2023-04-10 15:36:59 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2022-11-28 09:51:45 +00:00
|
|
|
package command
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
"github.com/hashicorp/nomad/api"
|
|
|
|
"github.com/mitchellh/cli"
|
|
|
|
)
|
|
|
|
|
|
|
|
// Ensure ACLAuthMethodCommand satisfies the cli.Command interface.
|
|
|
|
var _ cli.Command = &ACLAuthMethodCommand{}
|
|
|
|
|
|
|
|
// ACLAuthMethodCommand implements cli.Command.
|
|
|
|
type ACLAuthMethodCommand struct {
|
|
|
|
Meta
|
|
|
|
}
|
|
|
|
|
|
|
|
// Help satisfies the cli.Command Help function.
|
|
|
|
func (a *ACLAuthMethodCommand) Help() string {
|
|
|
|
helpText := `
|
|
|
|
Usage: nomad acl auth-method <subcommand> [options] [args]
|
|
|
|
|
|
|
|
This command groups subcommands for interacting with ACL auth methods.
|
|
|
|
|
|
|
|
Create an ACL auth method:
|
|
|
|
|
|
|
|
$ nomad acl auth-method create -name="name" -type="OIDC" -max-token-ttl="3600s"
|
|
|
|
|
|
|
|
List all ACL auth methods:
|
|
|
|
|
|
|
|
$ nomad acl auth-method list
|
|
|
|
|
|
|
|
Lookup a specific ACL auth method:
|
|
|
|
|
|
|
|
$ nomad acl auth-method info <acl_auth_method_name>
|
|
|
|
|
|
|
|
Update an ACL auth method:
|
|
|
|
|
|
|
|
$ nomad acl auth-method update -type="updated-type" <acl_auth_method_name>
|
|
|
|
|
|
|
|
Delete an ACL auth method:
|
|
|
|
|
|
|
|
$ nomad acl auth-method delete <acl_auth_method_name>
|
|
|
|
|
|
|
|
Please see the individual subcommand help for detailed usage information.
|
|
|
|
`
|
|
|
|
return strings.TrimSpace(helpText)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Synopsis satisfies the cli.Command Synopsis function.
|
|
|
|
func (a *ACLAuthMethodCommand) Synopsis() string { return "Interact with ACL auth methods" }
|
|
|
|
|
|
|
|
// Name returns the name of this command.
|
|
|
|
func (a *ACLAuthMethodCommand) Name() string { return "acl auth-method" }
|
|
|
|
|
|
|
|
// Run satisfies the cli.Command Run function.
|
|
|
|
func (a *ACLAuthMethodCommand) Run(_ []string) int { return cli.RunResultHelp }
|
|
|
|
|
2023-01-30 10:44:26 +00:00
|
|
|
// outputAuthMethod can be used to output the auth method to the UI within the
|
|
|
|
// passed meta object.
|
|
|
|
func outputAuthMethod(meta Meta, authMethod *api.ACLAuthMethod) {
|
|
|
|
meta.Ui.Output(formatAuthMethod(authMethod))
|
|
|
|
if authMethod.Config != nil {
|
|
|
|
meta.Ui.Output(meta.Colorize().Color("\n[bold]Auth Method Config[reset]\n"))
|
|
|
|
meta.Ui.Output(formatAuthMethodConfig(authMethod.Config))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-11-28 09:51:45 +00:00
|
|
|
// formatAuthMethod formats and converts the ACL auth method API object into a
|
|
|
|
// string KV representation suitable for console output.
