Compare commits

...

20 Commits

Author SHA1 Message Date
c55c723868 chore: Create branch for project modifications testing
All checks were successful
arcad/emissary/pipeline/head This commit looks good
2023-08-28 11:26:44 +02:00
3d7a094cb8 feat(auth): store and retrieve auth token from home directory by default (#2)
All checks were successful
arcad/emissary/pipeline/head This commit looks good
2023-08-25 12:53:31 -06:00
077964c7b9 ci: fix release version passed to emissary-firmware pipeline
All checks were successful
arcad/emissary/pipeline/head This commit looks good
2023-08-25 10:52:27 -06:00
3af6324121 ci: fix changelog version generation
All checks were successful
arcad/emissary/pipeline/head This commit looks good
2023-08-25 10:45:15 -06:00
b31900ae2f ci: use jenkins environment to define current branch name for version generation
Some checks failed
arcad/emissary/pipeline/head There was a failure building this commit
2023-08-25 10:36:18 -06:00
777648ff44 chore: remove changelog from repository
Some checks reported errors
arcad/emissary/pipeline/head Something is wrong with the build of this commit
2023-08-25 10:33:11 -06:00
d9919c888f feat(changelog): filter tags used to generate changelog 2023-08-25 10:32:31 -06:00
1eb3de4f16 feat: add changelog to released files
Some checks failed
arcad/emissary/pipeline/head There was a failure building this commit
2023-08-25 10:20:42 -06:00
9326bac792 Merge pull request 'feat: use new versioning schema with changelog generation' (#3) from new-versioning into master
Some checks reported errors
arcad/emissary/pipeline/head Something is wrong with the build of this commit
Reviewed-on: #3
2023-08-25 18:17:57 +02:00
3c1f5042c8 feat: use new versioning schema with changelog generation
All checks were successful
arcad/emissary/pipeline/head This commit looks good
arcad/emissary/pipeline/pr-master This commit looks good
2023-08-25 09:57:13 -06:00
14eecbf01e feat: comment packaged agent and server configurations (#1)
All checks were successful
arcad/emissary/pipeline/head This commit looks good
2023-08-25 09:32:08 -06:00
c51ac0adc7 docs: add reference to emissary-firmware project
All checks were successful
arcad/emissary/pipeline/head This commit looks good
2023-08-25 09:09:09 -06:00
3e168dadf6 Revert "doc: add one file to stack all documentation source for install emissary (local, package, ansible)"
Some checks reported errors
arcad/emissary/pipeline/head Something is wrong with the build of this commit
This reverts commit 5c36955c13.
2023-08-25 09:07:01 -06:00
61ac5e8ae0 chore: move casts to misc directory
All checks were successful
arcad/emissary/pipeline/head This commit looks good
2023-08-25 09:00:55 -06:00
929394c479 Revert "doc: proposed structure for documentation => one place to see them all. Add in doc/readme.md all the source for documentation include emissary-agent"
All checks were successful
arcad/emissary/pipeline/head This commit looks good
This reverts commit a1ec5b87c8.
2023-08-25 08:57:16 -06:00
a1ec5b87c8 doc: proposed structure for documentation => one place to see them all. Add in doc/readme.md all the source for documentation include emissary-agent
All checks were successful
arcad/emissary/pipeline/head This commit looks good
2023-08-25 13:29:29 +02:00
5c36955c13 doc: add one file to stack all documentation source for install emissary (local, package, ansible)
All checks were successful
arcad/emissary/pipeline/head This commit looks good
2023-08-25 11:24:16 +02:00
6cf01adb61 chore: tidy deps
All checks were successful
arcad/emissary/pipeline/head This commit looks good
2023-08-14 14:49:41 -06:00
8e88b5a7f1 feat(auth): remote and local third-party authentication
Some checks reported warnings
arcad/emissary/pipeline/head This commit is unstable
2023-08-14 14:42:23 -06:00
42d49eb090 feat: move client to public package
All checks were successful
arcad/emissary/pipeline/head This commit looks good
2023-06-25 11:46:33 -06:00
45 changed files with 606 additions and 165 deletions

44
.chglog/CHANGELOG.tpl.md Normal file
View File

@ -0,0 +1,44 @@
{{ if .Versions -}}
{{ if .Unreleased.CommitGroups -}}
<a name="unreleased"></a>
## [Unreleased]
{{ range .Unreleased.CommitGroups -}}
### {{ .Title }}
{{ range .Commits -}}
- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
{{ end }}
{{ end -}}
{{ end -}}
{{ end -}}
{{ range .Versions }}
<a name="{{ .Tag.Name }}"></a>
## {{ if .Tag.Previous }}[{{ .Tag.Name }}]{{ else }}{{ .Tag.Name }}{{ end }} - {{ datetime "2006-01-02" .Tag.Date }}
{{ range .CommitGroups -}}
### {{ .Title }}
{{ range .Commits -}}
- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
{{ end }}
{{ else }}
_Nothing functionally significant._
{{ end -}}
{{- if .NoteGroups -}}
{{ range .NoteGroups -}}
### {{ .Title }}
{{ range .Notes }}
{{ .Body }}
{{ end }}
{{ end -}}
{{ end -}}
{{ end -}}
{{- if .Versions }}
[Unreleased]: {{ .Info.RepositoryURL }}/compare/{{ $latest := index .Versions 0 }}{{ $latest.Tag.Name }}...HEAD
{{ range .Versions -}}
{{ if .Tag.Previous -}}
[{{ .Tag.Name }}]: {{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}
{{ end -}}
{{ end -}}
{{ end -}}

33
.chglog/config.yml Normal file
View File

@ -0,0 +1,33 @@
style: github
template: CHANGELOG.tpl.md
info:
title: CHANGELOG
repository_url: https://forge.cadoles.com//
options:
commits:
filters:
Type:
- feat
- fix
- perf
- refactor
- docs
commit_groups:
title_maps:
feat: Features
fix: Bug Fixes
perf: Performance Improvements
refactor: Code Refactoring
docs: Documentation
header:
pattern: "^(\\w*)(?:\\(([\\w\\$\\.\\-\\*\\s]*)\\))?\\:\\s(.*)$"
pattern_maps:
- Type
- Scope
- Subject
notes:
keywords:
- BREAKING CHANGE
issues:
prefix:
- '#'

4
.gitignore vendored
View File

@ -10,4 +10,6 @@ dist/
/apps
/server-key.json
/.emissary-token
/out
/out
.mktools/
/CHANGELOG.md

