Working through authentication, role and policy basics

2026-04-02 01:51:48 -04:00
parent ace452bce3
commit a70c88342b
7 changed files with 516 additions and 62 deletions
--- a/policy.go
+++ b/policy.go
@@ -0,0 +1,204 @@
+package main
+
+import (
+	"bytes"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"net/http"
+	"os"
+)
+
+var policyCmd *flag.FlagSet
+
+var policyCommands = []Command{
+	{
+		Names:       []string{"create-policy"},
+		Description: "Create Policy",
+		Handler:     policyCreate,
+	},
+	{
+		Names:       []string{"list-policies"},
+		Description: "List Policies",
+		Handler:     policyCreate,
+	},
+}
+
+// Condition represents each item in the "conditions" array
+type Condition struct {
+	StatementID string   `json:"statementid"`
+	Principal   []string `json:"principals"`
+	Actions     []string `json:"actions"`
+	Source      []string `json:"source"`
+	Effect      string   `json:"effect"`
+	Operator    string   `json:"operator"`
+}
+
+type Policy struct {
+	Name        string      `json:"name"`
+	Description string      `json:"description"`
+	Conditions  []Condition `json:"conditions"`
+}
+
+type CreatePolicyRequest struct {
+	Name           string `json:"name"`
+	Description    string `json:"description"`
+	PolicyDocument Policy `json:"PolicyDocument"`
+}
+
+type CreatePolicyResponse struct {
+	PolicyID string `json:"policy_id"`
+}
+
+type ProfileToken struct {
+	Token string `json:"token"`
+}
+
+type IdentityToken struct {
+	Token string `json:"token"`
+}
+
+func policyCreate(args []string) {
+	policyCmd := flag.NewFlagSet("create-policy", flag.ExitOnError)
+
+	var policyname string
+	var useprofile string
+	var policyjson string
+	var policyfile string
+	var policyDescription string
+	var createpolicyrequest CreatePolicyRequest
+
+	var normalizedDocument string
+
+	policyCmd.StringVar(&policyname, "name", "", "Policy Name (required)")
+	policyCmd.StringVar(&policyDescription, "description", "", "Policy Description")
+	policyCmd.StringVar(&useprofile, "profile", "", "Profile")
+	policyCmd.StringVar(&policyjson, "policy-json", "", "Policy JSON")
+	policyCmd.StringVar(&policyfile, "policy-file", "", "JSON Policy File")
+
+	policyCmd.Parse(args)
+
+	if policyname == "" {
+		fmt.Println("Error: either -n or --name is required")
+		os.Exit(1)
+	}
+
+	if useprofile == "" {
+		fmt.Println("Error: either -profile or --profile is required")
+		os.Exit(1)
+	}
+
+	if policyjson == "" && policyfile == "" {
+		fmt.Println("Error: either -p/--policy-json or -f/--policy-file is required")
+		os.Exit(1)
+	}
+
+	if policyjson != "" && policyfile != "" {
+		fmt.Println("Error: only one of -p/--policy-json or -f/--policy-file can be provided")
+		os.Exit(1)
+	}
+
+	// Open Profile file
+	home, err := os.UserHomeDir()
+	if err != nil {
+		panic(err)
+	}
+	profileData, err := os.ReadFile(home + "/.pcloud/profiles/" + useprofile + ".json")
+	if err != nil {
+		fmt.Printf("Error opening profile file: %v\n", err)
+		os.Exit(1)
+	}
+
+	fmt.Println("Length is", len(profileData))
+
+	if len(profileData) == 0 {
+		fmt.Printf("Profile file is empty: %s\n", home+"/.pcloud/profiles/"+useprofile+".json")
+		os.Exit(1)
+	}
+
+	var profileToken ProfileToken
+	err = json.Unmarshal(profileData, &profileToken)
+	if err != nil {
+		fmt.Printf("Error reading profile file: %v\n", err)
+		os.Exit(1)
+	}
+
+	fmt.Println("Profile Token: ", profileToken.Token)
+
+	if policyfile != "" {
+		content, err := os.ReadFile(policyfile)
+		if err != nil {
+			fmt.Printf("Error reading policy file: %v\n", err)
+			os.Exit(1)
+		}
+		normalizedDocument = string(content)
+	} else if policyjson != "" {
+		normalizedDocument = policyjson
+	}
+
+	// Validate JSON
+	if !json.Valid([]byte(normalizedDocument)) {
+		fmt.Println("Error: invalid JSON for policy document")
+		os.Exit(1)
+	}
+
+	createpolicyrequest.Name = policyname
+
+	err = json.Unmarshal([]byte(normalizedDocument), &createpolicyrequest.PolicyDocument)
+	if err != nil {
+		fmt.Printf("Error reading policy document: %v\n", err)
+		os.Exit(1)
+	}
+
+	policyrequestData, err := json.Marshal(createpolicyrequest)
+	if err != nil {
+		fmt.Printf("Error encoding policy request: %v\n", err)
+		os.Exit(1)
+	}
+
+	fmt.Println("Policy Name:", createpolicyrequest.Name)
+	fmt.Println("Policy JSON:", createpolicyrequest.PolicyDocument)
+
+	apiendpoint := endpoint + "/policy/create-policy"
+	fmt.Println(apiendpoint)
+
+	req, err := http.NewRequest("POST", apiendpoint, bytes.NewBuffer(policyrequestData))
+	if err != nil {
+		panic(err)
+	}
+
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer "+profileToken.Token)
+	fmt.Println("Using token:", profileToken.Token)
+
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		panic(err)
+	}
+
+	defer resp.Body.Close()
+
+	fmt.Println("Response status:", resp.Status, resp.Body)
+
+}
+
+func policyList(args []string) {
+}
+
+func policyMain(args []string) {
+	fmt.Println("Policy Main")
+	if len(args) < 1 {
+		fmt.Println("Error: subcommand is required")
+		os.Exit(1)
+	}
+	subcommand := args[0]
+
+	cmd := findCommand(subcommand, policyCommands)
+	if cmd == nil {
+		fmt.Println("Error: unknown command:", subcommand)
+		os.Exit(1)
+	}
+	cmd.Handler(args[1:])
+
+}