| #include <stdlib.h> |
| |
| #include <cstdlib> |
| #include <fstream> |
| #include <iostream> |
| #include <ostream> |
| #include <string> |
| |
| #include "absl/flags/flag.h" |
| #include "absl/flags/parse.h" |
| #ifndef IN_GOOGLE3 |
| #include "absl/log/globals.h" |
| #endif |
| #include "absl/log/initialize.h" |
| #include "absl/log/log.h" |
| #include "nlohmann/json.hpp" |
| #include "config_generator.h" |
| |
| #ifndef IN_GOOGLE3 |
| // See absl/log/globals.h for detailed instructions |
| ABSL_FLAG( |
| int, stderrthreshold, 0, |
| "Messages logged at or above this level are directed to stderr in addition " |
| "to other registered log sinks; default to >= absl::LogSeverity::kInfo"); |
| ABSL_FLAG( |
| int, minloglevel, 0, |
| "Messages logged at or above this severity are directed to all registered " |
| "log sinks or skipped otherwise; default to >= absl::LogSeverity::kInfo"); |
| #endif |
| |
| ABSL_FLAG(std::string, command, "update", |
| "Command to run; supported command: 'clear', 'update'; 'clear' " |
| "command will clear the authorization policy file so that every " |
| "request is rejected; 'update' command will parse the base policy " |
| "file and add nodes on the same machine"); |
| ABSL_FLAG(std::string, gmi_path, |
| "/var/google/googlemachineidentity/live/machine_identity.pb", |
| "Path to the Google Machine Identity (GMI) file."); |
| ABSL_FLAG(std::string, server_cert_path, "/var/volatile/prodid/server.pem", |
| "Path to the Zatar server certificate file."); |
| ABSL_FLAG(std::string, one_path, |
| "/var/google/googlemachineidentity/live/offline_node_entities.pb", |
| "Path to the Offline Node Entities file."); |
| ABSL_FLAG(std::string, authz_configuration_path, |
| "/var/google/authz_policies/redfish.json", |
| "Path to the current authorization configuration file."); |
| ABSL_FLAG(std::string, output_path, "/tmp/redfish.json", |
| "Path to the output authorization configuration file."); |
| void DumpFile(const std::string& content, const std::string& path) { |
| std::ofstream outputFileStream; |
| |
| // Throws on failures |
| outputFileStream.exceptions(std::ofstream::failbit | std::ofstream::badbit | |
| std::ofstream::eofbit); |
| outputFileStream.open(path, std::ios::out); |
| outputFileStream << content << "\n" << std::flush; |
| outputFileStream.close(); |
| } |
| |
| int main(int argc, char* argv[]) { |
| absl::ParseCommandLine(argc, argv); |
| #ifndef IN_GOOGLE3 |
| absl::SetMinLogLevel( |
| static_cast<absl::LogSeverityAtLeast>(absl::GetFlag(FLAGS_minloglevel))); |
| absl::SetStderrThreshold(static_cast<absl::LogSeverityAtLeast>( |
| absl::GetFlag(FLAGS_stderrthreshold))); |
| #endif |
| absl::InitializeLog(); |
| using ::milotic::authz::ConfigGenerator; |
| |
| std::string output_path = absl::GetFlag(FLAGS_output_path); |
| std::string command = absl::GetFlag(FLAGS_command); |
| if (command == "clear") { |
| DumpFile(ConfigGenerator::EmptyConfiguration().dump(2), output_path); |
| return EXIT_SUCCESS; |
| } |
| |
| using ::milotic::authz::GeneratorOptions; |
| |
| GeneratorOptions options = { |
| .gmi_path = absl::GetFlag(FLAGS_gmi_path), |
| .server_cert_path = absl::GetFlag(FLAGS_server_cert_path), |
| .authz_configuration_path = absl::GetFlag(FLAGS_authz_configuration_path), |
| .offline_node_entities_path = absl::GetFlag(FLAGS_one_path)}; |
| |
| nlohmann::json result_config = |
| ConfigGenerator::GenerateConfiguration(options); |
| |
| if (result_config.empty()) { |
| LOG(ERROR) << "Failed! See error logs."; |
| return EXIT_FAILURE; |
| } |
| |
| DumpFile(result_config.dump(2), output_path); |
| return EXIT_SUCCESS; |
| } |