30
Jenkinsfile vendored
View File

@ -19,7 +19,7 @@ pipeline {
}
}
}
stage('Run unit tests') {
steps {
script {
@ -58,20 +58,22 @@ pipeline {
passwordVariable: 'GITEA_RELEASE_PASSWORD'
])
]) {
sh 'make gitea-release'
}
def currentVersion = sh(returnStdout: true, script: 'make full-version').trim()
if (currentVersion.endsWith('-dirty')) {
unstable('Could not trigger emissary-firmware build, dirty version !')
} else {
build(
job: "../emissary-firmware/${env.GIT_BRANCH}",
parameters: [
[$class: 'StringParameterValue', name: 'emissaryRelease', value: currentVersion]
],
wait: false
)
sh """
export MKT_PROJECT_VERSION_BRANCH_NAME=${env.BRANCH_NAME}
make mktools
make gitea-release
"""
}
String currentVersion = sh(script: "MKT_PROJECT_VERSION_BRANCH_NAME=${env.BRANCH_NAME} make version", returnStdout: true).trim()
build(
job: "../emissary-firmware/${env.GIT_BRANCH}",
parameters: [
[$class: 'StringParameterValue', name: 'emissaryRelease', value: currentVersion]
],
wait: false
)
}
}
}

View File

@ -5,12 +5,9 @@ GITCHLOG_ARGS ?=
SHELL := /bin/bash
EMISSARY_VERSION ?=
GIT_VERSION := $(shell git describe --always)
DATE_VERSION := $(shell date +%Y.%-m.%-d)
FULL_VERSION := v$(DATE_VERSION)-$(GIT_VERSION)$(if $(shell git diff --stat),-dirty,)
DOCKER_IMAGE_NAME ?= bornholm/emissary
DOCKER_IMAGE_TAG ?= $(FULL_VERSION)
DOCKER_IMAGE_TAG ?= $(MKT_PROJECT_VERSION)
GOTEST_ARGS ?= -short
@ -45,7 +42,7 @@ build-emissary-%: deps ## Build executable
-v \
-ldflags "\
-X 'main.GitRef=$(shell git rev-parse --short HEAD)' \
-X 'main.ProjectVersion=$(FULL_VERSION)' \
-X 'main.ProjectVersion=$(MKT_PROJECT_VERSION)' \
-X 'main.BuildDate=$(shell date --utc --rfc-3339=seconds)' \
" \
-o ./bin/$* \
@ -66,7 +63,7 @@ run-emissary-%: .env
( set -o allexport && source .env && set +o allexport && bin/$* $(EMISSARY_CMD))
.PHONY: deps
deps: .env
deps: .env .mktools
.PHONY: dump-config
dump-config: build-emissary
@ -74,27 +71,8 @@ dump-config: build-emissary
./bin/emissary config dump > tmp/config.yml
.PHONY: goreleaser
goreleaser: deps
( set -o allexport && source .env && set +o allexport && VERSION=$(GORELEASER_VERSION) curl -sfL https://goreleaser.com/static/run | GORELEASER_CURRENT_TAG="$(FULL_VERSION)" bash /dev/stdin $(GORELEASER_ARGS) )
.PHONY: start-release
start-release:
if [ -z "$(EMISSARY_VERSION)" ]; then echo "You must define environment variable FAQD_VERSION"; exit 1; fi
git flow release start $(EMISSARY_VERSION)
# Update package.json version
jq '.version = "$(EMISSARY_VERSION)"' package.json | sponge package.json
git add package.json
git commit -m "chore: bump to version $(EMISSARY_VERSION)" --allow-empty
echo "Commit you additional modifications then execute 'make finish-release'"
.PHONY: finish-release
finish-release:
git flow release finish -m "v$(EMISSARY_VERSION)"
git push --all
git push --tags
goreleaser: .mktools
( set -o allexport && source .env && set +o allexport && VERSION=$(GORELEASER_VERSION) curl -sfL https://goreleaser.com/static/run | GORELEASER_CURRENT_TAG="$(MKT_PROJECT_VERSION)" bash /dev/stdin $(GORELEASER_ARGS) )
install-git-hooks:
git config core.hooksPath .githooks
@ -119,32 +97,28 @@ deploy-openwrt-agent:
scp dist/emissary-agent_linux_arm_6/emissary root@$(OPENWRT_DEVICE):/usr/bin/emissary
ssh root@$(OPENWRT_DEVICE) /etc/init.d/emissary-agent start
gitea-release: tools/gitea-release/bin/gitea-release.sh goreleaser
gitea-release: .mktools tools/gitea-release/bin/gitea-release.sh goreleaser changelog
mkdir -p .gitea-release
rm -rf .gitea-release/*
cp dist/*.tar.gz .gitea-release/
cp dist/*.apk .gitea-release/
cp dist/*.deb .gitea-release/
cp CHANGELOG.md .gitea-release/
GITEA_RELEASE_PROJECT="emissary" \
GITEA_RELEASE_ORG="arcad" \
GITEA_RELEASE_BASE_URL="https://forge.cadoles.com" \
GITEA_RELEASE_VERSION="$(FULL_VERSION)" \
GITEA_RELEASE_NAME="$(FULL_VERSION)" \
GITEA_RELEASE_VERSION="$(MKT_PROJECT_VERSION)" \
GITEA_RELEASE_NAME="$(MKT_PROJECT_VERSION)" \
GITEA_RELEASE_COMMITISH_TARGET="$(GIT_VERSION)" \
GITEA_RELEASE_IS_DRAFT="false" \
GITEA_RELEASE_BODY="" \
GITEA_RELEASE_ATTACHMENTS="$$(find .gitea-release/* -type f)" \
tools/gitea-release/bin/gitea-release.sh
tools/gitea-release/bin/gitea-release.sh:
mkdir -p tools/gitea-release/bin
curl --output tools/gitea-release/bin/gitea-release.sh https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/gitea/gitea-release.sh
chmod +x tools/gitea-release/bin/gitea-release.sh
.emissary-token:
$(MAKE) run-emissary-server EMISSARY_CMD="--debug --config tmp/server.yml server auth create-token --role writer > .emissary-token"
$(MAKE) run-emissary-server EMISSARY_CMD="--debug --config tmp/server.yml server auth create-token --role writer --output .emissary-token"
AGENT_ID ?= 1
@ -153,8 +127,8 @@ load-sample-specs:
cat misc/spec-samples/proxy.emissary.cadoles.com.json | ./bin/server api agent spec update -a $(AGENT_ID) --no-patch --spec-data - --spec-name proxy.emissary.cadoles.com
cat misc/spec-samples/mdns.emissary.cadoles.com.json | ./bin/server api agent spec update -a $(AGENT_ID) --no-patch --spec-data - --spec-name mdns.emissary.cadoles.com
full-version:
@echo $(FULL_VERSION)
version: .mktools
@echo $(MKT_PROJECT_VERSION)
update-edge-lib:
git pull --rebase
@ -163,4 +137,18 @@ update-edge-lib:
$(MAKE) test
git add go.mod go.sum
git commit -m "feat: update arcad/edge dependency"
git push
git push
.PHONY: changelog
changelog: .mktools
$(MAKE) MKT_GIT_CHGLOG_ARGS='--next-tag $(MKT_PROJECT_VERSION) --tag-filter-pattern $(MKT_PROJECT_VERSION_CHANNEL) --output CHANGELOG.md' mkt-changelog
.PHONY: mktools
mktools:
rm -rf .mktools
curl -q https://forge.cadoles.com/Cadoles/mktools/raw/branch/master/install.sh | $(SHELL)
.mktools:
$(MAKE) mktools
-include .mktools/*.mk

