open-nomad/command/acl_role_create.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package command

import (
	"fmt"
	"strings"

	"github.com/hashicorp/nomad/api"
	"github.com/mitchellh/cli"
	"github.com/posener/complete"
)

// Ensure ACLRoleCreateCommand satisfies the cli.Command interface.
var _ cli.Command = &ACLRoleCreateCommand{}

// ACLRoleCreateCommand implements cli.Command.
type ACLRoleCreateCommand struct {
	Meta

	name        string
	description string
	policyNames []string
	json        bool
	tmpl        string
}

// Help satisfies the cli.Command Help function.
func (a *ACLRoleCreateCommand) Help() string {
	helpText := `
Usage: nomad acl role create [options]

  Create is used to create new ACL roles. Use requires a management token.

General Options:

  ` + generalOptionsUsage(usageOptsDefault|usageOptsNoNamespace) + `

ACL Create Options:

  -name
    Sets the human readable name for the ACL role. The name must be between
    1-128 characters and is a required parameter.

  -description
    A free form text description of the role that must not exceed 256
    characters.

  -policy
    Specifies a policy to associate with the role identified by their name. This
    flag can be specified multiple times and must be specified at least once.

  -json
    Output the ACL role in a JSON format.

  -t
    Format and display the ACL role using a Go template.
`
	return strings.TrimSpace(helpText)
}

func (a *ACLRoleCreateCommand) AutocompleteFlags() complete.Flags {
	return mergeAutocompleteFlags(a.Meta.AutocompleteFlags(FlagSetClient),
		complete.Flags{
			"-name":        complete.PredictAnything,
			"-description": complete.PredictAnything,
			"-policy":      complete.PredictAnything,
			"-json":        complete.PredictNothing,
			"-t":           complete.PredictAnything,
		})
}

func (a *ACLRoleCreateCommand) AutocompleteArgs() complete.Predictor { return complete.PredictNothing }

// Synopsis satisfies the cli.Command Synopsis function.
func (a *ACLRoleCreateCommand) Synopsis() string { return "Create a new ACL role" }

// Name returns the name of this command.
func (a *ACLRoleCreateCommand) Name() string { return "acl role create" }

// Run satisfies the cli.Command Run function.
func (a *ACLRoleCreateCommand) Run(args []string) int {

	flags := a.Meta.FlagSet(a.Name(), FlagSetClient)
	flags.Usage = func() { a.Ui.Output(a.Help()) }
	flags.StringVar(&a.name, "name", "", "")
	flags.StringVar(&a.description, "description", "", "")
	flags.Var((funcVar)(func(s string) error {
		a.policyNames = append(a.policyNames, s)
		return nil
	}), "policy", "")
	flags.BoolVar(&a.json, "json", false, "")
	flags.StringVar(&a.tmpl, "t", "", "")
	if err := flags.Parse(args); err != nil {
		return 1
	}

	// Check that we got no arguments.
	if len(flags.Args()) != 0 {
		a.Ui.Error("This command takes no arguments")
		a.Ui.Error(commandErrorText(a))
		return 1
	}

	// Perform some basic validation on the submitted role information to avoid
	// sending API and RPC requests which will fail basic validation.
	if a.name == "" {
		a.Ui.Error("ACL role name must be specified using the -name flag")
		return 1
	}
	if len(a.policyNames) < 1 {
		a.Ui.Error("At least one policy name must be specified using the -policy flag")
		return 1
	}

	// Set up the ACL with the passed parameters.
	aclRole := api.ACLRole{
		Name:        a.name,
		Description: a.description,
		Policies:    aclRolePolicyNamesToPolicyLinks(a.policyNames),
	}

	// Get the HTTP client.
	client, err := a.Meta.Client()
	if err != nil {
		a.Ui.Error(fmt.Sprintf("Error initializing client: %s", err))
		return 1
	}

	// Create the ACL role via the API.
	role, _, err := client.ACLRoles().Create(&aclRole, nil)
	if err != nil {
		a.Ui.Error(fmt.Sprintf("Error creating ACL role: %s", err))
		return 1
	}

	if a.json || len(a.tmpl) > 0 {
		out, err := Format(a.json, a.tmpl, role)
		if err != nil {
			a.Ui.Error(err.Error())
			return 1
		}

		a.Ui.Output(out)
		return 0
	}

	a.Ui.Output(formatACLRole(role))
	return 0
}