From cb13ce56ebacd8ecfed22413b9c89059c764182d Mon Sep 17 00:00:00 2001 From: Krish Suchak Date: Tue, 26 Mar 2024 16:43:58 -0400 Subject: [PATCH 01/14] add kas-grants handlers --- pkg/handlers/kas-grants.go | 65 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 pkg/handlers/kas-grants.go diff --git a/pkg/handlers/kas-grants.go b/pkg/handlers/kas-grants.go new file mode 100644 index 00000000..162fa31e --- /dev/null +++ b/pkg/handlers/kas-grants.go @@ -0,0 +1,65 @@ +package handlers + +import ( + "github.com/opentdf/platform/protocol/go/policy/attributes" +) + +func (h Handler) UpdateKasGrantForAttribute(attr_id string, kas_id string) (*attributes.AttributeKeyAccessServer, error) { + kas := &attributes.AttributeKeyAccessServer{ + AttributeId: attr_id, + KeyAccessServerId: kas_id, + } + resp, err := h.sdk.Attributes.AssignKeyAccessServerToAttribute(h.ctx, &attributes.AssignKeyAccessServerToAttributeRequest{ + AttributeKeyAccessServer: kas, + }) + if err != nil { + return nil, err + } + + return resp.AttributeKeyAccessServer, nil +} + +func (h Handler) DeleteKasGrantFromAttribute(attr_id string, kas_id string) (*attributes.AttributeKeyAccessServer, error) { + kas := &attributes.AttributeKeyAccessServer{ + AttributeId: attr_id, + KeyAccessServerId: kas_id, + } + resp, err := h.sdk.Attributes.RemoveKeyAccessServerFromAttribute(h.ctx, &attributes.RemoveKeyAccessServerFromAttributeRequest{ + AttributeKeyAccessServer: kas, + }) + if err != nil { + return nil, err + } + + return resp.AttributeKeyAccessServer, nil +} + +func (h Handler) UpdateKasGrantForValue(val_id string, kas_id string) (*attributes.ValueKeyAccessServer, error) { + kas := &attributes.ValueKeyAccessServer{ + ValueId: val_id, + KeyAccessServerId: kas_id, + } + resp, err := h.sdk.Attributes.AssignKeyAccessServerToValue(h.ctx, &attributes.AssignKeyAccessServerToValueRequest{ + ValueKeyAccessServer: kas, + }) + if err != nil { + return nil, err + } + + return resp.ValueKeyAccessServer, nil +} + +func (h Handler) DeleteKasGrantFromValue(val_id string, kas_id string) (*attributes.ValueKeyAccessServer, error) { + kas := &attributes.ValueKeyAccessServer{ + ValueId: val_id, + KeyAccessServerId: kas_id, + } + resp, err := h.sdk.Attributes.RemoveKeyAccessServerFromValue(h.ctx, &attributes.RemoveKeyAccessServerFromValueRequest{ + ValueKeyAccessServer: kas, + }) + if err != nil { + return nil, err + } + + return resp.ValueKeyAccessServer, nil +} From ca3af385328258431006ad42058ea5729e21edf1 Mon Sep 17 00:00:00 2001 From: Krish Suchak Date: Tue, 26 Mar 2024 17:18:47 -0400 Subject: [PATCH 02/14] boilerplate cmd --- cmd/kas-grants.go | 259 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 259 insertions(+) create mode 100644 cmd/kas-grants.go diff --git a/cmd/kas-grants.go b/cmd/kas-grants.go new file mode 100644 index 00000000..12e4ce9c --- /dev/null +++ b/cmd/kas-grants.go @@ -0,0 +1,259 @@ +package cmd + +import ( + "fmt" + "strings" + + "github.com/opentdf/platform/protocol/go/kasregistry" + "github.com/opentdf/tructl/pkg/cli" + "github.com/spf13/cobra" +) + +var ( + kasGrants_crudCommands = []string{ + kasGrantsUpdateCmd.Use, + kasGrantsDeleteCmd.Use, + } + + // KasRegistryCmd is the command for managing KAS registrations + kasGrantsCmd = &cobra.Command{ + Use: "kas-grants", + Short: "Manage Key Access Server grants [" + strings.Join(kasGrants_crudCommands, ", ") + "]", + } + + // kasRegistryGetCmd = &cobra.Command{ + // Use: "get", + // Short: "Get a registered Key Access Server by id", + // Run: func(cmd *cobra.Command, args []string) { + // h := cli.NewHandler(cmd) + // defer h.Close() + + // flagHelper := cli.NewFlagHelper(cmd) + // id := flagHelper.GetRequiredString("id") + + // kas, err := h.GetKasRegistryEntry(id) + // if err != nil { + // errMsg := fmt.Sprintf("Could not find KAS registry entry (%s)", id) + // cli.ExitWithNotFoundError(errMsg, err) + // } + + // keyType := "Local" + // key := kas.PublicKey.GetLocal() + // if kas.PublicKey.GetRemote() != "" { + // keyType = "Remote" + // key = kas.PublicKey.GetRemote() + // } + + // t := cli.NewTabular(). + // Rows([][]string{ + // {"Id", kas.Id}, + // // TODO: render labels [https://github.com/opentdf/tructl/issues/73] + // {"URI", kas.Uri}, + // {"PublicKey Type", keyType}, + // {"PublicKey", key}, + // }...) + // HandleSuccess(cmd, kas.Id, t, kas) + // }, + // } + + // kasRegistrysListCmd = &cobra.Command{ + // Use: "list", + // Short: "List KAS registry entries", + // Run: func(cmd *cobra.Command, args []string) { + // h := cli.NewHandler(cmd) + // defer h.Close() + + // list, err := h.ListKasRegistryEntries() + // if err != nil { + // cli.ExitWithError("Could not get KAS registry entries", err) + // } + + // t := cli.NewTable() + // t.Headers("Id", "URI", "PublicKey Location", "PublicKey") + // for _, kas := range list { + // keyType := "Local" + // key := kas.PublicKey.GetLocal() + // if kas.PublicKey.GetRemote() != "" { + // keyType = "Remote" + // key = kas.PublicKey.GetRemote() + // } + + // t.Row( + // kas.Id, + // kas.Uri, + // keyType, + // key, + // // TODO: render labels [https://github.com/opentdf/tructl/issues/73] + // ) + // } + // HandleSuccess(cmd, "", t, list) + // }, + // } + + // kasRegistrysCreateCmd = &cobra.Command{ + // Use: "create", + // Short: "Create a new KAS registry entry, i.e. 'https://example.com'", + // Run: func(cmd *cobra.Command, args []string) { + // h := cli.NewHandler(cmd) + // defer h.Close() + + // flagHelper := cli.NewFlagHelper(cmd) + // uri := flagHelper.GetRequiredString("uri") + // local := flagHelper.GetOptionalString("public-key-local") + // remote := flagHelper.GetOptionalString("public-key-remote") + // metadataLabels := flagHelper.GetStringSlice("label", metadataLabels, cli.FlagHelperStringSliceOptions{Min: 0}) + + // if local == "" && remote == "" { + // e := fmt.Errorf("A public key is required. Please pass either a local or remote public key") + // cli.ExitWithError("Issue with create flags 'public-key-local' and 'public-key-remote': ", e) + // } + + // key := &kasregistry.PublicKey{} + // keyType := "Local" + // if local != "" { + // if remote != "" { + // e := fmt.Errorf("Only one public key is allowed. Please pass either a local or remote public key but not both") + // cli.ExitWithError("Issue with create flags 'public-key-local' and 'public-key-remote': ", e) + // } + // key.PublicKey = &kasregistry.PublicKey_Local{Local: local} + // } else { + // keyType = "Remote" + // key.PublicKey = &kasregistry.PublicKey_Remote{Remote: remote} + // } + + // created, err := h.CreateKasRegistryEntry( + // uri, + // key, + // getMetadataMutable(metadataLabels), + // ) + // if err != nil { + // cli.ExitWithError("Could not create KAS registry entry", err) + // } + + // t := cli.NewTabular(). + // Rows([][]string{ + // {"Id", created.Id}, + // {"URI", created.Uri}, + // {"PublicKey Type", keyType}, + // {"PublicKey", local}, + // // TODO: render labels [https://github.com/opentdf/tructl/issues/73] + // }...) + + // HandleSuccess(cmd, created.Id, t, created) + // }, + // } + + // Update one KAS registry entry + kasGrantsUpdateCmd = &cobra.Command{ + Use: "update", + Short: "Update a KAS registry entry", + Run: func(cmd *cobra.Command, args []string) { + h := cli.NewHandler(cmd) + defer h.Close() + + flagHelper := cli.NewFlagHelper(cmd) + + id := flagHelper.GetRequiredString("id") + uri := flagHelper.GetOptionalString("uri") + local := flagHelper.GetOptionalString("public-key-local") + remote := flagHelper.GetOptionalString("public-key-remote") + labels := flagHelper.GetStringSlice("label", metadataLabels, cli.FlagHelperStringSliceOptions{Min: 0}) + + if local == "" && remote == "" && len(labels) == 0 && uri == "" { + cli.ExitWithError("No values were passed to update. Please pass at least one value to update (E.G. 'uri', 'public-key-local', 'public-key-remote', 'label')", nil) + } + + // TODO: should update of a type of key be a dangerous mutation or cause a need for confirmation in the CLI? + var pubKey *kasregistry.PublicKey + if local != "" && remote != "" { + e := fmt.Errorf("Only one public key is allowed. Please pass either a local or remote public key but not both") + cli.ExitWithError("Issue with update flags 'public-key-local' and 'public-key-remote': ", e) + } else if local != "" { + pubKey = &kasregistry.PublicKey{PublicKey: &kasregistry.PublicKey_Local{Local: local}} + } else if remote != "" { + pubKey = &kasregistry.PublicKey{PublicKey: &kasregistry.PublicKey_Remote{Remote: remote}} + } + + updated, err := h.UpdateKasRegistryEntry( + id, + uri, + pubKey, + getMetadataMutable(labels), + getMetadataUpdateBehavior(), + ) + if err != nil { + cli.ExitWithError("Could not update KAS registry entry", err) + } + t := cli.NewTabular(). + Rows([][]string{ + {"Id", id}, + {"URI", uri}, + // TODO: render labels [https://github.com/opentdf/tructl/issues/73] + }...) + HandleSuccess(cmd, id, t, updated) + }, + } + + kasGrantsDeleteCmd = &cobra.Command{ + Use: "delete", + Short: "Delete a KAS registry entry by