1package api
2
3import (
4	"fmt"
5	"time"
6)
7
8// ACLPolicies is used to query the ACL Policy endpoints.
9type ACLPolicies struct {
10	client *Client
11}
12
13// ACLPolicies returns a new handle on the ACL policies.
14func (c *Client) ACLPolicies() *ACLPolicies {
15	return &ACLPolicies{client: c}
16}
17
18// List is used to dump all of the policies.
19func (a *ACLPolicies) List(q *QueryOptions) ([]*ACLPolicyListStub, *QueryMeta, error) {
20	var resp []*ACLPolicyListStub
21	qm, err := a.client.query("/v1/acl/policies", &resp, q)
22	if err != nil {
23		return nil, nil, err
24	}
25	return resp, qm, nil
26}
27
28// Upsert is used to create or update a policy
29func (a *ACLPolicies) Upsert(policy *ACLPolicy, q *WriteOptions) (*WriteMeta, error) {
30	if policy == nil || policy.Name == "" {
31		return nil, fmt.Errorf("missing policy name")
32	}
33	wm, err := a.client.write("/v1/acl/policy/"+policy.Name, policy, nil, q)
34	if err != nil {
35		return nil, err
36	}
37	return wm, nil
38}
39
40// Delete is used to delete a policy
41func (a *ACLPolicies) Delete(policyName string, q *WriteOptions) (*WriteMeta, error) {
42	if policyName == "" {
43		return nil, fmt.Errorf("missing policy name")
44	}
45	wm, err := a.client.delete("/v1/acl/policy/"+policyName, nil, q)
46	if err != nil {
47		return nil, err
48	}
49	return wm, nil
50}
51
52// Info is used to query a specific policy
53func (a *ACLPolicies) Info(policyName string, q *QueryOptions) (*ACLPolicy, *QueryMeta, error) {
54	if policyName == "" {
55		return nil, nil, fmt.Errorf("missing policy name")
56	}
57	var resp ACLPolicy
58	wm, err := a.client.query("/v1/acl/policy/"+policyName, &resp, q)
59	if err != nil {
60		return nil, nil, err
61	}
62	return &resp, wm, nil
63}
64
65// ACLTokens is used to query the ACL token endpoints.
66type ACLTokens struct {
67	client *Client
68}
69
70// ACLTokens returns a new handle on the ACL tokens.
71func (c *Client) ACLTokens() *ACLTokens {
72	return &ACLTokens{client: c}
73}
74
75// Bootstrap is used to get the initial bootstrap token
76func (a *ACLTokens) Bootstrap(q *WriteOptions) (*ACLToken, *WriteMeta, error) {
77	var resp ACLToken
78	wm, err := a.client.write("/v1/acl/bootstrap", nil, &resp, q)
79	if err != nil {
80		return nil, nil, err
81	}
82	return &resp, wm, nil
83}
84
85// List is used to dump all of the tokens.
86func (a *ACLTokens) List(q *QueryOptions) ([]*ACLTokenListStub, *QueryMeta, error) {
87	var resp []*ACLTokenListStub
88	qm, err := a.client.query("/v1/acl/tokens", &resp, q)
89	if err != nil {
90		return nil, nil, err
91	}
92	return resp, qm, nil
93}
94
95// Create is used to create a token
96func (a *ACLTokens) Create(token *ACLToken, q *WriteOptions) (*ACLToken, *WriteMeta, error) {
97	if token.AccessorID != "" {
98		return nil, nil, fmt.Errorf("cannot specify Accessor ID")
99	}
100	var resp ACLToken
101	wm, err := a.client.write("/v1/acl/token", token, &resp, q)
102	if err != nil {
103		return nil, nil, err
104	}
105	return &resp, wm, nil
106}
107
108// Update is used to update an existing token
109func (a *ACLTokens) Update(token *ACLToken, q *WriteOptions) (*ACLToken, *WriteMeta, error) {
110	if token.AccessorID == "" {
111		return nil, nil, fmt.Errorf("missing accessor ID")
112	}
113	var resp ACLToken
114	wm, err := a.client.write("/v1/acl/token/"+token.AccessorID,
115		token, &resp, q)
116	if err != nil {
117		return nil, nil, err
118	}
119	return &resp, wm, nil
120}
121
