1 package lease
2
3 import (
4 "context"
5 "fmt"
6 "time"
7
8 "edge-infra.dev/pkg/edge/api/graph/model"
9 "edge-infra.dev/pkg/edge/edgeadmin/registrar"
10 "edge-infra.dev/pkg/edge/edgecli"
11 "edge-infra.dev/pkg/edge/edgecli/constructors"
12 "edge-infra.dev/pkg/edge/edgecli/flagutil"
13 "edge-infra.dev/pkg/lib/cli/command"
14 "edge-infra.dev/pkg/lib/cli/rags"
15 )
16
17 func getFlags(cfg *edgecli.Config) []*rags.Rag {
18 flagsets := append(flagutil.GetCommonFlags(), flagutil.GetConnectionFlags(cfg)...)
19 return append(flagsets,
20 &rags.Rag{
21 Name: flagutil.StoreFlag,
22 Value: &rags.String{},
23 Usage: "Store name",
24 Required: true,
25 },
26 &rags.Rag{
27 Name: flagutil.BannerFlag,
28 Value: &rags.String{},
29 Usage: "Banner name",
30 Required: true,
31 },
32 &rags.Rag{
33 Name: flagutil.SecretTypeFlag,
34 Value: &rags.String{},
35 Usage: "Secret type",
36 Required: true,
37 },
38 )
39 }
40
41
42 func NewCmd(cfg *edgecli.Config) *command.Command {
43 return &command.Command{
44 ShortUsage: "edge clustersecret lease",
45 ShortHelp: "Commands to view/release/revoke cluster secrets",
46
47 Commands: []*command.Command{
48 View(cfg),
49 Release(cfg),
50 Revoke(cfg),
51 },
52 }
53 }
54
55 func View(cfg *edgecli.Config) *command.Command {
56 var cmd *command.Command
57
58 cmd = &command.Command{
59 ShortUsage: "edge clustersecret lease view",
60 ShortHelp: "View the cluster secret lease credentials",
61 Flags: getFlags(cfg),
62 Exec: func(_ context.Context, _ []string) error {
63 if err := flagutil.ValidateRequiredFlags(cmd.Rags); err != nil {
64 return err
65 }
66
67 registrar, err := constructors.BuildRegistrar(cmd.Rags)
68 if err != nil {
69 return err
70 }
71
72 cluster, err := getCluster(cmd, registrar)
73 if err != nil {
74 fmt.Println("an error occurred whilst getting the cluster")
75 return err
76 }
77 clusterSecretLease, err := getClusterSecretLease(cmd, registrar, cluster.ClusterEdgeID)
78 if err != nil {
79 fmt.Println("an error occurred whilst getting the cluster secret lease")
80 return err
81 }
82 fmt.Printf("Cluster Secret Lease \n Owner: %s \n Expiration Time: %s \n Secret Types: %s \n", clusterSecretLease.Owner, clusterSecretLease.ExpiresAt, clusterSecretLease.SecretTypes)
83 return nil
84 },
85 }
86 return cmd
87 }
88
89 func Release(cfg *edgecli.Config) *command.Command {
90 var cmd *command.Command
91
92 cmd = &command.Command{
93 ShortUsage: "edge clustersecret release",
94 ShortHelp: "Release the cluster secret lease",
95 Flags: getFlags(cfg),
96 Exec: func(_ context.Context, _ []string) error {
97 if err := flagutil.ValidateRequiredFlags(cmd.Rags); err != nil {
98 return err
99 }
100
101 registrar, err := constructors.BuildRegistrar(cmd.Rags)
102 if err != nil {
103 return err
104 }
105
106 cluster, err := getCluster(cmd, registrar)
107 if err != nil {
108 fmt.Println("an error occurred whilst getting the cluster")
109 return err
110 }
111
112 released, err := releaseClusterSecretLease(cmd, registrar, cluster.ClusterEdgeID)
113 if err != nil {
114 fmt.Println("an error occurred whilst releasing the cluster secret lease")
115 return err
116 }
117 fmt.Printf("Released access: %t \n", released)
118 return nil