id", + Run: func(cmd *cobra.Command, args []string) { + h := cli.NewHandler(cmd) + defer h.Close() + + flagHelper := cli.NewFlagHelper(cmd) + id := flagHelper.GetRequiredString("id") + + kas, err := h.GetKasRegistryEntry(id) + if err != nil { + errMsg := fmt.Sprintf("Could not find KAS registry entry (%s)", id) + cli.ExitWithNotFoundError(errMsg, err) + } + + cli.ConfirmDelete("KAS Registry Entry: ", id) + + if err := h.DeleteKasRegistryEntry(id); err != nil { + errMsg := fmt.Sprintf("Could not delete KAS registry entry (%s)", id) + cli.ExitWithError(errMsg, err) + } + + t := cli.NewTabular(). + Rows([][]string{ + {"Id", kas.Id}, + {"URI", kas.Uri}, + }...) + + HandleSuccess(cmd, kas.Id, t, kas) + }, + } +) + +func init() { + policyCmd.AddCommand(kasGrantsCmd) + + // kasGrantsCmd.AddCommand(kasGrantsGetCmd) + // kasGrantsGetCmd.Flags().StringP("id", "i", "", "Id of the KAS registry entry") + + // kasGrantsCmd.AddCommand(kasGrantsListCmd) + // TODO: active, inactive, any state querying [https://github.com/opentdf/tructl/issues/68] + + // kasGrantsCmd.AddCommand(kasGrantsCreateCmd) + // kasGrantsCreateCmd.Flags().StringP("uri", "u", "", "The URI of the KAS registry entry") + // kasGrantsCreateCmd.Flags().StringP("public-key-local", "p", "", "A local public key for the registered Key Access Server (KAS)") + // kasGrantsCreateCmd.Flags().StringP("public-key-remote", "r", "", "A remote endpoint that provides a public key for the registered Key Access Server (KAS)") + // injectLabelFlags(kasGrantsCreateCmd, false) + + kasGrantsCmd.AddCommand(kasGrantsUpdateCmd) + kasGrantsUpdateCmd.Flags().StringP("id", "i", "", "Id of the KAS registry entry") + kasGrantsUpdateCmd.Flags().StringP("uri", "u", "", "The URI of the KAS registry entry") + kasGrantsUpdateCmd.Flags().StringP("public-key-local", "p", "", "A local public key for the registered Key Access Server (KAS)") + kasGrantsUpdateCmd.Flags().StringP("public-key-remote", "r", "", "A remote endpoint that serves a public key for the registered Key Access Server (KAS)") + injectLabelFlags(kasGrantsUpdateCmd, true) + + kasGrantsCmd.AddCommand(kasGrantsDeleteCmd) + kasGrantsDeleteCmd.Flags().StringP("id", "i", "", "Id of the KAS registry entry") +} + +func init() { + rootCmd.AddCommand(kasGrantsCmd) +} From a593fe75a953a4423feb8b21a56c8f75c78b36c2 Mon Sep 17 00:00:00 2001 From: Krish Suchak Date: Tue, 26 Mar 2024 17:21:52 -0400 Subject: [PATCH 03/14] update flags --- cmd/kas-grants.go | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/cmd/kas-grants.go b/cmd/kas-grants.go index 12e4ce9c..1804c5fe 100644 --- a/cmd/kas-grants.go +++ b/cmd/kas-grants.go @@ -244,14 +244,15 @@ func init() { // injectLabelFlags(kasGrantsCreateCmd, false) kasGrantsCmd.AddCommand(kasGrantsUpdateCmd) - kasGrantsUpdateCmd.Flags().StringP("id", "i", "", "Id of the KAS registry entry") - kasGrantsUpdateCmd.Flags().StringP("uri", "u", "", "The URI of the KAS registry entry") - kasGrantsUpdateCmd.Flags().StringP("public-key-local", "p", "", "A local public key for the registered Key Access Server (KAS)") - kasGrantsUpdateCmd.Flags().StringP("public-key-remote", "r", "", "A remote endpoint that serves a public key for the registered Key Access Server (KAS)") + kasGrantsUpdateCmd.Flags().StringP("attribute", "a", "", "attribute id") + kasGrantsUpdateCmd.Flags().StringP("value", "v", "", "attribute value id") + kasGrantsUpdateCmd.Flags().StringP("kas", "k", "", "kas id") injectLabelFlags(kasGrantsUpdateCmd, true) kasGrantsCmd.AddCommand(kasGrantsDeleteCmd) - kasGrantsDeleteCmd.Flags().StringP("id", "i", "", "Id of the KAS registry entry") + kasGrantsDeleteCmd.Flags().StringP("attribute", "a", "", "attribute id") + kasGrantsDeleteCmd.Flags().StringP("value", "v", "", "attribute value id") + kasGrantsDeleteCmd.Flags().StringP("kas", "k", "", "kas id") } func init() { From 67df0fa647e6ab58fe096e1361e7b156dc2d732b Mon Sep 17 00:00:00 2001 From: Krish Suchak Date: Tue, 26 Mar 2024 17:22:41 -0400 Subject: [PATCH 04/14] clean up --- cmd/kas-grants.go | 136 +--------------------------------------------- 1 file changed, 1 insertion(+), 135 deletions(-) diff --git a/cmd/kas-grants.go b/cmd/kas-grants.go index 1804c5fe..e2a2f897 100644 --- a/cmd/kas-grants.go +++ b/cmd/kas-grants.go @@ -15,134 +15,12 @@ var ( kasGrantsDeleteCmd.Use, } - // KasRegistryCmd is the command for managing KAS registrations + // KasGrantsCmd is the command for managing KAS grants kasGrantsCmd = &cobra.Command{ Use: "kas-grants", Short: "Manage Key Access Server grants [" + strings.Join(kasGrants_crudCommands, ", ") + "]", } - // kasRegistryGetCmd = &cobra.Command{ - // Use: "get", - // Short: "Get a registered Key Access Server by id", - // Run: func(cmd *cobra.Command, args []string) { - // h := cli.NewHandler(cmd) - // defer h.Close() - - // flagHelper := cli.NewFlagHelper(cmd) - // id := flagHelper.GetRequiredString("id") - - // kas, err := h.GetKasRegistryEntry(id) - // if err != nil { - // errMsg := fmt.Sprintf("Could not find KAS registry entry (%s)", id) - // cli.ExitWithNotFoundError(errMsg, err) - // } - - // keyType := "Local" - // key := kas.PublicKey.GetLocal() - // if kas.PublicKey.GetRemote() != "" { - // keyType = "Remote" - // key = kas.PublicKey.GetRemote() - // } - - // t := cli.NewTabular(). - // Rows([][]string{ - // {"Id", kas.Id}, - // // TODO: render labels [https://github.com/opentdf/tructl/issues/73] - // {"URI", kas.Uri}, - // {"PublicKey Type", keyType}, - // {"PublicKey", key}, - // }...) - // HandleSuccess(cmd, kas.Id, t, kas) - // }, - // } - - // kasRegistrysListCmd = &cobra.Command{ - // Use: "list", - // Short: "List KAS registry entries", - // Run: func(cmd *cobra.Command, args []string) { - // h := cli.NewHandler(cmd) - // defer h.Close() - - // list, err := h.ListKasRegistryEntries() - // if err != nil { - // cli.ExitWithError("Could not get KAS registry entries", err) - // } - - // t := cli.NewTable() - // t.Headers("Id", "URI", "PublicKey Location", "PublicKey") - // for _, kas := range list { - // keyType := "Local" - // key := kas.PublicKey.GetLocal() - // if kas.PublicKey.GetRemote() != "" { - // keyType = "Remote" - // key = kas.PublicKey.GetRemote() - // } - - // t.Row( - // kas.Id, - // kas.Uri, - // keyType, - // key, - // // TODO: render labels [https://github.com/opentdf/tructl/issues/73] - // ) - // } - // HandleSuccess(cmd, "", t, list) - // }, - // } - - // kasRegistrysCreateCmd = &cobra.Command{ - // Use: "create", - // Short: "Create a new KAS registry entry, i.e. 'https://example.com'", - // Run: func(cmd *cobra.Command, args []string) { - // h := cli.NewHandler(cmd) - // defer h.Close() - - // flagHelper := cli.NewFlagHelper(cmd) - // uri := flagHelper.GetRequiredString("uri") - // local := flagHelper.GetOptionalString("public-key-local") - // remote := flagHelper.GetOptionalString("public-key-remote") - // metadataLabels := flagHelper.GetStringSlice("label", metadataLabels, cli.FlagHelperStringSliceOptions{Min: 0}) - - // if local == "" && remote == "" { - // e := fmt.Errorf("A public key is required. Please pass either a local or remote public key") - // cli.ExitWithError("Issue with create flags 'public-key-local' and 'public-key-remote': ", e) - // } - - // key := &kasregistry.PublicKey{} - // keyType := "Local" - // if local != "" { - // if remote != "" { - // e := fmt.Errorf("Only one public key is allowed. Please pass either a local or remote public key but not both") - // cli.ExitWithError("Issue with create flags 'public-key-local' and 'public-key-remote': ", e) - // } - // key.PublicKey = &kasregistry.PublicKey_Local{Local: local} - // } else { - // keyType = "Remote" - // key.PublicKey = &kasregistry.PublicKey_Remote{Remote: remote} - // } - - // created, err := h.CreateKasRegistryEntry( - // uri, - // key, - // getMetadataMutable(metadataLabels), - // ) - // if err != nil { - // cli.ExitWithError("Could not create KAS registry entry", err) - // } - - // t := cli.NewTabular(). - // Rows([][]string{ - // {"Id", created.Id}, - // {"URI", created.Uri}, - // {"PublicKey Type", keyType}, - // {"PublicKey", local}, - // // TODO: render labels [https://github.com/opentdf/tructl/issues/73] - // }...) - - // HandleSuccess(cmd, created.Id, t, created) - // }, - // } - // Update one KAS registry entry kasGrantsUpdateCmd = &cobra.Command{ Use: "update", @@ -231,18 +109,6 @@ var ( func init() { policyCmd.AddCommand(kasGrantsCmd) - // kasGrantsCmd.AddCommand(kasGrantsGetCmd) - // kasGrantsGetCmd.Flags().StringP("id", "i", "", "Id of the KAS registry entry") - - // kasGrantsCmd.AddCommand(kasGrantsListCmd) - // TODO: active, inactive, any state querying [https://github.com/opentdf/tructl/issues/68] - - // kasGrantsCmd.AddCommand(kasGrantsCreateCmd) - // kasGrantsCreateCmd.Flags().StringP("uri", "u", "", "The URI of the KAS registry entry") - // kasGrantsCreateCmd.Flags().StringP("public-key-local", "p", "", "A local public key for the registered Key Access Server (KAS)") - // kasGrantsCreateCmd.Flags().StringP("public-key-remote", "r", "", "A remote