-
Notifications
You must be signed in to change notification settings - Fork 331
/
superuser.go
105 lines (93 loc) · 3.43 KB
/
superuser.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
package cmd
import (
"context"
"fmt"
"os"
"time"
"github.com/spf13/cobra"
"github.com/treeverse/lakefs/pkg/auth"
"github.com/treeverse/lakefs/pkg/auth/crypt"
"github.com/treeverse/lakefs/pkg/auth/model"
authparams "github.com/treeverse/lakefs/pkg/auth/params"
"github.com/treeverse/lakefs/pkg/auth/setup"
"github.com/treeverse/lakefs/pkg/config"
"github.com/treeverse/lakefs/pkg/kv"
"github.com/treeverse/lakefs/pkg/kv/kvparams"
"github.com/treeverse/lakefs/pkg/logging"
"github.com/treeverse/lakefs/pkg/stats"
"github.com/treeverse/lakefs/pkg/version"
)
// superuserCmd represents the init command
var superuserCmd = &cobra.Command{
Use: "superuser",
Short: "Create additional user with admin credentials",
Run: func(cmd *cobra.Command, args []string) {
cfg := loadConfig()
if cfg.Auth.UIConfig.RBAC == config.AuthRBACExternal {
fmt.Printf("Can't create additional admin while using external auth API - auth.api.endpoint is configured.\n")
os.Exit(1)
}
userName, err := cmd.Flags().GetString("user-name")
if err != nil {
fmt.Printf("user-name: %s\n", err)
os.Exit(1)
}
accessKeyID, err := cmd.Flags().GetString("access-key-id")
if err != nil {
fmt.Printf("access-key-id: %s\n", err)
os.Exit(1)
}
secretAccessKey, err := cmd.Flags().GetString("secret-access-key")
if err != nil {
fmt.Printf("secret-access-key: %s\n", err)
os.Exit(1)
}
logger := logging.ContextUnavailable()
ctx := cmd.Context()
kvParams, err := kvparams.NewConfig(cfg)
if err != nil {
fmt.Printf("KV params: %s\n", err)
os.Exit(1)
}
kvStore, err := kv.Open(ctx, kvParams)
if err != nil {
fmt.Printf("Failed to open KV store: %s\n", err)
os.Exit(1)
}
authService := auth.NewAuthService(kvStore, crypt.NewSecretStore([]byte(cfg.Auth.Encrypt.SecretKey)), authparams.ServiceCache(cfg.Auth.Cache), logger.WithField("service", "auth_service"))
authMetadataManager := auth.NewKVMetadataManager(version.Version, cfg.Installation.FixedID, cfg.Database.Type, kvStore)
metadataProvider := stats.BuildMetadataProvider(logger, cfg)
metadata := stats.NewMetadata(ctx, logger, cfg.Blockstore.Type, authMetadataManager, metadataProvider)
credentials, err := setup.AddAdminUser(ctx, authService, &model.SuperuserConfiguration{
User: model.User{
CreatedAt: time.Now(),
Username: userName,
},
AccessKeyID: accessKeyID,
SecretAccessKey: secretAccessKey,
})
if err != nil {
fmt.Printf("Failed to setup admin user: %s\n", err)
os.Exit(1)
}
ctx, cancelFn := context.WithCancel(ctx)
collector := stats.NewBufferedCollector(metadata.InstallationID, stats.Config(cfg.Stats),
stats.WithLogger(logger.WithField("service", "stats_collector")))
collector.Start(ctx)
defer collector.Close()
collector.CollectMetadata(metadata)
collector.CollectEvent(stats.Event{Class: "global", Name: "superuser"})
fmt.Printf("credentials:\n access_key_id: %s\n secret_access_key: %s\n",
credentials.AccessKeyID, credentials.SecretAccessKey)
cancelFn()
},
}
//nolint:gochecknoinits
func init() {
rootCmd.AddCommand(superuserCmd)
f := superuserCmd.Flags()
f.String("user-name", "", "an identifier for the user (e.g. \"jane.doe\")")
f.String("access-key-id", "", "create this access key ID for the user (for ease of integration)")
f.String("secret-access-key", "", "use this access key secret (potentially insecure, use carefully for ease of integration)")
_ = superuserCmd.MarkFlagRequired("user-name")
}