warden: add group management - closes #68

cmd/cli/handler.go

@@ -10,6 +10,7 @@ type Handler struct {
 	Keys       *JWKHandler
 	Warden     *WardenHandler
 	Revocation *RevocationHandler
+	Groups     *GroupHandler
 }
 
 func NewHandler(c *config.Config) *Handler {
@@ -19,5 +20,6 @@ func NewHandler(c *config.Config) *Handler {
 		Keys:       newJWKHandler(c),
 		Warden:     newWardenHandler(c),
 		Revocation: newRevocationHandler(c),
+		Groups:     newGroupHandler(c),
 	}
 }

cmd/cli/handler_groups.go

@@ -0,0 +1,128 @@
+package cli
+
+import (
+	"fmt"
+
+	"github.com/ory-am/hydra/config"
+	"github.com/ory-am/hydra/pkg"
+	"github.com/ory-am/hydra/warden/group"
+	"github.com/spf13/cobra"
+)
+
+type GroupHandler struct {
+	Config *config.Config
+	M      *group.HTTPManager
+}
+
+func newGroupHandler(c *config.Config) *GroupHandler {
+	return &GroupHandler{
+		Config: c,
+		M:      &group.HTTPManager{},
+	}
+}
+
+func (h *GroupHandler) CreateGroup(cmd *cobra.Command, args []string) {
+	if len(args) != 1 {
+		fmt.Print(cmd.UsageString())
+		return
+	}
+
+	var err error
+	h.M.Dry, _ = cmd.Flags().GetBool("dry")
+	h.M.Endpoint = h.Config.Resolve("/warden/groups")
+	h.M.Client = h.Config.OAuth2Client(cmd)
+
+	cc := &group.Group{ID: args[0]}
+	err = h.M.CreateGroup(cc)
+	if h.M.Dry {
+		fmt.Printf("%s\n", err)
+		return
+	}
+
+	pkg.Must(err, "Could not create group: %s", err)
+	fmt.Printf("Group %s created.\n", cc.ID)
+}
+
+func (h *GroupHandler) DeleteGroup(cmd *cobra.Command, args []string) {
+	if len(args) != 1 {
+		fmt.Print(cmd.UsageString())
+		return
+	}
+
+	var err error
+	h.M.Dry, _ = cmd.Flags().GetBool("dry")
+	h.M.Endpoint = h.Config.Resolve("/warden/groups")
+	h.M.Client = h.Config.OAuth2Client(cmd)
+
+	cc := &group.Group{ID: args[0]}
+	err = h.M.CreateGroup(cc)
+	if h.M.Dry {
+		fmt.Printf("%s\n", err)
+		return
+	}
+
+	pkg.Must(err, "Could not create group: %s", err)
+	fmt.Printf("Group %s deleted.\n", cc.ID)
+}
+
+func (h *GroupHandler) AddMembers(cmd *cobra.Command, args []string) {
+	if len(args) < 2 {
+		fmt.Print(cmd.UsageString())
+		return
+	}
+
+	var err error
+	h.M.Dry, _ = cmd.Flags().GetBool("dry")
+	h.M.Endpoint = h.Config.Resolve("/warden/groups")
+	h.M.Client = h.Config.OAuth2Client(cmd)
+
+	err = h.M.AddGroupMembers(args[0], args[1:])
+	if h.M.Dry {
+		fmt.Printf("%s\n", err)
+		return
+	}
+
+	pkg.Must(err, "Could not add members to group: %s", err)
+	fmt.Printf("Members %v added to group %s.\n", args[1:], args[0])
+}
+
+func (h *GroupHandler) RemoveMembers(cmd *cobra.Command, args []string) {
+	if len(args) < 2 {
+		fmt.Print(cmd.UsageString())
+		return
+	}
+
+	var err error
+	h.M.Dry, _ = cmd.Flags().GetBool("dry")
+	h.M.Endpoint = h.Config.Resolve("/warden/groups")
+	h.M.Client = h.Config.OAuth2Client(cmd)
+
+	err = h.M.RemoveGroupMembers(args[0], args[1:])
+	if h.M.Dry {
+		fmt.Printf("%s\n", err)
+		return
+	}
+
+	pkg.Must(err, "Could not remove members to group: %s", err)
+	fmt.Printf("Members %v removed from group %s.\n", args[1:], args[0])
+}
+
+func (h *GroupHandler) FindGroups(cmd *cobra.Command, args []string) {
+	if len(args) != 1 {
+		fmt.Print(cmd.UsageString())
+		return
+	}
+
+	h.M.Dry, _ = cmd.Flags().GetBool("dry")
+	h.M.Endpoint = h.Config.Resolve("/warden/groups")
+	h.M.Client = h.Config.OAuth2Client(cmd)
+
+	gn, err := h.M.FindGroupNames(args[0])
+	if h.M.Dry {
+		fmt.Printf("%s\n", err)
+		return
+	}
+
+	pkg.Must(err, "Could not find groups: %s", err)
+	fmt.Printf("Subject %s belongs to groups %v.\n", args[0], gn)
+}

cmd/clients_delete.go

@@ -1,17 +1,3 @@
-// Copyright © 2016 NAME HERE <EMAIL ADDRESS>
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
 package cmd
 