endpoint that provides a public key for the registered Key Access Server (KAS)") - // injectLabelFlags(kasGrantsCreateCmd, false) - kasGrantsCmd.AddCommand(kasGrantsUpdateCmd) kasGrantsUpdateCmd.Flags().StringP("attribute", "a", "", "attribute id") kasGrantsUpdateCmd.Flags().StringP("value", "v", "", "attribute value id") From 753f4c577fa1deaf0ef4d2f223c9bd1c8fec0ce9 Mon Sep 17 00:00:00 2001 From: Krish Suchak Date: Tue, 26 Mar 2024 19:30:13 -0400 Subject: [PATCH 05/14] update cmd --- cmd/kas-grants.go | 85 ++++++++++++++++++++++++++++++----------------- 1 file changed, 54 insertions(+), 31 deletions(-) diff --git a/cmd/kas-grants.go b/cmd/kas-grants.go index e2a2f897..6ae83354 100644 --- a/cmd/kas-grants.go +++ b/cmd/kas-grants.go @@ -4,7 +4,6 @@ import ( "fmt" "strings" - "github.com/opentdf/platform/protocol/go/kasregistry" "github.com/opentdf/tructl/pkg/cli" "github.com/spf13/cobra" ) @@ -24,48 +23,72 @@ var ( // Update one KAS registry entry kasGrantsUpdateCmd = &cobra.Command{ Use: "update", - Short: "Update a KAS registry entry", + Short: "Update a KAS grant", Run: func(cmd *cobra.Command, args []string) { h := cli.NewHandler(cmd) defer h.Close() flagHelper := cli.NewFlagHelper(cmd) - id := flagHelper.GetRequiredString("id") - uri := flagHelper.GetOptionalString("uri") - local := flagHelper.GetOptionalString("public-key-local") - remote := flagHelper.GetOptionalString("public-key-remote") - labels := flagHelper.GetStringSlice("label", metadataLabels, cli.FlagHelperStringSliceOptions{Min: 0}) + attr := flagHelper.GetOptionalString("attribute") + val := flagHelper.GetOptionalString("value") + kas := flagHelper.GetRequiredString("kas") + // uri := flagHelper.GetOptionalString("uri") + // local := flagHelper.GetOptionalString("public-key-local") + // remote := flagHelper.GetOptionalString("public-key-remote") + // labels := flagHelper.GetStringSlice("label", metadataLabels, cli.FlagHelperStringSliceOptions{Min: 0}) - if local == "" && remote == "" && len(labels) == 0 && uri == "" { - cli.ExitWithError("No values were passed to update. Please pass at least one value to update (E.G. 'uri', 'public-key-local', 'public-key-remote', 'label')", nil) + if kas == "" || (attr == "" && val == "") { + cli.ExitWithError("Specify a key access server and an attribute id or attribute value if to update.", nil) } + var ( + id string + header string + // updated interface{} + updated map[string]interface{} + ) - // TODO: should update of a type of key be a dangerous mutation or cause a need for confirmation in the CLI? - var pubKey *kasregistry.PublicKey - if local != "" && remote != "" { - e := fmt.Errorf("Only one public key is allowed. Please pass either a local or remote public key but not both") - cli.ExitWithError("Issue with update flags 'public-key-local' and 'public-key-remote': ", e) - } else if local != "" { - pubKey = &kasregistry.PublicKey{PublicKey: &kasregistry.PublicKey_Local{Local: local}} - } else if remote != "" { - pubKey = &kasregistry.PublicKey{PublicKey: &kasregistry.PublicKey_Remote{Remote: remote}} + // updated.kas_id = kas + // updated := make(map[string]interface{}) + updated["kas_id"] = kas + + if attr != "" { + _, err := h.UpdateKasGrantForAttribute(attr, kas) + // akas, err := h.UpdateKasGrantForAttribute(attr, kas) + // id = akas.AttributeId + if err != nil { + cli.ExitWithError("Could not update KAS grant for attribute", err) + } + id = attr + header = "Attribute ID" + updated["attribute_id"] = attr + } else { + _, err := h.UpdateKasGrantForValue(val, kas) + // vkas, err := h.UpdateKasGrantForValue(val, kas) + // id = vkas.ValueId + if err != nil { + cli.ExitWithError("Could not update KAS grant for attribute value", err) + } + id = val + header = "Value ID" + updated["value_id"] = val + // updated.value_id = val } - updated, err := h.UpdateKasRegistryEntry( - id, - uri, - pubKey, - getMetadataMutable(labels), - getMetadataUpdateBehavior(), - ) - if err != nil { - cli.ExitWithError("Could not update KAS registry entry", err) - } + // updated, err := h.UpdateKasRegistryEntry( + // id, + // uri, + // pubKey, + // getMetadataMutable(labels), + // getMetadataUpdateBehavior(), + // ) + // if err != nil { + // cli.ExitWithError("Could not update KAS registry entry", err) + // } t := cli.NewTabular(). Rows([][]string{ - {"Id", id}, - {"URI", uri}, + {header, id}, + {"KAS ID", kas}, // TODO: render labels [https://github.com/opentdf/tructl/issues/73] }...) HandleSuccess(cmd, id, t, updated) @@ -74,7 +97,7 @@ var ( kasGrantsDeleteCmd = &cobra.Command{ Use: "delete", - Short: "Delete a KAS registry entry by id", + Short: "Delete a KAS grant", Run: func(cmd *cobra.Command, args []string) { h := cli.NewHandler(cmd) defer h.Close() From 656b69770518364bcd7eb8b8aba11613e408ace8 Mon Sep 17 00:00:00 2001 From: Krish Suchak Date: Tue, 26 Mar 2024 19:33:05 -0400 Subject: [PATCH 06/14] clean up --- cmd/kas-grants.go | 26 ++------------------------ 1 file changed, 2 insertions(+), 24 deletions(-) diff --git a/cmd/kas-grants.go b/cmd/kas-grants.go index 6ae83354..100c15e8 100644 --- a/cmd/kas-grants.go +++ b/cmd/kas-grants.go @@ -33,29 +33,21 @@ var ( attr := flagHelper.GetOptionalString("attribute") val := flagHelper.GetOptionalString("value") kas := flagHelper.GetRequiredString("kas") - // uri := flagHelper.GetOptionalString("uri") - // local := flagHelper.GetOptionalString("public-key-local") - // remote := flagHelper.GetOptionalString("public-key-remote") - // labels := flagHelper.GetStringSlice("label", metadataLabels, cli.FlagHelperStringSliceOptions{Min: 0}) if kas == "" || (attr == "" && val == "") { cli.ExitWithError("Specify a key access server and an attribute id or attribute value if to update.", nil) } var ( - id string - header string - // updated interface{} + id string + header string updated map[string]interface{} ) - // updated.kas_id = kas // updated := make(map[string]interface{}) updated["kas_id"] = kas if attr != "" { _, err := h.UpdateKasGrantForAttribute(attr, kas) - // akas, err := h.UpdateKasGrantForAttribute(attr, kas) - // id = akas.AttributeId if err != nil { cli.ExitWithError("Could not update KAS grant for attribute", err) } @@ -64,32 +56,18 @@ var ( updated["attribute_id"] = attr } else { _, err := h.UpdateKasGrantForValue(val, kas) - // vkas, err := h.UpdateKasGrantForValue(val, kas) - // id = vkas.ValueId if err != nil { cli.ExitWithError("Could not update KAS grant for attribute value", err) } id = val header = "Value ID" updated["value_id"] = val - // updated.value_id = val } - // updated, err := h.UpdateKasRegistryEntry( - // id, - // uri, - // pubKey, - // getMetadataMutable(labels), - // getMetadataUpdateBehavior(), - // ) - // if err != nil { - // cli.ExitWithError("Could not update KAS registry entry", err) - // } t := cli.NewTabular(). Rows([][]string{ {header, id}, {"KAS ID", kas}, - // TODO: render labels [https://github.com/opentdf/tructl/issues/73] }...) HandleSuccess(cmd, id, t, updated) }, From 00ed3686bb7b657523ab7d249ced252f8cf8269d Mon Sep 17 00:00:00 2001 From: Krish Suchak Date: Tue, 26 Mar 2024 19:52:21 -0400 Subject: [PATCH 07/14] delete cmd --- cmd/kas-grants.go | 59 ++++++++++++++++++++++++++++++----------------- 1 file changed, 38 insertions(+), 21 deletions(-) diff --git a/cmd/kas-grants.go b/cmd/kas-grants.go index 100c15e8..bcdf2697 100644 --- a/cmd/kas-grants.go +++ b/cmd/kas-grants.go @@ -1,7 +1,6 @@ package cmd import ( - "fmt" "strings" "github.com/opentdf/tructl/pkg/cli" @@ -43,7 +42,6 @@ var ( updated map[string]interface{} ) - // updated := make(map[string]interface{}) updated["kas_id"] = kas if attr != "" { @@ -81,28 +79,47 @@ var ( defer h.Close() flagHelper := cli.NewFlagHelper(cmd) - id := flagHelper.GetRequiredString("id") + attr := flagHelper.GetOptionalString("attribute") + val := flagHelper.GetOptionalString("value") + kas := flagHelper.GetRequiredString("kas") - kas, err := h.GetKasRegistryEntry(id) - if err != nil { - errMsg := fmt.Sprintf("Could not find KAS registry entry (%s)", id) - cli.ExitWithNotFoundError(errMsg, err) + if kas == "" || (attr == "" && val == "") { + cli.ExitWithError("Specify a key access server and an attribute id or attribute value if to update.", nil) } + var ( + id string + header string + deleted map[string]interface{} + ) + + cli.ConfirmDelete("KAS ID: ", kas) - cli.ConfirmDelete("KAS Registry Entry: ", id) + deleted["kas_id"] = kas - if err := h.DeleteKasRegistryEntry(id); err != nil { - errMsg := fmt.Sprintf("Could not delete KAS registry entry (%s)", id) - cli.ExitWithError(errMsg, err) + if attr != "" { + _, err := h.DeleteKasGrantFromAttribute(attr, kas) + if err != nil { + cli.ExitWithError("Could not update KAS grant for attribute", err) + } + id = attr + header = "Attribute ID" + deleted["attribute_id"] = attr + } else { + _, err := h.DeleteKasGrantFromValue(val, kas) + if err != nil { + cli.ExitWithError("Could not update KAS grant for attribute value", err) + } + id = val + header = "Value ID" + deleted["value_id"] = val } t := cli.NewTabular(). Rows([][]string{ - {"Id", kas.Id}, - {"URI", kas.Uri}, + {header, id}, + {"KAS ID", kas}, }...) - - HandleSuccess(cmd, kas.Id, t, kas) + HandleSuccess(cmd, id, t, deleted) }, } ) @@ -111,15 +128,15 @@ func init() { policyCmd.AddCommand(kasGrantsCmd) kasGrantsCmd.AddCommand(kasGrantsUpdateCmd) - kasGrantsUpdateCmd.Flags().StringP("attribute", "a", "", "attribute id") - kasGrantsUpdateCmd.Flags().StringP("value", "v", "", "attribute value id") - kasGrantsUpdateCmd.Flags().StringP("kas", "k", "", "kas id") + kasGrantsUpdateCmd.Flags().StringP("attribute", "a", "", "Attribute ID") + kasGrantsUpdateCmd.Flags().StringP("value", "v", "", "Attribute Value ID") + kasGrantsUpdateCmd.Flags().StringP("kas", "k", "", "KAS ID") injectLabelFlags(kasGrantsUpdateCmd, true) kasGrantsCmd.AddCommand(kasGrantsDeleteCmd) - kasGrantsDeleteCmd.Flags().StringP("attribute", "a", "", "attribute id") - kasGrantsDeleteCmd.Flags().StringP("value", "v", "", "attribute value id") - kasGrantsDeleteCmd.Flags().StringP("kas", "k", "", "kas id") + kasGrantsDeleteCmd.Flags().StringP("attribute", "a", "", "Attribute ID") + kasGrantsDeleteCmd.Flags().StringP("value", "v", "", "Attribute Value ID") + kasGrantsDeleteCmd.Flags().StringP("kas", "k", "", "KAS ID") } func init() { From 933ffb62fc42b2cdf0dc73d8f5d8a409de05b072 Mon Sep 17 00:00:00 2001 From: Krish Suchak <42231639+suchak1@users.noreply.github.com> Date: Wed, 27 Mar 2024 11:19:08 -0400 Subject: [PATCH 08/14] Update cmd/kas-grants.go Co-authored-by: Jake Van Vorhis <83739412+jakedoublev@users.noreply.github.com> --- cmd/kas-grants.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/kas-grants.go b/cmd/kas-grants.go index bcdf2697..34fd721c 100644 --- a/cmd/kas-grants.go +++ b/cmd/kas-grants.go @@ -34,7 +34,7 @@ var ( kas := flagHelper.GetRequiredString("kas") if kas == "" || (attr == "" && val == "") { - cli.ExitWithError("Specify a key access server and an attribute id or attribute value if to update.", nil) + cli.ExitWithError("Must specify and Attribute Definition id or Value id to update.", nil) } var ( id string From 769ce2619f5bfdada3be3ae9be3c349e0b47804c Mon Sep 17 00:00:00 2001 From: Krish Suchak Date: Wed, 27 Mar 2024 11:20:04 -0400 Subject: [PATCH 09/14] delete check --- cmd/kas-grants.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/kas-grants.go b/cmd/kas-grants.go index 34fd721c..42da21ef 100644 --- a/cmd/kas-grants.go +++ b/cmd/kas-grants.go @@ -33,7 +33,7 @@ var ( val := flagHelper.GetOptionalString("value") kas := flagHelper.GetRequiredString("kas") - if kas == "" || (attr == "" && val == "") { + if attr == "" && val == "" { cli.ExitWithError("Must specify and Attribute Definition id or Value id to update.", nil) } var ( @@ -83,8 +83,8 @@ var ( val := flagHelper.GetOptionalString("value") kas := flagHelper.GetRequiredString("kas") - if kas == "" || (attr == "" && val == "") { - cli.ExitWithError("Specify a key access server and an attribute id or attribute value if to update.", nil) + if attr == "" && val == "" { + cli.ExitWithError("Must specify and Attribute Definition id or Value id to delete.", nil) } var ( id string From 2a13876510cfd77cbed932315c10fd9cb68765a0 Mon Sep 17 00:00:00 2001 From: Krish Suchak <42231639+suchak1@users.noreply.github.com> Date: Wed, 27 Mar 2024 11:20:18 -0400 Subject: [PATCH 10/14] Update cmd/kas-grants.go Co-authored-by: Jake Van Vorhis <83739412+jakedoublev@users.noreply.github.com> --- cmd/kas-grants.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/kas-grants.go b/cmd/kas-grants.go index 42da21ef..4ad78339 100644 --- a/cmd/kas-grants.go +++ b/cmd/kas-grants.go @@ -39,7 +39,7 @@ var ( var ( id string header string - updated map[string]interface{} + updated map[string]string ) updated["kas_id"] = kas From 3590250845e2871d3d344c5412374e363e774347 Mon Sep 17 00:00:00 2001 From: Krish Suchak <42231639+suchak1@users.noreply.github.com> Date: Wed, 27 Mar 2024 11:20:42 -0400 Subject: [PATCH 11/14] Update cmd/kas-grants.go Co-authored-by: Jake Van Vorhis <83739412+jakedoublev@users.noreply.github.com> --- cmd/kas-grants.