open-nomad/command/acl_bootstrap.go

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

222 lines
5.6 KiB
Go
Raw Normal View History

2017-09-11 17:46:17 +00:00
package command
import (
"fmt"
"io/ioutil"
"os"
2017-09-11 17:46:17 +00:00
"strings"
"time"
2017-09-11 17:46:17 +00:00
"github.com/hashicorp/nomad/api"
"github.com/mitchellh/cli"
2017-09-11 17:46:17 +00:00
"github.com/posener/complete"
)
type ACLBootstrapCommand struct {
Meta
}
func (c *ACLBootstrapCommand) Help() string {
helpText := `
Usage: nomad acl bootstrap [options]
2017-10-13 21:36:02 +00:00
Bootstrap is used to bootstrap the ACL system and get an initial token.
2017-09-11 17:46:17 +00:00
General Options:
` + generalOptionsUsage(usageOptsDefault|usageOptsNoNamespace) + `
2017-09-11 17:46:17 +00:00
Bootstrap Options:
-json
Output the bootstrap response in JSON format.
-t
Format and display the bootstrap response using a Go template.
2017-09-11 17:46:17 +00:00
`
return strings.TrimSpace(helpText)
}
func (c *ACLBootstrapCommand) AutocompleteFlags() complete.Flags {
return mergeAutocompleteFlags(c.Meta.AutocompleteFlags(FlagSetClient),
complete.Flags{
"-json": complete.PredictNothing,
"-t": complete.PredictAnything,
})
2017-09-11 17:46:17 +00:00
}
func (c *ACLBootstrapCommand) AutocompleteArgs() complete.Predictor {
return complete.PredictNothing
}
func (c *ACLBootstrapCommand) Synopsis() string {
return "Bootstrap the ACL system for initial token"
}
func (c *ACLBootstrapCommand) Name() string { return "acl bootstrap" }
2017-09-11 17:46:17 +00:00
func (c *ACLBootstrapCommand) Run(args []string) int {
var (
json bool
tmpl string
file string
)
flags := c.Meta.FlagSet(c.Name(), FlagSetClient)
2017-09-11 17:46:17 +00:00
flags.Usage = func() { c.Ui.Output(c.Help()) }
flags.BoolVar(&json, "json", false, "")
flags.StringVar(&tmpl, "t", "", "")
2017-09-11 17:46:17 +00:00
if err := flags.Parse(args); err != nil {
return 1
}
// Check that we got no arguments
args = flags.Args()
if l := len(args); l < 0 || l > 1 {
c.Ui.Error("This command takes up to one argument")
c.Ui.Error(commandErrorText(c))
2017-09-11 17:46:17 +00:00
return 1
}
var terminalToken []byte
var err error
if len(args) == 1 {
switch args[0] {
case "":
terminalToken = []byte{}
case "-":
terminalToken, err = ioutil.ReadAll(os.Stdin)
default:
file = args[0]
terminalToken, err = ioutil.ReadFile(file)
}
if err != nil {
c.Ui.Error(fmt.Sprintf("Error reading provided token: %v", err))
return 1
}
}
// Remove newline from the token if it was passed by stdin
boottoken := strings.TrimSuffix(string(terminalToken), "\n")
2017-09-11 17:46:17 +00:00
// Get the HTTP client
client, err := c.Meta.Client()
if err != nil {
c.Ui.Error(fmt.Sprintf("Error initializing client: %s", err))
return 1
}
// Get the bootstrap token
token, _, err := client.ACLTokens().BootstrapOpts(boottoken, nil)
2017-09-11 17:46:17 +00:00
if err != nil {
c.Ui.Error(fmt.Sprintf("Error bootstrapping: %s", err))
return 1
}
if json || len(tmpl) > 0 {
out, err := Format(json, tmpl, token)
if err != nil {
c.Ui.Error(err.Error())
return 1
}
c.Ui.Output(out)
return 0
}
2017-09-11 17:46:17 +00:00
// Format the output
outputACLToken(c.Ui, token)
2017-09-11 17:46:17 +00:00
return 0
}
// formatACLPolicy returns formatted policy
func formatACLPolicy(policy *api.ACLPolicy) string {
2017-09-17 05:11:32 +00:00
output := []string{
fmt.Sprintf("Name|%s", policy.Name),
fmt.Sprintf("Description|%s", policy.Description),
2017-09-17 13:47:18 +00:00
fmt.Sprintf("CreateIndex|%v", policy.CreateIndex),
fmt.Sprintf("ModifyIndex|%v", policy.ModifyIndex),
2017-09-17 05:11:32 +00:00
}
formattedOut := formatKV(output)
if policy.JobACL != nil {
output := []string{
fmt.Sprintf("Namespace|%v", policy.JobACL.Namespace),
fmt.Sprintf("JobID|%v", policy.JobACL.JobID),
fmt.Sprintf("Group|%v", policy.JobACL.Group),
fmt.Sprintf("Task|%v", policy.JobACL.Task),
}
formattedOut += "\n\n[bold]Associated Workload[reset]\n"
formattedOut += formatKV(output)
}
// these are potentially large blobs so leave till the end
formattedOut += "\n\n[bold]Rules[reset]\n\n"
formattedOut += policy.Rules
return formattedOut
2017-09-17 05:11:32 +00:00
}
// outputACLToken formats and outputs the ACL token via the UI in the correct
// format.
func outputACLToken(ui cli.Ui, token *api.ACLToken) {
// Build the initial KV output which is always the same not matter whether
// the token is a management or client type.
kvOutput := []string{
2017-09-11 17:46:17 +00:00
fmt.Sprintf("Accessor ID|%s", token.AccessorID),
fmt.Sprintf("Secret ID|%s", token.SecretID),
fmt.Sprintf("Name|%s", token.Name),
fmt.Sprintf("Type|%s", token.Type),
fmt.Sprintf("Global|%v", token.Global),
fmt.Sprintf("Create Time|%v", token.CreateTime),
fmt.Sprintf("Expiry Time |%s", expiryTimeString(token.ExpirationTime)),
fmt.Sprintf("Create Index|%d", token.CreateIndex),
fmt.Sprintf("Modify Index|%d", token.ModifyIndex),
2017-09-11 17:46:17 +00:00
}
// If the token is a management type, make it obvious that it is not
// possible to have policies or roles assigned to it and just output the
// KV data.
2017-09-11 17:46:17 +00:00
if token.Type == "management" {
kvOutput = append(kvOutput, "Policies|n/a", "Roles|n/a")
ui.Output(formatKV(kvOutput))
2017-09-11 17:46:17 +00:00
} else {
// Policies are only currently referenced by name, so keep the previous
// format. When/if policies gain an ID alongside name like roles, this
// output should follow that of the roles.
kvOutput = append(kvOutput, fmt.Sprintf("Policies|%v", token.Policies))
var roleOutput []string
// If we have linked roles, add the ID and name in a list format to the
// output. Otherwise, make it clear there are no linked roles.
if len(token.Roles) > 0 {
roleOutput = append(roleOutput, "ID|Name")
for _, roleLink := range token.Roles {
roleOutput = append(roleOutput, roleLink.ID+"|"+roleLink.Name)
}
} else {
roleOutput = append(roleOutput, "<none>")
}
// Output the mixed formats of data, ensuring there is a space between
// the KV and list data.
ui.Output(formatKV(kvOutput))
ui.Output("")
ui.Output(fmt.Sprintf("Roles\n%s", formatList(roleOutput)))
}
2017-09-11 17:46:17 +00:00
}
func expiryTimeString(t *time.Time) string {
if t == nil || t.IsZero() {
return "<none>"
}
return t.String()
}