kanidm/kanidm_tools/src/cli/common.rs

use crate::login::read_tokens;
use kanidm_client::{KanidmClient, KanidmClientBuilder};
use std::path::PathBuf;
use structopt::StructOpt;

#[derive(Debug, StructOpt)]
pub struct Named {
    #[structopt()]
    pub name: String,
    #[structopt(flatten)]
    pub copt: CommonOpt,
}

#[derive(Debug, StructOpt)]
pub struct CommonOpt {
    #[structopt(short = "d", long = "debug")]
    pub debug: bool,
    #[structopt(short = "H", long = "url")]
    pub addr: Option<String>,
    #[structopt(short = "D", long = "name")]
    pub username: Option<String>,
    #[structopt(parse(from_os_str), short = "C", long = "ca")]
    pub ca_path: Option<PathBuf>,
}

impl CommonOpt {
    pub fn to_unauth_client(&self) -> KanidmClient {
        let config_path: String = shellexpand::tilde("~/.config/kanidm").into_owned();

        debug!("Attempting to use config {}", "/etc/kanidm/config");
        let client_builder = match KanidmClientBuilder::new()
            .read_options_from_optional_config("/etc/kanidm/config")
            .and_then(|cb| {
                debug!("Attempting to use config {}", config_path);
                cb.read_options_from_optional_config(config_path)
            }) {
            Ok(c) => c,
            Err(e) => {
                error!("Failed to parse config (if present) -- {:?}", e);
                std::process::exit(1);
            }
        };

        let client_builder = match &self.addr {
            Some(a) => client_builder.address(a.to_string()),
            None => client_builder,
        };

        let ca_path: Option<&str> = self.ca_path.as_ref().map(|p| p.to_str()).flatten();
        let client_builder = match ca_path {
            Some(p) => match client_builder.add_root_certificate_filepath(p) {
                Ok(cb) => cb,
                Err(e) => {
                    error!("Failed to add ca certificate -- {:?}", e);
                    std::process::exit(1);
                }
            },
            None => client_builder,
        };

        let client = match client_builder.build() {
            Ok(c) => c,
            Err(e) => {
                error!("Failed to build client instance -- {:?}", e);
                std::process::exit(1);
            }
        };
        client
    }

    pub fn to_client(&self) -> KanidmClient {
        let mut client = self.to_unauth_client();
        // Read the token file.
        let tokens = match read_tokens() {
            Ok(t) => t,
            Err(_e) => {
                error!("Error retrieving authentication token store");
                std::process::exit(1);
            }
        };

        if tokens.len() == 0 {
            error!(
                "No valid authentication tokens found. Please login with the 'login' subcommand."
            );
            std::process::exit(1);
        }

        // If we have a username, use that to select tokens
        let token = match &self.username {
            Some(username) => {
                // Is it in the store?
                match tokens.get(username) {
                    Some(t) => t.clone(),
                    None => {
                        error!("No valid authentication tokens found for {}.", username);
                        std::process::exit(1);
                    }
                }
            }
            None => {
                if tokens.len() == 1 {
                    let (f_uname, f_token) = tokens.iter().next().expect("Memory Corruption");
                    // else pick the first token
                    info!("Authenticated as {}", f_uname);
                    f_token.clone()
                } else {
                    // Unable to select
                    error!("Multiple authentication tokens exist. Please select one with --name.");
                    std::process::exit(1);
                }
            }
        };

        // Set it into the client
        client.set_token(token);

        client
    }
}
250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00			`use crate::login::read_tokens;`
20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00			`use kanidm_client::{KanidmClient, KanidmClientBuilder};`
			`use std::path::PathBuf;`
			`use structopt::StructOpt;`

			`#[derive(Debug, StructOpt)]`
			`pub struct Named {`
			`#[structopt()]`
			`pub name: String,`
			`#[structopt(flatten)]`
			`pub copt: CommonOpt,`
			`}`