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/kas-grants.go b/cmd/kas-grants.go index 4ad78339..01c172cb 100644 --- a/cmd/kas-grants.go +++ b/cmd/kas-grants.go @@ -128,7 +128,7 @@ func init() { policyCmd.AddCommand(kasGrantsCmd) kasGrantsCmd.AddCommand(kasGrantsUpdateCmd) - kasGrantsUpdateCmd.Flags().StringP("attribute", "a", "", "Attribute ID") + kasGrantsUpdateCmd.Flags().StringP("attribute", "a", "", "Attribute Definition ID") kasGrantsUpdateCmd.Flags().StringP("value", "v", "", "Attribute Value ID") kasGrantsUpdateCmd.Flags().StringP("kas", "k", "", "KAS ID") injectLabelFlags(kasGrantsUpdateCmd, true) From e7d838aa157b017c38bd6821d5f844ae8687023d Mon Sep 17 00:00:00 2001 From: Krish Suchak <42231639+suchak1@users.noreply.github.com> Date: Wed, 27 Mar 2024 11:20:46 -0400 Subject: [PATCH 12/14] Update cmd/kas-grants.go Co-authored-by: Jake Van Vorhis <83739412+jakedoublev@users.noreply.github.com> --- cmd/kas-grants.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/kas-grants.go b/cmd/kas-grants.go index 01c172cb..3a2bb0a0 100644 --- a/cmd/kas-grants.go +++ b/cmd/kas-grants.go @@ -130,7 +130,7 @@ func init() { kasGrantsCmd.AddCommand(kasGrantsUpdateCmd) kasGrantsUpdateCmd.Flags().StringP("attribute", "a", "", "Attribute Definition ID") kasGrantsUpdateCmd.Flags().StringP("value", "v", "", "Attribute Value ID") - kasGrantsUpdateCmd.Flags().StringP("kas", "k", "", "KAS ID") + kasGrantsUpdateCmd.Flags().StringP("kas", "k", "", "Key Access Server (KAS) ID") injectLabelFlags(kasGrantsUpdateCmd, true) kasGrantsCmd.AddCommand(kasGrantsDeleteCmd) From 21038cae29c941e01a705d85836cc5f42e307aca Mon Sep 17 00:00:00 2001 From: Krish Suchak Date: Wed, 27 Mar 2024 11:21:44 -0400 Subject: [PATCH 13/14] flag labels --- cmd/kas-grants.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/kas-grants.go b/cmd/kas-grants.go index 3a2bb0a0..130b26a7 100644 --- a/cmd/kas-grants.go +++ b/cmd/kas-grants.go @@ -134,9 +134,9 @@ func init() { injectLabelFlags(kasGrantsUpdateCmd, true) kasGrantsCmd.AddCommand(kasGrantsDeleteCmd) - kasGrantsDeleteCmd.Flags().StringP("attribute", "a", "", "Attribute ID") + kasGrantsDeleteCmd.Flags().StringP("attribute", "a", "", "Attribute Definition ID") kasGrantsDeleteCmd.Flags().StringP("value", "v", "", "Attribute Value ID") - kasGrantsDeleteCmd.Flags().StringP("kas", "k", "", "KAS ID") + kasGrantsDeleteCmd.Flags().StringP("kas", "k", "", "Key Access Server (KAS) ID") } func init() { From 2747c452560b498b42dfe99de3cae69664b1692e Mon Sep 17 00:00:00 2001 From: Krish Suchak Date: Wed, 27 Mar 2024 11:26:43 -0400 Subject: [PATCH 14/14] pass response to HandleSuccess --- cmd/kas-grants.go | 36 +++++++++++++----------------------- 1 file changed, 13 insertions(+), 23 deletions(-) diff --git a/cmd/kas-grants.go b/cmd/kas-grants.go index 130b26a7..9d9f297d 100644 --- a/cmd/kas-grants.go +++ b/cmd/kas-grants.go @@ -37,29 +37,26 @@ var ( cli.ExitWithError("Must specify and Attribute Definition id or Value id to update.", nil) } var ( - id string - header string - updated map[string]string + id string + header string + res interface{} + err error ) - updated["kas_id"] = kas - if attr != "" { - _, err := h.UpdateKasGrantForAttribute(attr, kas) + res, err = h.UpdateKasGrantForAttribute(attr, kas) if err != nil { cli.ExitWithError("Could not update KAS grant for attribute", err) } id = attr header = "Attribute ID" - updated["attribute_id"] = attr } else { - _, err := h.UpdateKasGrantForValue(val, kas) + res, err = h.UpdateKasGrantForValue(val, kas) if err != nil { cli.ExitWithError("Could not update KAS grant for attribute value", err) } id = val header = "Value ID" - updated["value_id"] = val } t := cli.NewTabular(). @@ -67,7 +64,7 @@ var ( {header, id}, {"KAS ID", kas}, }...) - HandleSuccess(cmd, id, t, updated) + HandleSuccess(cmd, id, t, res) }, } @@ -87,23 +84,21 @@ var ( cli.ExitWithError("Must specify and Attribute Definition id or Value id to delete.", nil) } var ( - id string - header string - deleted map[string]interface{} + id string + header string + res interface{} + err error ) cli.ConfirmDelete("KAS ID: ", kas) - deleted["kas_id"] = kas - if attr != "" { - _, err := h.DeleteKasGrantFromAttribute(attr, kas) + res, err = h.DeleteKasGrantFromAttribute(attr, kas) if err != nil { cli.ExitWithError("Could not update KAS grant for attribute", err) } id = attr header = "Attribute ID" - deleted["attribute_id"] = attr } else { _, err := h.DeleteKasGrantFromValue(val, kas) if err != nil { @@ -111,7 +106,6 @@ var ( } id = val header = "Value ID" - deleted["value_id"] = val } t := cli.NewTabular(). @@ -119,7 +113,7 @@ var ( {header, id}, {"KAS ID", kas}, }...) - HandleSuccess(cmd, id, t, deleted) + HandleSuccess(cmd, id, t, res) }, } ) @@ -138,7 +132,3 @@ func init() { kasGrantsDeleteCmd.Flags().StringP("value", "v", "", "Attribute Value ID") kasGrantsDeleteCmd.Flags().StringP("kas", "k", "", "Key Access Server (KAS) ID") } - -func init() { - rootCmd.AddCommand(kasGrantsCmd) -}