View File

@ -24,3 +24,7 @@ See:
- [`misc/packaging/common/config-agent.yml`](../misc/packaging/common/config-agent.yml)
- [`misc/packaging/common/config-server.yml`](../misc/packaging/common/config-server.yml)
### Other projects
- [`emissary-firmware`](https://forge.cadoles.com/arcad/emissary-firmware) - Preconfigured OpenWRT firmwares with an agent

View File

@ -36,7 +36,7 @@
```bash
sudo nmap -sP 192.168.0.* # À modifier par le préfixe correspondant à votre réseau local
```
Une entrée équivalente à la suivante devrait être affichée:
```bash
@ -80,9 +80,11 @@
5. Créer un jeton d'administration:
```shell
sudo emissary --workdir /usr/share/emissary --config /etc/emissary/server.yml server auth create-token --role writer --subject $(whoami) > .emissary-token
sudo emissary --workdir /usr/share/emissary --config /etc/emissary/server.yml server auth create-token --role writer --subject $(whoami)
```
> **Note** Le jeton sera stocké dans le répertoire `$HOME/.config/emissary`.
6. Vérifier l'authentification sur l'API:
```shell

1
go.mod
View File

@ -7,6 +7,7 @@ require (
github.com/Masterminds/sprig/v3 v3.2.3
github.com/alecthomas/participle/v2 v2.0.0-beta.5
github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
github.com/antonmedv/expr v1.12.7
github.com/brutella/dnssd v1.2.6
github.com/btcsuite/btcd/btcutil v1.1.3
github.com/davecgh/go-spew v1.1.1

2
go.sum
View File

@ -149,6 +149,8 @@ github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY
github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ=
github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
github.com/antonmedv/expr v1.12.7 h1:jfV/l/+dHWAadLwAtESXNxXdfbK9bE4+FNMHYCMntwk=
github.com/antonmedv/expr v1.12.7/go.mod h1:FPC8iWArxls7axbVLsW+kpg1mz29A1b2M6jt+hZfDkU=
github.com/apache/arrow/go/arrow v0.0.0-20210818145353-234c94e4ce64/go.mod h1:2qMFB56yOP3KzkB3PbYZ4AlUFg3a88F67TIx5lB/WwY=
github.com/apache/arrow/go/arrow v0.0.0-20211013220434-5962184e7a30/go.mod h1:Q7yQnSMnLvcXlZ8RV+jwz/6y1rQTqbX6C82SndT52Zs=
github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=

View File

@ -6,8 +6,8 @@ import (
"forge.cadoles.com/Cadoles/emissary/internal/agent/metadata"
"forge.cadoles.com/Cadoles/emissary/internal/auth/agent"
"forge.cadoles.com/Cadoles/emissary/internal/client"
"forge.cadoles.com/Cadoles/emissary/internal/jwk"
"forge.cadoles.com/Cadoles/emissary/pkg/client"
"github.com/pkg/errors"
"gitlab.com/wpetit/goweb/api"
"gitlab.com/wpetit/goweb/logger"

View File

@ -3,7 +3,7 @@ package agent
import (
"context"
"forge.cadoles.com/Cadoles/emissary/internal/client"
"forge.cadoles.com/Cadoles/emissary/pkg/client"
"github.com/pkg/errors"
)

View File

@ -4,8 +4,8 @@ import (
"context"
"forge.cadoles.com/Cadoles/emissary/internal/agent"
"forge.cadoles.com/Cadoles/emissary/internal/client"
"forge.cadoles.com/Cadoles/emissary/internal/datastore"
"forge.cadoles.com/Cadoles/emissary/pkg/client"
"github.com/pkg/errors"
"gitlab.com/wpetit/goweb/logger"
)

View File

@ -4,7 +4,7 @@ import (
"time"
"forge.cadoles.com/Cadoles/emissary/internal/agent/metadata"
"forge.cadoles.com/Cadoles/emissary/internal/client"
"forge.cadoles.com/Cadoles/emissary/pkg/client"
)
type Options struct {

View File

@ -11,7 +11,6 @@ import (
"github.com/lestrrat-go/jwx/v2/jws"
"github.com/lestrrat-go/jwx/v2/jwt"
"github.com/pkg/errors"
"gitlab.com/wpetit/goweb/logger"
)
const DefaultAcceptableSkew = 5 * time.Minute
@ -23,8 +22,6 @@ type Authenticator struct {
// Authenticate implements auth.Authenticator.
func (a *Authenticator) Authenticate(ctx context.Context, r *http.Request) (auth.User, error) {
ctx = logger.With(r.Context(), logger.F("remoteAddr", r.RemoteAddr))
authorization := r.Header.Get("Authorization")
if authorization == "" {
return nil, errors.WithStack(auth.ErrUnauthenticated)

