2023-06-16 02:00:09 +00:00
|
|
|
use std::error::Error;
|
|
|
|
use std::fs;
|
|
|
|
use serde::{Deserialize, Serialize};
|
|
|
|
use url::Url;
|
|
|
|
use crate::api::APIErrorResponse;
|
|
|
|
use crate::{RoleCommands};
|
|
|
|
|
|
|
|
pub async fn role_main(command: RoleCommands, server: Url) -> Result<(), Box<dyn Error>> {
|
|
|
|
match command {
|
|
|
|
RoleCommands::List {} => list_roles(server).await,
|
|
|
|
RoleCommands::Lookup {id} => get_role(id, server).await,
|
|
|
|
RoleCommands::Create { name, description, rules_json } => create_role(name, description, rules_json, server).await,
|
|
|
|
RoleCommands::Delete { id } => delete_role(id, server).await,
|
|
|
|
RoleCommands::Update { id, description, rules_json } => update_role(id, description, rules_json, server).await
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Deserialize)]
|
|
|
|
pub struct RoleListResp {
|
|
|
|
pub data: Vec<Role>
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Deserialize)]
|
|
|
|
pub struct Role {
|
|
|
|
pub id: String,
|
|
|
|
pub name: String,
|
|
|
|
pub description: String,
|
|
|
|
#[serde(rename = "firewallRules")]
|
|
|
|
pub firewall_rules: Vec<RoleFirewallRule>,
|
|
|
|
#[serde(rename = "createdAt")]
|
|
|
|
pub created_at: String,
|
|
|
|
#[serde(rename = "modifiedAt")]
|
|
|
|
pub modified_at: String
|
|
|
|
}
|
|
|
|
#[derive(Deserialize, Serialize)]
|
|
|
|
pub struct RoleFirewallRule {
|
|
|
|
pub protocol: String,
|
|
|
|
pub description: String,
|
|
|
|
#[serde(rename = "allowedRoleID")]
|
|
|
|
pub allowed_role_id: Option<String>,
|
|
|
|
#[serde(rename = "portRange")]
|
|
|
|
pub port_range: Option<RoleFirewallRulePortRange>
|
|
|
|
}
|
|
|
|
#[derive(Deserialize, Serialize)]
|
|
|
|
pub struct RoleFirewallRulePortRange {
|
|
|
|
pub from: u16,
|
|
|
|
pub to: u16
|
|
|
|
}
|
|
|
|
|
|
|
|
pub async fn list_roles(server: Url) -> Result<(), Box<dyn Error>> {
|
|
|
|
let client = reqwest::Client::new();
|
|
|
|
|
|
|
|
// load session token
|
|
|
|
let sess_token_store = dirs::config_dir().unwrap().join("tfcli-session.token");
|
|
|
|
let session_token = fs::read_to_string(&sess_token_store)?;
|
|
|
|
let auth_token_store = dirs::config_dir().unwrap().join("tfcli-auth.token");
|
|
|
|
let auth_token = fs::read_to_string(&auth_token_store)?;
|
|
|
|
|
|
|
|
let token = format!("{} {}", session_token, auth_token);
|
|
|
|
|
|
|
|
let res = client.get(server.join("/v1/roles")?).bearer_auth(token).send().await?;
|
|
|
|
|
|
|
|
if res.status().is_success() {
|
|
|
|
let resp: RoleListResp = res.json().await?;
|
|
|
|
|
|
|
|
for role in &resp.data {
|
|
|
|
println!(" Role: {} ({})", role.name, role.id);
|
|
|
|
println!(" Description: {}", role.description);
|
|
|
|
for rule in &role.firewall_rules {
|
|
|
|
println!("Rule Description: {}", rule.description);
|
|
|
|
println!(" Allowed Role: {}", rule.allowed_role_id.as_ref().unwrap_or(&"All roles".to_string()));
|
|
|
|
println!(" Protocol: {}", rule.protocol);
|
|
|
|
println!(" Port Range: {}", if let Some(pr) = rule.port_range.as_ref() { format!("{}-{}", pr.from, pr.to) } else { "Any".to_string() });
|
|
|
|
}
|
|
|
|
println!(" Created: {}", role.created_at);
|
|
|
|
println!(" Updated: {}", role.modified_at);
|
|
|
|
}
|
|
|
|
|
|
|
|
if resp.data.is_empty() {
|
|
|
|
println!("No roles found");
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
let resp: APIErrorResponse = res.json().await?;
|
|
|
|
|
|
|
|
eprintln!("[error] Error listing roles: {} {}", resp.errors[0].code, resp.errors[0].message);
|
|
|
|
|
|
|
|
std::process::exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Deserialize)]
|
|
|
|
pub struct RoleGetResponse {
|
|
|
|
pub data: Role
