blob: 23c05d60b34c6c9948e781e91e6b76d9d714213d [file] [log] [blame]
// Copyright 2015 The Vanadium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// The following enables go generate to generate the doc.go file.
//go:generate go run $JIRI_ROOT/release/go/src/v.io/x/lib/cmdline/testdata/gendoc.go .
package main
import (
"encoding/base64"
"fmt"
"v.io/v23/context"
"v.io/v23/rpc"
"v.io/v23/security"
"v.io/v23/vom"
"v.io/x/lib/cmdline"
"v.io/x/ref/lib/v23cmd"
_ "v.io/x/ref/runtime/factories/generic"
"v.io/x/ref/services/cluster"
)
var (
flagClusterAgentAddr string
flagBase64 bool
)
var cmdNewSecret = &cmdline.Command{
Runner: v23cmd.RunnerFunc(runNewSecret),
Name: "new",
Short: "Requests a new secret.",
Long: "Requests a new secret.",
ArgsName: "<extension>",
ArgsLong: `
<extension> is the blessing name extension to associate with the new secret.
`,
}
func runNewSecret(ctx *context.T, env *cmdline.Env, args []string) error {
if expected, got := 1, len(args); got != expected {
return env.UsageErrorf("new: incorrect number of arguments, got %d, expected %d", got, expected)
}
extension := args[0]
secret, err := cluster.ClusterAgentAdminClient(flagClusterAgentAddr).NewSecret(ctx, &granter{extension: extension})
if err != nil {
return err
}
if flagBase64 {
// We use StdEncoding to be compatible with the kubernetes API.
fmt.Fprintln(env.Stdout, base64.StdEncoding.EncodeToString([]byte(secret)))
} else {
fmt.Fprintln(env.Stdout, secret)
}
return nil
}
type granter struct {
rpc.CallOpt
extension string
}
func (g *granter) Grant(ctx *context.T, call security.Call) (security.Blessings, error) {
p := call.LocalPrincipal()
def, _ := p.BlessingStore().Default()
return p.Bless(call.RemoteBlessings().PublicKey(), def, g.extension, security.UnconstrainedUse())
}
var cmdForgetSecret = &cmdline.Command{
Runner: v23cmd.RunnerFunc(runForgetSecret),
Name: "forget",
Short: "Forgets an existing secret and its associated blessings.",
Long: "Forgets an existing secret and its associated blessings.",
ArgsName: "<secret>",
ArgsLong: `
<secret> is the secret to forget.
`,
}
func runForgetSecret(ctx *context.T, env *cmdline.Env, args []string) error {
if expected, got := 1, len(args); got != expected {
return env.UsageErrorf("forget: incorrect number of arguments, got %d, expected %d", got, expected)
}
secret := args[0]
if err := cluster.ClusterAgentAdminClient(flagClusterAgentAddr).ForgetSecret(ctx, secret); err != nil {
return err
}
fmt.Fprintln(env.Stdout, "Done")
return nil
}
var cmdSeekBlessings = &cmdline.Command{
Runner: v23cmd.RunnerFunc(runSeekBlessings),
Name: "seekblessings",
Short: "Retrieves all the blessings associated with a particular secret.",
Long: `
Retrieves all the blessings associated with a particular secret.
The output is base64-encoded-vom-encoded blessings that are compatible with the
"principal set" command.
`,
ArgsName: "<secret>",
ArgsLong: `
<secret> is the secret to use.
`,
}
func runSeekBlessings(ctx *context.T, env *cmdline.Env, args []string) error {
if expected, got := 1, len(args); got != expected {
return env.UsageErrorf("seekblessings: incorrect number of arguments, got %d, expected %d", got, expected)
}
secret := args[0]
blessings, err := cluster.ClusterAgentAdminClient(flagClusterAgentAddr).SeekBlessings(ctx, secret)
if err != nil {
return err
}
data, err := vom.Encode(blessings)
if err != nil {
return err
}
// We use UrlEncoding to be compatible with the principal command.
str := base64.URLEncoding.EncodeToString(data)
fmt.Fprintln(env.Stdout, str)
return nil
}
func main() {
cmdline.HideGlobalFlagsExcept()
cmdClusterAgentClient := &cmdline.Command{
Name: "cluster_agent",
Short: "supports interactions with a cluster agent",
Long: "Command cluster_agent supports interactions with a cluster agent.",
Children: []*cmdline.Command{
cmdNewSecret,
cmdForgetSecret,
cmdSeekBlessings,
},
}
cmdClusterAgentClient.Flags.StringVar(&flagClusterAgentAddr, "agent", "", "The name or address of the cluster agent server.")
cmdNewSecret.Flags.BoolVar(&flagBase64, "base64", false, "If true, the secret is base64-encoded")
cmdline.Main(cmdClusterAgentClient)
}