ansible-role-ipsilon/files/generate-oidc-token
Louis Abel 36dc3a0ec0
init
2023-03-01 19:10:11 -07:00

98 lines
3.2 KiB
Python

#!/usr/bin/python3
# Copyright (c) 2018 Red Hat, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# version 2 as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
"""
This script will accept some parameters and will print out some SQL you can run against the Ipsilon
database, and a token you can give to an application to authenticate against a service.
"""
import base64
import json
import os
import time
import uuid
import click
secret = base64.urlsafe_b64encode(os.urandom(64))[:64].decode()
template = """
Run this SQL against Ipsilon's database:
--------START CUTTING HERE--------
BEGIN;
insert into token values ('{uuid}','username','{service_name}@service');
insert into token values ('{uuid}','security_check','{secret}');
insert into token values ('{uuid}','client_id','{service_name}');
insert into token values ('{uuid}','expires_at','{expiration}');
insert into token values ('{uuid}','type','Bearer');
insert into token values ('{uuid}','issued_at','{now}');
insert into token values ('{uuid}','scope','{scope}');
COMMIT;
-------- END CUTTING HERE --------
"""
def validate_scopes(ctx, param, scopes):
"""
Ensure that the user provided at least one scope.
Args:
ctx(click.core.Context): Unused.
param (click.core.Option): Unused.
scopes (tuple): The scopes provided by the user that we are validating.
Raises:
click.BadParameter: If the length of the scopes tuple is less than 1.
"""
if len(scopes) < 1:
raise click.BadParameter('At least one scope must be provided.')
return scopes
@click.command()
@click.argument('service_name')
@click.option('--expiration', '-e', prompt='Number of days until expiration', type=int,
help='The number of days from now until this token expires.')
@click.option('--scope', '-s', multiple=True, callback=validate_scopes,
help='A scope to include for this token. May be supplied multiple times.')
@click.option('--no-openid', is_flag=True, help='Do not use "openid" as the first item in scope.')
def generate_token(service_name, expiration, scope, no_openid):
"""
Print out SQL to insert a token in the Ipsilon database, and the token itself.
SERVICE_NAME is the name of the service that the token will be used by, (e.g., bodhi).
"""
identifier = uuid.uuid4()
now = int(time.time())
expiration = now + (expiration * 24 * 3600)
scope = list(scope)
if not no_openid:
scope.insert(0, 'openid')
scope = json.dumps(scope)
print(template.format(uuid=identifier, service_name=service_name, secret=secret,
expiration=expiration, scope=scope, now=now))
print("Token: {}_{}\n".format(identifier, secret))
if __name__ == '__main__':
generate_token()