|
|
|
|
func formatAuthMethod(authMethod *api.ACLAuthMethod) string {
|
|
|
|
out := []string{
|
|
|
|
fmt.Sprintf("Name|%s", authMethod.Name),
|
|
|
|
fmt.Sprintf("Type|%s", authMethod.Type),
|
|
|
|
fmt.Sprintf("Locality|%s", authMethod.TokenLocality),
|
|
|
|
fmt.Sprintf("MaxTokenTTL|%s", authMethod.MaxTokenTTL.String()),
|
|
|
|
fmt.Sprintf("Default|%t", authMethod.Default),
|
2023-01-30 10:44:26 +00:00
|
|
|
fmt.Sprintf("Create Index|%d", authMethod.CreateIndex),
|
|
|
|
fmt.Sprintf("Modify Index|%d", authMethod.ModifyIndex),
|
2022-11-28 09:51:45 +00:00
|
|
|
}
|
|
|
|
return formatKV(out)
|
|
|
|
}
|
|
|
|
|
2023-01-30 10:44:26 +00:00
|
|
|
func formatAuthMethodConfig(config *api.ACLAuthMethodConfig) string {
|
|
|
|
out := []string{
|
2023-03-20 09:33:46 +00:00
|
|
|
fmt.Sprintf("JWT Validation Public Keys|%s", strings.Join(config.JWTValidationPubKeys, ",")),
|
|
|
|
fmt.Sprintf("JWKS URL|%s", config.JWKSURL),
|
2022-11-28 09:51:45 +00:00
|
|
|
fmt.Sprintf("OIDC Discovery URL|%s", config.OIDCDiscoveryURL),
|
|
|
|
fmt.Sprintf("OIDC Client ID|%s", config.OIDCClientID),
|
|
|
|
fmt.Sprintf("OIDC Client Secret|%s", config.OIDCClientSecret),
|
2023-01-13 13:16:09 +00:00
|
|
|
fmt.Sprintf("OIDC Scopes|%s", strings.Join(config.OIDCScopes, ",")),
|
2022-11-28 09:51:45 +00:00
|
|
|
fmt.Sprintf("Bound audiences|%s", strings.Join(config.BoundAudiences, ",")),
|
2023-03-20 09:33:46 +00:00
|
|
|
fmt.Sprintf("Bound issuer|%s", strings.Join(config.BoundIssuer, ",")),
|
2022-11-28 09:51:45 +00:00
|
|
|
fmt.Sprintf("Allowed redirects URIs|%s", strings.Join(config.AllowedRedirectURIs, ",")),
|
|
|
|
fmt.Sprintf("Discovery CA pem|%s", strings.Join(config.DiscoveryCaPem, ",")),
|
2023-03-20 09:33:46 +00:00
|
|
|
fmt.Sprintf("JWKS CA cert|%s", config.JWKSCACert),
|
2022-11-28 09:51:45 +00:00
|
|
|
fmt.Sprintf("Signing algorithms|%s", strings.Join(config.SigningAlgs, ",")),
|
2023-03-20 09:33:46 +00:00
|
|
|
fmt.Sprintf("Expiration Leeway|%s", config.ExpirationLeeway.String()),
|
|
|
|
fmt.Sprintf("NotBefore Leeway|%s", config.NotBeforeLeeway.String()),
|
|
|
|
fmt.Sprintf("ClockSkew Leeway|%s", config.ClockSkewLeeway.String()),
|
2022-12-14 12:25:40 +00:00
|
|
|
fmt.Sprintf("Claim mappings|%s", strings.Join(formatMap(config.ClaimMappings), "; ")),
|
|
|
|
fmt.Sprintf("List claim mappings|%s", strings.Join(formatMap(config.ListClaimMappings), "; ")),
|
2022-11-28 09:51:45 +00:00
|
|
|
}
|
2023-01-30 10:44:26 +00:00
|
|
|
return formatKV(out)
|
2022-11-28 09:51:45 +00:00
|
|
|
}
|
|
|
|
|
2022-12-14 12:25:40 +00:00
|
|
|
func formatMap(m map[string]string) []string {
|
2022-11-28 09:51:45 +00:00
|
|
|
out := []string{}
|
|
|
|
for k, v := range m {
|
2022-12-14 12:25:40 +00:00
|
|
|
out = append(out, fmt.Sprintf("{%s: %s}", k, v))
|
2022-11-28 09:51:45 +00:00
|
|
|
}
|
2022-12-14 12:25:40 +00:00
|
|
|
return out
|
2022-11-28 09:51:45 +00:00
|
|
|
}
|