-
Notifications
You must be signed in to change notification settings - Fork 55
/
list.go
138 lines (111 loc) · 2.28 KB
/
list.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
package cmd
import (
"fmt"
"strings"
"github.com/infrahq/infra/internal/api"
)
func list() error {
client, err := defaultAPIClient()
if err != nil {
return err
}
config, err := currentHostConfig()
if err != nil {
return err
}
if config.ID == 0 {
return fmt.Errorf("no active identity")
}
destinations, err := client.ListDestinations(api.ListDestinationsRequest{})
if err != nil {
return err
}
var grants []api.Grant
if config.ProviderID != 0 {
grants, err = client.ListUserGrants(config.ID)
if err != nil {
return err
}
groups, err := client.ListUserGroups(config.ID)
if err != nil {
return err
}
for _, g := range groups {
groupGrants, err := client.ListGroupGrants(g.ID)
if err != nil {
return err
}
grants = append(grants, groupGrants...)
}
} else {
grants, err = client.ListMachineGrants(config.ID)
if err != nil {
return err
}
}
gs := make(map[string]string)
for _, g := range grants {
// aggregate privileges
gs[g.Resource] = gs[g.Resource] + g.Privilege + " "
}
type row struct {
Name string `header:"RESOURCE"`
Access string `header:"ACCESS"`
}
var rows []row
for k, v := range gs {
if strings.HasPrefix(k, "infra") {
continue
}
var exists bool
for _, d := range destinations {
if strings.HasPrefix(k, d.Name) {
exists = true
break
}
}
if !exists {
continue
}
rows = append(rows, row{
Name: k,
Access: v,
})
}
printTable(rows)
return writeKubeconfig(destinations, grants)
}
func info(client *api.Client, g api.Grant) (provider string, name string, err error) {
id, err := g.Identity.ID()
if err != nil {
return "", "", err
}
switch {
case g.Identity.IsUser():
user, err := client.GetUser(id)
if err != nil {
return "", "", err
}
provider, err := client.GetProvider(user.ProviderID)
if err != nil {
return "", "", err
}
return provider.Name, user.Email, nil
case g.Identity.IsMachine():
machine, err := client.GetMachine(id)
if err != nil {
return "", "", err
}
return "", machine.Name, nil
default:
group, err := client.GetGroup(id)
if err != nil {
return "", "", err
}
provider, err := client.GetProvider(group.ProviderID)
if err != nil {
return "", "", err
}
return provider.Name, group.Name, nil
}
}