github.com/osievert/jfrog-cli-core@v1.2.7/artifactory/commands/generic/createaccesstoken.go (about) 1 package generic 2 3 import ( 4 "encoding/json" 5 "strings" 6 7 rtUtils "github.com/jfrog/jfrog-cli-core/artifactory/utils" 8 "github.com/jfrog/jfrog-cli-core/utils/config" 9 "github.com/jfrog/jfrog-client-go/artifactory/services" 10 "github.com/jfrog/jfrog-client-go/utils/errorutils" 11 ) 12 13 const ( 14 GroupsPrefix = "member-of-groups:" 15 UserScopedNotation = "*" 16 AdminPrivilegesSuffix = ":admin" 17 ) 18 19 type AccessTokenCreateCommand struct { 20 rtDetails *config.ArtifactoryDetails 21 refreshable bool 22 expiry int 23 userName string 24 audience string 25 groups string 26 grantAdmin bool 27 response *services.CreateTokenResponseData 28 } 29 30 func NewAccessTokenCreateCommand() *AccessTokenCreateCommand { 31 return &AccessTokenCreateCommand{response: new(services.CreateTokenResponseData)} 32 } 33 34 func (atcc *AccessTokenCreateCommand) SetRtDetails(rtDetails *config.ArtifactoryDetails) *AccessTokenCreateCommand { 35 atcc.rtDetails = rtDetails 36 return atcc 37 } 38 39 func (atcc *AccessTokenCreateCommand) SetRefreshable(refreshable bool) *AccessTokenCreateCommand { 40 atcc.refreshable = refreshable 41 return atcc 42 } 43 44 func (atcc *AccessTokenCreateCommand) SetExpiry(expiry int) *AccessTokenCreateCommand { 45 atcc.expiry = expiry 46 return atcc 47 } 48 49 func (atcc *AccessTokenCreateCommand) SetUserName(userName string) *AccessTokenCreateCommand { 50 atcc.userName = userName 51 return atcc 52 } 53 54 func (atcc *AccessTokenCreateCommand) SetAudience(audience string) *AccessTokenCreateCommand { 55 atcc.audience = audience 56 return atcc 57 } 58 59 func (atcc *AccessTokenCreateCommand) SetGrantAdmin(grantAdmin bool) *AccessTokenCreateCommand { 60 atcc.grantAdmin = grantAdmin 61 return atcc 62 } 63 64 func (atcc *AccessTokenCreateCommand) SetGroups(groups string) *AccessTokenCreateCommand { 65 atcc.groups = groups 66 return atcc 67 } 68 69 func (atcc *AccessTokenCreateCommand) Response() ([]byte, error) { 70 content, err := json.Marshal(*atcc.response) 71 return content, errorutils.CheckError(err) 72 } 73 74 func (atcc *AccessTokenCreateCommand) RtDetails() (*config.ArtifactoryDetails, error) { 75 return atcc.rtDetails, nil 76 } 77 78 func (atcc *AccessTokenCreateCommand) CommandName() string { 79 return "rt_create_access_token" 80 } 81 82 func (atcc *AccessTokenCreateCommand) Run() error { 83 servicesManager, err := rtUtils.CreateServiceManager(atcc.rtDetails, false) 84 if err != nil { 85 return err 86 } 87 tokenParams, err := atcc.getTokenParams() 88 if err != nil { 89 return err 90 } 91 92 *atcc.response, err = servicesManager.CreateToken(tokenParams) 93 return err 94 } 95 96 func (atcc *AccessTokenCreateCommand) getTokenParams() (tokenParams services.CreateTokenParams, err error) { 97 tokenParams = services.NewCreateTokenParams() 98 tokenParams.ExpiresIn = atcc.expiry 99 tokenParams.Refreshable = atcc.refreshable 100 tokenParams.Audience = atcc.audience 101 // Artifactory expects the username to be lower-cased. In case it is not, 102 // Artifactory will still accept a non lower-cased user, except for token related actions. 103 tokenParams.Username = strings.ToLower(atcc.userName) 104 // By default we will create "user-scoped token", unless specific groups or admin-privilege-instance were specified 105 if len(atcc.groups) == 0 && !atcc.grantAdmin { 106 atcc.groups = UserScopedNotation 107 } 108 if len(atcc.groups) > 0 { 109 tokenParams.Scope = GroupsPrefix + atcc.groups 110 } 111 if atcc.grantAdmin { 112 instanceId, err := getInstanceId(atcc.rtDetails) 113 if err != nil { 114 return tokenParams, err 115 } 116 if len(tokenParams.Scope) > 0 { 117 tokenParams.Scope += " " 118 } 119 tokenParams.Scope += instanceId + AdminPrivilegesSuffix 120 } 121 122 return 123 } 124 125 func getInstanceId(rtDetails *config.ArtifactoryDetails) (string, error) { 126 servicesManager, err := rtUtils.CreateServiceManager(rtDetails, false) 127 if err != nil { 128 return "", err 129 } 130 return servicesManager.GetServiceId() 131 }