diff --git a/.gitignore b/.gitignore index f6441be..b174599 100644 --- a/.gitignore +++ b/.gitignore @@ -23,6 +23,7 @@ go.work # IDEs .idea/ +*.iml # Built files dist/ diff --git a/README.md b/README.md index 994256f..c4313c8 100644 --- a/README.md +++ b/README.md @@ -147,6 +147,7 @@ For any command that interacts with an OpenFGA server, these configuration value | Shared Secret | `--api-token` | `FGA_API_TOKEN` | `api-token` | | Client ID | `--client-id` | `FGA_CLIENT_ID` | `client-id` | | Client Secret | `--client-secret` | `FGA_CLIENT_SECRET` | `client-secret` | +| Scopes | `--api-scopes` | `FGA_API_SCOPES` | `api-scopes` | | Token Issuer | `--api-token-issuer` | `FGA_API_TOKEN_ISSUER` | `api-token-issuer` | | Token Audience | `--api-audience` | `FGA_API_AUDIENCE` | `api-audience` | | Store ID | `--store-id` | `FGA_STORE_ID` | `store-id` | diff --git a/cmd/root.go b/cmd/root.go index 25e6cc4..74eacc2 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -64,12 +64,12 @@ func init() { rootCmd.PersistentFlags().String("api-token", "", "API Token. Will be sent in as a Bearer in the Authorization header") rootCmd.PersistentFlags().String("api-token-issuer", "", "API Token Issuer. API responsible for issuing the API Token. Used in the Client Credentials flow") //nolint:lll rootCmd.PersistentFlags().String("api-audience", "", "API Audience. Used when performing the Client Credentials flow") - rootCmd.PersistentFlags().String("client-id", "", "Client ID. Sent to the Token Issuer during the Client Credentials flow") //nolint:lll - rootCmd.PersistentFlags().String("client-secret", "", "Client Secret. Sent to the Token Issuer during the Client Credentials flow") //nolint:lll + rootCmd.PersistentFlags().String("client-id", "", "Client ID. Sent to the Token Issuer during the Client Credentials flow") //nolint:lll + rootCmd.PersistentFlags().String("client-secret", "", "Client Secret. Sent to the Token Issuer during the Client Credentials flow") //nolint:lll + rootCmd.PersistentFlags().StringArray("api-scopes", []string{}, "API Scopes (repeat option for multiple values). Used in the Client Credentials flow") //nolint:lll rootCmd.MarkFlagsRequiredTogether( "api-token-issuer", - "api-audience", "client-id", "client-secret", ) diff --git a/go.mod b/go.mod index c00712a..0a6a63e 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/oklog/ulid/v2 v2.1.0 github.com/openfga/api/proto v0.0.0-20231222042535-3037910c90c0 github.com/openfga/go-sdk v0.3.4 - github.com/openfga/language/pkg/go v0.0.0-20240122142224-d1175b3e1d45 + github.com/openfga/language/pkg/go v0.0.0-20240123042137-314566b6bc14 github.com/openfga/openfga v1.4.2 github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 @@ -76,9 +76,9 @@ require ( golang.org/x/sync v0.6.0 // indirect golang.org/x/sys v0.16.0 // indirect golang.org/x/text v0.14.0 // indirect - google.golang.org/genproto v0.0.0-20240122161410-6c6643bf1457 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240122161410-6c6643bf1457 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240122161410-6c6643bf1457 // indirect + google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect google.golang.org/grpc v1.60.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect ) diff --git a/go.sum b/go.sum index 3ee3fa4..a13c47a 100644 --- a/go.sum +++ b/go.sum @@ -151,8 +151,8 @@ github.com/openfga/api/proto v0.0.0-20231222042535-3037910c90c0 h1:FW+CjkR6GrvJc github.com/openfga/api/proto v0.0.0-20231222042535-3037910c90c0/go.mod h1:YSbEQDNGnVlThfExHQ3zDNd+puWXf4zzfL0ms2VbIwI= github.com/openfga/go-sdk v0.3.4 h1:5VsDSmkXUP/XH9L4BtztYVPuthH5Pd3h1QZfqzZttL0= github.com/openfga/go-sdk v0.3.4/go.mod h1:u1iErzj5E9/bhe+8nsMv0gigcYbJtImcdgcE5DmpbBg= -github.com/openfga/language/pkg/go v0.0.0-20240122142224-d1175b3e1d45 h1:7dOm4TABs65/QflifGpgxLaWrJHIFuXTIf6xb5aJQqY= -github.com/openfga/language/pkg/go v0.0.0-20240122142224-d1175b3e1d45/go.mod h1:dHJaJ7H5tViBCPidTsfl3IOd152FhYxWFQmZXOhZ2pw= +github.com/openfga/language/pkg/go v0.0.0-20240123042137-314566b6bc14 