diff --git a/deployments/docker/env.bash b/deployments/docker/env.bash index 2631f1fc..029fd714 100644 --- a/deployments/docker/env.bash +++ b/deployments/docker/env.bash @@ -7,4 +7,4 @@ set +a alias veraison="$__VERAISON_DIR/veraison" alias cocli="$__VERAISON_DIR/veraison -- cocli" alias evcli="$__VERAISON_DIR/veraison -- evcli" -alias polcli="$__VERAISON_DIR/veraison -- polcli" +alias pocli="$__VERAISON_DIR/veraison -- pocli" diff --git a/deployments/docker/env.zsh b/deployments/docker/env.zsh index 64ecc281..13fe5be2 100644 --- a/deployments/docker/env.zsh +++ b/deployments/docker/env.zsh @@ -7,4 +7,4 @@ set +a alias veraison="$__VERAISON_DIR/veraison" alias cocli="$__VERAISON_DIR/veraison -- cocli" alias evcli="$__VERAISON_DIR/veraison -- evcli" -alias polcli="$__VERAISON_DIR/veraison -- polcli" +alias pocli="$__VERAISON_DIR/veraison -- pocli" diff --git a/deployments/docker/src/builder-dispatcher b/deployments/docker/src/builder-dispatcher index cad32bdc..c9da57e9 100755 --- a/deployments/docker/src/builder-dispatcher +++ b/deployments/docker/src/builder-dispatcher @@ -35,9 +35,9 @@ function deploy() { cp $BUILD_DIR/scheme/bin/* $DEPLOY_DIR/plugins/ cp $BUILD_DIR/deployments/docker/src/skey.jwk $DEPLOY_DIR/ cp $BUILD_DIR/deployments/docker/src/service-entrypoint $DEPLOY_DIR/ - cp $BUILD_DIR/policy/cmd/polcli/polcli $DEPLOY_DIR/utils/ cp $gobin/evcli $DEPLOY_DIR/utils/ cp $gobin/cocli $DEPLOY_DIR/utils/ + cp $gobin/pocli $DEPLOY_DIR/utils/ echo "creating config" set -a diff --git a/deployments/docker/src/builder.docker b/deployments/docker/src/builder.docker index c4609c1f..b80d713c 100644 --- a/deployments/docker/src/builder.docker +++ b/deployments/docker/src/builder.docker @@ -60,6 +60,7 @@ RUN go mod download &&\ go install github.com/mitchellh/protoc-gen-go-json@v1.1.0 &&\ go install github.com/veraison/corim/cocli@latest &&\ go install github.com/veraison/evcli/v2@latest &&\ + go install github.com/veraison/pocli@latest &&\ go install github.com/go-delve/delve/cmd/dlv@latest ADD --chown=builder:builder builder-dispatcher . diff --git a/deployments/docker/src/manager-dispatcher b/deployments/docker/src/manager-dispatcher index 32897e49..37b97297 100755 --- a/deployments/docker/src/manager-dispatcher +++ b/deployments/docker/src/manager-dispatcher @@ -57,8 +57,8 @@ function evcli() { /bin/bash -c "$cmd" } -function polcli() { - local cmd="$_utils_dir/polcli $@" +function pocli() { + local cmd="$_utils_dir/pocli $@" /bin/bash -c "$cmd" } @@ -80,6 +80,6 @@ case $command in clear-logs) clear_logs "$@";; cocli) cocli "$@";; evcli) evcli "$@";; - polcli) polcli "$@";; + pocli) pocli "$@";; *) echo -e "$_error: unexpected command: \"$command\"";; esac diff --git a/deployments/docker/src/manager.docker b/deployments/docker/src/manager.docker index db64d32f..689e85f3 100644 --- a/deployments/docker/src/manager.docker +++ b/deployments/docker/src/manager.docker @@ -32,7 +32,10 @@ USER manager WORKDIR /opt/veraison -ADD --chown=manager:nogroup utils/evcli utils/cocli utils/polcli ./utils/ +RUN mkdir -p /home/manager/.config/pocli && \ + echo "host: management-service" > /home/manager/.config/pocli/config.yaml + +ADD --chown=manager:nogroup utils/evcli utils/cocli utils/pocli ./utils/ ADD --chown=manager:nogroup manager-dispatcher ./ ENTRYPOINT ["/opt/veraison/manager-dispatcher"] diff --git a/deployments/docker/veraison b/deployments/docker/veraison index 374dc60a..cb8c213e 100755 --- a/deployments/docker/veraison +++ b/deployments/docker/veraison @@ -245,9 +245,9 @@ function evcli() { manager evcli $translated_args } -function polcli() { +function