Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ability to create tokens #498

Merged
merged 43 commits into from
Aug 15, 2018
Merged

Add ability to create tokens #498

Changes from 1 commit
Commits
Show all changes
43 commits
Select commit Hold shift + click to select a range
ed0177f
WIP[SPIKE]: Create project token and policies
dthomson25 Jul 23, 2018
63fecea
Accept proj tokens based on createdAt time
dthomson25 Jul 28, 2018
e8c18a0
Modify CLI to have token subcommand
dthomson25 Jul 29, 2018
66b5beb
Add tests for create token and create token Policies
dthomson25 Jul 30, 2018
8de9f28
Push all create token logic server side
dthomson25 Jul 30, 2018
b77b745
Refactor create policy token to use update endpoint
dthomson25 Aug 1, 2018
1d2f846
Add Policy delete and token delete cli commands
dthomson25 Aug 2, 2018
c72fab0
Add policy validation
dthomson25 Aug 2, 2018
f5f5973
Fix broken tests
dthomson25 Aug 6, 2018
94eaf6f
Refactor token to use more generic role
dthomson25 Aug 6, 2018
ba92991
Move argocd specific enforcement to projects server
dthomson25 Aug 7, 2018
e307e40
Refactor cli to leverage roles instead of tokens
dthomson25 Aug 7, 2018
0c0b60a
Remove RoleMetadata to only use JwtToken
dthomson25 Aug 8, 2018
c8b9c72
Move argocd specific rbac impl to server
dthomson25 Aug 8, 2018
49bb3ba
Restrict tokens to applications instead of projects
dthomson25 Aug 8, 2018
07e94dd
Move GetRoleIndexByName to a util lib
dthomson25 Aug 8, 2018
369c6a1
Add create/delete role commands to project cli
dthomson25 Aug 8, 2018
46ee59e
Refactor project errors to send status instead of regular errors
dthomson25 Aug 8, 2018
4c8c3b7
Fix formating
dthomson25 Aug 8, 2018
ec0fee6
Add ability to stop multiple tokens
dthomson25 Aug 9, 2018
4a91e71
Add expiresAt field to JwtToken
dthomson25 Aug 9, 2018
3af90e9
Add explicit deny to project tokens
dthomson25 Aug 9, 2018
55a5251
Add defaultEnforcer func to e2e tests
dthomson25 Aug 9, 2018
879dca8
Use argoproj time lib to enter time
dthomson25 Aug 13, 2018
6299abc
Renew JwtToken to JWTToken to find golang standard
dthomson25 Aug 13, 2018
fdb6a40
Refactor create/delete token api
dthomson25 Aug 13, 2018
84a377e
Rename imports to not use camelCase
dthomson25 Aug 13, 2018
28188f5
Remove missed created_at
dthomson25 Aug 13, 2018
37c1036
Reorder imports to fix style convention
dthomson25 Aug 13, 2018
3640cd1
Refactor out GetInt64Field
dthomson25 Aug 13, 2018
8b866ae
Add Expires at to role list
dthomson25 Aug 13, 2018
72eefaf
Make error message more clear
dthomson25 Aug 13, 2018
e810855
Add comment to policy in types.go
dthomson25 Aug 13, 2018
7f1722f
Make create/delete token idempotent
dthomson25 Aug 13, 2018
51c3209
Refactor all role commands into single method
dthomson25 Aug 14, 2018
b387c23
Fix typos
dthomson25 Aug 14, 2018
2841b89
Refactor to make errors cleaner
dthomson25 Aug 14, 2018
b2218a4
Rerun dep ensure after upgrading v5
dthomson25 Aug 14, 2018
3d390f2
Rename cli variable for better consistency
dthomson25 Aug 14, 2018
b394685
Remove duplicate validation in CLI
dthomson25 Aug 14, 2018
b90118e
Add description to the role
dthomson25 Aug 14, 2018
d6d5fce
Refactor CLI to getting role cleaner
dthomson25 Aug 14, 2018
1a9d159
Humanize IssueAt and ExpiredAt values in CLI
dthomson25 Aug 14, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add Expires at to role list
  • Loading branch information
@dthomson25
dthomson25 committed Aug 13, 2018
commit 8b866ae518c58cd313b09b0343151492914915e2
4 changes: 2 additions & 2 deletions cmd/argocd/commands/project.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -360,10 +360,10 @@ func NewProjectRoleListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
fmt.Fprintf(w, "%s\n", role.Name)
if role.JWTTokens != nil {
for _, token := range role.JWTTokens {
fmt.Fprintf(w, "%s\t%d\t\n", role.Name, token.IssuedAt)
fmt.Fprintf(w, "%s\t%d\t%d\n", role.Name, token.IssuedAt, token.ExpiresAt)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If a token does not expire, I think this is going to print epoch zero (1970). Instead we should print <none>

Copy link
Member

@jessesuen jessesuen Aug 14, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually I see that it will print 0 since this is '%d'. Instead can we print the issued at and expiration time in a human readable format. e.g. 2018-08-15T12:13:14?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed this issue by breaking the list role command into a list role and a get role command. The list role command would list all the roles and their descriptions. The get role command would list the name, description, policies, and JWT tokens of a role in a project. With the JWT token, the cli lists the issue-at value as a ID to used in the delete-token and two human readable tokens for issued-at and expires-at.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Example output:

./dist/argocd proj role list guestbook
ROLE-NAME                    Description
test                         desc
asdfghjklasdfghjklasdfghjkl  desc1

./dist/argocd proj role get guestbook test
Role Name: test
Description:desc
Policies:
p, proj:guestbook:test, applications, get, guestbook/guestbook-test, allow
p, proj:guestbook:test, applications, get, guestbook/*, allow
Jwt Tokens:
ID          ISSUED-AT                                  EXPIRES-AT
1534270415  Tue Aug 14 11:13:35 -0700 (4 hours ago)    <none>
1534286505  2018-08-14T15:41:45-07:00 (16 minutes ago)  2018-08-24T15:41:45-07:00 (1 week from now)
1534286515  2018-08-14T15:41:55-07:00 (16 minutes ago)  2018-09-03T15:41:55-07:00 (2 weeks from now)
1534286520  2018-08-14T15:42:00-07:00 (16 minutes ago)  2018-09-04T15:42:00-07:00 (2 weeks from now)
1534286527  2018-08-14T15:42:07-07:00 (16 minutes ago)  2018-09-05T15:42:07-07:00 (3 weeks from now)
1534286539  2018-08-14T15:42:19-07:00 (15 minutes ago)  2018-10-13T15:42:19-07:00 (1 month from now)
1534286552  2018-08-14T15:42:32-07:00 (15 minutes ago)  2018-08-14T15:43:02-07:00 (15 minutes ago)
1534286554  2018-08-14T15:42:34-07:00 (15 minutes ago)  2018-08-14T15:43:04-07:00 (15 minutes ago)
1534286558  2018-08-14T15:42:38-07:00 (15 minutes ago)  2018-08-14T15:43:08-07:00 (15 minutes ago)```


for _, policy := range role.Policies {
fmt.Fprintf(w, "%s\t%d\t%s\n", role.Name, token.IssuedAt, policy)
fmt.Fprintf(w, "%s\t%d\t%d\t%s\n", role.Name, token.IssuedAt, token.ExpiresAt, policy)
}
}
}
Expand Down