View File

@ -8,22 +8,25 @@ import (
"forge.cadoles.com/Cadoles/emissary/internal/auth"
"forge.cadoles.com/Cadoles/emissary/internal/jwk"
"github.com/lestrrat-go/jwx/v2/jwt"
"github.com/pkg/errors"
"gitlab.com/wpetit/goweb/logger"
)
const DefaultAcceptableSkew = 5 * time.Minute
type (
GetKeySet func(context.Context) (jwk.Set, error)
GetTokenRole func(context.Context, jwt.Token) (string, error)
)
type Authenticator struct {
keys jwk.Set
issuer string
getKeySet GetKeySet
getTokenRole GetTokenRole
acceptableSkew time.Duration
}
// Authenticate implements auth.Authenticator.
func (a *Authenticator) Authenticate(ctx context.Context, r *http.Request) (auth.User, error) {
ctx = logger.With(r.Context(), logger.F("remoteAddr", r.RemoteAddr))
authorization := r.Header.Get("Authorization")
if authorization == "" {
return nil, errors.WithStack(auth.ErrUnauthenticated)
@ -34,37 +37,37 @@ func (a *Authenticator) Authenticate(ctx context.Context, r *http.Request) (auth
return nil, errors.WithStack(auth.ErrUnauthenticated)
}
token, err := parseToken(ctx, a.keys, a.issuer, rawToken, a.acceptableSkew)
keys, err := a.getKeySet(ctx)
if err != nil {
return nil, errors.WithStack(err)
}
rawRole, exists := token.Get(keyRole)
if !exists {
return nil, errors.New("could not find 'thumbprint' claim")
token, err := parseToken(ctx, keys, rawToken, a.acceptableSkew)
if err != nil {
return nil, errors.WithStack(err)
}
role, ok := rawRole.(string)
if !ok {
return nil, errors.Errorf("unexpected '%s' claim value: '%v'", keyRole, rawRole)
rawRole, err := a.getTokenRole(ctx, token)
if err != nil {
return nil, errors.WithStack(err)
}
if !isValidRole(role) {
return nil, errors.Errorf("invalid role '%s'", role)
if !isValidRole(rawRole) {
return nil, errors.Errorf("invalid role '%s'", rawRole)
}
user := &User{
subject: token.Subject(),
role: Role(role),
role: Role(rawRole),
}
return user, nil
}
func NewAuthenticator(keys jwk.Set, issuer string, acceptableSkew time.Duration) *Authenticator {
func NewAuthenticator(getKeySet GetKeySet, getTokenRole GetTokenRole, acceptableSkew time.Duration) *Authenticator {
return &Authenticator{
keys: keys,
issuer: issuer,
getTokenRole: getTokenRole,
getKeySet: getKeySet,
acceptableSkew: acceptableSkew,
}
}

View File

@ -11,15 +11,13 @@ import (
"github.com/pkg/errors"
)
const keyRole = "role"
func parseToken(ctx context.Context, keys jwk.Set, issuer string, rawToken string, acceptableSkew time.Duration) (jwt.Token, error) {
func parseToken(ctx context.Context, keys jwk.Set, rawToken string, acceptableSkew time.Duration) (jwt.Token, error) {
token, err := jwt.Parse(
[]byte(rawToken),
jwt.WithKeySet(keys, jws.WithRequireKid(false)),
jwt.WithIssuer(issuer),
jwt.WithValidate(true),
jwt.WithAcceptableSkew(acceptableSkew),
jwt.WithContext(ctx),
)
if err != nil {
return nil, errors.WithStack(err)
@ -28,18 +26,16 @@ func parseToken(ctx context.Context, keys jwk.Set, issuer string, rawToken strin
return token, nil
}
func GenerateToken(ctx context.Context, key jwk.Key, issuer, subject string, role Role) (string, error) {
const DefaultRoleKey string = "role"
func GenerateToken(ctx context.Context, key jwk.Key, subject string, role Role) (string, error) {
token := jwt.New()
if err := token.Set(jwt.SubjectKey, subject); err != nil {
return "", errors.WithStack(err)
}
if err := token.Set(jwt.IssuerKey, issuer); err != nil {
return "", errors.WithStack(err)
}
if err := token.Set(keyRole, role); err != nil {
if err := token.Set(DefaultRoleKey, role); err != nil {
return "", errors.WithStack(err)
}

View File

@ -3,10 +3,10 @@ package agent
import (
"os"
"forge.cadoles.com/Cadoles/emissary/internal/client"
"forge.cadoles.com/Cadoles/emissary/internal/command/api/apierr"
clientFlag "forge.cadoles.com/Cadoles/emissary/internal/command/api/flag"
"forge.cadoles.com/Cadoles/emissary/internal/format"
"forge.cadoles.com/Cadoles/emissary/pkg/client"
"github.com/pkg/errors"
"github.com/urfave/cli/v2"
)

View File

@ -3,12 +3,12 @@ package agent
import (
"os"
"forge.cadoles.com/Cadoles/emissary/internal/client"
agentFlag "forge.cadoles.com/Cadoles/emissary/internal/command/api/agent/flag"
"forge.cadoles.com/Cadoles/emissary/internal/command/api/apierr"
clientFlag "forge.cadoles.com/Cadoles/emissary/internal/command/api/flag"
"forge.cadoles.com/Cadoles/emissary/internal/datastore"
"forge.cadoles.com/Cadoles/emissary/internal/format"
"forge.cadoles.com/Cadoles/emissary/pkg/client"
"github.com/pkg/errors"
"github.com/urfave/cli/v2"
)

View File

@ -3,11 +3,11 @@ package agent
import (
"os"
"forge.cadoles.com/Cadoles/emissary/internal/client"
agentFlag "forge.cadoles.com/Cadoles/emissary/internal/command/api/agent/flag"
"forge.cadoles.com/Cadoles/emissary/internal/command/api/apierr"
clientFlag "forge.cadoles.com/Cadoles/emissary/internal/command/api/flag"
"forge.cadoles.com/Cadoles/emissary/internal/format"
"forge.cadoles.com/Cadoles/emissary/pkg/client"
"github.com/pkg/errors"
"github.com/urfave/cli/v2"
)

View File

@ -3,11 +3,11 @@ package agent
import (
"os"
"forge.cadoles.com/Cadoles/emissary/internal/client"
"forge.cadoles.com/Cadoles/emissary/internal/command/api/apierr"
clientFlag "forge.cadoles.com/Cadoles/emissary/internal/command/api/flag"
"forge.cadoles.com/Cadoles/emissary/internal/datastore"
"forge.cadoles.com/Cadoles/emissary/internal/format"
"forge.cadoles.com/Cadoles/emissary/pkg/client"
"github.com/pkg/errors"
"github.com/urfave/cli/v2"
)

View File

@ -3,12 +3,12 @@ package spec
import (
"os"
"forge.cadoles.com/Cadoles/emissary/internal/client"
agentFlag "forge.cadoles.com/Cadoles/emissary/internal/command/api/agent/flag"
"forge.cadoles.com/Cadoles/emissary/internal/command/api/apierr"
clientFlag "forge.cadoles.com/Cadoles/emissary/internal/command/api/flag"
"forge.cadoles.com/Cadoles/emissary/internal/format"
"forge.cadoles.com/Cadoles/emissary/internal/spec"
"forge.cadoles.com/Cadoles/emissary/pkg/client"
"github.com/pkg/errors"
"github.com/urfave/cli/v2"
)