|
|
|
|
}
|
|
|
|
|
|
|
|
pub async fn get_role(id: String, server: Url) -> Result<(), Box<dyn Error>> {
|
|
|
|
let client = reqwest::Client::new();
|
|
|
|
|
|
|
|
// load session token
|
|
|
|
let sess_token_store = dirs::config_dir().unwrap().join("tfcli-session.token");
|
|
|
|
let session_token = fs::read_to_string(&sess_token_store)?;
|
|
|
|
let auth_token_store = dirs::config_dir().unwrap().join("tfcli-auth.token");
|
|
|
|
let auth_token = fs::read_to_string(&auth_token_store)?;
|
|
|
|
|
|
|
|
let token = format!("{} {}", session_token, auth_token);
|
|
|
|
|
|
|
|
let res = client.get(server.join(&format!("/v1/roles/{}", id))?).bearer_auth(token).send().await?;
|
|
|
|
|
|
|
|
if res.status().is_success() {
|
|
|
|
let role: Role = res.json::<RoleGetResponse>().await?.data;
|
|
|
|
|
|
|
|
println!(" Role: {} ({})", role.name, role.id);
|
|
|
|
println!(" Description: {}", role.description);
|
|
|
|
for rule in &role.firewall_rules {
|
|
|
|
println!("Rule Description: {}", rule.description);
|
|
|
|
println!(" Allowed Role: {}", rule.allowed_role_id.as_ref().unwrap_or(&"All roles".to_string()));
|
|
|
|
println!(" Protocol: {}", rule.protocol);
|
|
|
|
println!(" Port Range: {}", if let Some(pr) = rule.port_range.as_ref() { format!("{}-{}", pr.from, pr.to) } else { "Any".to_string() });
|
|
|
|
}
|
|
|
|
println!(" Created: {}", role.created_at);
|
|
|
|
println!(" Updated: {}", role.modified_at);
|
|
|
|
|
|
|
|
} else {
|
|
|
|
let resp: APIErrorResponse = res.json().await?;
|
|
|
|
|
|
|
|
eprintln!("[error] Error listing roles: {} {}", resp.errors[0].code, resp.errors[0].message);
|
|
|
|
|
|
|
|
std::process::exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Serialize)]
|
|
|
|
pub struct RoleCreateBody {
|
|
|
|
pub name: String,
|
|
|
|
pub description: String,
|
|
|
|
#[serde(rename = "firewallRules")]
|
|
|
|
pub firewall_rules: Vec<RoleFirewallRule>
|
|
|
|
}
|
|
|
|
|
|
|
|
pub async fn create_role(name: String, description: String, rules_json: String, server: Url) -> Result<(), Box<dyn Error>> {
|
|
|
|
let client = reqwest::Client::new();
|
|
|
|
|
|
|
|
let rules: Vec<RoleFirewallRule> = match serde_json::from_str(&rules_json) {
|
|
|
|
Ok(r) => r,
|
|
|
|
Err(e) => {
|
|
|
|
eprintln!("[error] error parsing rulesJson: {}", e);
|
|
|
|
std::process::exit(1);
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
// load session token
|
|
|
|
let sess_token_store = dirs::config_dir().unwrap().join("tfcli-session.token");
|
|
|
|
let session_token = fs::read_to_string(&sess_token_store)?;
|
|
|
|
let auth_token_store = dirs::config_dir().unwrap().join("tfcli-auth.token");
|
|
|
|
let auth_token = fs::read_to_string(&auth_token_store)?;
|
|
|
|
|
|
|
|
let token = format!("{} {}", session_token, auth_token);
|
|
|
|
|
2023-09-25 00:20:14 +00:00
|
|
|
let res = client.post(server.join("/v1/roles")?).json(&RoleCreateBody {
|
2023-06-16 02:00:09 +00:00
|
|
|
name,
|
|
|
|
description,
|
|
|
|
firewall_rules: rules,
|
|
|
|
}).bearer_auth(token).send().await?;
|
|
|
|
|
|
|
|
if res.status().is_success() {
|
|
|
|
let role: Role = res.json::<RoleGetResponse>().await?.data;
|
|
|
|
|
|
|
|
println!(" Role: {} ({})", role.name, role.id);
|
|
|
|
println!(" Description: {}", role.description);
|
|
|
|
for rule in &role.firewall_rules {
|
|
|
|
println!("Rule Description: {}", rule.description);
|
|
|
|
println!(" Allowed Role: {}", rule.allowed_role_id.as_ref().unwrap_or(&"All roles".to_string()));
|
|
|
|
println!(" Protocol: {}", rule.protocol);
|
|
|
|
println!(" Port Range: {}", if let Some(pr) = rule.port_range.as_ref() { format!("{}-{}", pr.from, pr.to) } else { "Any".to_string() });
|
