2021-04-28 16:15:45 +02:00
|
|
|
package cli
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
2021-08-15 23:29:55 +02:00
|
|
|
"strconv"
|
2022-08-25 12:03:38 +02:00
|
|
|
"strings"
|
2021-04-28 16:15:45 +02:00
|
|
|
"time"
|
|
|
|
|
2021-11-04 23:44:49 +01:00
|
|
|
v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
|
2022-05-30 16:10:39 +02:00
|
|
|
"github.com/prometheus/common/model"
|
2021-08-15 23:29:55 +02:00
|
|
|
"github.com/pterm/pterm"
|
2021-11-08 09:02:01 +01:00
|
|
|
"github.com/rs/zerolog/log"
|
2021-04-28 16:15:45 +02:00
|
|
|
"github.com/spf13/cobra"
|
2021-11-04 23:44:49 +01:00
|
|
|
"google.golang.org/protobuf/types/known/timestamppb"
|
2021-04-28 16:15:45 +02:00
|
|
|
)
|
|
|
|
|
2021-11-14 18:31:51 +01:00
|
|
|
const (
|
2022-05-30 16:10:39 +02:00
|
|
|
DefaultPreAuthKeyExpiry = "1h"
|
2021-11-14 18:31:51 +01:00
|
|
|
)
|
|
|
|
|
2021-07-25 15:07:27 +02:00
|
|
|
func init() {
|
|
|
|
rootCmd.AddCommand(preauthkeysCmd)
|
2023-01-17 17:43:44 +01:00
|
|
|
preauthkeysCmd.PersistentFlags().StringP("user", "n", "", "User")
|
|
|
|
err := preauthkeysCmd.MarkPersistentFlagRequired("user")
|
2021-07-25 16:26:15 +02:00
|
|
|
if err != nil {
|
2021-11-08 09:02:01 +01:00
|
|
|
log.Fatal().Err(err).Msg("")
|
2021-07-25 16:26:15 +02:00
|
|
|
}
|
2021-07-25 15:07:27 +02:00
|
|
|
preauthkeysCmd.AddCommand(listPreAuthKeys)
|
|
|
|
preauthkeysCmd.AddCommand(createPreAuthKeyCmd)
|
2021-08-08 00:10:30 +02:00
|
|
|
preauthkeysCmd.AddCommand(expirePreAuthKeyCmd)
|
2021-11-13 09:36:45 +01:00
|
|
|
createPreAuthKeyCmd.PersistentFlags().
|
|
|
|
Bool("reusable", false, "Make the preauthkey reusable")
|
|
|
|
createPreAuthKeyCmd.PersistentFlags().
|
|
|
|
Bool("ephemeral", false, "Preauthkey for ephemeral nodes")
|
2021-11-04 23:44:49 +01:00
|
|
|
createPreAuthKeyCmd.Flags().
|
2022-05-30 16:10:39 +02:00
|
|
|
StringP("expiration", "e", DefaultPreAuthKeyExpiry, "Human-readable expiration of the key (e.g. 30m, 24h)")
|
2022-08-25 12:03:38 +02:00
|
|
|
createPreAuthKeyCmd.Flags().
|
|
|
|
StringSlice("tags", []string{}, "Tags to automatically assign to node")
|
2021-07-25 15:07:27 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
var preauthkeysCmd = &cobra.Command{
|
2022-03-02 06:39:30 +01:00
|
|
|
Use: "preauthkeys",
|
|
|
|
Short: "Handle the preauthkeys in Headscale",
|
|
|
|
Aliases: []string{"preauthkey", "authkey", "pre"},
|
2021-04-28 16:15:45 +02:00
|
|
|
}
|
|
|
|
|
2021-07-25 15:07:27 +02:00
|
|
|
var listPreAuthKeys = &cobra.Command{
|
2022-03-02 06:39:30 +01:00
|
|
|
Use: "list",
|
2023-01-17 17:43:44 +01:00
|
|
|
Short: "List the preauthkeys for this user",
|
2022-03-02 06:39:30 +01:00
|
|
|
Aliases: []string{"ls", "show"},
|
2021-04-28 16:15:45 +02:00
|
|
|
Run: func(cmd *cobra.Command, args []string) {
|
2021-11-04 23:44:49 +01:00
|
|
|
output, _ := cmd.Flags().GetString("output")
|
|
|
|
|
2023-01-17 17:43:44 +01:00
