-
Notifications
You must be signed in to change notification settings - Fork 282
/
token.go
177 lines (149 loc) · 4.99 KB
/
token.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
package config
import (
"github.com/hashicorp/boundary/api/authtokens"
"github.com/hashicorp/boundary/internal/cmd/base"
"github.com/mitchellh/cli"
"github.com/posener/complete"
)
var (
_ cli.Command = (*TokenCommand)(nil)
_ cli.CommandAutocomplete = (*TokenCommand)(nil)
)
type TokenCommand struct {
*base.Command
Func string
flagUserId bool
flagAccountId bool
flagAuthMethodId bool
}
func (c *TokenCommand) Synopsis() string {
return "Get the stored token, or its properties"
}
func (c *TokenCommand) Help() string {
var args []string
switch c.Func {
case "get-token":
args = append(args,
"Usage: boundary config get-token [options] [args]",
"",
" Fetch a token stored by the Boundary CLI. Example:",
"",
` $ boundary config get-token`,
"",
" This can be useful in various situations. For example, a line such as the following could be in a shell script shared by developers, such that each developer on their own machine executing the script ends up using their own Boundary token:",
"",
` $ curl -H "Authorization: Bearer $(boundary config get-token)" -H "Content-Type: application/json" http://127.0.0.1:9200/v1/roles/r_1234567890`,
"",
" Note that this command keeps parity with the behavior of other Boundary commands; if the BOUNDARY_TOKEN environment variable it set, it will override the value loaded from the system store. Not only does this keep parity, but it also allows examples such as the one above to work even if there is no stored token but if an environment variable is specified.",
"",
)
}
return base.WrapForHelpText(args) + c.Flags().Help()
}
func (c *TokenCommand) Flags() *base.FlagSets {
set := c.FlagSet(base.FlagSetNone)
f := set.NewFlagSet("Command Options")
f.StringVar(&base.StringVar{
Name: "token-name",
Target: &c.FlagTokenName,
EnvVar: base.EnvTokenName,
Usage: `If specified, the given value will be used as the name when loading the token from the system credential store. This must correspond to a name used when authenticating.`,
})
f.StringVar(&base.StringVar{
Name: "keyring-type",
Target: &c.FlagKeyringType,
Default: "auto",
EnvVar: base.EnvKeyringType,
Usage: `The type of keyring to use. Defaults to "auto" which will use the Windows credential manager, OSX keychain, or cross-platform password store depending on platform. Set to "none" to disable keyring functionality. Available types, depending on platform, are: "wincred", "keychain", "pass", and "secret-service".`,
})
f.BoolVar(&base.BoolVar{
Name: "user-id",
Target: &c.flagUserId,
Usage: `If specified, print out the user ID associated with the token instead of the token itself.`,
})
f.BoolVar(&base.BoolVar{
Name: "account-id",
Target: &c.flagAccountId,
Usage: `If specified, print out the account ID associated with the token instead of the token itself.`,
})
f.BoolVar(&base.BoolVar{
Name: "auth-method-id",
Target: &c.flagAuthMethodId,
Usage: `If specified, print out the auth method ID associated with the token instead of the token itself.`,
})
return set
}
func (c *TokenCommand) AutocompleteArgs() complete.Predictor {
return complete.PredictAnything
}
func (c *TokenCommand) AutocompleteFlags() complete.Flags {
return c.Flags().Completions()
}
func (c *TokenCommand) Run(args []string) (ret int) {
f := c.Flags()
if err := f.Parse(args); err != nil {
c.UI.Error(err.Error())
return base.CommandUserError
}
var optCount int
if c.flagUserId {
optCount++
}
if c.flagAccountId {
optCount++
}
if c.flagAuthMethodId {
optCount++
}
if optCount > 1 {
c.UI.Error("Only zero or one output option can be specified.")
return base.CommandUserError
}
// Read from client first as that will override keyring anyways
var authToken *authtokens.AuthToken
if optCount == 1 {
// In this case we need to read the full auth token stored, not just the
// actual token value for the client.
keyringType, tokenName, err := c.DiscoverKeyringTokenInfo()
if err != nil {
c.UI.Error(err.Error())
return base.CommandCliError
}
authToken = c.ReadTokenFromKeyring(keyringType, tokenName)
} else {
// Fallback to env/CLI but we can only get just the token value this way, at
// least for now
client, err := c.Client()
if err != nil {
c.UI.Error(err.Error())
return base.CommandCliError
}
if client.Token() != "" {
authToken = &authtokens.AuthToken{Token: client.Token()}
}
}
if authToken == nil || authToken.Token == "" {
c.UI.Error("No token could be discovered")
return base.CommandCliError
}
switch {
case c.flagUserId:
if authToken.UserId == "" {
return base.CommandUserError
}
c.UI.Output(authToken.UserId)
case c.flagAccountId:
if authToken.AccountId == "" {
return base.CommandUserError
}
c.UI.Output(authToken.AccountId)
case c.flagAuthMethodId:
if authToken.AuthMethodId == "" {
return base.CommandUserError
}
c.UI.Output(authToken.AuthMethodId)
default:
c.UI.Output(authToken.Token)
}
return base.CommandSuccess
}