add certificates claims+ (#1216)
This commit is contained in:
Bryan White
GitHub
parent
ab83f0f077
commit
00554f0876
103
cmd/certificates/claims.go
Normal file
103
cmd/certificates/claims.go
Normal file
@ -0,0 +1,103 @@
|
||||
// Copyright (C) 2019 Storj Labs, Inc.
|
||||
// See LICENSE for copying information.
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"github.com/spf13/cobra"
|
||||
"github.com/zeebo/errs"
|
||||
|
||||
"storj.io/storj/pkg/certificates"
|
||||
"storj.io/storj/pkg/cfgstruct"
|
||||
)
|
||||
|
||||
var (
|
||||
claimsCmd = &cobra.Command{
|
||||
Use: "claims",
|
||||
Short: "Print claim information",
|
||||
RunE: cmdClaims,
|
||||
}
|
||||
|
||||
claimsCfg struct {
|
||||
certificates.CertServerConfig
|
||||
Raw bool `default:"false" help:"if true, the raw data structures will be printed"`
|
||||
}
|
||||
)
|
||||
|
||||
func init() {
|
||||
rootCmd.AddCommand(claimsCmd)
|
||||
|
||||
cfgstruct.Bind(claimsCmd.Flags(), &claimsCfg, cfgstruct.ConfDir(defaultConfDir))
|
||||
}
|
||||
|
||||
func cmdClaims(cmd *cobra.Command, args []string) (err error) {
|
||||
authDB, err := claimsCfg.NewAuthDB()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer func() {
|
||||
err = errs.Combine(err, authDB.Close())
|
||||
}()
|
||||
|
||||
auths, err := authDB.List()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
var toPrint []interface{}
|
||||
for _, auth := range auths {
|
||||
if auth.Claim == nil {
|
||||
continue
|
||||
}
|
||||
|
||||
if claimsCfg.Raw {
|
||||
toPrint = append(toPrint, auth)
|
||||
} else {
|
||||
toPrint = append(toPrint, toPrintableAuth(auth))
|
||||
}
|
||||
}
|
||||
|
||||
if len(toPrint) == 0 {
|
||||
fmt.Printf("no claims in database: %s\n", claimsCfg.AuthorizationDBURL)
|
||||
return nil
|
||||
}
|
||||
|
||||
jsonBytes, err := json.MarshalIndent(toPrint, "", "\t")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
fmt.Println(string(jsonBytes))
|
||||
return err
|
||||
}
|
||||
|
||||
type printableAuth struct {
|
||||
UserID string
|
||||
Token string
|
||||
Claim *printableClaim
|
||||
}
|
||||
type printableClaim struct {
|
||||
Addr string
|
||||
Time string
|
||||
NodeID string
|
||||
}
|
||||
|
||||
func toPrintableAuth(auth *certificates.Authorization) *printableAuth {
|
||||
pAuth := new(printableAuth)
|
||||
|
||||
pAuth.UserID = auth.Token.UserID
|
||||
pAuth.Token = auth.Token.String()
|
||||
|
||||
if auth.Claim != nil {
|
||||
pAuth.Claim = &printableClaim{
|
||||
Time: time.Unix(auth.Claim.Timestamp, 0).String(),
|
||||
Addr: auth.Claim.Addr,
|
||||
NodeID: auth.Claim.Identity.ID.String(),
|
||||
}
|
||||
}
|
||||
return pAuth
|
||||
}
|
||||
@ -70,7 +70,6 @@ func cmdSetup(cmd *cobra.Command, args []string) error {
|
||||
"ca.key-path": config.CA.KeyPath,
|
||||
"identity.cert-path": config.Identity.CertPath,
|
||||
"identity.key-path": config.Identity.KeyPath,
|
||||
"log.level": "info",
|
||||
}
|
||||
return process.SaveConfigWithAllDefaults(cmd.Flags(), filepath.Join(setupDir, "config.yaml"), overrides)
|
||||
}
|
||||
|
||||
@ -243,12 +243,12 @@ func (c CertificateSigner) Sign(ctx context.Context, req *pb.SigningRequest) (*p
|
||||
}
|
||||
|
||||
// Close closes the authorization database's underlying store.
|
||||
func (a *AuthorizationDB) Close() error {
|
||||
return ErrAuthorizationDB.Wrap(a.DB.Close())
|
||||
func (authDB *AuthorizationDB) Close() error {
|
||||
return ErrAuthorizationDB.Wrap(authDB.DB.Close())
|
||||
}
|
||||
|
||||
// Create creates a new authorization and adds it to the authorization database.
