-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexample-demo-cli
More file actions
executable file
·144 lines (131 loc) · 3.75 KB
/
example-demo-cli
File metadata and controls
executable file
·144 lines (131 loc) · 3.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
#!/usr/bin/env bash
set -euo pipefail
session_socket="${LATCHKEYD_SESSION_SOCKET:-}"
brokered_secret_name="example-token"
brokered_operation="secret.resolve"
passthrough_args=()
while [[ $# -gt 0 ]]; do
case "$1" in
--brokered-operation)
brokered_operation="${2:-}"
shift 2
;;
--secret-name)
brokered_secret_name="${2:-}"
shift 2
;;
*)
passthrough_args+=("$1")
shift
;;
esac
done
if [[ -n "${session_socket}" ]]; then
session_id="${LATCHKEYD_SESSION_ID:-}"
session_token="${LATCHKEYD_SESSION_TOKEN:-}"
policy_name="${LATCHKEYD_POLICY_NAME:-example-demo}"
policy_mode="${LATCHKEYD_POLICY_MODE:-brokered}"
if ! command -v python3 >/dev/null 2>&1; then
echo '{"ok":false,"error":"python3 unavailable for brokered demo"}' >&2
exit 11
fi
python_args=("$session_socket" "$session_id" "$session_token" "$policy_name" "$policy_mode" "$brokered_secret_name" "$brokered_operation")
if [[ ${#passthrough_args[@]} -gt 0 ]]; then
python_args+=("${passthrough_args[@]}")
fi
python3 - "${python_args[@]}" <<'PY'
import json
import socket
import sys
def preview(value: str) -> str:
if len(value) <= 4:
return "***"
return value[:2] + "***" + value[-2:]
_, socket_path, session_id, session_token, policy_name, policy_mode, secret_name, operation_name, *args = sys.argv
if not socket_path:
print(json.dumps({"ok": False, "error": {"code": "BROKER_PROTOCOL_ERROR", "message": "session socket missing"}}))
sys.exit(1)
request = {
"version": 1,
"sessionId": session_id,
"sessionToken": session_token,
"operation": operation_name,
"arguments": {
"secretName": secret_name
}
}
try:
with socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) as sock:
sock.connect(socket_path)
sock.sendall((json.dumps(request) + "\n").encode("utf-8"))
response_line = sock.makefile("r").readline()
except Exception as exc: # use a broad exception to catch socket errors
print(
json.dumps(
{
"ok": False,
"error": {
"code": "BROKER_PROTOCOL_ERROR",
"message": f"socket handshake failed: {exc}",
},
}
)
)
sys.exit(1)
if not response_line:
print(json.dumps({"ok": False, "error": {"code": "BROKER_PROTOCOL_ERROR", "message": "empty response"}}))
sys.exit(1)
response = json.loads(response_line)
if not response.get("ok"):
print(json.dumps(response))
sys.exit(1)
value = response["data"]["value"]
brokered_result = {
"operation": response.get("operation", operation_name),
"secretName": response["data"]["secretName"],
"valuePreview": preview(value),
"valueLength": len(value),
"policyName": policy_name,
"policyMode": policy_mode,
"sessionId": session_id,
}
print(
json.dumps(
{
"ok": True,
"tool": "example-demo-cli",
"transport": "brokered",
"args": args,
"brokeredOperation": brokered_result,
},
separators=(",", ":"),
)
)
sys.exit(0)
PY
exit $?
fi
token="${LATCHKEYD_EXAMPLE_TOKEN:-}"
if [[ -z "${token}" ]]; then
echo '{"ok":false,"error":"missing_demo_secret"}' >&2
exit 10
fi
preview() {
local value="$1"
local prefix suffix
prefix="${value:0:2}"
suffix="${value: -2}"
printf '%s***%s' "${prefix}" "${suffix}"
}
printf '{"ok":true,"tool":"example-demo-cli","transport":"handoff","tokenPreview":"%s","tokenLength":%s,"args":[' "$(preview "${token}")" "${#token}"
first=1
if [[ ${#passthrough_args[@]} -gt 0 ]]; then
for arg in "${passthrough_args[@]}"; do
if [[ ${first} -eq 0 ]]; then
printf ','
fi
printf '"%s"' "${arg//\"/\\\"}"
first=0
done
fi
printf ']}\n'