Merge pull request #126 from wa5i/cli

Add CLI functionality for policy and its subcommands.

Author: InfoHunter

src/api/sys.rs

@@ -106,4 +106,24 @@ impl Sys<'_> {
 
         self.request_write("/v1/sys/remount", data.as_object().cloned())
     }
+
+    pub fn list_policy(&self) -> Result<HttpResponse, RvError> {
+        self.request_read("/v1/sys/policies/acl")
+    }
+
+    pub fn read_policy(&self, name: &str) -> Result<HttpResponse, RvError> {
+        self.request_read(&format!("/v1/sys/policies/acl/{}", name))
+    }
+
+    pub fn write_policy(&self, name: &str, policy: &str) -> Result<HttpResponse, RvError> {
+        let data = json!({
+            "policy": policy,
+        });
+
+        self.request_write(&format!("/v1/sys/policies/acl/{}", name), data.as_object().cloned())
+    }
+
+    pub fn delete_policy(&self, name: &str) -> Result<HttpResponse, RvError> {
+        self.request_delete(&format!("/v1/sys/policies/acl/{}", name), None)
+    }
 }

src/cli/command/mod.rs

@@ -27,6 +27,11 @@ pub mod operator;
 pub mod operator_init;
 pub mod operator_seal;
 pub mod operator_unseal;
+pub mod policy;
+pub mod policy_delete;
+pub mod policy_list;
+pub mod policy_read;
+pub mod policy_write;
 pub mod read;
 pub mod server;
 pub mod status;

src/cli/command/policy.rs

@@ -0,0 +1,78 @@
+use clap::{Parser, Subcommand};
+use sysexits::ExitCode;
+
+use super::{policy_delete, policy_list, policy_read, policy_write};
+use crate::{cli::command::CommandExecutor, EXIT_CODE_INSUFFICIENT_PARAMS};
+
+#[derive(Parser)]
+#[command(
+    author,
+    version,
+    about = "Perform operator-specific tasks",
+    long_about = r#"This command groups subcommands for interacting with policies.
+Users can write, read, and list policies in RustyVault.
+
+List all enabled policies:
+
+    $ rvault policy list
+
+Create a policy named "my-policy" from contents on local disk:
+
+    $ rvault policy write my-policy ./my-policy.hcl
+
+Delete the policy named my-policy:
+
+    $ rvault policy delete my-policy
+
+Please see the individual subcommand help for detailed usage information."#
+)]
+pub struct Policy {
+    #[command(subcommand)]
+    command: Option<Commands>,
+}
+
+#[derive(Subcommand)]
+pub enum Commands {
+    List(policy_list::List),
+    Write(policy_write::Write),
+    Delete(policy_delete::Delete),
+    Read(policy_read::Read),
+}
+
+impl Commands {
+    pub fn execute(&mut self) -> ExitCode {
+        match self {
+            Commands::List(list) => list.execute(),
+            Commands::Write(write) => write.execute(),
+            Commands::Read(read) => read.execute(),
+            Commands::Delete(delete) => delete.execute(),
+        }
+    }
+}
+
+impl Policy {
+    #[inline]
+    pub fn execute(&mut self) -> ExitCode {
+        if let Some(ref mut cmd) = &mut self.command {
+            return cmd.execute();
+        }
+
+        EXIT_CODE_INSUFFICIENT_PARAMS
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use crate::{errors::RvError, rv_error_string, test_utils::TestHttpServer};
+
+    #[test]
+    fn test_cli_policy() {
+        let mut test_http_server = TestHttpServer::new("test_cli_policy", true);
+        test_http_server.token = test_http_server.root_token.clone();
+
+        // There is no data by default, and reading should fail.
+        let ret = test_http_server.cli(&["read"], &["kv/foo"]);
+        assert!(ret.is_err());
+        assert_eq!(ret.unwrap_err(), rv_error_string!("No value found at kv/foo\n"));
+    }
+}

