feat(auth): store and retrieve auth token from home directory by default (#2)
All checks were successful
arcad/emissary/pipeline/head This commit looks good
All checks were successful
arcad/emissary/pipeline/head This commit looks good
This commit is contained in:
parent
077964c7b9
commit
3d7a094cb8
2
Makefile
2
Makefile
@ -118,7 +118,7 @@ gitea-release: .mktools tools/gitea-release/bin/gitea-release.sh goreleaser chan
|
||||
tools/gitea-release/bin/gitea-release.sh
|
||||
|
||||
.emissary-token:
|
||||
$(MAKE) run-emissary-server EMISSARY_CMD="--debug --config tmp/server.yml server auth create-token --role writer > .emissary-token"
|
||||
$(MAKE) run-emissary-server EMISSARY_CMD="--debug --config tmp/server.yml server auth create-token --role writer --output .emissary-token"
|
||||
|
||||
AGENT_ID ?= 1
|
||||
|
||||
|
@ -80,9 +80,11 @@
|
||||
5. Créer un jeton d'administration:
|
||||
|
||||
```shell
|
||||
sudo emissary --workdir /usr/share/emissary --config /etc/emissary/server.yml server auth create-token --role writer --subject $(whoami) > .emissary-token
|
||||
sudo emissary --workdir /usr/share/emissary --config /etc/emissary/server.yml server auth create-token --role writer --subject $(whoami)
|
||||
```
|
||||
|
||||
> **Note** Le jeton sera stocké dans le répertoire `$HOME/.config/emissary`.
|
||||
|
||||
6. Vérifier l'authentification sur l'API:
|
||||
|
||||
```shell
|
||||
|
@ -2,7 +2,6 @@ package flag
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
@ -12,6 +11,11 @@ import (
|
||||
"github.com/urfave/cli/v2"
|
||||
)
|
||||
|
||||
const (
|
||||
AuthTokenDefaultHomePath = "$HOME/.config/emissary/auth-token"
|
||||
AuthTokenDefaultLocalPath = ".emissary-token"
|
||||
)
|
||||
|
||||
func ComposeFlags(flags ...cli.Flag) []cli.Flag {
|
||||
baseFlags := []cli.Flag{
|
||||
&cli.StringFlag{
|
||||
@ -37,10 +41,10 @@ func ComposeFlags(flags ...cli.Flag) []cli.Flag {
|
||||
Aliases: []string{"t"},
|
||||
Usage: "use `TOKEN` as authentication token",
|
||||
},
|
||||
&cli.StringFlag{
|
||||
&cli.StringSliceFlag{
|
||||
Name: "token-file",
|
||||
Usage: "use `TOKEN_FILE` as file containing the authentication token",
|
||||
Value: ".emissary-token",
|
||||
Value: cli.NewStringSlice(AuthTokenDefaultLocalPath, AuthTokenDefaultHomePath),
|
||||
TakesFile: true,
|
||||
},
|
||||
}
|
||||
@ -55,14 +59,14 @@ type BaseFlags struct {
|
||||
Format format.Format
|
||||
OutputMode format.OutputMode
|
||||
Token string
|
||||
TokenFile string
|
||||
TokenFiles []string
|
||||
}
|
||||
|
||||
func GetBaseFlags(ctx *cli.Context) *BaseFlags {
|
||||
serverURL := ctx.String("server")
|
||||
rawFormat := ctx.String("format")
|
||||
rawOutputMode := ctx.String("output-mode")
|
||||
tokenFile := ctx.String("token-file")
|
||||
tokenFiles := ctx.StringSlice("token-file")
|
||||
token := ctx.String("token")
|
||||
|
||||
return &BaseFlags{
|
||||
@ -70,7 +74,7 @@ func GetBaseFlags(ctx *cli.Context) *BaseFlags {
|
||||
Format: format.Format(rawFormat),
|
||||
OutputMode: format.OutputMode(rawOutputMode),
|
||||
Token: token,
|
||||
TokenFile: tokenFile,
|
||||
TokenFiles: tokenFiles,
|
||||
}
|
||||
}
|
||||
|
||||
@ -79,18 +83,20 @@ func GetToken(flags *BaseFlags) (string, error) {
|
||||
return flags.Token, nil
|
||||
}
|
||||
|
||||
if flags.TokenFile == "" {
|
||||
return "", nil
|
||||
for _, tokenFile := range flags.TokenFiles {
|
||||
tokenFile = os.ExpandEnv(tokenFile)
|
||||
|
||||
rawToken, err := os.ReadFile(tokenFile)
|
||||
if err != nil && !errors.Is(err, os.ErrNotExist) {
|
||||
return "", errors.WithStack(err)
|
||||
}
|
||||
|
||||
if rawToken == nil {
|
||||
continue
|
||||
}
|
||||
|
||||
return strings.TrimSpace(string(rawToken)), nil
|
||||
}
|
||||
|
||||
rawToken, err := ioutil.ReadFile(flags.TokenFile)
|
||||
if err != nil && !errors.Is(err, os.ErrNotExist) {
|
||||
return "", errors.WithStack(err)
|
||||
}
|
||||
|
||||
if rawToken == nil {
|
||||
return "", nil
|
||||
}
|
||||
|
||||
return strings.TrimSpace(string(rawToken)), nil
|
||||
return "", nil
|
||||
}
|
||||
|
@ -2,8 +2,11 @@ package auth
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
|
||||
"forge.cadoles.com/Cadoles/emissary/internal/auth/thirdparty"
|
||||
"forge.cadoles.com/Cadoles/emissary/internal/command/api/flag"
|
||||
"forge.cadoles.com/Cadoles/emissary/internal/command/common"
|
||||
"forge.cadoles.com/Cadoles/emissary/internal/jwk"
|
||||
"github.com/lithammer/shortuuid/v4"
|
||||
@ -26,6 +29,13 @@ func CreateTokenCommand() *cli.Command {
|
||||
Usage: "associate `SUBJECT` to the token",
|
||||
Value: fmt.Sprintf("user-%s", shortuuid.New()),
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "output",
|
||||
Aliases: []string{"o"},
|
||||
TakesFile: true,
|
||||
Usage: "output token to `OUTPUT` (or '-' to print to stdout)",
|
||||
Value: flag.AuthTokenDefaultHomePath,
|
||||
},
|
||||
},
|
||||
Action: func(ctx *cli.Context) error {
|
||||
conf, err := common.LoadConfig(ctx)
|
||||
@ -35,6 +45,7 @@ func CreateTokenCommand() *cli.Command {
|
||||
|
||||
subject := ctx.String("subject")
|
||||
role := ctx.String("role")
|
||||
output := ctx.String("output")
|
||||
|
||||
localAuth := conf.Server.Auth.Local
|
||||
if localAuth == nil {
|
||||
@ -51,7 +62,23 @@ func CreateTokenCommand() *cli.Command {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
fmt.Println(token)
|
||||
output = os.ExpandEnv(output)
|
||||
|
||||
if output == "-" {
|
||||
fmt.Println(token)
|
||||
} else {
|
||||
outputDirectory := filepath.Dir(output)
|
||||
|
||||
if err := os.MkdirAll(outputDirectory, os.FileMode(0o700)); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
if err := os.WriteFile(output, []byte(token), os.FileMode(0o600)); err != nil {
|
||||
return errors.WithStack(err)
|
||||
}
|
||||
|
||||
fmt.Printf("Token written to '%s'.\n", output)
|
||||
}
|
||||
|
||||
return nil
|
||||
},
|
||||
|
Loading…
Reference in New Issue
Block a user