Working through authentication, role and policy basics

2026-04-02 01:51:48 -04:00
parent ace452bce3
commit a70c88342b
7 changed files with 516 additions and 62 deletions
--- a/role.go
+++ b/role.go
@@ -0,0 +1,232 @@
+package main
+
+import (
+	"bytes"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"libshared"
+	"net/http"
+	"os"
+)
+
+type AssumeRoleRequest struct {
+	Rolename string `json:"rolename"`
+}
+
+type AssumeRoleResponse struct {
+	Token string `json:"token"`
+}
+
+var roleattachpolicyCmd *flag.FlagSet
+
+var roleCommands = []Command{
+	{
+		Names:       []string{"attach-policy"},
+		Description: "Role Management",
+		Handler:     roleAttachPolicy,
+	},
+	{
+		Names:       []string{"detach-policy"},
+		Description: "Role Management",
+		Handler:     roleDetachPolicy,
+	},
+	{
+		Names:       []string{"assume-role"},
+		Description: "Role Management",
+		Handler:     assumeRole,
+	},
+}
+
+func assumeRole(args []string) {
+	fmt.Println("I assume something")
+
+	var targetRole string
+	var useIdentity string
+	roleAssumeRoleCmd := flag.NewFlagSet("assume-role", flag.ExitOnError)
+	roleAssumeRoleCmd.StringVar(&targetRole, "r", "", "Target role (required)")
+	roleAssumeRoleCmd.StringVar(&targetRole, "role", "", "Target role (required)")
+	roleAssumeRoleCmd.StringVar(&useIdentity, "identity", "", "Identity to use (required)")
+
+	roleAssumeRoleCmd.Parse(args)
+
+	if targetRole == "" {
+		fmt.Println("Error: either -r or --role is required")
+		os.Exit(1)
+	}
+	if useIdentity == "" {
+		fmt.Println("Error: either --identity is required")
+		os.Exit(1)
+	}
+
+	identityData, err := os.ReadFile("/home/farhan/.pcloud/identities/" + useIdentity + ".json")
+	if err != nil {
+		fmt.Printf("Error opening identity file: %v\n", err)
+		os.Exit(1)
+	}
+
+	var identityToken IdentityToken
+	err = json.Unmarshal(identityData, &identityToken)
+	if err != nil {
+		fmt.Printf("Error reading identity file: %v\n", err)
+		os.Exit(1)
+	}
+
+	apiendpoint := endpoint + "/role/assume-role"
+
+	var assumerolerequest AssumeRoleRequest
+	assumerolerequest.Rolename = targetRole
+
+	jsonData, err := json.Marshal(assumerolerequest)
+	if err != nil {
+		fmt.Println("Error marshaling JSON:", err)
+		return
+	}
+
+	req, err := http.NewRequest("POST", apiendpoint, bytes.NewBuffer(jsonData))
+	if err != nil {
+		panic(err)
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer "+identityToken.Token)
+
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		panic(err)
+	}
+	defer resp.Body.Close()
+
+	//	var assumeRoleResponse AssumeRoleResponse
+
+	apiresponse := libshared.APIResponse[AssumeRoleResponse]{}
+
+	if err := json.NewDecoder(resp.Body).Decode(&apiresponse); err != nil {
+		fmt.Printf("Error reading response: %v\n", err)
+		os.Exit(1)
+	}
+
+	//	fmt.Println("Response status:", resp.Status)
+	fmt.Println("Assumed role token:", apiresponse.Content.Token)
+
+	//	fmt.Printf("Attaching policy '%s' to role '%s'\n", , targetRole)
+
+	fmt.Println("Response status:", resp.Status)
+	fmt.Printf("Assuming role '%s'\n", targetRole)
+	fmt.Println("Using identity", resp.Body)
+
+	// Write apiresponse.Content to ~/.pcloud/roles/assumed-<rolename>.json
+	home, err := os.UserHomeDir()
+	if err != nil {
+		panic(err)
+	}
+
+	dir := fmt.Sprintf("%s/.pcloud/roles", home)
+	err = os.MkdirAll(dir, 0700)
+	if err != nil {
+		fmt.Printf("Error creating directory: %v\n", err)
+		os.Exit(1)
+	}
+
+	roleData, err := json.MarshalIndent(apiresponse.Content, "", "\t")
+	if err != nil {
+		fmt.Printf("Error marshaling role data: %v\n", err)
+		os.Exit(1)
+	}
+
+	roleFile := fmt.Sprintf("%s/%s.json", dir, targetRole)
+	err = os.WriteFile(roleFile, roleData, 0600)
+	if err != nil {
+		fmt.Printf("Error writing role file: %v\n", err)
+		os.Exit(1)
+	}
+
+	fmt.Printf("Assumed role token saved to %s\n", roleFile)
+
+}
+
+func roleAttachPolicy(args []string) {
+	roleattachpolicyCmd := flag.NewFlagSet("attach-policy", flag.ExitOnError)
+
+	//var policyToAttach string
+	var targetRole string
+	var useIdentity string
+
+	roleattachpolicyCmd.StringVar(&targetRole, "role", "", "Target role (required)")
+	roleattachpolicyCmd.StringVar(&useIdentity, "identity", "", "Identity to use (default: default)")
+
+	roleattachpolicyCmd.Parse(args)
+
+	if targetRole == "" {
+		fmt.Println("Error: either --role is required")
+		os.Exit(1)
+	}
+	if useIdentity == "" {
+		fmt.Println("Error: either --identity is required")
+		os.Exit(1)
+	}
+
+	// Open Profile file
+	home, err := os.UserHomeDir()
+	if err != nil {
+		panic(err)
+	}
+	profileData, err := os.ReadFile(home + "/.pcloud/identities/" + useIdentity + ".json")
+	if err != nil {
+		fmt.Printf("Error opening profile file: %v\n", err)
+		os.Exit(1)
+	}
+
+	//	fmt.Println("Length is", len(profileData))
+
+	if len(profileData) == 0 {
+		fmt.Printf("Profile file is empty: %s\n", home+"/.pcloud/identities/"+useIdentity+".json")
+		os.Exit(1)
+	}
+
+	var profileToken ProfileToken
+	err = json.Unmarshal(profileData, &profileToken)
+	if err != nil {
+		fmt.Printf("Error reading profile file: %v\n", err)
+		os.Exit(1)
+	}
+
+	fmt.Println("Profile Token: ", profileToken.Token)
+
+	apiendpoint := endpoint + "/role/attach-policy"
+
+	req, err := http.NewRequest("POST", apiendpoint, nil) //, bytes.NewBuffer(jsonData))
+	if err != nil {
+		panic(err)
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer YOUR_TOKEN_HERE")
+
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		panic(err)
+	}
+	defer resp.Body.Close()
+}
+
+func roleDetachPolicy(args []string) {
+	fmt.Println("I detach something")
+}
+
+func roleMain(args []string) {
+	if len(args) < 1 {
+		fmt.Println("Error: subcommand is required")
+		os.Exit(1)
+	}
+	subcommand := args[0]
+
+	cmd := findCommand(subcommand, roleCommands)
+	if cmd == nil {
+		fmt.Println("Error: unknown command:", subcommand)
+		os.Exit(1)
+	}
+
+	cmd.Handler(args[1:])
+
+}