diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-11-29 12:52:04 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-11-29 12:52:04 +0100 |
commit | d7e097a6405da03ac89bc162f252751340146d0a (patch) | |
tree | 408a5ff87eee56a5f113b7096da2c5c6098fde02 /client | |
parent | 5a6b1d99765da20b2a20472f028bbb219647acec (diff) |
Add deprecated and hidden 'api-key'/'cert' commands
Diffstat (limited to 'client')
-rw-r--r-- | client/go/cmd/api_key.go | 79 | ||||
-rw-r--r-- | client/go/cmd/auth.go | 2 | ||||
-rw-r--r-- | client/go/cmd/cert.go | 154 |
3 files changed, 135 insertions, 100 deletions
diff --git a/client/go/cmd/api_key.go b/client/go/cmd/api_key.go index f6113adf5d6..41c6136a33c 100644 --- a/client/go/cmd/api_key.go +++ b/client/go/cmd/api_key.go @@ -37,40 +37,57 @@ var apiKeyCmd = &cobra.Command{ DisableAutoGenTag: true, Args: cobra.ExactArgs(0), Run: func(cmd *cobra.Command, args []string) { - cfg, err := LoadConfig() - if err != nil { - fatalErr(err, "Could not load config") - return - } - app := getApplication() - apiKeyFile := cfg.APIKeyPath(app.Tenant) - if util.PathExists(apiKeyFile) && !overwriteKey { - printErrHint(fmt.Errorf("File %s already exists", apiKeyFile), "Use -f to overwrite it") - printPublicKey(apiKeyFile, app.Tenant) - return - } - apiKey, err := vespa.CreateAPIKey() - if err != nil { - fatalErr(err, "Could not create API key") - return - } - if err := ioutil.WriteFile(apiKeyFile, apiKey, 0600); err == nil { - printSuccess("API private key written to ", apiKeyFile) - printPublicKey(apiKeyFile, app.Tenant) - if vespa.Auth0AccessTokenEnabled() { - if err == nil { - if err := cfg.Set(cloudAuthFlag, "api-key"); err != nil { - fatalErr(err, "Could not write config") - } - if err := cfg.Write(); err != nil { - fatalErr(err) - } + doApiKey() + }, +} + +var deprecatedApiKeyCmd = &cobra.Command{ + Use: "api-key", + Short: "Create a new user API key for authentication with Vespa Cloud", + Example: apiKeyExample(), + DisableAutoGenTag: true, + Args: cobra.ExactArgs(0), + Hidden: true, + Deprecated: "use 'vespa auth api-key' instead", + Run: func(cmd *cobra.Command, args []string) { + doApiKey() + }, +} + +func doApiKey() { + cfg, err := LoadConfig() + if err != nil { + fatalErr(err, "Could not load config") + return + } + app := getApplication() + apiKeyFile := cfg.APIKeyPath(app.Tenant) + if util.PathExists(apiKeyFile) && !overwriteKey { + printErrHint(fmt.Errorf("File %s already exists", apiKeyFile), "Use -f to overwrite it") + printPublicKey(apiKeyFile, app.Tenant) + return + } + apiKey, err := vespa.CreateAPIKey() + if err != nil { + fatalErr(err, "Could not create API key") + return + } + if err := ioutil.WriteFile(apiKeyFile, apiKey, 0600); err == nil { + printSuccess("API private key written to ", apiKeyFile) + printPublicKey(apiKeyFile, app.Tenant) + if vespa.Auth0AccessTokenEnabled() { + if err == nil { + if err := cfg.Set(cloudAuthFlag, "api-key"); err != nil { + fatalErr(err, "Could not write config") + } + if err := cfg.Write(); err != nil { + fatalErr(err) } } - } else { - fatalErr(err, "Failed to write ", apiKeyFile) } - }, + } else { + fatalErr(err, "Failed to write ", apiKeyFile) + } } func printPublicKey(apiKeyFile, tenant string) { diff --git a/client/go/cmd/auth.go b/client/go/cmd/auth.go index 8f306356267..9322f8d0808 100644 --- a/client/go/cmd/auth.go +++ b/client/go/cmd/auth.go @@ -8,6 +8,8 @@ import ( func init() { if vespa.Auth0AccessTokenEnabled() { rootCmd.AddCommand(authCmd) + rootCmd.AddCommand(deprecatedCertCmd) + rootCmd.AddCommand(deprecatedApiKeyCmd) authCmd.AddCommand(certCmd) authCmd.AddCommand(apiKeyCmd) authCmd.AddCommand(loginCmd) diff --git a/client/go/cmd/cert.go b/client/go/cmd/cert.go index 6fbe19b524d..ff88d614682 100644 --- a/client/go/cmd/cert.go +++ b/client/go/cmd/cert.go @@ -5,12 +5,11 @@ package cmd import ( "fmt" - "os" - "path/filepath" - "github.com/spf13/cobra" "github.com/vespa-engine/vespa/client/go/util" "github.com/vespa-engine/vespa/client/go/vespa" + "os" + "path/filepath" ) var overwriteCertificate bool @@ -35,79 +34,96 @@ var certCmd = &cobra.Command{ DisableAutoGenTag: true, Args: cobra.MaximumNArgs(1), Run: func(cmd *cobra.Command, args []string) { - app := getApplication() - pkg, err := vespa.FindApplicationPackage(applicationSource(args), false) - if err != nil { - fatalErr(err) - return - } - cfg, err := LoadConfig() - if err != nil { - fatalErr(err) - return - } - privateKeyFile, err := cfg.PrivateKeyPath(app) - if err != nil { - fatalErr(err) - return - } - certificateFile, err := cfg.CertificatePath(app) - if err != nil { - fatalErr(err) - return - } + doCert(args) + }, +} - if !overwriteCertificate { - hint := "Use -f flag to force overwriting" - if pkg.HasCertificate() { - fatalErrHint(fmt.Errorf("Application package %s already contains a certificate", pkg.Path), hint) - return - } - if util.PathExists(privateKeyFile) { - fatalErrHint(fmt.Errorf("Private key %s already exists", color.Cyan(privateKeyFile)), hint) - return - } - if util.PathExists(certificateFile) { - fatalErrHint(fmt.Errorf("Certificate %s already exists", color.Cyan(certificateFile)), hint) - return - } - } - if pkg.IsZip() { - var msg string - if vespa.Auth0AccessTokenEnabled() { - msg = "Try running 'mvn clean' before 'vespa auth cert', and then 'mvn package'" - } else { - msg = "Try running 'mvn clean' before 'vespa cert', and then 'mvn package'" - } - fatalErrHint(fmt.Errorf("Cannot add certificate to compressed application package %s", pkg.Path), - msg) - return - } +var deprecatedCertCmd = &cobra.Command{ + Use: "cert", + Short: "Create a new private key and self-signed certificate for Vespa Cloud deployment", + Example: "$ vespa cert -a my-tenant.my-app.my-instance", + DisableAutoGenTag: true, + Args: cobra.MaximumNArgs(1), + Deprecated: "use 'vespa auth cert' instead", + Hidden: true, + Run: func(cmd *cobra.Command, args []string) { + doCert(args) + }, +} - keyPair, err := vespa.CreateKeyPair() - if err != nil { - fatalErr(err, "Could not create key pair") - return - } - pkgCertificateFile := filepath.Join(pkg.Path, "security", "clients.pem") - if err := os.MkdirAll(filepath.Dir(pkgCertificateFile), 0755); err != nil { - fatalErr(err, "Could not create security directory") +func doCert(args []string) { + app := getApplication() + pkg, err := vespa.FindApplicationPackage(applicationSource(args), false) + if err != nil { + fatalErr(err) + return + } + cfg, err := LoadConfig() + if err != nil { + fatalErr(err) + return + } + privateKeyFile, err := cfg.PrivateKeyPath(app) + if err != nil { + fatalErr(err) + return + } + certificateFile, err := cfg.CertificatePath(app) + if err != nil { + fatalErr(err) + return + } + + if !overwriteCertificate { + hint := "Use -f flag to force overwriting" + if pkg.HasCertificate() { + fatalErrHint(fmt.Errorf("Application package %s already contains a certificate", pkg.Path), hint) return } - if err := keyPair.WriteCertificateFile(pkgCertificateFile, overwriteCertificate); err != nil { - fatalErr(err, "Could not write certificate") + if util.PathExists(privateKeyFile) { + fatalErrHint(fmt.Errorf("Private key %s already exists", color.Cyan(privateKeyFile)), hint) return } - if err := keyPair.WriteCertificateFile(certificateFile, overwriteCertificate); err != nil { - fatalErr(err, "Could not write certificate") + if util.PathExists(certificateFile) { + fatalErrHint(fmt.Errorf("Certificate %s already exists", color.Cyan(certificateFile)), hint) return } - if err := keyPair.WritePrivateKeyFile(privateKeyFile, overwriteCertificate); err != nil { - fatalErr(err, "Could not write private key") - return + } + if pkg.IsZip() { + var msg string + if vespa.Auth0AccessTokenEnabled() { + msg = "Try running 'mvn clean' before 'vespa auth cert', and then 'mvn package'" + } else { + msg = "Try running 'mvn clean' before 'vespa cert', and then 'mvn package'" } - printSuccess("Certificate written to ", color.Cyan(pkgCertificateFile)) - printSuccess("Certificate written to ", color.Cyan(certificateFile)) - printSuccess("Private key written to ", color.Cyan(privateKeyFile)) - }, + fatalErrHint(fmt.Errorf("Cannot add certificate to compressed application package %s", pkg.Path), + msg) + return + } + + keyPair, err := vespa.CreateKeyPair() + if err != nil { + fatalErr(err, "Could not create key pair") + return + } + pkgCertificateFile := filepath.Join(pkg.Path, "security", "clients.pem") + if err := os.MkdirAll(filepath.Dir(pkgCertificateFile), 0755); err != nil { + fatalErr(err, "Could not create security directory") + return + } + if err := keyPair.WriteCertificateFile(pkgCertificateFile, overwriteCertificate); err != nil { + fatalErr(err, "Could not write certificate") + return + } + if err := keyPair.WriteCertificateFile(certificateFile, overwriteCertificate); err != nil { + fatalErr(err, "Could not write certificate") + return + } + if err := keyPair.WritePrivateKeyFile(privateKeyFile, overwriteCertificate); err != nil { + fatalErr(err, "Could not write private key") + return + } + printSuccess("Certificate written to ", color.Cyan(pkgCertificateFile)) + printSuccess("Certificate written to ", color.Cyan(certificateFile)) + printSuccess("Private key written to ", color.Cyan(privateKeyFile)) } |