View File

@ -3,11 +3,11 @@ package spec
import (
"os"
"forge.cadoles.com/Cadoles/emissary/internal/client"
agentFlag "forge.cadoles.com/Cadoles/emissary/internal/command/api/agent/flag"
"forge.cadoles.com/Cadoles/emissary/internal/command/api/apierr"
clientFlag "forge.cadoles.com/Cadoles/emissary/internal/command/api/flag"
"forge.cadoles.com/Cadoles/emissary/internal/format"
"forge.cadoles.com/Cadoles/emissary/pkg/client"
"github.com/pkg/errors"
"github.com/urfave/cli/v2"
)

View File

@ -4,12 +4,12 @@ import (
"encoding/json"
"os"
"forge.cadoles.com/Cadoles/emissary/internal/client"
agentFlag "forge.cadoles.com/Cadoles/emissary/internal/command/api/agent/flag"
"forge.cadoles.com/Cadoles/emissary/internal/command/api/apierr"
clientFlag "forge.cadoles.com/Cadoles/emissary/internal/command/api/flag"
"forge.cadoles.com/Cadoles/emissary/internal/format"
"forge.cadoles.com/Cadoles/emissary/internal/spec"
"forge.cadoles.com/Cadoles/emissary/pkg/client"
jsonpatch "github.com/evanphx/json-patch/v5"
"github.com/pkg/errors"
"github.com/urfave/cli/v2"

View File

@ -3,11 +3,11 @@ package agent
import (
"os"
"forge.cadoles.com/Cadoles/emissary/internal/client"
agentFlag "forge.cadoles.com/Cadoles/emissary/internal/command/api/agent/flag"
"forge.cadoles.com/Cadoles/emissary/internal/command/api/apierr"
clientFlag "forge.cadoles.com/Cadoles/emissary/internal/command/api/flag"
"forge.cadoles.com/Cadoles/emissary/internal/format"
"forge.cadoles.com/Cadoles/emissary/pkg/client"
"github.com/pkg/errors"
"github.com/urfave/cli/v2"
)

View File

@ -2,7 +2,6 @@ package flag
import (
"fmt"
"io/ioutil"
"os"
"strings"
@ -12,6 +11,11 @@ import (
"github.com/urfave/cli/v2"
)
const (
AuthTokenDefaultHomePath = "$HOME/.config/emissary/auth-token"
AuthTokenDefaultLocalPath = ".emissary-token"
)
func ComposeFlags(flags ...cli.Flag) []cli.Flag {
baseFlags := []cli.Flag{
&cli.StringFlag{
@ -37,10 +41,10 @@ func ComposeFlags(flags ...cli.Flag) []cli.Flag {
Aliases: []string{"t"},
Usage: "use `TOKEN` as authentication token",
},
&cli.StringFlag{
&cli.StringSliceFlag{
Name: "token-file",
Usage: "use `TOKEN_FILE` as file containing the authentication token",
Value: ".emissary-token",
Value: cli.NewStringSlice(AuthTokenDefaultLocalPath, AuthTokenDefaultHomePath),
TakesFile: true,
},
}
@ -55,14 +59,14 @@ type BaseFlags struct {
Format format.Format
OutputMode format.OutputMode
Token string
TokenFile string
TokenFiles []string
}
func GetBaseFlags(ctx *cli.Context) *BaseFlags {
serverURL := ctx.String("server")
rawFormat := ctx.String("format")
rawOutputMode := ctx.String("output-mode")
tokenFile := ctx.String("token-file")
tokenFiles := ctx.StringSlice("token-file")
token := ctx.String("token")
return &BaseFlags{
@ -70,7 +74,7 @@ func GetBaseFlags(ctx *cli.Context) *BaseFlags {
Format: format.Format(rawFormat),
OutputMode: format.OutputMode(rawOutputMode),
Token: token,
TokenFile: tokenFile,
TokenFiles: tokenFiles,
}
}
@ -79,18 +83,20 @@ func GetToken(flags *BaseFlags) (string, error) {
return flags.Token, nil
}
if flags.TokenFile == "" {
return "", nil
for _, tokenFile := range flags.TokenFiles {
tokenFile = os.ExpandEnv(tokenFile)
rawToken, err := os.ReadFile(tokenFile)
if err != nil && !errors.Is(err, os.ErrNotExist) {
return "", errors.WithStack(err)
}
if rawToken == nil {
continue
}
return strings.TrimSpace(string(rawToken)), nil
}
rawToken, err := ioutil.ReadFile(flags.TokenFile)
if err != nil && !errors.Is(err, os.ErrNotExist) {
return "", errors.WithStack(err)
}
if rawToken == nil {
return "", nil
}
return strings.TrimSpace(string(rawToken)), nil
return "", nil
}

View File

@ -2,8 +2,11 @@ package auth
import (
"fmt"
"os"
"path/filepath"
"forge.cadoles.com/Cadoles/emissary/internal/auth/thirdparty"
"forge.cadoles.com/Cadoles/emissary/internal/command/api/flag"
"forge.cadoles.com/Cadoles/emissary/internal/command/common"
"forge.cadoles.com/Cadoles/emissary/internal/jwk"
"github.com/lithammer/shortuuid/v4"
@ -26,6 +29,13 @@ func CreateTokenCommand() *cli.Command {
Usage: "associate `SUBJECT` to the token",
Value: fmt.Sprintf("user-%s", shortuuid.New()),
},
&cli.StringFlag{
Name: "output",
Aliases: []string{"o"},
TakesFile: true,
Usage: "output token to `OUTPUT` (or '-' to print to stdout)",
Value: flag.AuthTokenDefaultHomePath,
},
},
Action: func(ctx *cli.Context) error {
conf, err := common.LoadConfig(ctx)
@ -35,18 +45,40 @@ func CreateTokenCommand() *cli.Command {
subject := ctx.String("subject")
role := ctx.String("role")
output := ctx.String("output")
key, err := jwk.LoadOrGenerate(string(conf.Server.PrivateKeyPath), jwk.DefaultKeySize)
localAuth := conf.Server.Auth.Local
if localAuth == nil {
return errors.New("local auth is disabled")
}
key, err := jwk.LoadOrGenerate(string(localAuth.PrivateKeyPath), jwk.DefaultKeySize)
if err != nil {
return errors.WithStack(err)
}
token, err := thirdparty.GenerateToken(ctx.Context, key, string(conf.Server.Issuer), subject, thirdparty.Role(role))
token, err := thirdparty.GenerateToken(ctx.Context, key, subject, thirdparty.Role(role))
if err != nil {
return errors.WithStack(err)
}
fmt.Println(token)
output = os.ExpandEnv(output)
if output == "-" {
fmt.Println(token)
} else {
outputDirectory := filepath.Dir(output)
if err := os.MkdirAll(outputDirectory, os.FileMode(0o700)); err != nil {
return errors.WithStack(err)
}
if err := os.WriteFile(output, []byte(token), os.FileMode(0o600)); err != nil {
return errors.WithStack(err)
}
fmt.Printf("Token written to '%s'.\n", output)
}
return nil
},

View File

@ -4,6 +4,7 @@ import (
"os"
"regexp"
"strconv"
"time"
"github.com/pkg/errors"
"gopkg.in/yaml.v3"
@ -123,3 +124,37 @@ func (iss *InterpolatedStringSlice) UnmarshalYAML(value *yaml.Node) error {
return nil
}
type InterpolatedDuration time.Duration
func (id *InterpolatedDuration) UnmarshalYAML(value *yaml.Node) error {
var str string
if err := value.Decode(&str); err != nil {
return errors.Wrapf(err, "could not decode value '%v' (line '%d') into string", value.Value, value.Line)
}
if match := reVar.FindStringSubmatch(str); len(match) > 0 {
str = os.Getenv(match[1])
}
duration, err := time.ParseDuration(str)
if err != nil {
return errors.Wrapf(err, "could not parse duration '%v', line '%d'", str, value.Line)
}
*id = InterpolatedDuration(duration)
return nil
}
func (id *InterpolatedDuration) MarshalYAML() (interface{}, error) {
duration := time.Duration(*id)
return duration.String(), nil
}
func NewInterpolatedDuration(d time.Duration) *InterpolatedDuration {
id := InterpolatedDuration(d)
return &id
}

View File

@ -1,19 +1,50 @@
package config
import (
"fmt"
"forge.cadoles.com/Cadoles/emissary/internal/auth/thirdparty"
)
type ServerConfig struct {
PrivateKeyPath InterpolatedString `yaml:"privateKeyPath"`
Issuer InterpolatedString `yaml:"issuer"`
HTTP HTTPConfig `yaml:"http"`
Database DatabaseConfig `yaml:"database"`
CORS CORSConfig `yaml:"cors"`
HTTP HTTPConfig `yaml:"http"`
Database DatabaseConfig `yaml:"database"`
CORS CORSConfig `yaml:"cors"`
Auth AuthConfig `yaml:"auth"`
}
func NewDefaultServerConfig() ServerConfig {
return ServerConfig{
PrivateKeyPath: "server-key.json",
Issuer: "http://127.0.0.1:3000",
HTTP: NewDefaultHTTPConfig(),
Database: NewDefaultDatabaseConfig(),
CORS: NewDefaultCORSConfig(),
HTTP: NewDefaultHTTPConfig(),
Database: NewDefaultDatabaseConfig(),
CORS: NewDefaultCORSConfig(),
Auth: NewDefaultAuthConfig(),
}
}
type AuthConfig struct {
Local *LocalAuthConfig `yaml:"local"`
Remote *RemoteAuthConfig `yaml:"remote"`
RoleExtractionRules []string `yaml:"roleExtractionRules"`
}
func NewDefaultAuthConfig() AuthConfig {
return AuthConfig{
Local: &LocalAuthConfig{
PrivateKeyPath: "server-key.json",
},
Remote: nil,
RoleExtractionRules: []string{
fmt.Sprintf("jwt.%s != nil ? str(jwt.%s) : ''", thirdparty.DefaultRoleKey, thirdparty.DefaultRoleKey),
},
}
}
type LocalAuthConfig struct {
PrivateKeyPath InterpolatedString `yaml:"privateKeyPath"`
}
type RemoteAuthConfig struct {
JsonWebKeySetURL InterpolatedString `yaml:"jwksUrl"`
RefreshInterval *InterpolatedDuration `yaml:"refreshInterval"`
}

View File

@ -1,11 +1,13 @@
package jwk
import (
"context"
"crypto/rand"
"crypto/rsa"
"encoding/json"
"io/ioutil"
"os"
"time"
"github.com/btcsuite/btcd/btcutil/base58"
"github.com/lestrrat-go/jwx/v2/jwa"
@ -34,7 +36,7 @@ func Parse(src []byte, options ...jwk.ParseOption) (Set, error) {
return jwk.Parse(src, options...)
}
func PublicKeySet(keys ...jwk.Key) (jwk.Set, error) {
func RS256PublicKeySet(keys ...jwk.Key) (jwk.Set, error) {
set := jwk.NewSet()
for _, k := range keys {
@ -85,6 +87,27 @@ func LoadOrGenerate(path string, size int) (jwk.Key, error) {
return key, nil
}
func CreateCachedRemoteKeySet(ctx context.Context, url string, refreshInterval time.Duration) (func(context.Context) (jwk.Set, error), error) {
cache := jwk.NewCache(ctx)
if err := cache.Register(url, jwk.WithMinRefreshInterval(refreshInterval)); err != nil {
return nil, errors.WithStack(err)
}
if _, err := cache.Refresh(ctx, url); err != nil {
return nil, errors.WithStack(err)
}
return func(ctx context.Context) (jwk.Set, error) {
keySet, err := cache.Get(ctx, url)
if err != nil {
return nil, errors.WithStack(err)
}
return keySet, nil
}, nil
}
func Generate(size int) (jwk.Key, error) {
privKey, err := rsa.GenerateKey(rand.Reader, size)
if err != nil {

View File

@ -12,7 +12,7 @@ func TestJWK(t *testing.T) {
t.Fatalf("%+v", errors.WithStack(err))
}
keySet, err := PublicKeySet(privateKey)
keySet, err := RS256PublicKeySet(privateKey)
if err != nil {
t.Fatalf("%+v", errors.WithStack(err))
}