|
|
|
user, err := cmd.Flags().GetString("user")
|
2021-04-30 00:23:26 +02:00
|
|
|
if err != nil {
|
2023-01-17 17:43:44 +01:00
|
|
|
ErrorOutput(err, fmt.Sprintf("Error getting user: %s", err), output)
|
2021-11-14 16:46:09 +01:00
|
|
|
|
2021-11-04 23:44:49 +01:00
|
|
|
return
|
2021-04-30 00:23:26 +02:00
|
|
|
}
|
|
|
|
|
2021-11-07 10:41:14 +01:00
|
|
|
ctx, client, conn, cancel := getHeadscaleCLIClient()
|
2021-11-04 23:44:49 +01:00
|
|
|
defer cancel()
|
|
|
|
defer conn.Close()
|
|
|
|
|
|
|
|
request := &v1.ListPreAuthKeysRequest{
|
2023-01-17 17:43:44 +01:00
|
|
|
User: user,
|
2021-04-28 16:15:45 +02:00
|
|
|
}
|
2021-11-04 23:44:49 +01:00
|
|
|
|
|
|
|
response, err := client.ListPreAuthKeys(ctx, request)
|
|
|
|
if err != nil {
|
2021-11-13 09:36:45 +01:00
|
|
|
ErrorOutput(
|
|
|
|
err,
|
|
|
|
fmt.Sprintf("Error getting the list of keys: %s", err),
|
|
|
|
output,
|
|
|
|
)
|
2021-11-14 16:46:09 +01:00
|
|
|
|
2021-05-08 13:58:51 +02:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-11-04 23:44:49 +01:00
|
|
|
if output != "" {
|
|
|
|
SuccessOutput(response.PreAuthKeys, "", output)
|
2021-11-14 16:46:09 +01:00
|
|
|
|
2021-04-28 16:15:45 +02:00
|
|
|
return
|
|
|
|
}
|
2021-08-15 23:29:55 +02:00
|
|
|
|
2021-11-14 20:32:03 +01:00
|
|
|
tableData := pterm.TableData{
|
2022-08-25 12:03:38 +02:00
|
|
|
{
|
|
|
|
"ID",
|
|
|
|
"Key",
|
|
|
|
"Reusable",
|
|
|
|
"Ephemeral",
|
|
|
|
"Used",
|
|
|
|
"Expiration",
|
|
|
|
"Created",
|
|
|
|
"Tags",
|
|
|
|
},
|
2021-11-13 09:36:45 +01:00
|
|
|
}
|
2021-11-14 20:32:03 +01:00
|
|
|
for _, key := range response.PreAuthKeys {
|
2021-04-30 00:23:26 +02:00
|
|
|
expiration := "-"
|
2021-11-14 20:32:03 +01:00
|
|
|
if key.GetExpiration() != nil {
|
2022-01-25 23:11:15 +01:00
|
|
|
expiration = ColourTime(key.Expiration.AsTime())
|
2021-04-30 00:23:26 +02:00
|
|
|
}
|
2021-07-11 13:14:25 +02:00
|
|
|
|
|
|
|
var reusable string
|
2021-11-14 20:32:03 +01:00
|
|
|
if key.GetEphemeral() {
|
2021-07-11 13:14:25 +02:00
|
|
|
reusable = "N/A"
|
|
|
|
} else {
|
2021-11-14 20:32:03 +01:00
|
|
|
reusable = fmt.Sprintf("%v", key.GetReusable())
|
2021-07-11 13:14:25 +02:00
|
|
|
}
|
|
|
|
|
2022-09-23 09:58:06 +02:00
|
|
|
aclTags := ""
|
2022-08-25 12:03:38 +02:00
|
|
|
|
2022-09-23 09:58:06 +02:00
|
|
|
for _, tag := range key.AclTags {
|
|
|
|
aclTags += "," + tag
|
2022-08-25 12:03:38 +02:00
|
|
|
}
|
|
|
|
|
2022-09-23 09:58:06 +02:00
|
|
|
aclTags = strings.TrimLeft(aclTags, ",")
|
|
|
|
|
2021-11-14 20:32:03 +01:00
|
|
|
tableData = append(tableData, []string{
|
|
|
|
key.GetId(),
|
|
|
|
key.GetKey(),
|
2021-07-11 13:14:25 +02:00
|
|
|
reusable,
|
2021-11-14 20:32:03 +01:00
|
|
|
strconv.FormatBool(key.GetEphemeral()),
|
|
|
|
strconv.FormatBool(key.GetUsed()),
|
2021-04-30 00:23:26 +02:00
|
|
|
expiration,
|
2021-11-14 20:32:03 +01:00
|
|
|
key.GetCreatedAt().AsTime().Format("2006-01-02 15:04:05"),
