-
Notifications
You must be signed in to change notification settings - Fork 116
/
Copy pathapi_request.go
96 lines (80 loc) · 2.53 KB
/
api_request.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
package main
import (
"context"
"crypto/tls"
"fmt"
"io/ioutil"
"net/http"
"net/url"
"os"
"os/exec"
oidc "github.com/coreos/go-oidc"
"golang.org/x/oauth2"
)
func main() {
automateURL, err := url.Parse("https://localhost")
orDie(err)
issuerURL, err := automateURL.Parse("/dex")
orDie(err)
// disable TLS verification
httpClient := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
},
}
// OIDC provider handling is just convenience: it'll fetch dex' discovery JSON
// from `/dex/.well-known/openid-configuration` and extract AuthURL and
// TokenURL.
ctx := context.WithValue(context.Background(), oauth2.HTTPClient, httpClient)
provider, err := oidc.NewProvider(ctx, issuerURL.String())
orDie(err)
oauth2Config := oauth2.Config{
ClientID: "automate-api",
Endpoint: provider.Endpoint(),
RedirectURL: "urn:ietf:wg:oauth:2.0:oob",
Scopes: []string{"openid profile email offline_access groups federated:id"},
}
// open browser with login page
orDie(exec.Command("open", oauth2Config.AuthCodeURL("clistate")).Start())
// note that we could use Go to fulfill the login dance:
// 1. figure out if we see a selection (there might only be one login method => no selection)
// yes => 1.1. pick the login method you want
// 2. figure out of the login method needs us to fill in login credentials
// yes => 2.1. fill in credentials
// 3. follow approval redirect
// 4. read code from last response body
//
// for a concrete implementation, see the `id_token` method in
// inspec/a2-resource-pack/libraries/automate_api_request.rb
// alternatively: start http listener on http://localhost:0, note port that
// was chosen, and pass that for redirect_uri; make the listener catch the
// code response.
// wait for the user to have logged in, and bring the code
var code string
fmt.Printf("code: ")
_, err = fmt.Scanln(&code)
orDie(err)
token, err := oauth2Config.Exchange(ctx, code)
orDie(err)
idToken := token.Extra("id_token")
fmt.Printf("id_token: %s\n", idToken)
ingestURL, err := automateURL.Parse("/api/v0/ingest/version")
orDie(err)
req, err := http.NewRequest("GET", ingestURL.String(), nil)
orDie(err)
req.Header.Set("Authorization", fmt.Sprintf("bearer %s", idToken))
resp, err := httpClient.Do(req)
orDie(err)
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
orDie(err)
fmt.Printf("response: %s\n", body)
}
// Don't do this at home
func orDie(err error) {
if err == nil {
return
}
fmt.Fprintln(os.Stderr, err)
os.Exit(1)
}