View File

@ -6,6 +6,9 @@ import (
"log"
"net"
"net/http"
"reflect"
"strings"
"time"
"forge.cadoles.com/Cadoles/emissary/internal/auth"
"forge.cadoles.com/Cadoles/emissary/internal/auth/agent"
@ -13,9 +16,13 @@ import (
"forge.cadoles.com/Cadoles/emissary/internal/config"
"forge.cadoles.com/Cadoles/emissary/internal/datastore"
"forge.cadoles.com/Cadoles/emissary/internal/jwk"
"github.com/antonmedv/expr"
"github.com/antonmedv/expr/vm"
"github.com/go-chi/chi"
"github.com/go-chi/chi/middleware"
"github.com/go-chi/cors"
"github.com/lestrrat-go/jwx/v2/jwa"
"github.com/lestrrat-go/jwx/v2/jwt"
"github.com/pkg/errors"
"gitlab.com/wpetit/goweb/logger"
)
@ -72,20 +79,6 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e
}
}()
key, err := jwk.LoadOrGenerate(string(s.conf.PrivateKeyPath), jwk.DefaultKeySize)
if err != nil {
errs <- errors.WithStack(err)
return
}
keys, err := jwk.PublicKeySet(key)
if err != nil {
errs <- errors.WithStack(err)
return
}
router := chi.NewRouter()
router.Use(middleware.Logger)
@ -100,12 +93,19 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e
router.Use(corsMiddleware.Handler)
thirdPartyAuth, err := s.getThirdPartyAuthenticator()
if err != nil {
errs <- errors.WithStack(err)
return
}
router.Route("/api/v1", func(r chi.Router) {
r.Post("/register", s.registerAgent)
r.Group(func(r chi.Router) {
r.Use(auth.Middleware(
thirdparty.NewAuthenticator(keys, string(s.conf.Issuer), thirdparty.DefaultAcceptableSkew),
thirdPartyAuth,
agent.NewAuthenticator(s.agentRepo, agent.DefaultAcceptableSkew),
))
@ -131,6 +131,151 @@ func (s *Server) run(parentCtx context.Context, addrs chan net.Addr, errs chan e
logger.Info(ctx, "http server exiting")
}
func (s *Server) getThirdPartyAuthenticator() (*thirdparty.Authenticator, error) {
var localPublicKey jwk.Key
localAuth := s.conf.Auth.Local
if localAuth != nil {
key, err := jwk.LoadOrGenerate(string(localAuth.PrivateKeyPath), jwk.DefaultKeySize)
if err != nil {
return nil, errors.WithStack(err)
}
publicKey, err := key.PublicKey()
if err != nil {
return nil, errors.WithStack(err)
}
if err := publicKey.Set(jwk.AlgorithmKey, jwa.RS256); err != nil {
return nil, errors.WithStack(err)
}
localPublicKey = publicKey
}
var getRemoteKeySet thirdparty.GetKeySet
remoteAuth := s.conf.Auth.Remote
if remoteAuth != nil {
refreshInterval := time.Minute * 15
if remoteAuth.RefreshInterval != nil {
refreshInterval = time.Duration(*remoteAuth.RefreshInterval)
}
fn, err := jwk.CreateCachedRemoteKeySet(context.Background(), string(remoteAuth.JsonWebKeySetURL), refreshInterval)
if err != nil {
return nil, errors.WithStack(err)
}
getRemoteKeySet = fn
}
getKeySet := func(ctx context.Context) (jwk.Set, error) {
keySet := jwk.NewSet()
if localPublicKey != nil {
if err := keySet.AddKey(localPublicKey); err != nil {
return nil, errors.WithStack(err)
}
}
if getRemoteKeySet != nil {
remoteKeySet, err := getRemoteKeySet(ctx)
if err != nil {
return nil, errors.WithStack(err)
}
for idx := 0; idx < remoteKeySet.Len(); idx++ {
key, ok := remoteKeySet.Key(idx)
if !ok {
break
}
if err := keySet.AddKey(key); err != nil {
return nil, errors.WithStack(err)
}
}
}
return keySet, nil
}
getTokenRole, err := s.createGetTokenRoleFunc()
if err != nil {
return nil, errors.WithStack(err)
}
return thirdparty.NewAuthenticator(getKeySet, getTokenRole, thirdparty.DefaultAcceptableSkew), nil
}
func (s *Server) createGetTokenRoleFunc() (func(ctx context.Context, token jwt.Token) (string, error), error) {
rawRules := s.conf.Auth.RoleExtractionRules
rules := make([]*vm.Program, 0, len(rawRules))
type Env struct {
JWT map[string]any `expr:"jwt"`
}
strFunc := expr.Function(
"str",
func(params ...any) (any, error) {
var builder strings.Builder
for _, p := range params {
if _, err := builder.WriteString(fmt.Sprintf("%v", p)); err != nil {
return nil, errors.WithStack(err)
}
}
return builder.String(), nil
},
new(func(any) string),
)
for _, rr := range rawRules {
r, err := expr.Compile(rr,
expr.Env(Env{}),
expr.AsKind(reflect.String),
strFunc,
)
if err != nil {
return nil, errors.Wrapf(err, "could not compile role extraction rule '%s'", rr)
}
rules = append(rules, r)
}
return func(ctx context.Context, token jwt.Token) (string, error) {
jwt, err := token.AsMap(ctx)
if err != nil {
return "", errors.WithStack(err)
}
vm := vm.VM{}
for _, r := range rules {
result, err := vm.Run(r, Env{
JWT: jwt,
})
if err != nil {
return "", errors.WithStack(err)
}
role, ok := result.(string)
if !ok {
logger.Debug(ctx, "ignoring unexpected role extraction result", logger.F("result", result))
continue
}
if role != "" {
return role, nil
}
}
return "", errors.New("could not extract role from token")
}, nil
}
func New(funcs ...OptionFunc) *Server {
opt := defaultOption()
for _, fn := range funcs {

View File

@ -1,26 +1,55 @@
# Emissary agent configuration
# Logger configuration
logger:
# Logging verbosity
# DEBUG: 0
# INFO: 1
# WARN: 2
# ERROR: 3
# CRITICAL: 4
level: 1
# Logging format
# Possible values: human, json
format: human
# Agent configuration
agent:
# Emissary server URL
serverUrl: http://127.0.0.1:3000
# Agent private key path
privateKeyPath: /var/lib/emissary/agent-key.json
reconciliationInterval: 5
# Agent reconciliation interval (in seconds)
reconciliationInterval: 30
# Controllers configuration
controllers:
# Persistence controller configuration
persistence:
enabled: true
stateFile: /var/lib/emissary/state.json
# Spec controller configuration
spec:
enabled: true
# Proxy controller configuration
proxy:
enabled: true
# UCI controller configuration
uci:
enabled: true
binPath: uci
configBackupFile: /var/lib/emissary/uci-backup.conf
# App controller configuration
app:
enabled: true
dataDir: /var/lib/emissary/apps/data
downloadDir: /var/lib/emissary/apps/bundles
# Sysupgrade controller configuration
sysupgrade:
enabled: true
sysupgradeCommand:
@ -33,6 +62,8 @@ agent:
- sh
- -c
- source /etc/openwrt_release && echo "$DISTRIB_ID-$DISTRIB_RELEASE-$DISTRIB_REVISION"
# Collectors configuration
collectors:
- name: uname
command: uname