119 },
120 }
121 return cmd
122 }
123
124 func Revoke(cfg *edgecli.Config) *command.Command {
125 var cmd *command.Command
126
127 cmd = &command.Command{
128 ShortUsage: "edge clustersecret revoke",
129 ShortHelp: "Revoke the cluster secret lease credentials for another user",
130 Flags: append(getFlags(cfg), &rags.Rag{
131 Name: flagutil.RevokeUsername,
132 Value: &rags.String{},
133 Usage: "Revoke user",
134 Required: true,
135 }),
136 Exec: func(_ context.Context, _ []string) error {
137 if err := flagutil.ValidateRequiredFlags(cmd.Rags); err != nil {
138 return err
139 }
140
141 registrar, err := constructors.BuildRegistrar(cmd.Rags)
142 if err != nil {
143 return err
144 }
145
146 cluster, err := getCluster(cmd, registrar)
147 if err != nil {
148 fmt.Println("an error occurred whilst getting the cluster")
149 return err
150 }
151 username := flagutil.GetStringFlag(cmd.Rags, flagutil.RevokeUsername)
152 if username == "" {
153 fmt.Println("must provide revoke-username flag")
154 return nil
155 }
156 revoked, err := revokeClusterSecretLease(cmd, registrar, cluster.ClusterEdgeID, username)
157 if err != nil {
158 fmt.Println("an error occurred whilst revoking the cluster secret lease")
159 return err
160 }
161 fmt.Printf("Revoked access: %t \n", revoked)
162 return nil
163 },
164 }
165 return cmd
166 }
167
168 func getCluster(cmd *command.Command, registrar *registrar.Registrar) (*registrar.Cluster, error) {
169 storeName := flagutil.GetStringFlag(cmd.Rags, flagutil.StoreFlag)
170 bannerName := flagutil.GetStringFlag(cmd.Rags, flagutil.BannerFlag)
171
172 reqCtx, cancelReq := context.WithTimeout(context.Background(), time.Duration(30)*time.Second)
173 defer cancelReq()
174
175 cluster, err := registrar.GetCluster(reqCtx, storeName, bannerName)
176 if err != nil {
177 return nil, err
178 }
179
180 return &cluster, nil
181 }
182
183 func getClusterSecretLease(cmd *command.Command, registrar *registrar.Registrar, clusterEdgeID string) (*model.ClusterSecretLease, error) {
184 secretType := flagutil.GetStringFlag(cmd.Rags, flagutil.SecretTypeFlag)
185 reqCtx, cancelReq := context.WithTimeout(context.Background(), time.Duration(30)*time.Second)
186 defer cancelReq()
187
188 return registrar.GetClusterSecretLease(reqCtx, clusterEdgeID, secretType)
189 }
190
191 func revokeClusterSecretLease(cmd *command.Command, registrar *registrar.Registrar, clusterEdgeID string, username string) (bool, error) {
192 secretType := flagutil.GetStringFlag(cmd.Rags, flagutil.SecretTypeFlag)
193
194 reqCtx, cancelReq := context.WithTimeout(context.Background(), time.Duration(30)*time.Second)
195 defer cancelReq()
196
197 return registrar.RevokeClusterSecretLease(reqCtx, clusterEdgeID, secretType, username)
198 }
199
200 func releaseClusterSecretLease(cmd *command.Command, registrar *registrar.Registrar, clusterEdgeID string) (bool, error) {
201 secretType := flagutil.GetStringFlag(cmd.Rags, flagutil.SecretTypeFlag)
202
203 reqCtx, cancelReq := context.WithTimeout(context.Background(), time.Duration(30)*time.Second)
204 defer cancelReq()
205
206 return registrar.ReleaseClusterSecretLease(reqCtx, clusterEdgeID, secretType)
207 }
208
View as plain text