diff options
| author | Lars Wirzenius <liw@liw.fi> | 2019-03-16 17:53:07 +0200 |
|---|---|---|
| committer | Lars Wirzenius <liw@liw.fi> | 2019-03-16 17:53:07 +0200 |
| commit | 768674bebf8616667b7662a580dc113eb950b4ee (patch) | |
| tree | eb20ee5a35cd76ebef96d71cf2c410a8ca7dcae1 | |
| parent | 100e9fa3565600f55df792f4c6c6efdb370bc3ab (diff) | |
| download | effitool-768674bebf8616667b7662a580dc113eb950b4ee.tar.gz | |
Add: allow-scope, deny-scope commands
| -rw-r--r-- | README | 4 | ||||
| -rwxr-xr-x | effitool | 72 |
2 files changed, 69 insertions, 7 deletions
@@ -61,6 +61,10 @@ To show the allowed scopes for a specific client: ./effitool show-client tomjon +To list all members (database ids): + + ./effitool list-members + Legalese ----------------------------------------------------------------------------- @@ -104,21 +104,21 @@ class HTTPAPI: grant_type='client_credentials', scope=' '.join(scopes)) return obj['access_token'] - def get_json(self, token, path): + def get_json(self, token, path, headers=None, body=None): url = self.url(path) host, port, path = self.parse_url(url) - headers = { - 'Authorization': 'Bearer {}'.format(token), - } + if headers is None: + headers = {} + headers['Authorization'] = 'Bearer {}'.format(token) req = urllib.request.Request( - url, headers=headers, method='GET') + url, data=body, headers=headers, method='GET') r = urllib.request.urlopen(req) return self.request_json(r) - def get_list(self, token, path): - return self.get_json(token, path) + def get_list(self, token, path, headers=None, body=None): + return self.get_json(token, path, headers=headers, body=body) def post_form(self, path, user, password, **kwargs): url = self.url(path) @@ -255,6 +255,55 @@ class Tool: for scope in client.get('allowed_scopes', []): print(scope) + def allow_scope(self, args): + name = args['client-name'] + scopes = args['scope'] + server = self.get_chosen_server(args) + token = self.get_admin_token(server) + api = HTTPAPI(server['url']) + path = '/clients/{}'.format(name) + client = api.get_json(token, path) + client['allowed_scopes'] = uniq(client.get('allowed_scopes', []) + scopes) + api.put_json(token, path, client) + + def deny_scope(self, args): + name = args['client-name'] + denied_scopes = args['scope'] + server = self.get_chosen_server(args) + token = self.get_admin_token(server) + api = HTTPAPI(server['url']) + path = '/clients/{}'.format(name) + client = api.get_json(token, path) + old_scopes = client.get('allowed_scopes', []) + client['allowed_scopes'] = uniq( + s for s in old_scopes if s not in denied_scopes) + api.put_json(token, path, client) + + def list_members(self, args): + server = self.get_chosen_server(args) + token = self.get_admin_token(server) + print('token', token) + api = HTTPAPI(server['url']) + cond = [ + { + 'where': 'meta', + 'op': '>=', + 'field': 'id', + 'pattern': '', + } + ] + body = json.dumps(cond).encode('utf-8') + headers = { + 'Content-Type': 'application/json', + } + obj = api.get_list(token, '/search', headers=headers, body=body) + for rid in sorted(obj.get('resources', [])): + print(rid) + + +def uniq(items): + return list(sorted(set(items))) + def process_args(config): tool = Tool(config) @@ -270,6 +319,15 @@ def process_args(config): ('show-client', tool.show_clients, [ ('client-name', {}), ]), + ('allow-scope', tool.allow_scope, [ + ('client-name', {}), + ('scope', {'nargs':'*'}), + ]), + ('deny-scope', tool.deny_scope, [ + ('client-name', {}), + ('scope', {'nargs':'*'}), + ]), + ('list-members', tool.list_members, []), ] p = argparse.ArgumentParser() |