From 562a08cccadacd4822e9dae2c076eeede6c9db85 Mon Sep 17 00:00:00 2001 From: Jeremy Date: Wed, 10 Jan 2024 12:23:14 -0800 Subject: [PATCH] Add a mechanism for writing the ACL out as a JSON list, so it can be fed into knox access -acl --- client/getacl.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/client/getacl.go b/client/getacl.go index 212a888..1fe1043 100644 --- a/client/getacl.go +++ b/client/getacl.go @@ -15,6 +15,8 @@ var cmdGetACL = &Command{ Long: ` Acl get the ACL for a key. +-json: Returns the ACL as a JSON formatted list of access rules, useful for generating files to be used with knox access -acl. + This doesn't require any access to the key and allows, e.g., to see who has admin access to ask for grants. For more about knox, see https://github.com/pinterest/knox. @@ -23,6 +25,8 @@ See also: knox keys, knox get `, } +var getACLJSON = cmdGetACL.Flag.Bool("json", false, "") + func runGetACL(cmd *Command, args []string) *ErrorStatus { if len(args) != 1 { return &ErrorStatus{fmt.Errorf("acl takes only one argument. See 'knox help acl'"), false} @@ -34,6 +38,16 @@ func runGetACL(cmd *Command, args []string) *ErrorStatus { return &ErrorStatus{fmt.Errorf("Error getting key ACL: %s", err.Error()), true} } + if *getACLJSON { + aclEnc, err := json.Marshal(acl) + if err != nil { + // malformated ACL considered as knox server side error + return &ErrorStatus{fmt.Errorf("Could not marshal ACL: %v", acl), true} + } + fmt.Println(string(aclEnc)) + return nil + } + for _, a := range *acl { aEnc, err := json.Marshal(a) if err != nil {