[#1157] cli: Support adding APE overrides to Bearer token

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-06-03 16:13:29 +03:00 · 2024-06-03 16:13:29 +03:00 · a0c588263b
commit a0c588263b
parent 239323eeef
3 changed files with 138 additions and 2 deletions
--- a/cmd/frostfs-cli/modules/bearer/create.go
+++ b/cmd/frostfs-cli/modules/bearer/create.go
@ -15,10 +15,12 @@ import (
 	eaclSDK "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
 )

 const (
 	eaclFlag           = "eacl"
+	apeFlag            = "ape"
 	issuedAtFlag       = "issued-at"
 	notValidBeforeFlag = "not-valid-before"
 	ownerFlag          = "owner"
@ -37,10 +39,17 @@ In this case --` + commonflags.RPC + ` flag should be specified and the epoch in
 is set to current epoch + n.
 `,
 	Run: createToken,
+	PersistentPreRun: func(cmd *cobra.Command, _ []string) {
+		ff := cmd.Flags()
+
+		_ = viper.BindPFlag(commonflags.WalletPath, ff.Lookup(commonflags.WalletPath))
+		_ = viper.BindPFlag(commonflags.Account, ff.Lookup(commonflags.Account))
+	},
 }

 func init() {
-	createCmd.Flags().StringP(eaclFlag, "e", "", "Path to the extended ACL table (mutually exclusive with --impersonate flag)")
+	createCmd.Flags().StringP(eaclFlag, "e", "", "Path to the extended ACL table (mutually exclusive with --impersonate and --ape flag)")
+	createCmd.Flags().StringP(apeFlag, "a", "", "Path to the JSON-encoded APE override (mutually exclusive with --impersonate and --eacl flag)")
 	createCmd.Flags().StringP(issuedAtFlag, "i", "+0", "Epoch to issue token at")
 	createCmd.Flags().StringP(notValidBeforeFlag, "n", "+0", "Not valid before epoch")
 	createCmd.Flags().StringP(commonflags.ExpireAt, "x", "", "The last active epoch for the token")
@ -49,10 +58,13 @@ func init() {
 	createCmd.Flags().Bool(jsonFlag, false, "Output token in JSON")
 	createCmd.Flags().Bool(impersonateFlag, false, "Mark token as impersonate to consider the token signer as the request owner (mutually exclusive with --eacl flag)")
 	createCmd.Flags().StringP(commonflags.RPC, commonflags.RPCShorthand, commonflags.RPCDefault, commonflags.RPCUsage)
+	createCmd.Flags().StringP(commonflags.WalletPath, commonflags.WalletPathShorthand, commonflags.WalletPathDefault, commonflags.WalletPathUsage)
+	createCmd.Flags().StringP(commonflags.Account, commonflags.AccountShorthand, commonflags.AccountDefault, commonflags.AccountUsage)

-	createCmd.MarkFlagsMutuallyExclusive(eaclFlag, impersonateFlag)
+	createCmd.MarkFlagsMutuallyExclusive(eaclFlag, apeFlag, impersonateFlag)

 	_ = cobra.MarkFlagFilename(createCmd.Flags(), eaclFlag)
+	_ = cobra.MarkFlagFilename(createCmd.Flags(), apeFlag)

 	_ = cobra.MarkFlagRequired(createCmd.Flags(), commonflags.ExpireAt)
 	_ = cobra.MarkFlagRequired(createCmd.Flags(), ownerFlag)
@ -119,6 +131,14 @@ func createToken(cmd *cobra.Command, _ []string) {
 		b.SetEACLTable(*table)
 	}

+	apePath, _ := cmd.Flags().GetString(apeFlag)
+	if apePath != "" {
+		var apeOverride bearer.APEOverride
+		raw, err := os.ReadFile(apePath)
+		commonCmd.ExitOnErr(cmd, "can't read APE rules: %w", err)
+		commonCmd.ExitOnErr(cmd, "can't parse APE rules: %w", json.Unmarshal(raw, &apeOverride))
+		b.SetAPEOverride(apeOverride)
+	}
 	var data []byte

 	toJSON, _ := cmd.Flags().GetBool(jsonFlag)