|
||||
func (a *AuthorizationDB) Create(userID string, count int) (Authorizations, error) {
|
||||
func (authDB *AuthorizationDB) Create(userID string, count int) (Authorizations, error) {
|
||||
if len(userID) == 0 {
|
||||
return nil, ErrAuthorizationDB.New("userID cannot be empty")
|
||||
}
|
||||
@ -272,7 +272,7 @@ func (a *AuthorizationDB) Create(userID string, count int) (Authorizations, erro
|
||||
return nil, ErrAuthorizationDB.Wrap(err)
|
||||
}
|
||||
|
||||
if err := a.add(userID, newAuths); err != nil {
|
||||
if err := authDB.add(userID, newAuths); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@ -280,8 +280,8 @@ func (a *AuthorizationDB) Create(userID string, count int) (Authorizations, erro
|
||||
}
|
||||
|
||||
// Get retrieves authorizations by user ID.
|
||||
func (a *AuthorizationDB) Get(userID string) (Authorizations, error) {
|
||||
authsBytes, err := a.DB.Get(storage.Key(userID))
|
||||
func (authDB *AuthorizationDB) Get(userID string) (Authorizations, error) {
|
||||
authsBytes, err := authDB.DB.Get(storage.Key(userID))
|
||||
if err != nil && !storage.ErrKeyNotFound.Has(err) {
|
||||
return nil, ErrAuthorizationDB.Wrap(err)
|
||||
}
|
||||
@ -297,16 +297,33 @@ func (a *AuthorizationDB) Get(userID string) (Authorizations, error) {
|
||||
}
|
||||
|
||||
// UserIDs returns a list of all userIDs present in the authorization database.
|
||||
func (a *AuthorizationDB) UserIDs() ([]string, error) {
|
||||
keys, err := a.DB.List([]byte{}, 0)
|
||||
func (authDB *AuthorizationDB) UserIDs() ([]string, error) {
|
||||
keys, err := authDB.DB.List([]byte{}, 0)
|
||||
if err != nil {
|
||||
return nil, ErrAuthorizationDB.Wrap(err)
|
||||
}
|
||||
return keys.Strings(), nil
|
||||
}
|
||||
|
||||
// Claim marks an authorization as claimed and records claim information
|
||||
func (a *AuthorizationDB) Claim(opts *ClaimOpts) error {
|
||||
// List returns all authorizations in the database.
|
||||
func (authDB *AuthorizationDB) List() (auths Authorizations, _ error) {
|
||||
uids, err := authDB.UserIDs()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
for _, uid := range uids {
|
||||
idAuths, err := authDB.Get(uid)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
auths = append(auths, idAuths...)
|
||||
}
|
||||
return auths, nil
|
||||
}
|
||||
|
||||
// Claim marks an authorization as claimed and records claim information.
|
||||
func (authDB *AuthorizationDB) Claim(opts *ClaimOpts) error {
|
||||
now := time.Now().Unix()
|
||||
if !(now-MaxClaimDelaySeconds < opts.Req.Timestamp) ||
|
||||
!(opts.Req.Timestamp < now+MaxClaimDelaySeconds) {
|
||||
@ -332,7 +349,7 @@ func (a *AuthorizationDB) Claim(opts *ClaimOpts) error {
|
||||
return err
|
||||
}
|
||||
|
||||
auths, err := a.Get(token.UserID)
|
||||
auths, err := authDB.Get(token.UserID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -352,7 +369,7 @@ func (a *AuthorizationDB) Claim(opts *ClaimOpts) error {
|
||||
SignedChainBytes: opts.ChainBytes,
|
||||
},
|
||||
}
|
||||
if err := a.put(token.UserID, auths); err != nil {
|
||||
if err := authDB.put(token.UserID, auths); err != nil {
|
||||
return err
|
||||
}
|
||||
break
|
||||
@ -361,23 +378,23 @@ func (a *AuthorizationDB) Claim(opts *ClaimOpts) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (a *AuthorizationDB) add(userID string, newAuths Authorizations) error {
|
||||
auths, err := a.Get(userID)
|
||||
func (authDB *AuthorizationDB) add(userID string, newAuths Authorizations) error {
|
||||
auths, err := authDB.Get(userID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
auths = append(auths, newAuths...)
|
||||
return a.put(userID, auths)
|
||||
return authDB.put(userID, auths)
|
||||
}
|
||||
|
||||
func (a *AuthorizationDB) put(userID string, auths Authorizations) error {
|
||||
func (authDB *AuthorizationDB) put(userID string, auths Authorizations) error {
|
||||
authsBytes, err := auths.Marshal()
|
||||
if err != nil {
|
||||
return ErrAuthorizationDB.Wrap(err)
|
||||
}
|
||||
|
||||
if err := a.DB.Put(storage.Key(userID), authsBytes); err != nil {
|
||||
if err := authDB.DB.Put(storage.Key(userID), authsBytes); err != nil {
|
||||
return ErrAuthorizationDB.Wrap(err)
|
||||
}
|
||||
return nil
|
||||
|
||||
Loading…
Reference in New Issue
Block a user