mirror of
https://github.com/mainflux/mainflux.git
synced 2025-04-29 13:49:28 +08:00
7cccba91c9
* Reformat Policies Enpoint to Take Sub Obj Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Redirect to `policies` Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Make Delete Endpoint not to Contain Body Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Remove gRPC unused functions Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Remove Redirect Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Update CLI Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Use Switch Statement Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Uncomment Commented Parts Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Empty Line Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Remove Unused gRPC Req and Resp Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Listing of Policies Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Rename Authorize Functions For Users and Things Service Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Authorize To CLI Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com>
229 lines
5.3 KiB
Go
229 lines
5.3 KiB
Go
// Copyright (c) Mainflux
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package cli
|
|
|
|
import (
|
|
"encoding/json"
|
|
|
|
mfxsdk "github.com/mainflux/mainflux/pkg/sdk/go"
|
|
"github.com/spf13/cobra"
|
|
)
|
|
|
|
const (
|
|
users = "users"
|
|
things = "things"
|
|
)
|
|
|
|
var cmdPolicies = []cobra.Command{
|
|
{
|
|
Use: "create [ users | things ] <subject_id> <object_id> <actions> <user_auth_token>",
|
|
Short: "Create policy",
|
|
Long: "Create a new policy\n" +
|
|
"Usage:\n" +
|
|
"\tmainflux-cli policies create users <user_id> <group_id> '[\"c_list\"]' $USERTOKEN\n" +
|
|
"\tmainflux-cli policies create things <thing_id> <channel_id> '[\"m_write\"]' $USERTOKEN\n",
|
|
Run: func(cmd *cobra.Command, args []string) {
|
|
if len(args) != 5 {
|
|
logUsage(cmd.Use)
|
|
return
|
|
}
|
|
|
|
var actions []string
|
|
if err := json.Unmarshal([]byte(args[3]), &actions); err != nil {
|
|
logError(err)
|
|
return
|
|
}
|
|
|
|
var policy = mfxsdk.Policy{
|
|
Subject: args[1],
|
|
Object: args[2],
|
|
Actions: actions,
|
|
}
|
|
|
|
switch args[0] {
|
|
case things:
|
|
if err := sdk.CreateThingPolicy(policy, args[4]); err != nil {
|
|
logError(err)
|
|
return
|
|
}
|
|
case users:
|
|
if err := sdk.CreateUserPolicy(policy, args[4]); err != nil {
|
|
logError(err)
|
|
return
|
|
}
|
|
default:
|
|
logUsage(cmd.Use)
|
|
}
|
|
},
|
|
},
|
|
{
|
|
Use: "update [ users | things ] <subject_id> <object_id> <actions> <user_auth_token>",
|
|
Short: "Update policy",
|
|
Long: "Update policy\n" +
|
|
"Usage:\n" +
|
|
"\tmainflux-cli policies update users <user_id> <group_id> '[\"c_list\"]' $USERTOKEN\n" +
|
|
"\tmainflux-cli policies update things <thing_id> <channel_id> '[\"m_write\"]' $USERTOKEN\n",
|
|
Run: func(cmd *cobra.Command, args []string) {
|
|
if len(args) != 5 {
|
|
logUsage(cmd.Use)
|
|
return
|
|
}
|
|
|
|
var actions []string
|
|
if err := json.Unmarshal([]byte(args[3]), &actions); err != nil {
|
|
logError(err)
|
|
return
|
|
}
|
|
|
|
var policy = mfxsdk.Policy{
|
|
Subject: args[1],
|
|
Object: args[2],
|
|
Actions: actions,
|
|
}
|
|
|
|
switch args[0] {
|
|
case things:
|
|
if err := sdk.UpdateThingPolicy(policy, args[4]); err != nil {
|
|
logError(err)
|
|
return