|
|
|
}
|
|
|
|
println!(" Created: {}", role.created_at);
|
|
|
|
println!(" Updated: {}", role.modified_at);
|
|
|
|
|
|
|
|
} else {
|
|
|
|
let resp: APIErrorResponse = res.json().await?;
|
|
|
|
|
|
|
|
eprintln!("[error] Error creating role: {} {}", resp.errors[0].code, resp.errors[0].message);
|
|
|
|
|
|
|
|
std::process::exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Serialize)]
|
|
|
|
pub struct RoleUpdateBody {
|
|
|
|
pub description: String,
|
|
|
|
#[serde(rename = "firewallRules")]
|
|
|
|
pub firewall_rules: Vec<RoleFirewallRule>
|
|
|
|
}
|
|
|
|
|
|
|
|
pub async fn update_role(id: String, description: String, rules_json: String, server: Url) -> Result<(), Box<dyn Error>> {
|
|
|
|
let client = reqwest::Client::new();
|
|
|
|
|
|
|
|
let rules: Vec<RoleFirewallRule> = match serde_json::from_str(&rules_json) {
|
|
|
|
Ok(r) => r,
|
|
|
|
Err(e) => {
|
|
|
|
eprintln!("[error] error parsing rulesJson: {}", e);
|
|
|
|
std::process::exit(1);
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
// load session token
|
|
|
|
let sess_token_store = dirs::config_dir().unwrap().join("tfcli-session.token");
|
|
|
|
let session_token = fs::read_to_string(&sess_token_store)?;
|
|
|
|
let auth_token_store = dirs::config_dir().unwrap().join("tfcli-auth.token");
|
|
|
|
let auth_token = fs::read_to_string(&auth_token_store)?;
|
|
|
|
|
|
|
|
let token = format!("{} {}", session_token, auth_token);
|
|
|
|
|
|
|
|
let res = client.put(server.join(&format!("/v1/roles/{}", id))?).json(&RoleUpdateBody {
|
|
|
|
description,
|
|
|
|
firewall_rules: rules,
|
|
|
|
}).bearer_auth(token).send().await?;
|
|
|
|
|
|
|
|
if res.status().is_success() {
|
|
|
|
let role: Role = res.json::<RoleGetResponse>().await?.data;
|
|
|
|
|
|
|
|
println!(" Role: {} ({})", role.name, role.id);
|
|
|
|
println!(" Description: {}", role.description);
|
|
|
|
for rule in &role.firewall_rules {
|
|
|
|
println!("Rule Description: {}", rule.description);
|
|
|
|
println!(" Allowed Role: {}", rule.allowed_role_id.as_ref().unwrap_or(&"All roles".to_string()));
|
|
|
|
println!(" Protocol: {}", rule.protocol);
|
|
|
|
println!(" Port Range: {}", if let Some(pr) = rule.port_range.as_ref() { format!("{}-{}", pr.from, pr.to) } else { "Any".to_string() });
|
|
|
|
}
|
|
|
|
println!(" Created: {}", role.created_at);
|
|
|
|
println!(" Updated: {}", role.modified_at);
|
|
|
|
|
|
|
|
} else {
|
|
|
|
let resp: APIErrorResponse = res.json().await?;
|
|
|
|
|
|
|
|
eprintln!("[error] Error updating role: {} {}", resp.errors[0].code, resp.errors[0].message);
|
|
|
|
|
|
|
|
std::process::exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
|
|
|
|
pub async fn delete_role(id: String, server: Url) -> Result<(), Box<dyn Error>> {
|
|
|
|
let client = reqwest::Client::new();
|
|
|
|
|
|
|
|
// load session token
|
|
|
|
let sess_token_store = dirs::config_dir().unwrap().join("tfcli-session.token");
|
|
|
|
let session_token = fs::read_to_string(&sess_token_store)?;
|
|
|
|
let auth_token_store = dirs::config_dir().unwrap().join("tfcli-auth.token");
|
|
|
|
let auth_token = fs::read_to_string(&auth_token_store)?;
|
|
|
|
|
|
|
|
let token = format!("{} {}", session_token, auth_token);
|
|
|
|
|
|
|
|
let res = client.delete(server.join(&format!("/v1/roles/{}", id))?).bearer_auth(token).send().await?;
|
|
|
|
|
|
|
|
if res.status().is_success() {
|
|
|
|
println!("Role removed");
|
|
|
|
} else {
|
|
|
|
let resp: APIErrorResponse = res.json().await?;
|
|
|
|
|
|
|
|
eprintln!("[error] Error removing role: {} {}", resp.errors[0].code, resp.errors[0].message);
|
|
|
|
|
|
|
|
std::process::exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}
|