frostfs-node/cmd/frostfs-cli/modules/bearer/create.go

package bearer

import (
	"context"
	"encoding/json"
	"fmt"
	"os"
	"time"

	internalclient "github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"
	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"
	"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"
	"github.com/TrueCloudLab/frostfs-sdk-go/bearer"
	eaclSDK "github.com/TrueCloudLab/frostfs-sdk-go/eacl"
	"github.com/TrueCloudLab/frostfs-sdk-go/user"
	"github.com/spf13/cobra"
)

const (
	eaclFlag           = "eacl"
	issuedAtFlag       = "issued-at"
	notValidBeforeFlag = "not-valid-before"
	ownerFlag          = "owner"
	outFlag            = "out"
	jsonFlag           = commonflags.JSON
)

var createCmd = &cobra.Command{
	Use:   "create",
	Short: "Create bearer token",
	Long: `Create bearer token.

All epoch flags can be specified relative to the current epoch with the +n syntax.
In this case --` + commonflags.RPC + ` flag should be specified and the epoch in bearer token
is set to current epoch + n.
`,
	Run: createToken,
}

func init() {
	createCmd.Flags().StringP(eaclFlag, "e", "", "Path to the extended ACL table")
	createCmd.Flags().StringP(issuedAtFlag, "i", "", "Epoch to issue token at")
	createCmd.Flags().StringP(notValidBeforeFlag, "n", "", "Not valid before epoch")
	createCmd.Flags().StringP(commonflags.ExpireAt, "x", "", "The last active epoch for the token")
	createCmd.Flags().StringP(ownerFlag, "o", "", "Token owner")
	createCmd.Flags().String(outFlag, "", "File to write token to")
	createCmd.Flags().Bool(jsonFlag, false, "Output token in JSON")
	createCmd.Flags().StringP(commonflags.RPC, commonflags.RPCShorthand, commonflags.RPCDefault, commonflags.RPCUsage)

	_ = cobra.MarkFlagFilename(createCmd.Flags(), eaclFlag)

	_ = cobra.MarkFlagRequired(createCmd.Flags(), issuedAtFlag)
	_ = cobra.MarkFlagRequired(createCmd.Flags(), notValidBeforeFlag)
	_ = cobra.MarkFlagRequired(createCmd.Flags(), commonflags.ExpireAt)
	_ = cobra.MarkFlagRequired(createCmd.Flags(), ownerFlag)
	_ = cobra.MarkFlagRequired(createCmd.Flags(), outFlag)
}

func createToken(cmd *cobra.Command, _ []string) {
	iat, iatRelative, err := common.ParseEpoch(cmd, issuedAtFlag)
	common.ExitOnErr(cmd, "can't parse --"+issuedAtFlag+" flag: %w", err)

	exp, expRelative, err := common.ParseEpoch(cmd, commonflags.ExpireAt)
	common.ExitOnErr(cmd, "can't parse --"+commonflags.ExpireAt+" flag: %w", err)

	nvb, nvbRelative, err := common.ParseEpoch(cmd, notValidBeforeFlag)
	common.ExitOnErr(cmd, "can't parse --"+notValidBeforeFlag+" flag: %w", err)

	if iatRelative || expRelative || nvbRelative {
		ctx, cancel := context.WithTimeout(context.Background(), time.Second*30)
		defer cancel()

		endpoint, _ := cmd.Flags().GetString(commonflags.RPC)
		currEpoch, err := internalclient.GetCurrentEpoch(ctx, endpoint)
		common.ExitOnErr(cmd, "can't fetch current epoch: %w", err)

		if iatRelative {
			iat += currEpoch
		}
		if expRelative {
			exp += currEpoch
		}
		if nvbRelative {
			nvb += currEpoch
		}
	}
	if exp < nvb {
		common.ExitOnErr(cmd, "",
			fmt.Errorf("expiration epoch is less than not-valid-before epoch: %d < %d", exp, nvb))
	}

	ownerStr, _ := cmd.Flags().GetString(ownerFlag)

	var ownerID user.ID
	common.ExitOnErr(cmd, "can't parse recipient: %w", ownerID.DecodeString(ownerStr))

	var b bearer.Token
	b.SetExp(exp)
	b.SetNbf(nvb)
	b.SetIat(iat)
	b.ForUser(ownerID)

	eaclPath, _ := cmd.Flags().GetString(eaclFlag)
	if eaclPath != "" {
		table := eaclSDK.NewTable()
		raw, err := os.ReadFile(eaclPath)
		common.ExitOnErr(cmd, "can't read extended ACL file: %w", err)
		common.ExitOnErr(cmd, "can't parse extended ACL: %w", json.Unmarshal(raw, table))
		b.SetEACLTable(*table)
	}

	var data []byte

	toJSON, _ := cmd.Flags().GetBool(jsonFlag)
	if toJSON {
		data, err = json.Marshal(b)
		common.ExitOnErr(cmd, "can't mashal token to JSON: %w", err)
	} else {
		data = b.Marshal()
	}

	out, _ := cmd.Flags().GetString(outFlag)
	err = os.WriteFile(out, data, 0644)
	common.ExitOnErr(cmd, "can't write token to file: %w", err)
}
[#1216] neofs-cli: Rename `token` subcommand to `bearer` It works only with the bearer token. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-28 09:09:49 +00:00			`package bearer`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00
			`import (`
[#1461] cli: Add context to `GetCurrentEpoch` helper Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2022-06-17 07:36:23 +00:00			`"context"`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`"encoding/json"`
			`"fmt"`
[#1684] *: Fix linter warnings Signed-off-by: Evgenii Stratonikov <evgeniy@morphbits.ru> 2022-08-15 07:29:30 +00:00			`"os"`
[#1461] cli: Add context to `GetCurrentEpoch` helper Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2022-06-17 07:36:23 +00:00			`"time"`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00
Move to frostfs-node Signed-off-by: Pavel Karpy <p.karpy@yadro.com> 2022-12-23 17:35:35 +00:00			`internalclient "github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/client"`
			`"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/common"`
			`"github.com/TrueCloudLab/frostfs-node/cmd/frostfs-cli/internal/commonflags"`
			`"github.com/TrueCloudLab/frostfs-sdk-go/bearer"`
			`eaclSDK "github.com/TrueCloudLab/frostfs-sdk-go/eacl"`
			`"github.com/TrueCloudLab/frostfs-sdk-go/user"`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`"github.com/spf13/cobra"`
			`)`

			`const (`
			`eaclFlag = "eacl"`
			`issuedAtFlag = "issued-at"`
			`notValidBeforeFlag = "not-valid-before"`
			`ownerFlag = "owner"`
			`outFlag = "out"`
[#1323] neofs-cli: Reuse JSON flag for multiple commands Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-06-23 13:52:47 +00:00			`jsonFlag = commonflags.JSON`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`)`

			`var createCmd = &cobra.Command{`
			`Use: "create",`
			`Short: "Create bearer token",`
[#1261] neofs-cli: Allow to use relative epoch for bearer token Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 13:22:09 +00:00			Long: `Create bearer token.

			`All epoch flags can be specified relative to the current epoch with the +n syntax.`
[#1379] neofs-cli: Move common flags to a separate package Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-05-18 09:22:02 +00:00			In this case --` + commonflags.RPC + ` flag should be specified and the epoch in bearer token
[#1261] neofs-cli: Allow to use relative epoch for bearer token Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 13:22:09 +00:00			`is set to current epoch + n.`
			`,
[#1612] neofs-cli: Remove `RunE` functions from commands Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-07-19 12:53:26 +00:00			`Run: createToken,`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`}`