 import (

cmd/groups.go

@@ -0,0 +1,15 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+)
+
+// groupsCmd represents the groups command
+var groupsCmd = &cobra.Command{
+	Use:   "groups",
+	Short: "Manage warden groups",
+}
+
+func init() {
+	RootCmd.AddCommand(groupsCmd)
+}

cmd/groups_create.go

@@ -0,0 +1,21 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+)
+
+// createCmd represents the create command
+var createCmd = &cobra.Command{
+	Use:   "create <id>",
+	Short: "Create a warden group",
+	Long: `This command creates a warden group.
+
+Example:
+  hydra groups create my-group
+`,
+	Run: cmdHandler.Groups.CreateGroup,
+}
+
+func init() {
+	groupsCmd.AddCommand(createCmd)
+}

cmd/groups_delete.go

@@ -0,0 +1,22 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+)
+
+// deleteCmd represents the delete command
+var deleteCmd = &cobra.Command{
+	Use:   "delete <id>",
+	Short: "Delete a warden group",
+	Long: `This command deletes a warden group.
+
+Example:
+  hydra groups delete my-group
+`,
+	Run: cmdHandler.Groups.DeleteGroup,
+}
+
+func init() {
+	groupsCmd.AddCommand(deleteCmd)
+
+}

cmd/groups_find.go

@@ -0,0 +1,21 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+)
+
+// findCmd represents the find command
+var findCmd = &cobra.Command{
+	Use:   "find <subject>",
+	Short: "Find all groups a subject belongs to",
+	Long: `This command find all groups a subject belongs to.
+
+Example:
+  hydra groups find peter
+`,
+	Run: cmdHandler.Groups.FindGroups,
+}
+
+func init() {
+	groupsCmd.AddCommand(findCmd)
+}

cmd/groups_members.go

@@ -0,0 +1,14 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+)
+
+var groupsMembersCmd = &cobra.Command{
+	Use:   "members",
+	Short: "Manage warden group members",
+}
+
+func init() {
+	groupsCmd.AddCommand(groupsMembersCmd)
+}

cmd/groups_members_add.go

@@ -0,0 +1,20 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+)
+
+var addCmd = &cobra.Command{
+	Use:   "add <group> <member> [<member>...]",
+	Short: "Add members to a warden group",
+	Long: `This command adds members to a warden group.
+
+Example:
+  hydra groups members add my-group peter julia
+`,
+	Run: cmdHandler.Groups.AddMembers,
+}
+
+func init() {
+	groupsMembersCmd.AddCommand(addCmd)
+}

cmd/groups_members_remove.go

@@ -0,0 +1,20 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+)
+
+var removeCmd = &cobra.Command{
+	Use:   "remove <group> <member> [<member>...]",
+	Short: "Remove members from a warden group",
+	Long: `This command removes members from a warden group.
+
+Example:
+  hydra groups members remove my-group peter julia
+`,
+	Run: cmdHandler.Groups.RemoveMembers,
+}
+
+func init() {
+	groupsMembersCmd.AddCommand(removeCmd)
+}

cmd/root_test.go

@@ -57,6 +57,11 @@ func TestExecute(t *testing.T) {
 		{args: []string{"policies", "subjects", "delete", "foobar", "ken", "tracy"}},
 		{args: []string{"policies", "get", "foobar"}},
 		{args: []string{"policies", "delete", "foobar"}},
+		{args: []string{"groups", "create", "my-group"}},
+		{args: []string{"groups", "members", "add", "my-group", "peter"}},
+		{args: []string{"groups", "find", "peter"}},
+		{args: []string{"groups", "members", "remove", "my-group", "peter"}},
+		{args: []string{"groups", "delete", "my-group"}},
 		{args: []string{"version"}},
 	} {
 		c.args = append(c.args, []string{"--skip-tls-verify", "--config", path}...)

cmd/server/handler.go

@@ -17,6 +17,7 @@ import (
 	"github.com/ory-am/hydra/pkg"
 	"github.com/ory-am/hydra/policy"
 	"github.com/ory-am/hydra/warden"
+	"github.com/ory-am/hydra/warden/group"
 	"github.com/ory-am/ladon"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
@@ -86,6 +87,7 @@ type Handler struct {
 	Keys    *jwk.Handler
 	OAuth2  *oauth2.Handler
 	Policy  *policy.Handler
+	Groups  *group.Handler
 	Warden  *warden.WardenHandler
 	Config  *config.Config
 }
@@ -108,6 +110,7 @@ func (h *Handler) registerRoutes(router *httprouter.Router) {
 		OAuth2:              oauth2Provider,
 		Issuer:              c.Issuer,
 		AccessTokenLifespan: c.GetAccessTokenLifespan(),
+		Groups:              ctx.GroupManager,
 	}
 
 	// Set up handlers
@@ -116,6 +119,12 @@ func (h *Handler) registerRoutes(router *httprouter.Router) {
 	h.Policy = newPolicyHandler(c, router)
 	h.OAuth2 = newOAuth2Handler(c, router, ctx.KeyManager, oauth2Provider)
 	h.Warden = warden.NewHandler(c, router)
+	h.Groups = &group.Handler{
+		H:       &herodot.JSON{},
+		W:       ctx.Warden,
+		Manager: ctx.GroupManager,
+	}
+	h.Groups.SetRoutes(router)
 
 	router.GET("/health", func(rw http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 		rw.WriteHeader(http.StatusNoContent)