Commit bc62b88c authored by Marcus's avatar Marcus
Browse files

Merge branch 'dev' of git.scc.kit.edu:feudal/feudalSSH into dev

parents 6dfaa9ae 1b0ae505
......@@ -6,7 +6,7 @@ CLI tool for uploading keys to FEUDAL and requesting access to services.
## Usage
```
usage: FEUDAL SSH --at=AT [<flags>] [<serviceID>]
usage: FEUDAL SSH [<flags>] [<serviceID>]
SSH integration for FEUDAL
......@@ -15,12 +15,12 @@ Flags:
--help-man).
--version Show application version.
-a, --at=AT Access Token
-u, --issuer="https://unity.helmholtz-data-federation.de/oauth2"
-u, --issuer="https://unity.helmholtz-data-federation.de/oauth2"
Issuer URI of your access token. Not needed if JWT access token
with iss claim.
-f, --feudal="https://hdf-portal.data.kit.edu"
-f, --feudal="https://hdf-portal.data.kit.edu"
Feudal URI
-i, --identity-file=IDENTITY-FILE
-i, --identity-file=IDENTITY-FILE
SSH identity (public key) file
-v, --verbose Verbose output
-c, --connect Open SSH connection, once credentials are received
......@@ -29,4 +29,3 @@ Flags:
Args:
[<serviceID>] ID of service to use
```
......@@ -18,6 +18,8 @@ import (
"golang.org/x/crypto/ssh"
kingpin "gopkg.in/alecthomas/kingpin.v2"
"github.com/zachmann/liboidcagent-go/liboidcagent"
)
var (
......@@ -35,15 +37,16 @@ var (
// access token, possibly from the environment
// Envar OIDC has precedence over OIDC_AT
accessToken = app.Flag("at", "Access Token").Short('a').Envar("OIDC_AT").Envar("OIDC").Required().String()
accessTokenArg = app.Flag("at", "Access Token").Short('a').Envar("OIDC_AT").Envar("OIDC").String()
issuerURIArg = app.Flag("issuer", "Issuer URI of your access token. Not needed if JWT access token with iss claim.").Short('u').Default("https://unity.helmholtz-data-federation.de/oauth2").String()
feudalURI = app.Flag("feudal", "Feudal URI").Short('f').Default("https://hdf-portal.data.kit.edu").String()
feudalURI = app.Flag("feudal", "Feudal URL").Short('f').Default("https://hdf-portal.data.kit.edu").String()
pubKey = app.Flag("identity-file", "SSH identity (public key) file").Short('i').String()
verboseArg = app.Flag("verbose", "Verbose output").Short('v').Bool()
connectArg = app.Flag("connect", "Open SSH connection, once credentials are received (experimental).").Short('c').Bool()
issuerURI = ""
issuerURI = ""
accessToken = ""
sshSession *ssh.Session
)
......@@ -66,7 +69,7 @@ func restCall(method string, path string, body io.Reader) (responseBytes []byte,
return
}
request.Header.Add("X-Issuer", issuerURI)
request.Header.Add("Authorization", fmt.Sprintf("Bearer %s", *accessToken))
request.Header.Add("Authorization", fmt.Sprintf("Bearer %s", accessToken))
if body != nil {
request.Header.Add("Content-Type", "application/json")
......@@ -301,12 +304,39 @@ func main() {
log.SetOutput(ioutil.Discard)
}
log.Printf("Using access token: %s", *accessToken)
issuerURI = *issuerURIArg
if atIssuer := inspectAccessToken(*accessToken); atIssuer != "" {
issuerURI = atIssuer
// determine access token and issuerURI
if *accessTokenArg != "" {
accessToken = *accessTokenArg
log.Printf("Using access token: %s", accessToken)
atIssuer := inspectAccessToken(accessToken)
if atIssuer != "" {
issuerURI = atIssuer
log.Printf("Using issuer: %s from JWT access token", issuerURI)
} else if *issuerURIArg != "" {
issuerURI = *issuerURIArg
log.Printf("Using issuer: %s", issuerURI)
} else {
app.Usage([]string{})
fatalf("Error: Unable to determine issuer URI")
}
} else if *issuerURIArg != "" { // *accessTokenArg == ""
issuerURI = *issuerURIArg
log.Printf("Using issuer: %s", issuerURI)
var err error
accessToken, err = liboidcagent.GetAccessTokenByIssuerURL(issuerURI, 120, "", "feudalSSH")
if err != nil {
fatalf("Unable to get access token from oidc agent: %s", err)
}
log.Printf("Using access token: %s from oidc-agent", accessToken)
} else { // *accessTokenArg == "" && *issuerURIArg == ""
app.Usage([]string{})
fatalf("Error: Unable to determine access token")
}
log.Printf("Using issuer: %s", issuerURI)
// determine key
var publicKey, err = negotiatePublicKey(*pubKey)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment