forked from TrueCloudLab/frostfs-node
[#587] cmd/neofs-cli: Add sign session-token command
Container commands in NeoFS CLI can use signed session token to create, delete container and change extended ACL table. This token should be signed the same way we sign bearer tokens. Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
parent
bce92168c1
commit
b8c8bf4ba2
1 changed files with 54 additions and 0 deletions
|
@ -41,6 +41,12 @@ var (
|
|||
RunE: signBearerToken,
|
||||
}
|
||||
|
||||
signSessionCmd = &cobra.Command{
|
||||
Use: "session-token",
|
||||
Short: "sign session token to use it in requests",
|
||||
RunE: signSessionToken,
|
||||
}
|
||||
|
||||
convertCmd = &cobra.Command{
|
||||
Use: "convert",
|
||||
Short: "convert representation of NeoFS structures",
|
||||
|
@ -193,6 +199,12 @@ func init() {
|
|||
signBearerCmd.Flags().String("to", "", "File to dump signed bearer token (default: binary encoded)")
|
||||
signBearerCmd.Flags().Bool("json", false, "Dump bearer token in JSON encoding")
|
||||
|
||||
signCmd.AddCommand(signSessionCmd)
|
||||
signSessionCmd.Flags().String("from", "", "File with JSON encoded session token to sign")
|
||||
_ = signSessionCmd.MarkFlagFilename("from")
|
||||
_ = signSessionCmd.MarkFlagRequired("from")
|
||||
signSessionCmd.Flags().String("to", "", "File to save signed session token (optional)")
|
||||
|
||||
convertCmd.AddCommand(convertEACLCmd)
|
||||
convertEACLCmd.Flags().String("from", "", "File with JSON or binary encoded extended ACL table")
|
||||
_ = convertEACLCmd.MarkFlagFilename("from")
|
||||
|
@ -295,6 +307,48 @@ func signBearerToken(cmd *cobra.Command, _ []string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func signSessionToken(cmd *cobra.Command, _ []string) error {
|
||||
path, err := cmd.Flags().GetString("from")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
stok, err := getSessionToken(path)
|
||||
if err != nil {
|
||||
return fmt.Errorf("can't read session token from %s: %w", path, err)
|
||||
}
|
||||
|
||||
key, err := getKey()
|
||||
if err != nil {
|
||||
return fmt.Errorf("can't get private key, make sure it is provided: %w", err)
|
||||
}
|
||||
|
||||
err = stok.Sign(key)
|
||||
if err != nil {
|
||||
return fmt.Errorf("can't sign token: %w", err)
|
||||
}
|
||||
|
||||
data, err := stok.MarshalJSON()
|
||||
if err != nil {
|
||||
return fmt.Errorf("can't encode session token: %w", err)
|
||||
}
|
||||
|
||||
to := cmd.Flag("to").Value.String()
|
||||
if len(to) == 0 {
|
||||
prettyPrintJSON(cmd, data)
|
||||
return nil
|
||||
}
|
||||
|
||||
err = ioutil.WriteFile(to, data, 0644)
|
||||
if err != nil {
|
||||
return fmt.Errorf("can't write signed session token to %s: %w", to, err)
|
||||
}
|
||||
|
||||
fmt.Printf("signed session token saved in %s\n", to)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func convertEACLTable(cmd *cobra.Command, _ []string) error {
|
||||
pathFrom := cmd.Flag("from").Value.String()
|
||||
to := cmd.Flag("to").Value.String()
|
||||
|
|
Loading…
Reference in a new issue