-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Co-authored-by: Jake Van Vorhis <83739412+jakedoublev@users.noreply.github.com>
- Loading branch information
1 parent
c340a22
commit f53b61d
Showing
2 changed files
with
199 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,134 @@ | ||
package cmd | ||
|
||
import ( | ||
"strings" | ||
|
||
"github.com/opentdf/tructl/pkg/cli" | ||
"github.com/spf13/cobra" | ||
) | ||
|
||
var ( | ||
kasGrants_crudCommands = []string{ | ||
kasGrantsUpdateCmd.Use, | ||
kasGrantsDeleteCmd.Use, | ||
} | ||
|
||
// KasGrantsCmd is the command for managing KAS grants | ||
kasGrantsCmd = &cobra.Command{ | ||
Use: "kas-grants", | ||
Short: "Manage Key Access Server grants [" + strings.Join(kasGrants_crudCommands, ", ") + "]", | ||
} | ||
|
||
// Update one KAS registry entry | ||
kasGrantsUpdateCmd = &cobra.Command{ | ||
Use: "update", | ||
Short: "Update a KAS grant", | ||
Run: func(cmd *cobra.Command, args []string) { | ||
h := cli.NewHandler(cmd) | ||
defer h.Close() | ||
|
||
flagHelper := cli.NewFlagHelper(cmd) | ||
|
||
attr := flagHelper.GetOptionalString("attribute") | ||
val := flagHelper.GetOptionalString("value") | ||
kas := flagHelper.GetRequiredString("kas") | ||
|
||
if attr == "" && val == "" { | ||
cli.ExitWithError("Must specify and Attribute Definition id or Value id to update.", nil) | ||
} | ||
var ( | ||
id string | ||
header string | ||
res interface{} | ||
err error | ||
) | ||
|
||
if attr != "" { | ||
res, err = h.UpdateKasGrantForAttribute(attr, kas) | ||
if err != nil { | ||
cli.ExitWithError("Could not update KAS grant for attribute", err) | ||
} | ||
id = attr | ||
header = "Attribute ID" | ||
} else { | ||
res, err = h.UpdateKasGrantForValue(val, kas) | ||
if err != nil { | ||
cli.ExitWithError("Could not update KAS grant for attribute value", err) | ||
} | ||
id = val | ||
header = "Value ID" | ||
} | ||
|
||
t := cli.NewTabular(). | ||
Rows([][]string{ | ||
{header, id}, | ||
{"KAS ID", kas}, | ||
}...) | ||
HandleSuccess(cmd, id, t, res) | ||
}, | ||
} | ||
|
||
kasGrantsDeleteCmd = &cobra.Command{ | ||
Use: "delete", | ||
Short: "Delete a KAS grant", | ||
Run: func(cmd *cobra.Command, args []string) { | ||
h := cli.NewHandler(cmd) | ||
defer h.Close() | ||
|
||
flagHelper := cli.NewFlagHelper(cmd) | ||
attr := flagHelper.GetOptionalString("attribute") | ||
val := flagHelper.GetOptionalString("value") | ||
kas := flagHelper.GetRequiredString("kas") | ||
|
||
if attr == "" && val == "" { | ||
cli.ExitWithError("Must specify and Attribute Definition id or Value id to delete.", nil) | ||
} | ||
var ( | ||
id string | ||
header string | ||
res interface{} | ||
err error | ||
) | ||
|
||
cli.ConfirmDelete("KAS ID: ", kas) | ||
|
||
if attr != "" { | ||
res, err = h.DeleteKasGrantFromAttribute(attr, kas) | ||
if err != nil { | ||
cli.ExitWithError("Could not update KAS grant for attribute", err) | ||
} | ||
id = attr | ||
header = "Attribute ID" | ||
} else { | ||
_, err := h.DeleteKasGrantFromValue(val, kas) | ||
if err != nil { | ||
cli.ExitWithError("Could not update KAS grant for attribute value", err) | ||
} | ||
