feat: resources segregation by tenant

internal/command/server/auth/create_token.go

@@ -8,6 +8,7 @@ import (
 	"forge.cadoles.com/Cadoles/emissary/internal/auth/thirdparty"
 	"forge.cadoles.com/Cadoles/emissary/internal/command/api/flag"
 	"forge.cadoles.com/Cadoles/emissary/internal/command/common"
+	"forge.cadoles.com/Cadoles/emissary/internal/datastore"
 	"forge.cadoles.com/Cadoles/emissary/internal/jwk"
 	"github.com/lithammer/shortuuid/v4"
 	"github.com/pkg/errors"
@@ -29,6 +30,11 @@ func CreateTokenCommand() *cli.Command {
 				Usage: "associate `SUBJECT` to the token",
 				Value: fmt.Sprintf("user-%s", shortuuid.New()),
 			},
+			&cli.StringFlag{
+				Name:     "tenant",
+				Usage:    "associate `TENANT` to the token",
+				Required: true,
+			},
 			&cli.StringFlag{
 				Name:      "output",
 				Aliases:   []string{"o"},
@@ -44,6 +50,7 @@ func CreateTokenCommand() *cli.Command {
 			}
 
 			subject := ctx.String("subject")
+			tenant := ctx.String("tenant")
 			role := ctx.String("role")
 			output := ctx.String("output")
 
@@ -57,7 +64,7 @@ func CreateTokenCommand() *cli.Command {
 				return errors.WithStack(err)
 			}
 
-			token, err := thirdparty.GenerateToken(ctx.Context, key, subject, thirdparty.Role(role))
+			token, err := thirdparty.GenerateToken(ctx.Context, key, datastore.TenantID(tenant), subject, thirdparty.Role(role))
 			if err != nil {
 				return errors.WithStack(err)
 			}