forked from vanadium-archive/go.ref
/
main.go
145 lines (127 loc) · 4.21 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
// Copyright 2015 The Vanadium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// The following enables go generate to generate the doc.go file.
//go:generate go run $JIRI_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
package main
import (
"encoding/base64"
"fmt"
"v.io/v23/context"
"v.io/v23/rpc"
"v.io/v23/security"
"v.io/v23/vom"
"v.io/x/lib/cmdline"
"v.io/x/ref/lib/v23cmd"
_ "v.io/x/ref/runtime/factories/generic"
"v.io/x/ref/services/cluster"
)
var (
flagClusterAgentAddr string
flagBase64 bool
)
var cmdNewSecret = &cmdline.Command{
Runner: v23cmd.RunnerFunc(runNewSecret),
Name: "new",
Short: "Requests a new secret.",
Long: "Requests a new secret.",
ArgsName: "<extension>",
ArgsLong: `
<extension> is the blessing name extension to associate with the new secret.
`,
}
func runNewSecret(ctx *context.T, env *cmdline.Env, args []string) error {
if expected, got := 1, len(args); got != expected {
return env.UsageErrorf("new: incorrect number of arguments, got %d, expected %d", got, expected)
}
extension := args[0]
secret, err := cluster.ClusterAgentAdminClient(flagClusterAgentAddr).NewSecret(ctx, &granter{extension: extension})
if err != nil {
return err
}
if flagBase64 {
// We use StdEncoding to be compatible with the kubernetes API.
fmt.Fprintln(env.Stdout, base64.StdEncoding.EncodeToString([]byte(secret)))
} else {
fmt.Fprintln(env.Stdout, secret)
}
return nil
}
type granter struct {
rpc.CallOpt
extension string
}
func (g *granter) Grant(ctx *context.T, call security.Call) (security.Blessings, error) {
p := call.LocalPrincipal()
def, _ := p.BlessingStore().Default()
return p.Bless(call.RemoteBlessings().PublicKey(), def, g.extension, security.UnconstrainedUse())
}
var cmdForgetSecret = &cmdline.Command{
Runner: v23cmd.RunnerFunc(runForgetSecret),
Name: "forget",
Short: "Forgets an existing secret and its associated blessings.",
Long: "Forgets an existing secret and its associated blessings.",
ArgsName: "<secret>",
ArgsLong: `
<secret> is the secret to forget.
`,
}
func runForgetSecret(ctx *context.T, env *cmdline.Env, args []string) error {
if expected, got := 1, len(args); got != expected {
return env.UsageErrorf("forget: incorrect number of arguments, got %d, expected %d", got, expected)
}
secret := args[0]
if err := cluster.ClusterAgentAdminClient(flagClusterAgentAddr).ForgetSecret(ctx, secret); err != nil {
return err
}
fmt.Fprintln(env.Stdout, "Done")
return nil
}
var cmdSeekBlessings = &cmdline.Command{
Runner: v23cmd.RunnerFunc(runSeekBlessings),
Name: "seekblessings",
Short: "Retrieves all the blessings associated with a particular secret.",
Long: `
Retrieves all the blessings associated with a particular secret.
The output is base64-encoded-vom-encoded blessings that are compatible with the
"principal set" command.
`,
ArgsName: "<secret>",
ArgsLong: `
<secret> is the secret to use.
`,
}
func runSeekBlessings(ctx *context.T, env *cmdline.Env, args []string) error {
if expected, got := 1, len(args); got != expected {
return env.UsageErrorf("seekblessings: incorrect number of arguments, got %d, expected %d", got, expected)
}
secret := args[0]
blessings, err := cluster.ClusterAgentAdminClient(flagClusterAgentAddr).SeekBlessings(ctx, secret)
if err != nil {
return err
}
data, err := vom.Encode(blessings)
if err != nil {
return err
}
// We use UrlEncoding to be compatible with the principal command.
str := base64.URLEncoding.EncodeToString(data)
fmt.Fprintln(env.Stdout, str)
return nil
}
func main() {
cmdline.HideGlobalFlagsExcept()
cmdClusterAgentClient := &cmdline.Command{
Name: "cluster_agent",
Short: "supports interactions with a cluster agent",
Long: "Command cluster_agent supports interactions with a cluster agent.",
Children: []*cmdline.Command{
cmdNewSecret,
cmdForgetSecret,
cmdSeekBlessings,
},
}
cmdClusterAgentClient.Flags.StringVar(&flagClusterAgentAddr, "agent", "", "The name or address of the cluster agent server.")
cmdNewSecret.Flags.BoolVar(&flagBase64, "base64", false, "If true, the secret is base64-encoded")
cmdline.Main(cmdClusterAgentClient)
}