github.com/criteo-forks/consul@v1.4.5-criteonogrpc/command/acl/acl_helpers.go (about) 1 package acl 2 3 import ( 4 "fmt" 5 "strings" 6 7 "github.com/hashicorp/consul/agent/structs" 8 "github.com/hashicorp/consul/api" 9 "github.com/mitchellh/cli" 10 ) 11 12 func PrintToken(token *api.ACLToken, ui cli.Ui, showMeta bool) { 13 ui.Info(fmt.Sprintf("AccessorID: %s", token.AccessorID)) 14 ui.Info(fmt.Sprintf("SecretID: %s", token.SecretID)) 15 ui.Info(fmt.Sprintf("Description: %s", token.Description)) 16 ui.Info(fmt.Sprintf("Local: %t", token.Local)) 17 ui.Info(fmt.Sprintf("Create Time: %v", token.CreateTime)) 18 if showMeta { 19 ui.Info(fmt.Sprintf("Hash: %x", token.Hash)) 20 ui.Info(fmt.Sprintf("Create Index: %d", token.CreateIndex)) 21 ui.Info(fmt.Sprintf("Modify Index: %d", token.ModifyIndex)) 22 } 23 ui.Info(fmt.Sprintf("Policies:")) 24 for _, policy := range token.Policies { 25 ui.Info(fmt.Sprintf(" %s - %s", policy.ID, policy.Name)) 26 } 27 if token.Rules != "" { 28 ui.Info(fmt.Sprintf("Rules:")) 29 ui.Info(token.Rules) 30 } 31 } 32 33 func PrintTokenListEntry(token *api.ACLTokenListEntry, ui cli.Ui, showMeta bool) { 34 ui.Info(fmt.Sprintf("AccessorID: %s", token.AccessorID)) 35 ui.Info(fmt.Sprintf("Description: %s", token.Description)) 36 ui.Info(fmt.Sprintf("Local: %t", token.Local)) 37 ui.Info(fmt.Sprintf("Create Time: %v", token.CreateTime)) 38 ui.Info(fmt.Sprintf("Legacy: %t", token.Legacy)) 39 if showMeta { 40 ui.Info(fmt.Sprintf("Hash: %x", token.Hash)) 41 ui.Info(fmt.Sprintf("Create Index: %d", token.CreateIndex)) 42 ui.Info(fmt.Sprintf("Modify Index: %d", token.ModifyIndex)) 43 } 44 ui.Info(fmt.Sprintf("Policies:")) 45 for _, policy := range token.Policies { 46 ui.Info(fmt.Sprintf(" %s - %s", policy.ID, policy.Name)) 47 } 48 } 49 50 func PrintPolicy(policy *api.ACLPolicy, ui cli.Ui, showMeta bool) { 51 ui.Info(fmt.Sprintf("ID: %s", policy.ID)) 52 ui.Info(fmt.Sprintf("Name: %s", policy.Name)) 53 ui.Info(fmt.Sprintf("Description: %s", policy.Description)) 54 ui.Info(fmt.Sprintf("Datacenters: %s", strings.Join(policy.Datacenters, ", "))) 55 if showMeta { 56 ui.Info(fmt.Sprintf("Hash: %x", policy.Hash)) 57 ui.Info(fmt.Sprintf("Create Index: %d", policy.CreateIndex)) 58 ui.Info(fmt.Sprintf("Modify Index: %d", policy.ModifyIndex)) 59 } 60 ui.Info(fmt.Sprintf("Rules:")) 61 ui.Info(policy.Rules) 62 } 63 64 func PrintPolicyListEntry(policy *api.ACLPolicyListEntry, ui cli.Ui, showMeta bool) { 65 ui.Info(fmt.Sprintf("%s:", policy.Name)) 66 ui.Info(fmt.Sprintf(" ID: %s", policy.ID)) 67 ui.Info(fmt.Sprintf(" Description: %s", policy.Description)) 68 ui.Info(fmt.Sprintf(" Datacenters: %s", strings.Join(policy.Datacenters, ", "))) 69 if showMeta { 70 ui.Info(fmt.Sprintf(" Hash: %x", policy.Hash)) 71 ui.Info(fmt.Sprintf(" Create Index: %d", policy.CreateIndex)) 72 ui.Info(fmt.Sprintf(" Modify Index: %d", policy.ModifyIndex)) 73 } 74 } 75 76 func GetTokenIDFromPartial(client *api.Client, partialID string) (string, error) { 77 if partialID == "anonymous" { 78 return structs.ACLTokenAnonymousID, nil 79 } 80 81 // the full UUID string was given 82 if len(partialID) == 36 { 83 return partialID, nil 84 } 85 86 tokens, _, err := client.ACL().TokenList(nil) 87 if err != nil { 88 return "", err 89 } 90 91 tokenID := "" 92 for _, token := range tokens { 93 if strings.HasPrefix(token.AccessorID, partialID) { 94 if tokenID != "" { 95 return "", fmt.Errorf("Partial token ID is not unique") 96 } 97 tokenID = token.AccessorID 98 } 99 } 100 101 if tokenID == "" { 102 return "", fmt.Errorf("No such token ID with prefix: %s", partialID) 103 } 104 105 return tokenID, nil 106 } 107 108 func GetPolicyIDFromPartial(client *api.Client, partialID string) (string, error) { 109 if partialID == "global-management" { 110 return structs.ACLPolicyGlobalManagementID, nil 111 } 112 // The full UUID string was given 113 if len(partialID) == 36 { 114 return partialID, nil 115 } 116 117 policies, _, err := client.ACL().PolicyList(nil) 118 if err != nil { 119 return "", err 120 } 121 122 policyID := "" 123 for _, policy := range policies { 124 if strings.HasPrefix(policy.ID, partialID) { 125 if policyID != "" { 126 return "", fmt.Errorf("Partial policy ID is not unique") 127 } 128 policyID = policy.ID 129 } 130 } 131 132 if policyID == "" { 133 return "", fmt.Errorf("No such policy ID with prefix: %s", partialID) 134 } 135 136 return policyID, nil 137 } 138 139 func GetPolicyIDByName(client *api.Client, name string) (string, error) { 140 if name == "" { 141 return "", fmt.Errorf("No name specified") 142 } 143 144 policies, _, err := client.ACL().PolicyList(nil) 145 if err != nil { 146 return "", err 147 } 148 149 for _, policy := range policies { 150 if policy.Name == name { 151 return policy.ID, nil 152 } 153 } 154 155 return "", fmt.Errorf("No such policy with name %s", name) 156 } 157 158 func GetRulesFromLegacyToken(client *api.Client, tokenID string, isSecret bool) (string, error) { 159 tokenID, err := GetTokenIDFromPartial(client, tokenID) 160 if err != nil { 161 return "", err 162 } 163 164 var token *api.ACLToken 165 if isSecret { 166 qopts := api.QueryOptions{ 167 Token: tokenID, 168 } 169 token, _, err = client.ACL().TokenReadSelf(&qopts) 170 } else { 171 token, _, err = client.ACL().TokenRead(tokenID, nil) 172 } 173 174 if err != nil { 175 return "", fmt.Errorf("Error reading token: %v", err) 176 } 177 178 if token == nil { 179 return "", fmt.Errorf("Token not found for ID") 180 } 181 182 if token.Rules == "" { 183 return "", fmt.Errorf("Token is not a legacy token with rules") 184 } 185 186 return token.Rules, nil 187 }