pocli() { local translated_args=$(_translate_host_paths "$@") - manager evcli $translated_args + manager pocli $translated_args } function help() { @@ -460,7 +460,7 @@ case $command in stop-tmux | kill-tmux) kill_tmux_session $2;; cocli) shift; cocli $@;; evcli) shift; evcli $@;; - polcli) shift; polcli $@;; + pocli) shift; pocli $@;; debug) manager_debug $@;; *) echo -e "$_error: unexpected command: \"$command\" (use -h for help)";; esac diff --git a/policy/Makefile b/policy/Makefile index 26d0dd09..00d60dcd 100644 --- a/policy/Makefile +++ b/policy/Makefile @@ -5,8 +5,6 @@ GOPKG := github.com/veraison/services/policy -SUBDIR := cmd/polcli - INTERFACES := ibackend.go MOCKPKG := mocks @@ -18,4 +16,3 @@ include ../mk/common.mk include ../mk/pkg.mk include ../mk/lint.mk include ../mk/test.mk -include ../mk/subdir.mk diff --git a/policy/cmd/polcli/Makefile b/policy/cmd/polcli/Makefile deleted file mode 100644 index 0012b0ce..00000000 --- a/policy/cmd/polcli/Makefile +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright 2022 Contributors to the Veraison project. -# SPDX-License-Identifier: Apache-2.0 - -.DEFAULT_GOAL := all - -GOPKG := github.com/veraison/services/policy/cmd/polcli -CMD := polcli -SRCS := main.go $(wildcard commands/*.go) - -CMD_DEPS += $(wildcard ../../*.go) - -cmd-hook-pre test-hook-pre lint-hook-pre: - $(MAKE) -C ../../../proto protogen - -include ../../../mk/common.mk -include ../../../mk/cmd.mk -include ../../../mk/test.mk -include ../../../mk/lint.mk -include ../../../mk/pkg.mk diff --git a/policy/cmd/polcli/README.md b/policy/cmd/polcli/README.md deleted file mode 100644 index e4b1e471..00000000 --- a/policy/cmd/polcli/README.md +++ /dev/null @@ -1,52 +0,0 @@ -This is CLI interface to the policy store. It allows typical CRUD operations on -the store as well as listing all stored policies (use -h flag for more details -of available commands). - -Connection to the store is configured by "po-store" entry in a "config.yaml" in -the current directory (see the included example file). Alternatively, an -sqlite3 database file can be specified with -s/--store. - - -## Examples - -Perform a one-time setup of a new store - - ./polcli setup - -(For an SQL-backed store, this will create the required table.) - -Add policy from a file under the specified ID: - - ./polcli add opa://1 path/to/policy.rego - -(Note: ID must be in the form "opa://", where is the -integer ID of the tenant for whom the policy will be added. The "opa://" prefix -indicates the policy format; currently, only OPA rego policies are supported.) - -Update and existing ID with a new version (or add if ID doesn't already exist): - - ./polcli add -u opa://1 path/to/newpolicy.rego - -List stored policies: - - ./polcli list - -(The versions listed are the latest associated with the corresponding ID. -Alternatively, -a flag can be used to list all stored versions.) - -Print policy stored under the specified ID to STDOUT: - - ./polcli get opa://1 - -(This will print the latest version. -v flag can be used to specify an earlier -version. -o flag can be used to specify a file to write to, instead of printing -to STDOUT.) - - -Delete policy with the specified ID: - - ./polcli del opa://1 - -(This will delete all versions associated with ID from the store.) - - diff --git a/policy/cmd/polcli/commands/add.go b/policy/cmd/polcli/commands/add.go deleted file mode 100644 index 6456a489..00000000 --- a/policy/cmd/polcli/commands/add.go +++ /dev/null @@ -1,75 +0,0 @@ -// Copyright 2022-2023 Contributors to the Veraison project. -// SPDX-License-Identifier: Apache-2.0 -package commands - -import ( - "fmt" - "log" - "os" - - _ "github.com/mattn/go-sqlite3" - "github.com/spf13/cobra" - - "github.com/veraison/services/policy" -) - -var ( - addCmd = &cobra.Command{ - Use: "add [-s STORE] ID FILE", - Short: "add a new policy, or update an existing one under the specified ID", - Args: cobra.MatchAll(cobra.ExactArgs(2), validateAddArgs), - RunE: doAddCommand, - PreRunE: initPolicyStore, - PostRunE: finiPolicyStore, - } - - shouldUpdate bool -) - -func init() { - addCmd.PersistentFlags().BoolVarP(&shouldUpdate, "update", "u", false, - "if specfied, the policy will be updated if it already exists") -} - -func validateAddArgs(cmd *cobra.Command, args []string) error { - // note: assumes ExactArgs(2) matched. - - if _, err := policy.PolicyKeyFromString(args[0]); err != nil { - return fmt.Errorf("invalid policy ID: %w", err) - } - - if _, err := os.Stat(args[1]); err != nil { - return fmt.Errorf("could not stat policy file: %w", err) - } - - return nil -} - -func doAddCommand(cmd *cobra.Command, args []string) error { - policyID, err := policy.PolicyKeyFromString(args[0]) - if err != nil { - return err - } - - policyFile := args[1] - - rulesBytes, err := os.ReadFile(policyFile) - if err != nil { - return fmt.Errorf("could not read policy: %w", err) - } - - addFunc := store.Add - if shouldUpdate { - addFunc = store.Update - } - - policy, err := addFunc(policyID, "default", "opa", string(rulesBytes)) - if err != nil { - return fmt.Errorf("could not add policy: %w", err) - } - - log.Printf("Policy %q stored under key %q with UUID %q .\n", - policyFile, policyID, policy.UUID) - - return nil -} diff --git a/policy/cmd/polcli/commands/common.go b/policy/cmd/polcli/commands/common.go deleted file mode 100644 index 45599555..00000000 --- a/policy/cmd/polcli/commands/common.go +++ /dev/null @@ -1,65 +0,0 @@ -// Copyright 2022-2023 Contributors to the Veraison project. -// SPDX-License-Identifier: Apache-2.0 -package commands - -import ( - "fmt" - - "github.com/spf13/cobra" - "github.com/spf13/viper" - "github.com/veraison/services/config" - "github.com/veraison/services/log" - "github.com/veraison/services/policy" -) - -var ( - rawConfig *viper.Viper - store *policy.Store - storeDsnFromFlag string - - storeDefaults = map[string]string{ - "backend": "sql", - "sql.driver": "sqlite3", - "sql.datasource": "po-store.sql", - } -) - -func init() { - cobra.OnInitialize(initConfig) -} - -func initConfig() { - var err error - rawConfig, err = config.ReadRawConfig(cfgFile, true) - cobra.CheckErr(err) -} - -func initPolicyStore(cmd *cobra.Command, args []string) error { - cfg := rawConfig.Sub("po-store") - for k, v := range storeDefaults { - cfg.SetDefault(k, v) - } - - // if store location has been specified with --store flag, set it as - // the datasource for the selected backend. - if storeDsnFromFlag != "" { - cfg.Set(fmt.Sprintf("%s.datasource", cfg.GetString("backend")), storeDsnFromFlag) - } - - var err error - - store, err = policy.NewStore(cfg, log.Named("po-store")) - if err != nil { - return fmt.Errorf("could not initialize policy store: %w", err) - } - - return nil -} - -func finiPolicyStore(cmd *cobra.Command, args []string) error { - if store != nil { - store.Close() - } - - return nil -} diff --git a/policy/cmd/polcli/commands/del.go b/policy/cmd/polcli/commands/del.go deleted file mode 100644 index ba81973a..00000000 --- a/policy/cmd/polcli/commands/del.go +++ /dev/null @@ -1,49 +0,0 @@ -// Copyright 2022-2023 Contributors to the Veraison project. -// SPDX-License-Identifier: Apache-2.0 -package commands - -import ( - "fmt" - "log" - - _ "github.com/mattn/go-sqlite3" - "github.com/spf13/cobra" - - "github.com/veraison/services/policy" -) - -var ( - delCmd = &cobra.Command{ - Use: "del [-s STORE] ID", - Short: "delete the policy with the specified ID", - Args: cobra.MatchAll(cobra.ExactArgs(1), validateDelArgs), - RunE: doDelCommand, - PreRunE: initPolicyStore, - PostRunE: finiPolicyStore, - } -) - -func validateDelArgs(cmd *cobra.Command, args []string) error { - // note: assumes ExactArgs(1) matched. - - if _, err := policy.PolicyKeyFromString(args[0]); err != nil { - return fmt.Errorf("invalid policy ID: %w", err) - } - - return nil -} - -func doDelCommand(cmd *cobra.Command, args []string) error { - policyID, err := policy.PolicyKeyFromString(args[0]) - if err != nil { - return err - } - - if err := store.Del(policyID); err != nil { - return fmt.Errorf("could not delete policy: %w", err) - } - - log.Printf("Policy %q deleted.\n", policyID) - - return nil -} diff --git a/policy/cmd/polcli/commands/get.go b/policy/cmd/polcli/commands/get.go deleted file mode 100644 index e17bb097..00000000 --- a/policy/cmd/polcli/commands/get.go +++ /dev/null @@ -1,98 +0,0 @@ -// Copyright 2022-2023 Contributors to the Veraison project. -// SPDX-License-Identifier: Apache-2.0 -package commands - -import ( - "fmt" - "os" - - _ "github.com/mattn/go-sqlite3" - "github.com/spf13/cobra" - "github.com/veraison/services/policy" -) - -var ( - getCmd = &cobra.Command{ - Use: "get [-s STORE] [-v VERSION] ID", - Short: "get the policy stored under the specified ID", - Args: cobra.MatchAll(cobra.ExactArgs(1), validateGetArgs), - RunE: doGetCommand, - PreRunE: initPolicyStore, - PostRunE: finiPolicyStore, - } - - getUUID string - getOutputFilePath string -) - -func init() { - getCmd.PersistentFlags().StringVarP(&getUUID, "version", "v", "", - "get the specified, rather than latest, version") - getCmd.PersistentFlags().StringVarP(&getOutputFilePath, "output", "o", "", - "write the policy to the specified file, rather than STDOUT") -} - -func validateGetArgs(cmd *cobra.Command, args []string) error { - // note: assumes ExactArgs(1) matched. - - if _, err := policy.PolicyKeyFromString(args[0]); err != nil { - return fmt.Errorf("invalid policy ID: %w", err) - } - - return nil -} - -func doGetCommand(cmd *cobra.Command, args []string) error { - var policies []*policy.Policy - var pol *policy.Policy - var err error - - policyKey, err := policy.PolicyKeyFromString(args[0]) - if err != nil { - return err - } - - if getUUID == "" { - pol, err = store.GetActive(policyKey) - if err != nil { - return err - } - } else { - policies, err = store.Get(policyKey) - if err != nil { - return err - } - - found := false - for _, candidate := range policies { - if candidate.UUID.String() == getUUID { - pol = candidate - found = true - break - } - } - - if !found { - return fmt.Errorf("UUID %q for policy %q not found", - getUUID, policyKey) - } - } - - var writer *os.File - - if getOutputFilePath != "" { - writer, err = os.Create(getOutputFilePath) - if err != nil { - return fmt.Errorf("Could not open %q for writing: %w", - getOutputFilePath, err) - } - } else { - writer = os.Stdout - } - - if _, err := writer.Write([]byte(pol.Rules)); err != nil { - return err - } - - return nil -} diff --git a/policy/cmd/polcli/commands/list.go b/policy/cmd/polcli/commands/list.go deleted file mode 100644 index f1c432e7..00000000 --- a/policy/cmd/polcli/commands/list.go +++ /dev/null @@ -1,56 +0,0 @@ -// Copyright 2022-2023 Contributors to the Veraison project. -// SPDX-License-Identifier: Apache-2.0 -package commands - -import ( - "crypto/md5" - "fmt" - "os" - - _ "github.com/mattn/go-sqlite3" - "github.com/olekukonko/tablewriter" - "github.com/spf13/cobra" -) - -var ( - listCmd = &cobra.Command{ - Use: "list [-s STORE]", - Short: "list policies in the store", - Args: cobra.NoArgs, - RunE: doListCommand, - PreRunE: initPolicyStore, - PostRunE: finiPolicyStore, - } - - shouldListAll bool -) - -func init() { - listCmd.PersistentFlags().BoolVarP(&shouldListAll, "all", "a", false, - "if specfied, all stored versions of policies will be listed") -} - -func doListCommand(cmd *cobra.Command, args []string) error { - listFunc := store.List - if shouldListAll { - listFunc = store.ListAllVersions - } - - policies, err := listFunc() - if err != nil { - return fmt.Errorf("could not list policies: %w", err) - } - - table := tablewriter.NewWriter(os.Stdout) - table.SetHeader([]string{"id", "version", "md5sum"}) - - for _, p := range policies { - uuid := p.UUID.String() - md5sum := fmt.Sprintf("%x", md5.Sum([]byte(p.Rules))) - table.Append([]string{p.StoreKey.String(), uuid, md5sum}) - } - - table.Render() - - return nil -} diff --git a/policy/cmd/polcli/commands/root.go b/policy/cmd/polcli/commands/root.go deleted file mode 100644 index e8b06fb6..00000000 --- a/policy/cmd/polcli/commands/root.go +++ /dev/null @@ -1,35 +0,0 @@ -// Copyright 2022-2023 Contributors to the Veraison project. -// SPDX-License-Identifier: Apache-2.0 -package commands - -import ( - "github.com/spf13/cobra" - - "github.com/veraison/services/config" -) - -var ( - cfgFile string - - rootCmd = &cobra.Command{ - Use: "polcli", - Short: "policy management client", - Version: config.Version, - } -) - -func Execute() { - cobra.CheckErr(rootCmd.Execute()) -} - -func init() { - rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file") - rootCmd.PersistentFlags().StringVarP(&storeDsnFromFlag, "store", "s", "", - "policy store datasource (only used for sql backend).") - - rootCmd.AddCommand(setupCmd) - rootCmd.AddCommand(addCmd) - rootCmd.AddCommand(listCmd) - rootCmd.AddCommand(getCmd) - rootCmd.AddCommand(delCmd) -} diff --git a/policy/cmd/polcli/commands/setup.go b/policy/cmd/polcli/commands/setup.go deleted file mode 100644 index f4d1bd0e..00000000 --- a/policy/cmd/polcli/commands/setup.go +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright 2022-2023 Contributors to the Veraison project. -// SPDX-License-Identifier: Apache-2.0 -package commands - -import ( - "github.com/spf13/cobra" -) - -var ( - setupCmd = &cobra.Command{ - Use: "setup [-s STORE]", - Short: "one-time setup for a new store.", - Long: "Perform a one-time setup of the store. What this entails is backend-dependent (e.g. the sql backend will create the table used by the store.", - Args: cobra.NoArgs, - RunE: doSetupCommand, - PreRunE: initPolicyStore, - PostRunE: finiPolicyStore, - } -) - -func doSetupCommand(cmd *cobra.Command, args []string) error { - return store.Setup() -} diff --git a/policy/cmd/polcli/example-config.yaml b/policy/cmd/polcli/example-config.yaml deleted file mode 100644 index f421e321..00000000 --- a/policy/cmd/polcli/example-config.yaml +++ /dev/null @@ -1,5 +0,0 @@ -po-store: - backend: sql - sql: - driver: sqlite3 - datasource: po-store.sql diff --git a/policy/cmd/polcli/main.go b/policy/cmd/polcli/main.go deleted file mode 100644 index b4584f07..00000000 --- a/policy/cmd/polcli/main.go +++ /dev/null @@ -1,11 +0,0 @@ -// Copyright 2022-2023 Contributors to the Veraison project. -// SPDX-License-Identifier: Apache-2.0 -package main - -import ( - "github.com/veraison/services/policy/cmd/polcli/commands" -) - -func main() { - commands.Execute() -}