Merge branch 'the-spice-must-flow' into 'main'

Add SpiceDB Authorization

See merge request gitlab-org/software-supply-chain-security/authorization/sparkled!19

1 files changed, 202 insertions, 0 deletions

diff --git a/vendor/github.com/authzed/zed/internal/cmd/context.go b/vendor/github.com/authzed/zed/internal/cmd/context.go
new file mode 100644
index 0000000..d5a0eec
--- /dev/null
+++ b/vendor/github.com/authzed/zed/internal/cmd/context.go
@@ -0,0 +1,202 @@
+package cmd
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/jzelinskie/cobrautil/v2"
+	"github.com/jzelinskie/stringz"
+	"github.com/spf13/cobra"
+
+	"github.com/authzed/zed/internal/client"
+	"github.com/authzed/zed/internal/commands"
+	"github.com/authzed/zed/internal/console"
+	"github.com/authzed/zed/internal/printers"
+	"github.com/authzed/zed/internal/storage"
+)
+
+func registerContextCmd(rootCmd *cobra.Command) {
+	rootCmd.AddCommand(contextCmd)
+
+	contextCmd.AddCommand(contextListCmd)
+	contextListCmd.Flags().Bool("reveal-tokens", false, "display secrets in results")
+
+	contextCmd.AddCommand(contextSetCmd)
+	contextCmd.AddCommand(contextRemoveCmd)
+	contextCmd.AddCommand(contextUseCmd)
+}
+
+var contextCmd = &cobra.Command{
+	Use:     "context <subcommand>",
+	Short:   "Manage configurations for connecting to SpiceDB deployments",
+	Aliases: []string{"ctx"},
+}
+
+var contextListCmd = &cobra.Command{
+	Use:               "list",
+	Short:             "Lists all available contexts",
+	Aliases:           []string{"ls"},
+	Args:              commands.ValidationWrapper(cobra.ExactArgs(0)),
+	ValidArgsFunction: cobra.NoFileCompletions,
+	RunE:              contextListCmdFunc,
+}
+
+var contextSetCmd = &cobra.Command{
+	Use:               "set <name> <endpoint> <api-token>",
+	Short:             "Creates or overwrite a context",
+	Args:              commands.ValidationWrapper(cobra.ExactArgs(3)),
+	ValidArgsFunction: cobra.NoFileCompletions,
+	RunE:              contextSetCmdFunc,
+}
+
+var contextRemoveCmd = &cobra.Command{
+	Use:               "remove <system>",
+	Short:             "Removes a context",
+	Aliases:           []string{"rm"},
+	Args:              commands.ValidationWrapper(cobra.ExactArgs(1)),
+	ValidArgsFunction: ContextGet,
+	RunE:              contextRemoveCmdFunc,
+}
+
+var contextUseCmd = &cobra.Command{
+	Use:               "use <system>",
+	Short:             "Sets a context as the current context",
+	Args:              commands.ValidationWrapper(cobra.MaximumNArgs(1)),
+	ValidArgsFunction: ContextGet,
+	RunE:              contextUseCmdFunc,
+}
+
+func ContextGet(_ *cobra.Command, _ []string, _ string) ([]string, cobra.ShellCompDirective) {
+	_, secretStore := client.DefaultStorage()
+	secrets, err := secretStore.Get()
+	if err != nil {
+		return nil, cobra.ShellCompDirectiveError
+	}
+
+	names := make([]string, 0, len(secrets.Tokens))
+	for _, token := range secrets.Tokens {
+		names = append(names, token.Name)
+	}
+
+	return names, cobra.ShellCompDirectiveNoFileComp | cobra.ShellCompDirectiveNoSpace | cobra.ShellCompDirectiveKeepOrder
+}
+
+func contextListCmdFunc(cmd *cobra.Command, _ []string) error {
+	cfgStore, secretStore := client.DefaultStorage()
+	secrets, err := secretStore.Get()
+	if err != nil {
+		return err
+	}
+
+	cfg, err := cfgStore.Get()
+	if err != nil {
+		return err
+	}
+
+	rows := make([][]string, 0, len(secrets.Tokens))
+	for _, token := range secrets.Tokens {
+		current := ""
+		if token.Name == cfg.CurrentToken {
+			current = "   ✓   "
+		}
+		secret := token.APIToken
+		if !cobrautil.MustGetBool(cmd, "reveal-tokens") {
+			secret = token.Redacted()
+		}
+
+		var certStr string
+		if token.IsInsecure() {
+			certStr = "insecure"
+		} else if token.HasNoVerifyCA() {
+			certStr = "no-verify-ca"
+		} else if _, ok := token.Certificate(); ok {
+			certStr = "custom"
+		} else {
+			certStr = "system"
+		}
+
+		rows = append(rows, []string{
+			current,
+			token.Name,
+			token.Endpoint,
+			secret,
+			certStr,
+		})
+	}
+
+	printers.PrintTable(os.Stdout, []string{"current", "name", "endpoint", "token", "tls cert"}, rows)
+
+	return nil
+}
+
+func contextSetCmdFunc(cmd *cobra.Command, args []string) error {
+	var name, endpoint, apiToken string
+	err := stringz.Unpack(args, &name, &endpoint, &apiToken)
+	if err != nil {
+		return err
+	}
+
+	certPath := cobrautil.MustGetStringExpanded(cmd, "certificate-path")
+	var certBytes []byte
+	if certPath != "" {
+		certBytes, err = os.ReadFile(certPath)
+		if err != nil {
+			return fmt.Errorf("failed to read ceritficate: %w", err)
+		}
+	}
+
+	insecure := cobrautil.MustGetBool(cmd, "insecure")
+	noVerifyCA := cobrautil.MustGetBool(cmd, "no-verify-ca")
+	cfgStore, secretStore := client.DefaultStorage()
+	err = storage.PutToken(storage.Token{
+		Name:       name,
+		Endpoint:   stringz.DefaultEmpty(endpoint, "grpc.authzed.com:443"),
+		APIToken:   apiToken,
+		Insecure:   &insecure,
+		NoVerifyCA: &noVerifyCA,
+		CACert:     certBytes,
+	}, secretStore)
+	if err != nil {
+		return err
+	}
+
+	return storage.SetCurrentToken(name, cfgStore, secretStore)
+}
+
+func contextRemoveCmdFunc(_ *cobra.Command, args []string) error {
+	// If the token is what's currently being used, remove it from the config.
+	cfgStore, secretStore := client.DefaultStorage()
+	cfg, err := cfgStore.Get()
+	if err != nil {
+		return err
+	}
+
+	if cfg.CurrentToken == args[0] {
+		cfg.CurrentToken = ""
+	}
+
+	err = cfgStore.Put(cfg)
+	if err != nil {
+		return err
+	}
+
+	return storage.RemoveToken(args[0], secretStore)
+}
+
+func contextUseCmdFunc(_ *cobra.Command, args []string) error {
+	cfgStore, secretStore := client.DefaultStorage()
+	switch len(args) {
+	case 0:
+		cfg, err := cfgStore.Get()
+		if err != nil {
+			return err
+		}
+		console.Println(cfg.CurrentToken)
+	case 1:
+		return storage.SetCurrentToken(args[0], cfgStore, secretStore)
+	default:
+		panic("cobra command did not enforce valid number of args")
+	}
+
+	return nil
+}