View File

@ -1,15 +1,38 @@
# Emissary server configuration
# Logger configuration
logger:
# Logging verbosity
# DEBUG: 0
# INFO: 1
# WARN: 2
# ERROR: 3
# CRITICAL: 4
level: 1
# Logging format
# Possible values: human, json
format: human
# Server configuration
server:
privateKeyPath: /var/lib/emissary/server-key.json
issuer: http://127.0.0.1:3000
# HTTP server configuration
http:
# Listening address (0.0.0.0 to listen on all interfaces)
host: 0.0.0.0
# Listening port
port: 3000
# Database configuration
database:
# Database driver
# Possible values: sqlite
driver: sqlite
# Database DSN
# sqlite: see https://github.com/mattn/go-sqlite3#connection-string
dsn: sqlite:///var/lib/emissary/data.sqlite?_pragma=foreign_keys(1)&_pragma=busy_timeout=60000
# CORS configuration
# See https://developer.mozilla.org/en/docs/Glossary/CORS
cors:
allowedOrigins: []
allowCredentials: true
@ -24,4 +47,25 @@ server:
- Content-Type
- Authorization
- Sentry-Trace
debug: false
# Auth configuration
auth:
# Local authentication configuration
local:
privateKeyPath: /var/lib/emissary/server-key.json
# Remote authentication configuration
# Disabled by default
remote: ~
# jwksUrl: https://my-server/.well-known/jwks.json
# Role extraction rules
# Permit to derivate user's role
# from the received JWT.
#
# The first rule returning a non empty
# string will define the role of the user.
#
# The role should be 'reader' or 'writer'.
roleExtractionRules:
- "jwt.role != nil ? str(jwt.role) : ''"

23
pkg/client/alias.go Normal file
View File

@ -0,0 +1,23 @@
package client
import (
"forge.cadoles.com/Cadoles/emissary/internal/agent/metadata"
"forge.cadoles.com/Cadoles/emissary/internal/datastore"
"forge.cadoles.com/Cadoles/emissary/internal/jwk"
"forge.cadoles.com/Cadoles/emissary/internal/spec"
)
type (
Spec = spec.Spec
SpecName = spec.Name
)
type (
AgentID = datastore.AgentID
Agent = datastore.Agent
AgentStatus = datastore.AgentStatus
)
type MetadataTuple = metadata.Tuple
type Key = jwk.Key

View File

@ -8,7 +8,7 @@ import (
"github.com/pkg/errors"
)
func (c *Client) DeleteAgent(ctx context.Context, agentID datastore.AgentID, funcs ...OptionFunc) (datastore.AgentID, error) {
func (c *Client) DeleteAgent(ctx context.Context, agentID AgentID, funcs ...OptionFunc) (AgentID, error) {
response := withResponse[struct {
AgentID int64 `json:"agentId"`
}]()

View File

@ -4,12 +4,11 @@ import (
"context"
"fmt"
"forge.cadoles.com/Cadoles/emissary/internal/datastore"
"forge.cadoles.com/Cadoles/emissary/internal/spec"
"github.com/pkg/errors"
)
func (c *Client) DeleteAgentSpec(ctx context.Context, agentID datastore.AgentID, name spec.Name, funcs ...OptionFunc) (spec.Name, error) {
func (c *Client) DeleteAgentSpec(ctx context.Context, agentID AgentID, name SpecName, funcs ...OptionFunc) (SpecName, error) {
payload := struct {
Name spec.Name `json:"name"`
}{

View File

@ -4,13 +4,12 @@ import (
"context"
"fmt"
"forge.cadoles.com/Cadoles/emissary/internal/datastore"
"github.com/pkg/errors"
)
func (c *Client) GetAgent(ctx context.Context, agentID datastore.AgentID, funcs ...OptionFunc) (*datastore.Agent, error) {
func (c *Client) GetAgent(ctx context.Context, agentID AgentID, funcs ...OptionFunc) (*Agent, error) {
response := withResponse[struct {
Agent *datastore.Agent `json:"agent"`
Agent *Agent `json:"agent"`
}]()
path := fmt.Sprintf("/api/v1/agents/%d", agentID)

View File

@ -4,12 +4,11 @@ import (
"context"
"fmt"
"forge.cadoles.com/Cadoles/emissary/internal/datastore"
"forge.cadoles.com/Cadoles/emissary/internal/spec"
"github.com/pkg/errors"
)
func (c *Client) GetAgentSpecs(ctx context.Context, agentID datastore.AgentID, funcs ...OptionFunc) ([]spec.Spec, error) {
func (c *Client) GetAgentSpecs(ctx context.Context, agentID AgentID, funcs ...OptionFunc) ([]Spec, error) {
response := withResponse[struct {
Specs []*spec.RawSpec `json:"specs"`
}]()

View File

@ -16,8 +16,8 @@ type QueryAgentsOptions struct {
Limit *int
Offset *int
Thumbprints []string
IDs []datastore.AgentID
Statuses []datastore.AgentStatus
IDs []AgentID
Statuses []AgentStatus
}
func WithQueryAgentsOptions(funcs ...OptionFunc) QueryAgentsOptionFunc {
@ -56,7 +56,7 @@ func WithQueryAgentsStatus(statuses ...datastore.AgentStatus) QueryAgentsOptionF
}
}
func (c *Client) QueryAgents(ctx context.Context, funcs ...QueryAgentsOptionFunc) ([]*datastore.Agent, int, error) {
func (c *Client) QueryAgents(ctx context.Context, funcs ...QueryAgentsOptionFunc) ([]*Agent, int, error) {
options := &QueryAgentsOptions{}
for _, fn := range funcs {
fn(options)

View File

@ -9,8 +9,8 @@ import (
"github.com/pkg/errors"
)
func (c *Client) RegisterAgent(ctx context.Context, key jwk.Key, thumbprint string, meta []metadata.Tuple, funcs ...OptionFunc) (*datastore.Agent, error) {
keySet, err := jwk.PublicKeySet(key)
func (c *Client) RegisterAgent(ctx context.Context, key Key, thumbprint string, meta []MetadataTuple, funcs ...OptionFunc) (*Agent, error) {
keySet, err := jwk.RS256PublicKeySet(key)
if err != nil {
return nil, errors.WithStack(err)
}

View File

@ -10,7 +10,7 @@ import (
"github.com/pkg/errors"
)
func (c *Client) UpdateAgentSpec(ctx context.Context, agentID datastore.AgentID, spc spec.Spec, funcs ...OptionFunc) (*datastore.Spec, error) {
func (c *Client) UpdateAgentSpec(ctx context.Context, agentID AgentID, spc Spec, funcs ...OptionFunc) (Spec, error) {
payload := struct {
Name spec.Name `json:"name"`
Revision int `json:"revision"`