|
|
}
|
|
case users:
|
|
if err := sdk.UpdateUserPolicy(policy, args[4]); err != nil {
|
|
logError(err)
|
|
return
|
|
}
|
|
default:
|
|
logUsage(cmd.Use)
|
|
}
|
|
},
|
|
},
|
|
{
|
|
Use: "list [ users | things ] <user_auth_token>",
|
|
Short: "List policies",
|
|
Long: "List policies\n" +
|
|
"Usage:\n" +
|
|
"\tmainflux-cli policies list users $USERTOKEN\n" +
|
|
"\tmainflux-cli policies list things $USERTOKEN\n",
|
|
Run: func(cmd *cobra.Command, args []string) {
|
|
if len(args) != 2 {
|
|
logUsage(cmd.Use)
|
|
return
|
|
}
|
|
pm := mfxsdk.PageMetadata{
|
|
Offset: uint64(Offset),
|
|
Limit: uint64(Limit),
|
|
}
|
|
switch args[0] {
|
|
case things:
|
|
policies, err := sdk.ListThingPolicies(pm, args[1])
|
|
if err != nil {
|
|
logError(err)
|
|
return
|
|
}
|
|
logJSON(policies)
|
|
return
|
|
case users:
|
|
policies, err := sdk.ListUserPolicies(pm, args[1])
|
|
if err != nil {
|
|
logError(err)
|
|
return
|
|
}
|
|
|
|
logJSON(policies)
|
|
return
|
|
default:
|
|
logUsage(cmd.Use)
|
|
}
|
|
},
|
|
},
|
|
{
|
|
Use: "remove [ users | things ] <subject_id> <object_id> <user_auth_token>",
|
|
Short: "Remove policy",
|
|
Long: "Removes a policy with the provided object and subject\n" +
|
|
"Usage:\n" +
|
|
"\tmainflux-cli policies remove users <user_id> <group_id> $USERTOKEN\n" +
|
|
"\tmainflux-cli policies remove things <thing_id> <channel_id> $USERTOKEN\n",
|
|
Run: func(cmd *cobra.Command, args []string) {
|
|
if len(args) != 4 {
|
|
logUsage(cmd.Use)
|
|
return
|
|
}
|
|
|
|
var policy = mfxsdk.Policy{
|
|
Subject: args[1],
|
|
Object: args[2],
|
|
}
|
|
switch args[0] {
|
|
case things:
|
|
if err := sdk.DeleteThingPolicy(policy, args[3]); err != nil {
|
|
logError(err)
|
|
return
|
|
}
|
|
case users:
|
|
if err := sdk.DeleteUserPolicy(policy, args[3]); err != nil {
|
|
logError(err)
|
|
return
|
|
}
|
|
default:
|
|
logUsage(cmd.Use)
|
|
}
|
|
},
|
|
},
|
|
{
|
|
Use: "authorize [ users | things ] <subject_id> <object_id> <action> <entity_type> <user_auth_token>",
|
|
Short: "Authorize access request",
|
|
Long: "Authorize subject over object with provided actions\n" +
|
|
"Usage:\n" +
|
|
"\tmainflux-cli policies authorize users <user_id> <group_id> \"c_list\" <entity_type> $USERTOKEN\n" +
|
|
"\tmainflux-cli policies authorize things <thing_id> <channel_id> \"m_read\" <entity_type> $USERTOKEN\n",
|
|
Run: func(cmd *cobra.Command, args []string) {
|
|
if len(args) != 6 {
|
|
logUsage(cmd.Use)
|
|
return
|
|
}
|
|
|
|
var areq = mfxsdk.AccessRequest{
|
|
Subject: args[1],
|
|
Object: args[2],
|
|
Action: args[3],
|
|
EntityType: args[4],
|
|
}
|
|
|
|
switch args[0] {
|
|
case users:
|
|
ok, err := sdk.AuthorizeUser(areq, args[5])
|
|
if err != nil {
|
|
logError(err)
|
|
return
|
|
}
|
|
logJSON(ok)
|
|
case things:
|
|
ok, _, err := sdk.AuthorizeThing(areq, args[5])
|
|
if err != nil {
|
|
logError(err)
|
|
return
|
|
}
|
|
logJSON(ok)
|
|
default:
|
|
logUsage(cmd.Use)
|
|
}
|
|
},
|
|
},
|
|
}
|
|
|
|
// NewPolicyCmd returns policies command.
|
|
func NewPolicyCmd() *cobra.Command {
|
|
cmd := cobra.Command{
|
|
Use: "policies [create | update | list | remove | authorize ]",
|
|
Short: "Policies management",
|
|
Long: `Policies management: create or update or list or delete or check policies`,
|
|
}
|
|
|
|
for i := range cmdPolicies {
|
|
cmd.AddCommand(&cmdPolicies[i])
|
|
}
|
|
|
|
return &cmd
|
|
}
|