github.com/grailbio/base@v0.0.11/cmd/grail-role-group/main.go (about) 1 // Copyright 2018 GRAIL, Inc. All rights reserved. 2 // Use of this source code is governed by the Apache-2.0 3 // license that can be found in the LICENSE file. 4 5 // The following enables go generate to generate the doc.go file. 6 //go:generate go run v.io/x/lib/cmdline/gendoc "--build-cmd=go install" --copyright-notice= . -help 7 8 package main 9 10 import ( 11 "net/http" 12 "os" 13 14 "github.com/grailbio/base/cmd/grail-role-group/googleclient" 15 16 "github.com/grailbio/base/cmdutil" 17 _ "github.com/grailbio/base/cmdutil/interactive" 18 "golang.org/x/oauth2" 19 admin "google.golang.org/api/admin/directory/v1" 20 "google.golang.org/api/groupssettings/v1" 21 "v.io/x/lib/cmdline" 22 ) 23 24 const ( 25 // DATA(sensitive): These are the OAuth2 client ID and secret. They were 26 // generated in the grail-role-group Google Cloud Project. The client secret 27 // is not secret in this case because it is part of client tool. It does act 28 // as an identifier that allows restriction based on quota on the Google 29 // side. 30 clientID = "961318960823-f1h3iobupln4959to1ja13895htiiah5.apps.googleusercontent.com" 31 clientSecret = "i7ANm8RJy-7Y0oOP1uV-yKPU" 32 ) 33 34 const domain = "grailbio.com" 35 36 var groupSuffix = []string{"-aws-role@grailbio.com", "-ticket@grailbio.com"} 37 38 var ( 39 browserFlag bool 40 dryRunFlag bool 41 descriptionFlag bool 42 ) 43 44 func newClient() (*http.Client, error) { 45 return googleclient.New(googleclient.Options{ 46 ClientID: clientID, 47 ClientSecret: clientSecret, 48 Scopes: scopes, 49 // We request online only to avoid caching elevated refresh tokens for too 50 // long. 51 AccessType: oauth2.AccessTypeOnline, 52 ConfigFile: os.ExpandEnv("${HOME}/.config/grail-role-group/credentials.json"), 53 OpenBrowser: true, 54 }) 55 } 56 57 func newAdminService() (*admin.Service, error) { 58 client, err := newClient() 59 if err != nil { 60 return nil, err 61 } 62 return admin.New(client) 63 } 64 65 func newGroupsSettingsService() (*groupssettings.Service, error) { 66 client, err := newClient() 67 if err != nil { 68 return nil, err 69 } 70 return groupssettings.New(client) 71 } 72 73 func newCmdRoot() *cmdline.Command { 74 cmd := &cmdline.Command{ 75 Name: "role-group", 76 Short: "Manage Google Groups used in ticket-server config files", 77 LookPath: false, 78 Children: []*cmdline.Command{ 79 newCmdList(), 80 newCmdCreate(), 81 newCmdUpdate(), 82 }, 83 } 84 return cmd 85 } 86 87 func newCmdList() *cmdline.Command { 88 cmd := &cmdline.Command{ 89 Runner: cmdutil.RunnerFunc(runList), 90 Name: "list", 91 Short: "List all the role groups", 92 } 93 cmd.Flags.BoolVar(&browserFlag, "browser", true, "Attempt to open a browser.") 94 return cmd 95 } 96 97 func newCmdCreate() *cmdline.Command { 98 cmd := &cmdline.Command{ 99 Runner: cmdutil.RunnerFunc(runCreate), 100 Name: "create", 101 Short: "Create a new role group", 102 ArgsName: "<role name>", 103 } 104 cmd.Flags.BoolVar(&browserFlag, "browser", true, "Attempt to open a browser.") 105 cmd.Flags.BoolVar(&descriptionFlag, "description", true, "Compose a standard description.") 106 return cmd 107 } 108 109 func newCmdUpdate() *cmdline.Command { 110 cmd := &cmdline.Command{ 111 Runner: cmdutil.RunnerFunc(runUpdate), 112 Name: "update", 113 Short: "Update an existing role group", 114 ArgsName: "<role name>", 115 } 116 cmd.Flags.BoolVar(&browserFlag, "browser", true, "Attempt to open a browser.") 117 cmd.Flags.BoolVar(&descriptionFlag, "description", true, "Compose a standard description.") 118 cmd.Flags.BoolVar(&dryRunFlag, "dry-run", true, "Safeguard to avoid accidental updates.") 119 return cmd 120 } 121 122 // Any return true if any string in list returns true based on the passed comparison method 123 func Any(vs []string, f func(string) bool) bool { 124 for _, v := range vs { 125 if f(v) { 126 return true 127 } 128 } 129 return false 130 } 131 132 func main() { 133 cmdline.HideGlobalFlagsExcept() 134 cmdline.Main(newCmdRoot()) 135 }