diff --git a/core/cli/configure.go b/core/cli/configure.go index a533aba..4b13ebb 100644 --- a/core/cli/configure.go +++ b/core/cli/configure.go @@ -102,7 +102,25 @@ func runE(cmd *cobra.Command, _ []string) error { return err } - resp, err := client.New(url) + token, err := tui.StringPrompt("enter permify token", "", config.CliConfig.Token) + if err != nil { + return err + } + + certPath, err := tui.StringPrompt("enter cert path", "", config.CliConfig.CertPath) + if err != nil { + return err + } + + certKey, err := tui.StringPrompt("enter cert key", "", config.CliConfig.CertKey) + if err != nil { + return err + } + + resp, err := client.New(url, token, certPath, certKey) + if err != nil { + return err + } // Todo: Implement pagination tenants, err := resp.Tenancy.List(context.Background(), &v1.TenantListRequest{}) @@ -122,8 +140,12 @@ func runE(cmd *cobra.Command, _ []string) error { if err != nil { logger.Log.Error(err) } + config.CliConfig.PermifyURL = url config.CliConfig.Tenant = tenantIds[tenant] + config.CliConfig.Token = token + config.CliConfig.CertPath = certPath + config.CliConfig.CertKey = certKey err = config.Write() if err != nil { logger.Log.Error(err) diff --git a/core/client/grpc.go b/core/client/grpc.go index 11835df..beed3f0 100644 --- a/core/client/grpc.go +++ b/core/client/grpc.go @@ -2,19 +2,58 @@ package client import ( + "context" + "crypto/tls" + permify "github.com/Permify/permify-go/v1" "google.golang.org/grpc" + "google.golang.org/grpc/credentials" "google.golang.org/grpc/credentials/insecure" + "google.golang.org/grpc/metadata" ) // New initializes a new permify client -func New(endpoint string) (*permify.Client, error) { +func New(endpoint string, token string, certPath string, certKey string) (*permify.Client, error) { + var opts []grpc.DialOption + + if certPath != "" { + var creds credentials.TransportCredentials + if certKey != "" { + certificate, err := tls.LoadX509KeyPair(certPath, certKey) + if err != nil { + return nil, err + } + creds = credentials.NewTLS(&tls.Config{ + Certificates: []tls.Certificate{certificate}, + }) + } else { + var err error + creds, err = credentials.NewClientTLSFromFile(certPath, "") + if err != nil { + return nil, err + } + } + opts = append(opts, grpc.WithTransportCredentials(creds)) + } else { + opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials())) + } + + if token != "" { + opts = append(opts, grpc.WithUnaryInterceptor(func(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error { + ctx = metadata.AppendToOutgoingContext(ctx, "authorization", "Bearer "+token) + return invoker(ctx, method, req, reply, cc, opts...) + })) + opts = append(opts, grpc.WithStreamInterceptor(func(ctx context.Context, desc *grpc.StreamDesc, cc *grpc.ClientConn, method string, streamer grpc.Streamer, opts ...grpc.CallOption) (grpc.ClientStream, error) { + ctx = metadata.AppendToOutgoingContext(ctx, "authorization", "Bearer "+token) + return streamer(ctx, desc, cc, method, opts...) + })) + } + client, err := permify.NewClient( permify.Config{ Endpoint: endpoint, }, - // Todo: Implement secure call with tls certificate - grpc.WithTransportCredentials(insecure.NewCredentials()), + opts..., ) return client, err } diff --git a/core/cmd/data/client.go b/core/cmd/data/client.go index a567b61..c860a0b 100644 --- a/core/cmd/data/client.go +++ b/core/cmd/data/client.go @@ -10,7 +10,7 @@ import ( ) func Client() v1.DataClient { - c, err := client.New(config.CliConfig.PermifyURL) + c, err := client.New(config.CliConfig.PermifyURL, config.CliConfig.Token, config.CliConfig.CertPath, config.CliConfig.CertKey) if err != nil { log.Error("Error initializing permify client. Check the configuration or rerun `permify configure`") os.Exit(-1) diff --git a/core/cmd/permission/client.go b/core/cmd/permission/client.go index 092f240..e729d1f 100644 --- a/core/cmd/permission/client.go +++ b/core/cmd/permission/client.go @@ -10,7 +10,7 @@ import ( ) func Client() v1.PermissionClient { - c, err := client.New(config.CliConfig.PermifyURL) + c, err := client.New(config.CliConfig.PermifyURL, config.CliConfig.Token, config.CliConfig.CertPath, config.CliConfig.CertKey) if err != nil { log.Error("Error initializing permify client. Check the configuration or rerun `permify configure`") os.Exit(-1) diff --git a/core/cmd/schema/client.go b/core/cmd/schema/client.go index 6d0f3c1..a9a71f4 100644 --- a/core/cmd/schema/client.go +++ b/core/cmd/schema/client.go @@ -10,7 +10,7 @@ import ( ) func Client() v1.SchemaClient { - c, err := client.New(config.CliConfig.PermifyURL) + c, err := client.New(config.CliConfig.PermifyURL, config.CliConfig.Token, config.CliConfig.CertPath, config.CliConfig.CertKey) if err != nil { log.Error("Error initializing permify client. Check the configuration or rerun `permify configure`") os.Exit(-1) diff --git a/core/cmd/tenancy/client.go b/core/cmd/tenancy/client.go index 74c8213..9d94ccc 100644 --- a/core/cmd/tenancy/client.go +++ b/core/cmd/tenancy/client.go @@ -10,7 +10,7 @@ import ( ) func Client() v1.TenancyClient { - c, err := client.New(config.CliConfig.PermifyURL) + c, err := client.New(config.CliConfig.PermifyURL, config.CliConfig.Token, config.CliConfig.CertPath, config.CliConfig.CertKey) if err != nil { log.Error("Error initializing permify client. Check the configuration or rerun `permify configure`") os.Exit(-1) diff --git a/core/config/config.go b/core/config/config.go index c9bdebb..33fe8c8 100644 --- a/core/config/config.go +++ b/core/config/config.go @@ -27,6 +27,9 @@ type ProfileConfigs struct { type CoreConfig struct { PermifyURL string `yaml:"permify_url"` Tenant string `yaml:"tenant"` + Token string `yaml:"token"` + CertPath string `yaml:"cert_path"` + CertKey string `yaml:"cert_key"` SslEnabled bool `yaml:"-"` }