package credentials import ( "github.com/pkg/errors" "github.com/rs/zerolog" "github.com/cloudflare/cloudflared/cfapi" ) const ( logFieldOriginCertPath = "originCertPath" ) type User struct { cert *OriginCert certPath string } func (c User) AccountID() string { return c.cert.AccountID } func (c User) ZoneID() string { return c.cert.ZoneID } func (c User) APIToken() string { return c.cert.APIToken } func (c User) CertPath() string { return c.certPath } // Client uses the user credentials to create a Cloudflare API client func (c *User) Client(apiURL string, userAgent string, log *zerolog.Logger) (cfapi.Client, error) { if apiURL == "" { return nil, errors.New("An api-url was not provided for the Cloudflare API client") } client, err := cfapi.NewRESTClient( apiURL, c.cert.AccountID, c.cert.ZoneID, c.cert.APIToken, userAgent, log, ) if err != nil { return nil, err } return client, nil } // Read will load and read the origin cert.pem to load the user credentials func Read(originCertPath string, log *zerolog.Logger) (*User, error) { originCertLog := log.With(). Str(logFieldOriginCertPath, originCertPath). Logger() originCertPath, err := FindOriginCert(originCertPath, &originCertLog) if err != nil { return nil, errors.Wrap(err, "Error locating origin cert") } blocks, err := readOriginCert(originCertPath) if err != nil { return nil, errors.Wrapf(err, "Can't read origin cert from %s", originCertPath) } cert, err := decodeOriginCert(blocks) if err != nil { return nil, errors.Wrap(err, "Error decoding origin cert") } if cert.AccountID == "" { return nil, errors.Errorf(`Origin certificate needs to be refreshed before creating new tunnels.\nDelete %s and run "cloudflared login" to obtain a new cert.`, originCertPath) } return &User{ cert: cert, certPath: originCertPath, }, nil }