From 768674bebf8616667b7662a580dc113eb950b4ee Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sat, 16 Mar 2019 17:53:07 +0200 Subject: Add: allow-scope, deny-scope commands --- README | 4 ++++ effitool | 72 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++------- 2 files changed, 69 insertions(+), 7 deletions(-) diff --git a/README b/README index de3bc4c..523e01c 100644 --- a/README +++ b/README @@ -61,6 +61,10 @@ To show the allowed scopes for a specific client: ./effitool show-client tomjon +To list all members (database ids): + + ./effitool list-members + Legalese ----------------------------------------------------------------------------- diff --git a/effitool b/effitool index 52d5578..cfe0dd0 100755 --- a/effitool +++ b/effitool @@ -104,21 +104,21 @@ class HTTPAPI: grant_type='client_credentials', scope=' '.join(scopes)) return obj['access_token'] - def get_json(self, token, path): + def get_json(self, token, path, headers=None, body=None): url = self.url(path) host, port, path = self.parse_url(url) - headers = { - 'Authorization': 'Bearer {}'.format(token), - } + if headers is None: + headers = {} + headers['Authorization'] = 'Bearer {}'.format(token) req = urllib.request.Request( - url, headers=headers, method='GET') + url, data=body, headers=headers, method='GET') r = urllib.request.urlopen(req) return self.request_json(r) - def get_list(self, token, path): - return self.get_json(token, path) + def get_list(self, token, path, headers=None, body=None): + return self.get_json(token, path, headers=headers, body=body) def post_form(self, path, user, password, **kwargs): url = self.url(path) @@ -255,6 +255,55 @@ class Tool: for scope in client.get('allowed_scopes', []): print(scope) + def allow_scope(self, args): + name = args['client-name'] + scopes = args['scope'] + server = self.get_chosen_server(args) + token = self.get_admin_token(server) + api = HTTPAPI(server['url']) + path = '/clients/{}'.format(name) + client = api.get_json(token, path) + client['allowed_scopes'] = uniq(client.get('allowed_scopes', []) + scopes) + api.put_json(token, path, client) + + def deny_scope(self, args): + name = args['client-name'] + denied_scopes = args['scope'] + server = self.get_chosen_server(args) + token = self.get_admin_token(server) + api = HTTPAPI(server['url']) + path = '/clients/{}'.format(name) + client = api.get_json(token, path) + old_scopes = client.get('allowed_scopes', []) + client['allowed_scopes'] = uniq( + s for s in old_scopes if s not in denied_scopes) + api.put_json(token, path, client) + + def list_members(self, args): + server = self.get_chosen_server(args) + token = self.get_admin_token(server) + print('token', token) + api = HTTPAPI(server['url']) + cond = [ + { + 'where': 'meta', + 'op': '>=', + 'field': 'id', + 'pattern': '', + } + ] + body = json.dumps(cond).encode('utf-8') + headers = { + 'Content-Type': 'application/json', + } + obj = api.get_list(token, '/search', headers=headers, body=body) + for rid in sorted(obj.get('resources', [])): + print(rid) + + +def uniq(items): + return list(sorted(set(items))) + def process_args(config): tool = Tool(config) @@ -270,6 +319,15 @@ def process_args(config): ('show-client', tool.show_clients, [ ('client-name', {}), ]), + ('allow-scope', tool.allow_scope, [ + ('client-name', {}), + ('scope', {'nargs':'*'}), + ]), + ('deny-scope', tool.deny_scope, [ + ('client-name', {}), + ('scope', {'nargs':'*'}), + ]), + ('list-members', tool.list_members, []), ] p = argparse.ArgumentParser() -- cgit v1.2.1