src/cli/command/policy_delete.rs

@@ -0,0 +1,94 @@
+use clap::Parser;
+use derive_more::Deref;
+
+use crate::{
+    cli::command::{self, CommandExecutor},
+    errors::RvError,
+};
+
+#[derive(Parser, Deref)]
+#[command(
+    author,
+    version,
+    about = r#"Deletes the policy named NAME in the RustyVault server. Once the policy is deleted,
+all tokens associated with the policy are affected immediately.
+
+Delete the policy named "my-policy":
+
+    $ rvault policy delete my-policy
+
+Note that it is not possible to delete the "default" or "root" policies.
+These are built-in policies.
+"#
+)]
+pub struct Delete {
+    #[clap(index = 1, value_name = "NAME", help = r#"The name of policy"#)]
+    name: String,
+
+    #[deref]
+    #[command(flatten, next_help_heading = "HTTP Options")]
+    http_options: command::HttpOptions,
+
+    #[command(flatten, next_help_heading = "Output Options")]
+    output: command::OutputOptions,
+}
+
+impl CommandExecutor for Delete {
+    #[inline]
+    fn main(&self) -> Result<(), RvError> {
+        let client = self.client()?;
+        let sys = client.sys();
+
+        let policy_name = self.name.trim().to_lowercase();
+
+        match sys.delete_policy(&policy_name) {
+            Ok(ret) => {
+                if ret.response_status == 200 || ret.response_status == 204 {
+                    println!("Success! Deleted policy: {}", policy_name);
+                } else {
+                    ret.print_debug_info();
+                    std::process::exit(2);
+                }
+            }
+            Err(e) => eprintln!("{}", e),
+        }
+
+        Ok(())
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use crate::test_utils::TestHttpServer;
+
+    #[test]
+    fn test_cli_policy_delete() {
+        let mut test_http_server = TestHttpServer::new("test_cli_policy_delete", true);
+        test_http_server.token = test_http_server.root_token.clone();
+
+        // delete default should be failed
+        let ret = test_http_server.cli(&["policy", "delete"], &["default"]);
+        assert!(ret.is_err());
+        let err = ret.unwrap_err().to_string();
+        assert!(err.contains("cannot delete default policy"));
+        assert!(err.contains("Code: 400. Error"));
+
+        // delete root should be failed
+        let ret = test_http_server.cli(&["policy", "delete"], &["root"]);
+        assert!(ret.is_err());
+        let err = ret.unwrap_err().to_string();
+        assert!(err.contains("cannot delete root policy"));
+        assert!(err.contains("Code: 400. Error"));
+
+        // write a test policy
+        let test_policy = r#"path "secret/" {}"#;
+        let client = test_http_server.client().unwrap();
+        let sys = client.sys();
+        assert!(sys.write_policy("my-policy", test_policy).is_ok());
+
+        // delete default should be ok
+        let ret = test_http_server.cli(&["policy", "delete"], &["my-policy"]);
+        assert!(ret.is_ok());
+        assert_eq!(ret.unwrap(), "Success! Deleted policy: my-policy\n");
+    }
+}

src/cli/command/policy_list.rs

@@ -0,0 +1,101 @@
+use clap::Parser;
+use derive_more::Deref;
+
+use crate::{
+    cli::command::{self, CommandExecutor},
+    errors::RvError,
+};
+
+#[derive(Parser, Deref)]
+#[command(author, version, about = r#"Lists the names of the policies that are installed on the RustyVault server."#)]
+pub struct List {
+    #[deref]
+    #[command(flatten, next_help_heading = "HTTP Options")]
+    http_options: command::HttpOptions,
+
+    #[command(flatten, next_help_heading = "Output Options")]
+    output: command::OutputOptions,
+}
+
+impl CommandExecutor for List {
+    #[inline]
+    fn main(&self) -> Result<(), RvError> {
+        let client = self.client()?;
+        let sys = client.sys();
+
+        match sys.list_policy() {
+            Ok(ret) => {
+                if ret.response_status == 200 {
+                    let value = ret.response_data.as_ref().unwrap();
+                    let keys = &value["keys"];
+                    if *keys == serde_json::from_str::<serde_json::Value>("[]").unwrap() {
+                        ret.print_debug_info();
+                        println!("No policy");
+                        return Err(RvError::ErrRequestNoData);
+                    }
+                    self.output.print_value(keys, false)?;
+                } else if ret.response_status == 404 {
+                    ret.print_debug_info();
+                    println!("No policy");
+                    return Err(RvError::ErrRequestNoData);
+                } else {
+                    ret.print_debug_info();
+                }
+            }
+            Err(e) => eprintln!("{}", e),
+        }
+
+        Ok(())
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use crate::test_utils::TestHttpServer;
+
+    #[test]
+    fn test_cli_policy_list() {
+        let mut test_http_server = TestHttpServer::new("test_cli_policy_list", true);
+        test_http_server.token = test_http_server.root_token.clone();
+
+        // list policy
+        let ret = test_http_server.cli(&["policy", "list"], &[]);
+        assert!(ret.is_ok());
+        #[cfg(windows)]
+        assert_eq!(ret.unwrap(), "default    \r\nroot    \r\n");
+        #[cfg(not(windows))]
+        assert_eq!(ret.unwrap(), "default    \nroot    \n");
+
+        // write a test policy
+        let test_policy = r#"path "secret/" {}"#;
+        let client = test_http_server.client().unwrap();
+        let sys = client.sys();
+        assert!(sys.write_policy("my-policy", test_policy).is_ok());
+
+        // list policy again
+        let ret = test_http_server.cli(&["policy", "list"], &[]);
+        assert!(ret.is_ok());
+        #[cfg(windows)]
+        assert_eq!(ret.unwrap(), "default    \r\nmy-policy    \r\nroot    \r\n");
+        #[cfg(not(windows))]
+        assert_eq!(ret.unwrap(), "default    \nmy-policy    \nroot    \n");
+
+        // list policy with table format
+        let ret = test_http_server.cli(&["policy", "list"], &["--format=table"]);
+        assert!(ret.is_ok());
+        #[cfg(windows)]
+        assert_eq!(ret.unwrap(), "default    \r\nmy-policy    \r\nroot    \r\n");
+        #[cfg(not(windows))]
+        assert_eq!(ret.unwrap(), "default    \nmy-policy    \nroot    \n");
+
+        // list policy with json format
+        let ret = test_http_server.cli(&["policy", "list"], &["--format=json"]);
+        assert!(ret.is_ok());
+        assert_eq!(ret.unwrap(), "[\n  \"default\",\n  \"my-policy\",\n  \"root\"\n]\n");
+
+        // list policy with yaml format
+        let ret = test_http_server.cli(&["policy", "list"], &["--format=yaml"]);
+        assert!(ret.is_ok());
+        assert_eq!(ret.unwrap(), "- default\n- my-policy\n- root\n");
+    }
+}