|
2022-08-25 12:03:38 +02:00
|
|
|
aclTags,
|
2021-08-15 23:29:55 +02:00
|
|
|
})
|
|
|
|
|
2021-04-28 16:15:45 +02:00
|
|
|
}
|
2021-11-14 20:32:03 +01:00
|
|
|
err = pterm.DefaultTable.WithHasHeader().WithData(tableData).Render()
|
2021-08-15 23:35:03 +02:00
|
|
|
if err != nil {
|
2021-11-13 09:36:45 +01:00
|
|
|
ErrorOutput(
|
|
|
|
err,
|
|
|
|
fmt.Sprintf("Failed to render pterm table: %s", err),
|
|
|
|
output,
|
|
|
|
)
|
2021-11-14 16:46:09 +01:00
|
|
|
|
2021-11-08 09:02:01 +01:00
|
|
|
return
|
2021-08-15 23:35:03 +02:00
|
|
|
}
|
2021-04-28 16:15:45 +02:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2021-07-25 15:07:27 +02:00
|
|
|
var createPreAuthKeyCmd = &cobra.Command{
|
2022-03-02 06:39:30 +01:00
|
|
|
Use: "create",
|
2023-01-17 17:43:44 +01:00
|
|
|
Short: "Creates a new preauthkey in the specified user",
|
2022-03-02 06:39:30 +01:00
|
|
|
Aliases: []string{"c", "new"},
|
2021-04-28 16:15:45 +02:00
|
|
|
Run: func(cmd *cobra.Command, args []string) {
|
2021-11-04 23:44:49 +01:00
|
|
|
output, _ := cmd.Flags().GetString("output")
|
|
|
|
|
2023-01-17 17:43:44 +01:00
|
|
|
user, err := cmd.Flags().GetString("user")
|
2021-04-30 00:23:26 +02:00
|
|
|
if err != nil {
|
2023-01-17 17:43:44 +01:00
|
|
|
ErrorOutput(err, fmt.Sprintf("Error getting user: %s", err), output)
|
2021-11-14 16:46:09 +01:00
|
|
|
|
2021-11-04 23:44:49 +01:00
|
|
|
return
|
2021-04-30 00:23:26 +02:00
|
|
|
}
|
|
|
|
|
2021-04-28 16:15:45 +02:00
|
|
|
reusable, _ := cmd.Flags().GetBool("reusable")
|
2021-05-23 02:15:29 +02:00
|
|
|
ephemeral, _ := cmd.Flags().GetBool("ephemeral")
|
2022-08-25 12:03:38 +02:00
|
|
|
tags, _ := cmd.Flags().GetStringSlice("tags")
|
2021-04-28 16:15:45 +02:00
|
|
|
|
2021-11-08 21:49:03 +01:00
|
|
|
log.Trace().
|
|
|
|
Bool("reusable", reusable).
|
|
|
|
Bool("ephemeral", ephemeral).
|
2023-01-17 17:43:44 +01:00
|
|
|
Str("user", user).
|
2021-11-08 21:49:03 +01:00
|
|
|
Msg("Preparing to create preauthkey")
|
|
|
|
|
2021-11-08 09:02:01 +01:00
|
|
|
request := &v1.CreatePreAuthKeyRequest{
|
2023-01-17 20:36:46 +01:00
|
|
|
User: user,
|
2021-11-08 21:49:03 +01:00
|
|
|
Reusable: reusable,
|
2021-11-08 09:02:01 +01:00
|
|
|
Ephemeral: ephemeral,
|
2022-08-25 12:03:38 +02:00
|
|
|
AclTags: tags,
|
2021-11-08 09:02:01 +01:00
|
|
|
}
|
|
|
|
|
2022-05-30 16:10:39 +02:00
|
|
|
durationStr, _ := cmd.Flags().GetString("expiration")
|
2021-11-08 09:02:01 +01:00
|
|
|
|
2022-05-30 16:10:39 +02:00
|
|
|
duration, err := model.ParseDuration(durationStr)
|
|
|
|
if err != nil {
|
|
|
|
ErrorOutput(
|
|
|
|
err,
|
|
|
|
fmt.Sprintf("Could not parse duration: %s\n", err),
|
|
|
|
output,
|
|
|
|
)
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
expiration := time.Now().UTC().Add(time.Duration(duration))
|
|
|
|
|
2022-08-04 10:47:00 +02:00
|
|
|
log.Trace().
|
|
|
|
Dur("expiration", time.Duration(duration)).