122// Delete is used to delete a token
123func (a *ACLTokens) Delete(accessorID string, q *WriteOptions) (*WriteMeta, error) {
124	if accessorID == "" {
125		return nil, fmt.Errorf("missing accessor ID")
126	}
127	wm, err := a.client.delete("/v1/acl/token/"+accessorID, nil, q)
128	if err != nil {
129		return nil, err
130	}
131	return wm, nil
132}
133
134// Info is used to query a token
135func (a *ACLTokens) Info(accessorID string, q *QueryOptions) (*ACLToken, *QueryMeta, error) {
136	if accessorID == "" {
137		return nil, nil, fmt.Errorf("missing accessor ID")
138	}
139	var resp ACLToken
140	wm, err := a.client.query("/v1/acl/token/"+accessorID, &resp, q)
141	if err != nil {
142		return nil, nil, err
143	}
144	return &resp, wm, nil
145}
146
147// Self is used to query our own token
148func (a *ACLTokens) Self(q *QueryOptions) (*ACLToken, *QueryMeta, error) {
149	var resp ACLToken
150	wm, err := a.client.query("/v1/acl/token/self", &resp, q)
151	if err != nil {
152		return nil, nil, err
153	}
154	return &resp, wm, nil
155}
156
157// UpsertOneTimeToken is used to create a one-time token
158func (a *ACLTokens) UpsertOneTimeToken(q *WriteOptions) (*OneTimeToken, *WriteMeta, error) {
159	var resp *OneTimeTokenUpsertResponse
160	wm, err := a.client.write("/v1/acl/token/onetime", nil, &resp, q)
161	if err != nil {
162		return nil, nil, err
163	}
164	if resp == nil {
165		return nil, nil, fmt.Errorf("no one-time token returned")
166	}
167	return resp.OneTimeToken, wm, nil
168}
169
170// ExchangeOneTimeToken is used to create a one-time token
171func (a *ACLTokens) ExchangeOneTimeToken(secret string, q *WriteOptions) (*ACLToken, *WriteMeta, error) {
172	if secret == "" {
173		return nil, nil, fmt.Errorf("missing secret ID")
174	}
175	req := &OneTimeTokenExchangeRequest{OneTimeSecretID: secret}
176	var resp *OneTimeTokenExchangeResponse
177	wm, err := a.client.write("/v1/acl/token/onetime/exchange", req, &resp, q)
178	if err != nil {
179		return nil, nil, err
180	}
181	if resp == nil {
182		return nil, nil, fmt.Errorf("no ACL token returned")
183	}
184	return resp.Token, wm, nil
185}
186
187// ACLPolicyListStub is used to for listing ACL policies
188type ACLPolicyListStub struct {
189	Name        string
190	Description string
191	CreateIndex uint64
192	ModifyIndex uint64
193}
194
195// ACLPolicy is used to represent an ACL policy
196type ACLPolicy struct {
197	Name        string
198	Description string
199	Rules       string
200	CreateIndex uint64
201	ModifyIndex uint64
202}
203
204// ACLToken represents a client token which is used to Authenticate
205type ACLToken struct {
206	AccessorID  string
207	SecretID    string
208	Name        string
209	Type        string
210	Policies    []string
211	Global      bool
212	CreateTime  time.Time
213	CreateIndex uint64
214	ModifyIndex uint64
215}
216
217type ACLTokenListStub struct {
218	AccessorID  string
219	Name        string
220	Type        string
221	Policies    []string
222	Global      bool
223	CreateTime  time.Time
224	CreateIndex uint64
225	ModifyIndex uint64
226}
227
228type OneTimeToken struct {
229	OneTimeSecretID string
230	AccessorID      string
231	ExpiresAt       time.Time
232	CreateIndex     uint64
233	ModifyIndex     uint64
234}
235
236type OneTimeTokenUpsertResponse struct {
237	OneTimeToken *OneTimeToken
238}
239
240type OneTimeTokenExchangeRequest struct {
241	OneTimeSecretID string
242}
243
244type OneTimeTokenExchangeResponse struct {
245	Token *ACLToken
246}
247