			`func init() {`
[#1854] cli: Unify help messages Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com> 2022-10-11 14:02:03 +00:00			`createCmd.Flags().StringP(eaclFlag, "e", "", "Path to the extended ACL table")`
			`createCmd.Flags().StringP(issuedAtFlag, "i", "", "Epoch to issue token at")`
			`createCmd.Flags().StringP(notValidBeforeFlag, "n", "", "Not valid before epoch")`
[#2097] cli: Clarify help for `--expire-at` parameter for commands `object lock/put` and `bearer create` Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com> 2022-12-21 07:59:35 +00:00			`createCmd.Flags().StringP(commonflags.ExpireAt, "x", "", "The last active epoch for the token")`
[#1854] cli: Unify help messages Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com> 2022-10-11 14:02:03 +00:00			`createCmd.Flags().StringP(ownerFlag, "o", "", "Token owner")`
			`createCmd.Flags().String(outFlag, "", "File to write token to")`
			`createCmd.Flags().Bool(jsonFlag, false, "Output token in JSON")`
[#1379] neofs-cli: Move common flags to a separate package Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-05-18 09:22:02 +00:00			`createCmd.Flags().StringP(commonflags.RPC, commonflags.RPCShorthand, commonflags.RPCDefault, commonflags.RPCUsage)`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00
			`_ = cobra.MarkFlagFilename(createCmd.Flags(), eaclFlag)`

			`_ = cobra.MarkFlagRequired(createCmd.Flags(), issuedAtFlag)`
			`_ = cobra.MarkFlagRequired(createCmd.Flags(), notValidBeforeFlag)`
[#1612] neofs-cli: Unify expiration flags Use `expire-at` everywhere expiration epoch is expected. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-07-19 12:45:58 +00:00			`_ = cobra.MarkFlagRequired(createCmd.Flags(), commonflags.ExpireAt)`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`_ = cobra.MarkFlagRequired(createCmd.Flags(), ownerFlag)`
			`_ = cobra.MarkFlagRequired(createCmd.Flags(), outFlag)`
			`}`

[#1612] neofs-cli: Remove `RunE` functions from commands Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-07-19 12:53:26 +00:00			`func createToken(cmd *cobra.Command, _ []string) {`
[#1461] cli: Reorganize common functions Make `ParseEpoch` and `GetCurrentEpoch` funcs public and move the first one to the `common` package. Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2022-06-08 10:13:44 +00:00			`iat, iatRelative, err := common.ParseEpoch(cmd, issuedAtFlag)`
[#1612] neofs-cli: Remove `RunE` functions from commands Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-07-19 12:53:26 +00:00			`common.ExitOnErr(cmd, "can't parse --"+issuedAtFlag+" flag: %w", err)`

[#1612] neofs-cli: Unify expiration flags Use `expire-at` everywhere expiration epoch is expected. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-07-19 12:45:58 +00:00			`exp, expRelative, err := common.ParseEpoch(cmd, commonflags.ExpireAt)`
[#1612] neofs-cli: Remove `RunE` functions from commands Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-07-19 12:53:26 +00:00			`common.ExitOnErr(cmd, "can't parse --"+commonflags.ExpireAt+" flag: %w", err)`

[#1461] cli: Reorganize common functions Make `ParseEpoch` and `GetCurrentEpoch` funcs public and move the first one to the `common` package. Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2022-06-08 10:13:44 +00:00			`nvb, nvbRelative, err := common.ParseEpoch(cmd, notValidBeforeFlag)`
[#1612] neofs-cli: Remove `RunE` functions from commands Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-07-19 12:53:26 +00:00			`common.ExitOnErr(cmd, "can't parse --"+notValidBeforeFlag+" flag: %w", err)`

[#1261] neofs-cli: Allow to use relative epoch for bearer token Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 13:22:09 +00:00			`if iatRelative \|\| expRelative \|\| nvbRelative {`
[#1461] cli: Add context to `GetCurrentEpoch` helper Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2022-06-17 07:36:23 +00:00			`ctx, cancel := context.WithTimeout(context.Background(), time.Second*30)`
			`defer cancel()`

