storj/cmd/identity/identity.go

// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.

package main

import (
	"path/filepath"

	"github.com/spf13/cobra"
	"github.com/zeebo/errs"

	"storj.io/storj/pkg/cfgstruct"
	"storj.io/storj/pkg/identity"
)

var (
	// ErrSetup is used when an error occurs while setting up
	ErrSetup = errs.Class("setup error")

	idCmd = &cobra.Command{
		Use:         "id",
		Short:       "Manage identities",
		Annotations: map[string]string{"type": "setup"},
	}

	newIDCmd = &cobra.Command{
		Use:         "create",
		Short:       "Creates a new identity from an existing certificate authority",
		RunE:        cmdNewID,
		Annotations: map[string]string{"type": "setup"},
	}

	leafExtCmd = &cobra.Command{
		Use:         "extensions",
		Short:       "Prints the extensions attached to the identity leaf certificate",
		Args:        cobra.MaximumNArgs(1),
		RunE:        cmdLeafExtensions,
		Annotations: map[string]string{"type": "setup"},
	}

	revokeLeafCmd = &cobra.Command{
		Use:         "revoke",
		Short:       "Revoke the identity's leaf certificate (creates backup)",
		RunE:        cmdRevokeLeaf,
		Annotations: map[string]string{"type": "setup"},
	}

	newIDCfg struct {
		CA       identity.FullCAConfig
		Identity identity.SetupConfig
	}

	leafExtCfg struct {
		Identity identity.PeerConfig
	}

	revokeLeafCfg struct {
		CA       identity.FullCAConfig
		Identity identity.Config
		// TODO: add "broadcast" option to send revocation to network nodes
	}
)

func init() {
	rootCmd.AddCommand(idCmd)
	idCmd.AddCommand(newIDCmd)
	idCmd.AddCommand(leafExtCmd)
	idCmd.AddCommand(revokeLeafCmd)

	cfgstruct.Bind(newIDCmd.Flags(), &newIDCfg, defaults, cfgstruct.IdentityDir(defaultIdentityDir))
	cfgstruct.Bind(leafExtCmd.Flags(), &leafExtCfg, defaults, cfgstruct.IdentityDir(defaultIdentityDir))
	cfgstruct.Bind(revokeLeafCmd.Flags(), &revokeLeafCfg, defaults, cfgstruct.IdentityDir(defaultIdentityDir))
}

func cmdNewID(cmd *cobra.Command, args []string) (err error) {
	ca, err := newIDCfg.CA.Load()
	if err != nil {
		return err
	}

	s, err := newIDCfg.Identity.Status()
	if err != nil {
		return err
	}
	if s == identity.NoCertNoKey || newIDCfg.Identity.Overwrite {
		_, err := newIDCfg.Identity.Create(ca)
		return err
	}
	return ErrSetup.New("identity file(s) exist: %s", s)
}

func cmdLeafExtensions(cmd *cobra.Command, args []string) (err error) {
	if len(args) > 0 {
		leafExtCfg.Identity = identity.PeerConfig{
			CertPath: filepath.Join(identityDir, args[0], "identity.cert"),
		}
	}

	ident, err := leafExtCfg.Identity.Load()
	if err != nil {
		return err
	}

	return printExtensions(ident.Leaf.Raw, ident.Leaf.Extensions)
}

func cmdRevokeLeaf(cmd *cobra.Command, args []string) (err error) {
	ca, err := revokeLeafCfg.CA.Load()
	if err != nil {
		return err
	}
	originalIdent, err := revokeLeafCfg.Identity.Load()
	if err != nil {
		return err
	}

	manageableIdent := identity.NewManageableFullIdentity(originalIdent, ca)
	if err := manageableIdent.Revoke(); err != nil {
		return err
	}

	// NB: backup original cert and key.
	if err := revokeLeafCfg.Identity.SaveBackup(originalIdent); err != nil {
		return err
	}

	if err := revokeLeafCfg.Identity.Save(manageableIdent.FullIdentity); err != nil {
		return err
	}
	return nil
}
updates copyright 2018 to 2019 (#1133) 2019-01-24 20:15:10 +00:00			`// Copyright (C) 2019 Storj Labs, Inc.`
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`// See LICENSE for copying information.`

			`package main`

			`import (`
identity improvements: (#1215) 2019-02-06 16:40:55 +00:00			`"path/filepath"`

CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`"github.com/spf13/cobra"`
identity improvements: (#1215) 2019-02-06 16:40:55 +00:00			`"github.com/zeebo/errs"`
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00
			`"storj.io/storj/pkg/cfgstruct"`
Delete provider package (#1177) 2019-01-30 20:47:21 +00:00			`"storj.io/storj/pkg/identity"`
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`)`

			`var (`
identity improvements: (#1215) 2019-02-06 16:40:55 +00:00			`// ErrSetup is used when an error occurs while setting up`
			`ErrSetup = errs.Class("setup error")`

CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`idCmd = &cobra.Command{`
Consolidate identity management to identity cli commands (#1083) * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * linters * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * sava backups before saving signed certs * add "-prebuilt-test-cmds" test flag * linters * prepare cli tests for travis * linter fixes * more fixes * linter gods * sp/sdk/sim * remove ca.difficulty * remove unused difficulty * return setup to its rightful place * wip travis * Revert "wip travis" This reverts commit 56834849dcf066d3cc0a4f139033fc3f6d7188ca. * typo in travis.yaml * remove tests * remove more * make it only create one identity at a time for consistency * add config-dir for consitency * add identity creation to storj-sim * add flags * simplify * fix nolint and compile * prevent overwrite and pass difficulty, concurrency, and parent creds * goimports 2019-01-18 10:36:58 +00:00			`Use: "id",`
			`Short: "Manage identities",`
			`Annotations: map[string]string{"type": "setup"},`
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`}`

			`newIDCmd = &cobra.Command{`
Change identity command (#1128) 2019-01-24 15:41:16 +00:00			`Use: "create",`
Consolidate identity management to identity cli commands (#1083) * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * linters * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * sava backups before saving signed certs * add "-prebuilt-test-cmds" test flag * linters * prepare cli tests for travis * linter fixes * more fixes * linter gods * sp/sdk/sim * remove ca.difficulty * remove unused difficulty * return setup to its rightful place * wip travis * Revert "wip travis" This reverts commit 56834849dcf066d3cc0a4f139033fc3f6d7188ca. * typo in travis.yaml * remove tests * remove more * make it only create one identity at a time for consistency * add config-dir for consitency * add identity creation to storj-sim * add flags * simplify * fix nolint and compile * prevent overwrite and pass difficulty, concurrency, and parent creds * goimports 2019-01-18 10:36:58 +00:00			`Short: "Creates a new identity from an existing certificate authority",`
			`RunE: cmdNewID,`
			`Annotations: map[string]string{"type": "setup"},`
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`}`

Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00			`leafExtCmd = &cobra.Command{`
Consolidate identity management to identity cli commands (#1083) * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * linters * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * sava backups before saving signed certs * add "-prebuilt-test-cmds" test flag * linters * prepare cli tests for travis * linter fixes * more fixes * linter gods * sp/sdk/sim * remove ca.difficulty * remove unused difficulty * return setup to its rightful place * wip travis * Revert "wip travis" This reverts commit 56834849dcf066d3cc0a4f139033fc3f6d7188ca. * typo in travis.yaml * remove tests * remove more * make it only create one identity at a time for consistency * add config-dir for consitency * add identity creation to storj-sim * add flags * simplify * fix nolint and compile * prevent overwrite and pass difficulty, concurrency, and parent creds * goimports 2019-01-18 10:36:58 +00:00			`Use: "extensions",`
			`Short: "Prints the extensions attached to the identity leaf certificate",`
identity improvements: (#1215) 2019-02-06 16:40:55 +00:00			`Args: cobra.MaximumNArgs(1),`
Consolidate identity management to identity cli commands (#1083) * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * linters * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * sava backups before saving signed certs * add "-prebuilt-test-cmds" test flag * linters * prepare cli tests for travis * linter fixes * more fixes * linter gods * sp/sdk/sim * remove ca.difficulty * remove unused difficulty * return setup to its rightful place * wip travis * Revert "wip travis" This reverts commit 56834849dcf066d3cc0a4f139033fc3f6d7188ca. * typo in travis.yaml * remove tests * remove more * make it only create one identity at a time for consistency * add config-dir for consitency * add identity creation to storj-sim * add flags * simplify * fix nolint and compile * prevent overwrite and pass difficulty, concurrency, and parent creds * goimports 2019-01-18 10:36:58 +00:00			`RunE: cmdLeafExtensions,`
			`Annotations: map[string]string{"type": "setup"},`
Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00			`}`

			`revokeLeafCmd = &cobra.Command{`
Consolidate identity management to identity cli commands (#1083) * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * linters * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * sava backups before saving signed certs * add "-prebuilt-test-cmds" test flag * linters * prepare cli tests for travis * linter fixes * more fixes * linter gods * sp/sdk/sim * remove ca.difficulty * remove unused difficulty * return setup to its rightful place * wip travis * Revert "wip travis" This reverts commit 56834849dcf066d3cc0a4f139033fc3f6d7188ca. * typo in travis.yaml * remove tests * remove more * make it only create one identity at a time for consistency * add config-dir for consitency * add identity creation to storj-sim * add flags * simplify * fix nolint and compile * prevent overwrite and pass difficulty, concurrency, and parent creds * goimports 2019-01-18 10:36:58 +00:00			`Use: "revoke",`
			`Short: "Revoke the identity's leaf certificate (creates backup)",`
			`RunE: cmdRevokeLeaf,`
			`Annotations: map[string]string{"type": "setup"},`
Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00			`}`

CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`newIDCfg struct {`
Delete provider package (#1177) 2019-01-30 20:47:21 +00:00			`CA identity.FullCAConfig`
			`Identity identity.SetupConfig`
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`}`
Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00
			`leafExtCfg struct {`
identity improvements: (#1215) 2019-02-06 16:40:55 +00:00			`Identity identity.PeerConfig`
Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00			`}`

			`revokeLeafCfg struct {`
Delete provider package (#1177) 2019-01-30 20:47:21 +00:00			`CA identity.FullCAConfig`
extension serialization (#1554) 2019-04-03 16:03:53 +01:00			`Identity identity.Config`
Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00			`// TODO: add "broadcast" option to send revocation to network nodes`
			`}`
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`)`

			`func init() {`
			`rootCmd.AddCommand(idCmd)`
			`idCmd.AddCommand(newIDCmd)`
Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00			`idCmd.AddCommand(leafExtCmd)`
			`idCmd.AddCommand(revokeLeafCmd)`
certificates config and --certs-dir fixes (#1093) 2019-01-22 12:35:48 +00:00
pkg/cfgstruct: tie defaults to releases (#1787) * tie defaults to releases this change makes it so that by default, the flag defaults are chosen based on whether the build was built as a release build or an ordinary build. release builds by default get release defaults, whereas ordinary builds by default get dev defaults. any binary can have its defaults changed by specifying --defaults=dev or --defaults=release Change-Id: I6d216aa345d211c69ad913159d492fac77b12c64 * make release defaults more clear this change extends cfgstruct structs to support either a 'default' tag, or a pair of 'devDefault' and 'releaseDefault' tags, but not both, for added clarity Change-Id: Ia098be1fa84b932fdfe90a4a4d027ffb95e249c6 * clarify cfgstruct.DefaultsFlag Change-Id: I55f2ff9080ebbc0ce83abf956e085242a92f883e 2019-04-19 19:17:30 +01:00			`cfgstruct.Bind(newIDCmd.Flags(), &newIDCfg, defaults, cfgstruct.IdentityDir(defaultIdentityDir))`
			`cfgstruct.Bind(leafExtCmd.Flags(), &leafExtCfg, defaults, cfgstruct.IdentityDir(defaultIdentityDir))`
			`cfgstruct.Bind(revokeLeafCmd.Flags(), &revokeLeafCfg, defaults, cfgstruct.IdentityDir(defaultIdentityDir))`
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`}`

			`func cmdNewID(cmd *cobra.Command, args []string) (err error) {`
			`ca, err := newIDCfg.CA.Load()`
			`if err != nil {`
			`return err`
			`}`

Warn about permissions when creating identity (#1384) * Warn about permissions when creating identity * Function to determine if directory is writeable * Check if writable before authorizing * Remove redeclatarion * remove windows specific utils * Nat nits * Actually test if directory is writeable with file creation 2019-03-12 14:42:38 +00:00			`s, err := newIDCfg.Identity.Status()`
			`if err != nil {`
			`return err`
			`}`
Delete provider package (#1177) 2019-01-30 20:47:21 +00:00			`if s == identity.NoCertNoKey \|\| newIDCfg.Identity.Overwrite {`
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`_, err := newIDCfg.Identity.Create(ca)`
			`return err`
			`}`
identity improvements: (#1215) 2019-02-06 16:40:55 +00:00			`return ErrSetup.New("identity file(s) exist: %s", s)`
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`}`
Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00
			`func cmdLeafExtensions(cmd *cobra.Command, args []string) (err error) {`
identity improvements: (#1215) 2019-02-06 16:40:55 +00:00			`if len(args) > 0 {`
			`leafExtCfg.Identity = identity.PeerConfig{`
			`CertPath: filepath.Join(identityDir, args[0], "identity.cert"),`
			`}`
			`}`

			`ident, err := leafExtCfg.Identity.Load()`
Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00			`if err != nil {`
			`return err`
			`}`

extension serialization (#1554) 2019-04-03 16:03:53 +01:00			`return printExtensions(ident.Leaf.Raw, ident.Leaf.Extensions)`
Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00			`}`

			`func cmdRevokeLeaf(cmd *cobra.Command, args []string) (err error) {`
			`ca, err := revokeLeafCfg.CA.Load()`
			`if err != nil {`
			`return err`
			`}`
			`originalIdent, err := revokeLeafCfg.Identity.Load()`
			`if err != nil {`
			`return err`
			`}`

extension serialization (#1554) 2019-04-03 16:03:53 +01:00			`manageableIdent := identity.NewManageableFullIdentity(originalIdent, ca)`
			`if err := manageableIdent.Revoke(); err != nil {`
Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00			`return err`
			`}`

extension serialization (#1554) 2019-04-03 16:03:53 +01:00			`// NB: backup original cert and key.`
Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00			`if err := revokeLeafCfg.Identity.SaveBackup(originalIdent); err != nil {`
Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00			`return err`
			`}`

extension serialization (#1554) 2019-04-03 16:03:53 +01:00			`if err := revokeLeafCfg.Identity.Save(manageableIdent.FullIdentity); err != nil {`
Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00			`return err`
			`}`
			`return nil`
			`}`