github.com/minio/mc@v0.0.0-20240503112107-b471de8d1882/cmd/idp-ldap-accesskey-create-with-login.go (about) 1 // Copyright (c) 2015-2023 MinIO, Inc. 2 // 3 // This file is part of MinIO Object Storage stack 4 // 5 // This program is free software: you can redistribute it and/or modify 6 // it under the terms of the GNU Affero General Public License as published by 7 // the Free Software Foundation, either version 3 of the License, or 8 // (at your option) any later version. 9 // 10 // This program is distributed in the hope that it will be useful 11 // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 // GNU Affero General Public License for more details. 14 // 15 // You should have received a copy of the GNU Affero General Public License 16 // along with this program. If not, see <http://www.gnu.org/licenses/>. 17 18 package cmd 19 20 import ( 21 "bufio" 22 "fmt" 23 "net/url" 24 "os" 25 26 "github.com/fatih/color" 27 "github.com/minio/cli" 28 "github.com/minio/madmin-go/v3" 29 "github.com/minio/mc/pkg/probe" 30 "github.com/minio/minio-go/v7/pkg/credentials" 31 "github.com/minio/pkg/v2/console" 32 "golang.org/x/term" 33 ) 34 35 var idpLdapAccesskeyCreateWithLoginCmd = cli.Command{ 36 Name: "create-with-login", 37 Usage: "log in using LDAP credentials to generate access key pair", 38 Action: mainIDPLdapAccesskeyCreateWithLogin, 39 Before: setGlobalsFromContext, 40 Flags: append(idpLdapAccesskeyCreateFlags, globalFlags...), 41 OnUsageError: onUsageError, 42 CustomHelpTemplate: `NAME: 43 {{.HelpName}} - {{.Usage}} 44 45 USAGE: 46 {{.HelpName}} [FLAGS] URL 47 48 FLAGS: 49 {{range .VisibleFlags}}{{.}} 50 {{end}} 51 EXAMPLES: 52 1. Create a new access key pair for https://minio.example.com by logging in with LDAP credentials 53 {{.Prompt}} {{.HelpName}} https://minio.example.com 54 2. Create a new access key pair for http://localhost:9000 via login with custom access key and secret key 55 {{.Prompt}} {{.HelpName}} http://localhost:9000 --access-key myaccesskey --secret-key mysecretkey 56 `, 57 } 58 59 func mainIDPLdapAccesskeyCreateWithLogin(ctx *cli.Context) error { 60 if len(ctx.Args()) != 1 { 61 showCommandHelpAndExit(ctx, 1) // last argument is exit code 62 } 63 64 args := ctx.Args() 65 url := args.Get(0) 66 67 opts := accessKeyCreateOpts(ctx, "") 68 69 isTerminal := term.IsTerminal(int(os.Stdin.Fd())) 70 if !isTerminal { 71 e := fmt.Errorf("login flag cannot be used with non-interactive terminal") 72 fatalIf(probe.NewError(e), "Invalid flags.") 73 } 74 75 client := loginLDAPAccesskey(url) 76 77 res, e := client.AddServiceAccountLDAP(globalContext, opts) 78 fatalIf(probe.NewError(e), "Unable to add service account.") 79 80 m := ldapAccesskeyMessage{ 81 op: "create", 82 Status: "success", 83 AccessKey: res.AccessKey, 84 SecretKey: res.SecretKey, 85 Expiration: &res.Expiration, 86 Name: opts.Name, 87 Description: opts.Description, 88 } 89 printMsg(m) 90 91 return nil 92 } 93 94 func loginLDAPAccesskey(URL string) *madmin.AdminClient { 95 console.SetColor(cred, color.New(color.FgYellow, color.Italic)) 96 reader := bufio.NewReader(os.Stdin) 97 98 fmt.Printf("%s", console.Colorize(cred, "Enter LDAP Username: ")) 99 value, _, e := reader.ReadLine() 100 fatalIf(probe.NewError(e), "Unable to read username") 101 username := string(value) 102 103 fmt.Printf("%s", console.Colorize(cred, "Enter Password: ")) 104 bytePassword, e := term.ReadPassword(int(os.Stdin.Fd())) 105 fatalIf(probe.NewError(e), "Unable to read password") 106 fmt.Printf("\n") 107 password := string(bytePassword) 108 109 ldapID, e := credentials.NewLDAPIdentity(URL, username, password) 110 fatalIf(probe.NewError(e), "Unable to initialize LDAP identity.") 111 112 u, e := url.Parse(URL) 113 fatalIf(probe.NewError(e), "Unable to parse server URL.") 114 115 client, e := madmin.NewWithOptions(u.Host, &madmin.Options{ 116 Creds: ldapID, 117 Secure: u.Scheme == "https", 118 }) 119 fatalIf(probe.NewError(e), "Unable to initialize admin connection.") 120 121 return client 122 }