-
Notifications
You must be signed in to change notification settings - Fork 55
/
createaccesstoken.go
131 lines (111 loc) · 3.67 KB
/
createaccesstoken.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
package generic
import (
"encoding/json"
"strings"
rtUtils "github.com/jfrog/jfrog-cli-core/artifactory/utils"
"github.com/jfrog/jfrog-cli-core/utils/config"
"github.com/jfrog/jfrog-client-go/artifactory/services"
"github.com/jfrog/jfrog-client-go/utils/errorutils"
)
const (
GroupsPrefix = "member-of-groups:"
UserScopedNotation = "*"
AdminPrivilegesSuffix = ":admin"
)
type AccessTokenCreateCommand struct {
serverDetails *config.ServerDetails
refreshable bool
expiry int
userName string
audience string
groups string
grantAdmin bool
response *services.CreateTokenResponseData
}
func NewAccessTokenCreateCommand() *AccessTokenCreateCommand {
return &AccessTokenCreateCommand{response: new(services.CreateTokenResponseData)}
}
func (atcc *AccessTokenCreateCommand) SetServerDetails(serverDetails *config.ServerDetails) *AccessTokenCreateCommand {
atcc.serverDetails = serverDetails
return atcc
}
func (atcc *AccessTokenCreateCommand) SetRefreshable(refreshable bool) *AccessTokenCreateCommand {
atcc.refreshable = refreshable
return atcc
}
func (atcc *AccessTokenCreateCommand) SetExpiry(expiry int) *AccessTokenCreateCommand {
atcc.expiry = expiry
return atcc
}
func (atcc *AccessTokenCreateCommand) SetUserName(userName string) *AccessTokenCreateCommand {
atcc.userName = userName
return atcc
}
func (atcc *AccessTokenCreateCommand) SetAudience(audience string) *AccessTokenCreateCommand {
atcc.audience = audience
return atcc
}
func (atcc *AccessTokenCreateCommand) SetGrantAdmin(grantAdmin bool) *AccessTokenCreateCommand {
atcc.grantAdmin = grantAdmin
return atcc
}
func (atcc *AccessTokenCreateCommand) SetGroups(groups string) *AccessTokenCreateCommand {
atcc.groups = groups
return atcc
}
func (atcc *AccessTokenCreateCommand) Response() ([]byte, error) {
content, err := json.Marshal(*atcc.response)
return content, errorutils.CheckError(err)
}
func (atcc *AccessTokenCreateCommand) ServerDetails() (*config.ServerDetails, error) {
return atcc.serverDetails, nil
}
func (atcc *AccessTokenCreateCommand) CommandName() string {
return "rt_create_access_token"
}
func (atcc *AccessTokenCreateCommand) Run() error {
servicesManager, err := rtUtils.CreateServiceManager(atcc.serverDetails, false)
if err != nil {
return err
}
tokenParams, err := atcc.getTokenParams()
if err != nil {
return err
}
*atcc.response, err = servicesManager.CreateToken(tokenParams)
return err
}
func (atcc *AccessTokenCreateCommand) getTokenParams() (tokenParams services.CreateTokenParams, err error) {
tokenParams = services.NewCreateTokenParams()
tokenParams.ExpiresIn = atcc.expiry
tokenParams.Refreshable = atcc.refreshable
tokenParams.Audience = atcc.audience
// Artifactory expects the username to be lower-cased. In case it is not,
// Artifactory will still accept a non lower-cased user, except for token related actions.
tokenParams.Username = strings.ToLower(atcc.userName)
// By default we will create "user-scoped token", unless specific groups or admin-privilege-instance were specified
if len(atcc.groups) == 0 && !atcc.grantAdmin {
atcc.groups = UserScopedNotation
}
if len(atcc.groups) > 0 {
tokenParams.Scope = GroupsPrefix + atcc.groups
}
if atcc.grantAdmin {
instanceId, err := getInstanceId(atcc.serverDetails)
if err != nil {
return tokenParams, err
}
if len(tokenParams.Scope) > 0 {
tokenParams.Scope += " "
}
tokenParams.Scope += instanceId + AdminPrivilegesSuffix
}
return
}
func getInstanceId(serverDetails *config.ServerDetails) (string, error) {
servicesManager, err := rtUtils.CreateServiceManager(serverDetails, false)
if err != nil {
return "", err
}
return servicesManager.GetServiceId()
}