRead, bootstrapConfig.KetoRemoteWrite).
Build()
if err != nil {
log.Panicf("unable to create keto enforcer: %v", err)
}
err = startKetoBootstrap(authEnforcer, bootstrapConfig.ProjectReaders, bootstrapConfig.MLPAdmins)
if err != nil {
log.Panicf("unable to bootstrap keto: %v", err)
}
},
}
)
func init() {
bootstrapCmd.Flags().StringVarP(&bootstrapConfigFile, "config", "c", "",
"Path to keto bootstrap configuration")
err := bootstrapCmd.MarkFlagRequired("config")
if err != nil {
log.Panicf("unable to mark flag as required: %v", err)
}
}
func loadBootstrapConfig(path string) (*BootstrapConfig, error) {
bootstrapCfg := &BootstrapConfig{
ProjectReaders: []string{},
MLPAdmins: []string{},
}
k := koanf.New(".")
err := k.Load(file.Provider(path), yaml.Parser())
if err != nil {
return nil, err
}
err = k.Unmarshal("", bootstrapCfg)
if err != nil {
return nil, err
}
return bootstrapCfg, nil
}
func startKetoBootstrap(authEnforcer enforcer.Enforcer, projectReaders []string, mlpAdmins []string) error {
defaultMLPAdminPermissions := []string{"mlp.projects.post"}
updateRequest := enforcer.NewAuthorizationUpdateRequest()
updateRequest.SetRoleMembers(enforcer.MLPProjectsReaderRole, projectReaders)
updateRequest.SetRoleMembers(enforcer.MLPAdminRole, mlpAdmins)
updateRequest.AddRolePermissions(enforcer.MLPAdminRole, defaultMLPAdminPermissions)
return authEnforcer.UpdateAuthorization(context.Background(), updateRequest)
}