[#1379] neofs-cli: Move common flags to a separate package Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-05-18 09:22:02 +00:00			`endpoint, _ := cmd.Flags().GetString(commonflags.RPC)`
[#1461] cli: Add context to `GetCurrentEpoch` helper Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2022-06-17 07:36:23 +00:00			`currEpoch, err := internalclient.GetCurrentEpoch(ctx, endpoint)`
[#1612] neofs-cli: Remove `RunE` functions from commands Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-07-19 12:53:26 +00:00			`common.ExitOnErr(cmd, "can't fetch current epoch: %w", err)`

[#1261] neofs-cli: Allow to use relative epoch for bearer token Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 13:22:09 +00:00			`if iatRelative {`
			`iat += currEpoch`
			`}`
			`if expRelative {`
			`exp += currEpoch`
			`}`
			`if nvbRelative {`
			`nvb += currEpoch`
			`}`
			`}`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`if exp < nvb {`
[#1612] neofs-cli: Remove `RunE` functions from commands Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-07-19 12:53:26 +00:00			`common.ExitOnErr(cmd, "",`
			`fmt.Errorf("expiration epoch is less than not-valid-before epoch: %d < %d", exp, nvb))`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`}`

			`ownerStr, _ := cmd.Flags().GetString(ownerFlag)`
[#1400] owner: Upgrade SDK package Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-05-17 13:59:46 +00:00
			`var ownerID user.ID`
[#1612] neofs-cli: Remove `RunE` functions from commands Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-07-19 12:53:26 +00:00			`common.ExitOnErr(cmd, "can't parse recipient: %w", ownerID.DecodeString(ownerStr))`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00
[#1371] bearer: Upgrade SDK package Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-05-12 07:22:02 +00:00			`var b bearer.Token`
Upgrade NeoFS SDK Go to v1.0.0-rc.4 and NeoFS API Go to v2.12.2 Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-06-03 14:12:55 +00:00			`b.SetExp(exp)`
			`b.SetNbf(nvb)`
			`b.SetIat(iat)`
			`b.ForUser(ownerID)`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00
			`eaclPath, _ := cmd.Flags().GetString(eaclFlag)`
			`if eaclPath != "" {`
			`table := eaclSDK.NewTable()`
[#1684] *: Fix linter warnings Signed-off-by: Evgenii Stratonikov <evgeniy@morphbits.ru> 2022-08-15 07:29:30 +00:00			`raw, err := os.ReadFile(eaclPath)`
[#1612] neofs-cli: Remove `RunE` functions from commands Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-07-19 12:53:26 +00:00			`common.ExitOnErr(cmd, "can't read extended ACL file: %w", err)`
			`common.ExitOnErr(cmd, "can't parse extended ACL: %w", json.Unmarshal(raw, table))`
[#1371] bearer: Upgrade SDK package Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-05-12 07:22:02 +00:00			`b.SetEACLTable(*table)`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`}`

			`var data []byte`

			`toJSON, _ := cmd.Flags().GetBool(jsonFlag)`
			`if toJSON {`
			`data, err = json.Marshal(b)`
[#1612] neofs-cli: Remove `RunE` functions from commands Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-07-19 12:53:26 +00:00			`common.ExitOnErr(cmd, "can't mashal token to JSON: %w", err)`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`} else {`
[#1371] bearer: Upgrade SDK package Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-05-12 07:22:02 +00:00			`data = b.Marshal()`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`}`

			`out, _ := cmd.Flags().GetString(outFlag)`
[#1684] *: Fix linter warnings Signed-off-by: Evgenii Stratonikov <evgeniy@morphbits.ru> 2022-08-15 07:29:30 +00:00			`err = os.WriteFile(out, data, 0644)`
[#1612] neofs-cli: Remove `RunE` functions from commands Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-07-19 12:53:26 +00:00			`common.ExitOnErr(cmd, "can't write token to file: %w", err)`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`}`