h1:4IoUXDMwqjdjvc8vZJ0E8rVcIuL9qOaPfS44ysJhKMQ= +github.com/openfga/language/pkg/go v0.0.0-20240123042137-314566b6bc14/go.mod h1:dHJaJ7H5tViBCPidTsfl3IOd152FhYxWFQmZXOhZ2pw= github.com/openfga/openfga v1.4.2 h1:zp0wMe60PsjAHDGPv6Xzjr1YkC4RxrBQMxK96tlcOeA= github.com/openfga/openfga v1.4.2/go.mod h1:/cSWk4R68VXzFngHSmpPVT/TTCTrlFJhDi3ZWEkqAok= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= @@ -322,12 +322,12 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20240122161410-6c6643bf1457 h1:GCTIet3qsodrHhw2Y5lzZCsT55hjd2fC4aLnSiMySoc= -google.golang.org/genproto v0.0.0-20240122161410-6c6643bf1457/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= -google.golang.org/genproto/googleapis/api v0.0.0-20240122161410-6c6643bf1457 h1:KHBtwE+eQc3+NxpjmRFlQ3pJQ2FNnhhgB9xOV8kyBuU= -google.golang.org/genproto/googleapis/api v0.0.0-20240122161410-6c6643bf1457/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240122161410-6c6643bf1457 h1:6Bi3wdn5Ed9baJn7P0gOhjwA98wOr6uSPjKagPHOVsE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240122161410-6c6643bf1457/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s= +google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ= +google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= +google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 h1:Lj5rbfG876hIAYFjqiJnPHfhXbv+nzTWfm04Fg/XSVU= +google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 h1:AjyfHzEPEFp/NpvfN5g+KDla3EMojjhRVZc1i7cj+oM= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= diff --git a/internal/cmdutils/get-client-config.go b/internal/cmdutils/get-client-config.go index 8a175a2..c35babc 100644 --- a/internal/cmdutils/get-client-config.go +++ b/internal/cmdutils/get-client-config.go @@ -43,6 +43,7 @@ func GetClientConfig(cmd *cobra.Command) fga.ClientConfig { clientCredentialsAPIAudience, _ := cmd.Flags().GetString("api-audience") clientCredentialsClientID, _ := cmd.Flags().GetString("client-id") clientCredentialsClientSecret, _ := cmd.Flags().GetString("client-secret") + clientCredentialsScopes, _ := cmd.Flags().GetStringArray("api-scopes") return fga.ClientConfig{ ApiUrl: apiURL, @@ -53,5 +54,6 @@ func GetClientConfig(cmd *cobra.Command) fga.ClientConfig { APIAudience: clientCredentialsAPIAudience, ClientID: clientCredentialsClientID, ClientSecret: clientCredentialsClientSecret, + APIScopes: clientCredentialsScopes, } } diff --git a/internal/fga/fga.go b/internal/fga/fga.go index 9e39847..9514003 100644 --- a/internal/fga/fga.go +++ b/internal/fga/fga.go @@ -18,6 +18,8 @@ limitations under the License. package fga import ( + "strings" + "github.com/openfga/go-sdk/client" "github.com/openfga/go-sdk/credentials" @@ -27,14 +29,15 @@ import ( var userAgent = "openfga-cli/" + build.Version type ClientConfig struct { - ApiUrl string `json:"api_url,omitempty"` //nolint:revive,stylecheck - StoreID string `json:"store_id,omitempty"` - AuthorizationModelID string `json:"authorization_model_id,omitempty"` - APIToken string `json:"api_token,omitempty"` - APITokenIssuer string `json:"api_token_issuer,omitempty"` - APIAudience string `json:"api_audience,omitempty"` - ClientID string `json:"client_id,omitempty"` - ClientSecret string `json:"client_secret,omitempty"` + ApiUrl string `json:"api_url,omitempty"` //nolint:revive,stylecheck + StoreID string `json:"store_id,omitempty"` + AuthorizationModelID string `json:"authorization_model_id,omitempty"` + APIToken string `json:"api_token,omitempty"` + APITokenIssuer string `json:"api_token_issuer,omitempty"` + APIAudience string `json:"api_audience,omitempty"` + APIScopes []string `json:"api_scopes,omitempty"` + ClientID string `json:"client_id,omitempty"` + ClientSecret string `json:"client_secret,omitempty"` } func (c ClientConfig) getCredentials() *credentials.Credentials { @@ -55,6 +58,7 @@ func (c ClientConfig) getCredentials() *credentials.Credentials { ClientCredentialsClientSecret: c.ClientSecret, ClientCredentialsApiAudience: c.APIAudience, ClientCredentialsApiTokenIssuer: c.APITokenIssuer, + ClientCredentialsScopes: strings.Join(c.APIScopes, " "), }, } }