|  | #include <stdlib.h> | 
|  |  | 
|  | #include <cstdlib> | 
|  | #include <fstream> | 
|  | #include <iostream> | 
|  | #include <ostream> | 
|  | #include <string> | 
|  |  | 
|  | #include "absl/flags/flag.h" | 
|  | #include "absl/flags/parse.h" | 
|  | #ifndef IN_GOOGLE3 | 
|  | #include "absl/log/globals.h" | 
|  | #endif | 
|  | #include "absl/log/initialize.h" | 
|  | #include "absl/log/log.h" | 
|  | #include "nlohmann/json.hpp" | 
|  | #include "config_generator.h" | 
|  |  | 
|  | #ifndef IN_GOOGLE3 | 
|  | // See absl/log/globals.h for detailed instructions | 
|  | ABSL_FLAG( | 
|  | int, stderrthreshold, 0, | 
|  | "Messages logged at or above this level are directed to stderr in addition " | 
|  | "to other registered log sinks; default to >= absl::LogSeverity::kInfo"); | 
|  | ABSL_FLAG( | 
|  | int, minloglevel, 0, | 
|  | "Messages logged at or above this severity are directed to all registered " | 
|  | "log sinks or skipped otherwise; default to >= absl::LogSeverity::kInfo"); | 
|  | #endif | 
|  |  | 
|  | ABSL_FLAG(std::string, command, "update", | 
|  | "Command to run; supported command: 'clear', 'update'; 'clear' " | 
|  | "command will clear the authorization policy file so that every " | 
|  | "request is rejected; 'update' command will parse the base policy " | 
|  | "file and add nodes on the same machine"); | 
|  | ABSL_FLAG(std::string, gmi_path, | 
|  | "/var/google/googlemachineidentity/live/machine_identity.pb", | 
|  | "Path to the Google Machine Identity (GMI) file."); | 
|  | ABSL_FLAG(std::string, server_cert_path, "/var/volatile/prodid/server.pem", | 
|  | "Path to the Zatar server certificate file."); | 
|  | ABSL_FLAG(std::string, one_path, | 
|  | "/var/google/googlemachineidentity/live/offline_node_entities.pb", | 
|  | "Path to the Offline Node Entities file."); | 
|  | ABSL_FLAG(std::string, authz_configuration_path, | 
|  | "/var/google/authz_policies/redfish.json", | 
|  | "Path to the current authorization configuration file."); | 
|  | ABSL_FLAG(std::string, output_path, "/tmp/redfish.json", | 
|  | "Path to the output authorization configuration file."); | 
|  | void DumpFile(const std::string& content, const std::string& path) { | 
|  | std::ofstream outputFileStream; | 
|  |  | 
|  | // Throws on failures | 
|  | outputFileStream.exceptions(std::ofstream::failbit | std::ofstream::badbit | | 
|  | std::ofstream::eofbit); | 
|  | outputFileStream.open(path, std::ios::out); | 
|  | outputFileStream << content << "\n" << std::flush; | 
|  | outputFileStream.close(); | 
|  | } | 
|  |  | 
|  | int main(int argc, char* argv[]) { | 
|  | absl::ParseCommandLine(argc, argv); | 
|  | #ifndef IN_GOOGLE3 | 
|  | absl::SetMinLogLevel( | 
|  | static_cast<absl::LogSeverityAtLeast>(absl::GetFlag(FLAGS_minloglevel))); | 
|  | absl::SetStderrThreshold(static_cast<absl::LogSeverityAtLeast>( | 
|  | absl::GetFlag(FLAGS_stderrthreshold))); | 
|  | #endif | 
|  | absl::InitializeLog(); | 
|  | using ::milotic::authz::ConfigGenerator; | 
|  |  | 
|  | std::string output_path = absl::GetFlag(FLAGS_output_path); | 
|  | std::string command = absl::GetFlag(FLAGS_command); | 
|  | if (command == "clear") { | 
|  | DumpFile(ConfigGenerator::EmptyConfiguration().dump(2), output_path); | 
|  | return EXIT_SUCCESS; | 
|  | } | 
|  |  | 
|  | using ::milotic::authz::GeneratorOptions; | 
|  |  | 
|  | GeneratorOptions options = { | 
|  | .gmi_path = absl::GetFlag(FLAGS_gmi_path), | 
|  | .server_cert_path = absl::GetFlag(FLAGS_server_cert_path), | 
|  | .authz_configuration_path = absl::GetFlag(FLAGS_authz_configuration_path), | 
|  | .offline_node_entities_path = absl::GetFlag(FLAGS_one_path)}; | 
|  |  | 
|  | nlohmann::json result_config = | 
|  | ConfigGenerator::GenerateConfiguration(options); | 
|  |  | 
|  | if (result_config.empty()) { | 
|  | LOG(ERROR) << "Failed! See error logs."; | 
|  | return EXIT_FAILURE; | 
|  | } | 
|  |  | 
|  | DumpFile(result_config.dump(2), output_path); | 
|  | return EXIT_SUCCESS; | 
|  | } |