			`#[derive(Debug, StructOpt)]`
			`pub struct CommonOpt {`
			`#[structopt(short = "d", long = "debug")]`
			`pub debug: bool,`
			`#[structopt(short = "H", long = "url")]`
			`pub addr: Option<String>,`
			`#[structopt(short = "D", long = "name")]`
250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00			`pub username: Option<String>,`
20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00			`#[structopt(parse(from_os_str), short = "C", long = "ca")]`
			`pub ca_path: Option<PathBuf>,`
			`}`

			`impl CommonOpt {`
250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00			`pub fn to_unauth_client(&self) -> KanidmClient {`
20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00			`let config_path: String = shellexpand::tilde("~/.config/kanidm").into_owned();`

			`debug!("Attempting to use config {}", "/etc/kanidm/config");`
Cleanup and improve client error handling 2020-08-01 12:31:05 +02:00			`let client_builder = match KanidmClientBuilder::new()`
20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00			`.read_options_from_optional_config("/etc/kanidm/config")`
			`.and_then(\|cb\| {`
			`debug!("Attempting to use config {}", config_path);`
			`cb.read_options_from_optional_config(config_path)`
Cleanup and improve client error handling 2020-08-01 12:31:05 +02:00			`}) {`
			`Ok(c) => c,`
			`Err(e) => {`
			`error!("Failed to parse config (if present) -- {:?}", e);`
			`std::process::exit(1);`
			`}`
			`};`
20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00
			`let client_builder = match &self.addr {`
			`Some(a) => client_builder.address(a.to_string()),`
			`None => client_builder,`
			`};`

Cleanup and improve client error handling 2020-08-01 12:31:05 +02:00			`let ca_path: Option<&str> = self.ca_path.as_ref().map(\|p\| p.to_str()).flatten();`
20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00			`let client_builder = match ca_path {`
Cleanup and improve client error handling 2020-08-01 12:31:05 +02:00			`Some(p) => match client_builder.add_root_certificate_filepath(p) {`
			`Ok(cb) => cb,`
			`Err(e) => {`
			`error!("Failed to add ca certificate -- {:?}", e);`
			`std::process::exit(1);`
			`}`
			`},`
20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00			`None => client_builder,`
			`};`

Cleanup and improve client error handling 2020-08-01 12:31:05 +02:00			`let client = match client_builder.build() {`
			`Ok(c) => c,`
			`Err(e) => {`
			`error!("Failed to build client instance -- {:?}", e);`
			`std::process::exit(1);`
			`}`
			`};`
250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00			`client`
			`}`
20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00
250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00			`pub fn to_client(&self) -> KanidmClient {`
			`let mut client = self.to_unauth_client();`
			`// Read the token file.`
			`let tokens = match read_tokens() {`
			`Ok(t) => t,`
			`Err(_e) => {`
			`error!("Error retrieving authentication token store");`
			`std::process::exit(1);`
			`}`
20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00			`};`

250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00			`if tokens.len() == 0 {`
			`error!(`
			`"No valid authentication tokens found. Please login with the 'login' subcommand."`
			`);`
20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00			`std::process::exit(1);`
			`}`

250 cookie to auth bearer (#321) Fixes #250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar. 2020-09-18 05:19:57 +02:00			`// If we have a username, use that to select tokens`
			`let token = match &self.username {`
			`Some(username) => {`
			`// Is it in the store?`
			`match tokens.get(username) {`
			`Some(t) => t.clone(),`
			`None => {`
			`error!("No valid authentication tokens found for {}.", username);`
			`std::process::exit(1);`
			`}`
			`}`
			`}`
			`None => {`
			`if tokens.len() == 1 {`
			`let (f_uname, f_token) = tokens.iter().next().expect("Memory Corruption");`
			`// else pick the first token`
			`info!("Authenticated as {}", f_uname);`
			`f_token.clone()`
			`} else {`
			`// Unable to select`
			`error!("Multiple authentication tokens exist. Please select one with --name.");`
			`std::process::exit(1);`
			`}`
			`}`
			`};`

			`// Set it into the client`
			`client.set_token(token);`

20200322 132 recyclebin 2 (#193) Implements #132, the recycle bin. This completes the feature, with working API's, front end tests and CLI tooling. It also includes a refactor of the CLI tools to make them a bit easier to manage/work with. 2020-03-24 23:21:49 +01:00			`client`
			`}`
			`}`