|
|
|
|
Msg("expiration has been set")
|
2021-11-08 09:02:01 +01:00
|
|
|
|
2021-11-26 01:23:10 +01:00
|
|
|
request.Expiration = timestamppb.New(expiration)
|
2021-04-28 16:15:45 +02:00
|
|
|
|
2021-11-07 10:41:14 +01:00
|
|
|
ctx, client, conn, cancel := getHeadscaleCLIClient()
|
2021-11-04 23:44:49 +01:00
|
|
|
defer cancel()
|
|
|
|
defer conn.Close()
|
|
|
|
|
|
|
|
response, err := client.CreatePreAuthKey(ctx, request)
|
2021-04-28 16:15:45 +02:00
|
|
|
if err != nil {
|
2021-11-13 09:36:45 +01:00
|
|
|
ErrorOutput(
|
|
|
|
err,
|
|
|
|
fmt.Sprintf("Cannot create Pre Auth Key: %s\n", err),
|
|
|
|
output,
|
|
|
|
)
|
2021-11-14 16:46:09 +01:00
|
|
|
|
2021-04-28 16:15:45 +02:00
|
|
|
return
|
|
|
|
}
|
2021-11-04 23:44:49 +01:00
|
|
|
|
|
|
|
SuccessOutput(response.PreAuthKey, response.PreAuthKey.Key, output)
|
2021-04-28 16:15:45 +02:00
|
|
|
},
|
|
|
|
}
|
2021-08-08 00:10:30 +02:00
|
|
|
|
|
|
|
var expirePreAuthKeyCmd = &cobra.Command{
|
2022-03-02 06:39:30 +01:00
|
|
|
Use: "expire KEY",
|
|
|
|
Short: "Expire a preauthkey",
|
|
|
|
Aliases: []string{"revoke", "exp", "e"},
|
2021-08-08 00:10:30 +02:00
|
|
|
Args: func(cmd *cobra.Command, args []string) error {
|
|
|
|
if len(args) < 1 {
|
2021-11-15 20:18:14 +01:00
|
|
|
return errMissingParameter
|
2021-08-08 00:10:30 +02:00
|
|
|
}
|
2021-11-14 16:46:09 +01:00
|
|
|
|
2021-08-08 00:10:30 +02:00
|
|
|
return nil
|
|
|
|
},
|
|
|
|
Run: func(cmd *cobra.Command, args []string) {
|
2021-11-04 23:44:49 +01:00
|
|
|
output, _ := cmd.Flags().GetString("output")
|
2023-01-17 17:43:44 +01:00
|
|
|
user, err := cmd.Flags().GetString("user")
|
2021-08-08 00:10:30 +02:00
|
|
|
if err != nil {
|
2023-01-17 17:43:44 +01:00
|
|
|
ErrorOutput(err, fmt.Sprintf("Error getting user: %s", err), output)
|
2021-11-14 16:46:09 +01:00
|
|
|
|
2021-11-08 09:02:01 +01:00
|
|
|
return
|
2021-08-08 00:10:30 +02:00
|
|
|
}
|
|
|
|
|
2021-11-07 10:41:14 +01:00
|
|
|
ctx, client, conn, cancel := getHeadscaleCLIClient()
|
2021-11-04 23:44:49 +01:00
|
|
|
defer cancel()
|
|
|
|
defer conn.Close()
|
2021-08-08 00:10:30 +02:00
|
|
|
|
2021-11-04 23:44:49 +01:00
|
|
|
request := &v1.ExpirePreAuthKeyRequest{
|
2023-01-17 17:43:44 +01:00
|
|
|
User: user,
|
2023-01-17 20:36:46 +01:00
|
|
|
Key: args[0],
|
2021-08-08 00:10:30 +02:00
|
|
|
}
|
2021-11-04 23:44:49 +01:00
|
|
|
|
|
|
|
response, err := client.ExpirePreAuthKey(ctx, request)
|
2021-08-08 00:10:30 +02:00
|
|
|
if err != nil {
|
2021-11-13 09:36:45 +01:00
|
|
|
ErrorOutput(
|
|
|
|
err,
|
|
|
|
fmt.Sprintf("Cannot expire Pre Auth Key: %s\n", err),
|
|
|
|
output,
|
|
|
|
)
|
2021-11-14 16:46:09 +01:00
|
|
|
|
2021-08-08 00:10:30 +02:00
|
|
|
return
|
|
|
|
}
|
2021-11-04 23:44:49 +01:00
|
|
|
|
|
|
|
SuccessOutput(response, "Key expired", output)
|
2021-08-08 00:10:30 +02:00
|
|
|
},
|
|
|
|
}
|