cloudflared-mirror/credentials/credentials.go

package credentials

import (
	"github.com/pkg/errors"
	"github.com/rs/zerolog"

	"github.com/cloudflare/cloudflared/cfapi"
)

const (
	logFieldOriginCertPath = "originCertPath"
)

type User struct {
	cert     *OriginCert
	certPath string
}

func (c User) AccountID() string {
	return c.cert.AccountID
}

func (c User) ZoneID() string {
	return c.cert.ZoneID
}

func (c User) APIToken() string {
	return c.cert.APIToken
}

func (c User) CertPath() string {
	return c.certPath
}

// Client uses the user credentials to create a Cloudflare API client
func (c *User) Client(apiURL string, userAgent string, log *zerolog.Logger) (cfapi.Client, error) {
	if apiURL == "" {
		return nil, errors.New("An api-url was not provided for the Cloudflare API client")
	}
	client, err := cfapi.NewRESTClient(
		apiURL,
		c.cert.AccountID,
		c.cert.ZoneID,
		c.cert.APIToken,
		userAgent,
		log,
	)

	if err != nil {
		return nil, err
	}
	return client, nil
}

// Read will load and read the origin cert.pem to load the user credentials
func Read(originCertPath string, log *zerolog.Logger) (*User, error) {
	originCertLog := log.With().
		Str(logFieldOriginCertPath, originCertPath).
		Logger()

	originCertPath, err := FindOriginCert(originCertPath, &originCertLog)
	if err != nil {
		return nil, errors.Wrap(err, "Error locating origin cert")
	}
	blocks, err := readOriginCert(originCertPath)
	if err != nil {
		return nil, errors.Wrapf(err, "Can't read origin cert from %s", originCertPath)
	}

	cert, err := decodeOriginCert(blocks)
	if err != nil {
		return nil, errors.Wrap(err, "Error decoding origin cert")
	}

	if cert.AccountID == "" {
		return nil, errors.Errorf(`Origin certificate needs to be refreshed before creating new tunnels.\nDelete %s and run "cloudflared login" to obtain a new cert.`, originCertPath)
	}

	return &User{
		cert:     cert,
		certPath: originCertPath,
	}, nil
}
TUN-7134: Acquire token for cloudflared tail cloudflared tail will now fetch the management token from by making a request to the Cloudflare API using the cert.pem (acquired from cloudflared login). Refactored some of the credentials code into it's own package as to allow for easier use between subcommands outside of `cloudflared tunnel`. 2023-04-12 16:43:38 +00:00			`package credentials`

			`import (`
			`"github.com/pkg/errors"`
			`"github.com/rs/zerolog"`

			`"github.com/cloudflare/cloudflared/cfapi"`
			`)`

			`const (`
			`logFieldOriginCertPath = "originCertPath"`
			`)`

			`type User struct {`
			`cert *OriginCert`
			`certPath string`
			`}`

			`func (c User) AccountID() string {`
			`return c.cert.AccountID`
			`}`

			`func (c User) ZoneID() string {`
			`return c.cert.ZoneID`
			`}`

			`func (c User) APIToken() string {`
			`return c.cert.APIToken`
			`}`

			`func (c User) CertPath() string {`
			`return c.certPath`
			`}`

			`// Client uses the user credentials to create a Cloudflare API client`
			`func (c User) Client(apiURL string, userAgent string, log zerolog.Logger) (cfapi.Client, error) {`
			`if apiURL == "" {`
			`return nil, errors.New("An api-url was not provided for the Cloudflare API client")`
			`}`
			`client, err := cfapi.NewRESTClient(`
			`apiURL,`
			`c.cert.AccountID,`
			`c.cert.ZoneID,`
			`c.cert.APIToken,`
			`userAgent,`
			`log,`
			`)`

			`if err != nil {`
			`return nil, err`
			`}`
			`return client, nil`
			`}`

			`// Read will load and read the origin cert.pem to load the user credentials`
			`func Read(originCertPath string, log zerolog.Logger) (User, error) {`
			`originCertLog := log.With().`
			`Str(logFieldOriginCertPath, originCertPath).`
			`Logger()`

			`originCertPath, err := FindOriginCert(originCertPath, &originCertLog)`
			`if err != nil {`
			`return nil, errors.Wrap(err, "Error locating origin cert")`
			`}`
			`blocks, err := readOriginCert(originCertPath)`
			`if err != nil {`
			`return nil, errors.Wrapf(err, "Can't read origin cert from %s", originCertPath)`
			`}`

			`cert, err := decodeOriginCert(blocks)`
			`if err != nil {`
			`return nil, errors.Wrap(err, "Error decoding origin cert")`
			`}`

			`if cert.AccountID == "" {`
			return nil, errors.Errorf(`Origin certificate needs to be refreshed before creating new tunnels.\nDelete %s and run "cloudflared login" to obtain a new cert.`, originCertPath)
			`}`

			`return &User{`
			`cert: cert,`
			`certPath: originCertPath,`
			`}, nil`
			`}`