id = val | ||
header = "Value ID" | ||
} | ||
|
||
t := cli.NewTabular(). | ||
Rows([][]string{ | ||
{header, id}, | ||
{"KAS ID", kas}, | ||
}...) | ||
HandleSuccess(cmd, id, t, res) | ||
}, | ||
} | ||
) | ||
|
||
func init() { | ||
policyCmd.AddCommand(kasGrantsCmd) | ||
|
||
kasGrantsCmd.AddCommand(kasGrantsUpdateCmd) | ||
kasGrantsUpdateCmd.Flags().StringP("attribute", "a", "", "Attribute Definition ID") | ||
kasGrantsUpdateCmd.Flags().StringP("value", "v", "", "Attribute Value ID") | ||
kasGrantsUpdateCmd.Flags().StringP("kas", "k", "", "Key Access Server (KAS) ID") | ||
injectLabelFlags(kasGrantsUpdateCmd, true) | ||
|
||
kasGrantsCmd.AddCommand(kasGrantsDeleteCmd) | ||
kasGrantsDeleteCmd.Flags().StringP("attribute", "a", "", "Attribute Definition ID") | ||
kasGrantsDeleteCmd.Flags().StringP("value", "v", "", "Attribute Value ID") | ||
kasGrantsDeleteCmd.Flags().StringP("kas", "k", "", "Key Access Server (KAS) ID") | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
package handlers | ||
|
||
import ( | ||
"github.com/opentdf/platform/protocol/go/policy/attributes" | ||
) | ||
|
||
func (h Handler) UpdateKasGrantForAttribute(attr_id string, kas_id string) (*attributes.AttributeKeyAccessServer, error) { | ||
kas := &attributes.AttributeKeyAccessServer{ | ||
AttributeId: attr_id, | ||
KeyAccessServerId: kas_id, | ||
} | ||
resp, err := h.sdk.Attributes.AssignKeyAccessServerToAttribute(h.ctx, &attributes.AssignKeyAccessServerToAttributeRequest{ | ||
AttributeKeyAccessServer: kas, | ||
}) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
return resp.AttributeKeyAccessServer, nil | ||
} | ||
|
||
func (h Handler) DeleteKasGrantFromAttribute(attr_id string, kas_id string) (*attributes.AttributeKeyAccessServer, error) { | ||
kas := &attributes.AttributeKeyAccessServer{ | ||
AttributeId: attr_id, | ||
KeyAccessServerId: kas_id, | ||
} | ||
resp, err := h.sdk.Attributes.RemoveKeyAccessServerFromAttribute(h.ctx, &attributes.RemoveKeyAccessServerFromAttributeRequest{ | ||
AttributeKeyAccessServer: kas, | ||
}) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
return resp.AttributeKeyAccessServer, nil | ||
} | ||
|
||
func (h Handler) UpdateKasGrantForValue(val_id string, kas_id string) (*attributes.ValueKeyAccessServer, error) { | ||
kas := &attributes.ValueKeyAccessServer{ | ||
ValueId: val_id, | ||
KeyAccessServerId: kas_id, | ||
} | ||
resp, err := h.sdk.Attributes.AssignKeyAccessServerToValue(h.ctx, &attributes.AssignKeyAccessServerToValueRequest{ | ||
ValueKeyAccessServer: kas, | ||
}) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
return resp.ValueKeyAccessServer, nil | ||
} | ||
|
||
func (h Handler) DeleteKasGrantFromValue(val_id string, kas_id string) (*attributes.ValueKeyAccessServer, error) { | ||
kas := &attributes.ValueKeyAccessServer{ | ||
ValueId: val_id, | ||
KeyAccessServerId: kas_id, | ||
} | ||
resp, err := h.sdk.Attributes.RemoveKeyAccessServerFromValue(h.ctx, &attributes.RemoveKeyAccessServerFromValueRequest{ | ||
ValueKeyAccessServer: kas, | ||
}) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
return resp.ValueKeyAccessServer, nil | ||
} |