mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-24 14:37:12 +02:00
pomerium-cli: add service account docs (#613)
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
Bobby DeSimone
GitHub
parent
53fd215148
commit
d7daf274c0
4 changed files with 131 additions and 74 deletions
|
|
@ -2,8 +2,6 @@ package main
|
|||
|
||||
import (
|
||||
"bufio"
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"flag"
|
||||
"fmt"
|
||||
|
|
@ -11,8 +9,7 @@ import (
|
|||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/fatih/color"
|
||||
"gopkg.in/square/go-jose.v2"
|
||||
"github.com/pomerium/pomerium/internal/encoding/jws"
|
||||
"gopkg.in/square/go-jose.v2/jwt"
|
||||
)
|
||||
|
||||
|
|
@ -45,7 +42,7 @@ type serviceAccount struct {
|
|||
|
||||
func main() {
|
||||
if err := run(); err != nil {
|
||||
fmt.Fprintf(os.Stderr, color.RedString("\n⛔️ %s\n\n"), err)
|
||||
fmt.Fprintf(os.Stderr, "\n⛔️%s\n\n", err)
|
||||
printHelp(flags)
|
||||
os.Exit(1)
|
||||
}
|
||||
|
|
@ -88,15 +85,12 @@ func run() error {
|
|||
sa.IssuedAt = jwt.NewNumericDate(time.Now())
|
||||
sa.NotBefore = jwt.NewNumericDate(time.Now())
|
||||
|
||||
c := color.New(color.FgGreen)
|
||||
var sharedKey string
|
||||
args := flags.Args()
|
||||
if len(args) == 1 {
|
||||
sharedKey = args[0]
|
||||
} else {
|
||||
if _, err := c.Println("Enter base64 encoded shared key >"); err != nil {
|
||||
return err
|
||||
}
|
||||
fmt.Print("Enter base64 encoded shared key >")
|
||||
scanner := bufio.NewScanner(os.Stdin)
|
||||
scanner.Scan()
|
||||
sharedKey = scanner.Text()
|
||||
|
|
@ -117,33 +111,15 @@ func run() error {
|
|||
if sa.Issuer == "" {
|
||||
return errors.New("iss is required")
|
||||
}
|
||||
|
||||
decodedKey, err := base64.StdEncoding.DecodeString(sharedKey)
|
||||
if err != nil {
|
||||
return fmt.Errorf("shared key not base64: %w", err)
|
||||
}
|
||||
|
||||
signer, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.HS256, Key: decodedKey}, nil)
|
||||
encoder, err := jws.NewHS256Signer([]byte(sharedKey), sa.Issuer)
|
||||
if err != nil {
|
||||
return fmt.Errorf("bad shared key: %w", err)
|
||||
}
|
||||
raw, err := jwt.Signed(signer).Claims(sa).CompactSerialize()
|
||||
raw, err := encoder.Marshal(sa)
|
||||
if err != nil {
|
||||
return fmt.Errorf("couldn't sign jwt: %w", err)
|
||||
return fmt.Errorf("bad encode: %w", err)
|
||||
}
|
||||
saJSON, err := json.MarshalIndent(sa, "", " ")
|
||||
if err != nil {
|
||||
return fmt.Errorf("couldn't pretty print jwt: %w", err)
|
||||
}
|
||||
if _, err := c.Println("Service Account"); err != nil {
|
||||
return err
|
||||
}
|
||||
fmt.Fprintf(os.Stdout, "%s\n\n", saJSON)
|
||||
if _, err := c.Println("JWT 🍪"); err != nil {
|
||||
return err
|
||||
}
|
||||
fmt.Fprintf(os.Stdout, "%s\n\n", raw)
|
||||
|
||||
fmt.Fprintf(os.Stdout, "%s", raw)
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
@ -153,7 +129,7 @@ func printHelp(fs *flag.FlagSet) {
|
|||
}
|
||||
|
||||
const help = `
|
||||
pomerium-sa generates a pomerium service account from a shared key.
|
||||
pomerium-cli generates a pomerium service account from a shared key.
|
||||
|
||||
Usage: %[1]s [flags] [base64'd shared secret setting]
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue