106 lines
2.9 KiB
Go
106 lines
2.9 KiB
Go
package management
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"os"
|
|
|
|
"github.com/urfave/cli/v2"
|
|
|
|
"github.com/cloudflare/cloudflared/cfapi"
|
|
"github.com/cloudflare/cloudflared/cmd/cloudflared/cliutil"
|
|
cfdflags "github.com/cloudflare/cloudflared/cmd/cloudflared/flags"
|
|
"github.com/cloudflare/cloudflared/credentials"
|
|
)
|
|
|
|
var buildInfo *cliutil.BuildInfo
|
|
|
|
// Init initializes the management package with build info
|
|
func Init(bi *cliutil.BuildInfo) {
|
|
buildInfo = bi
|
|
}
|
|
|
|
// Command returns the management command with its subcommands
|
|
func Command() *cli.Command {
|
|
return &cli.Command{
|
|
Name: "management",
|
|
Usage: "Monitor cloudflared tunnels via management API",
|
|
Category: "Management",
|
|
Hidden: true,
|
|
Subcommands: []*cli.Command{
|
|
buildTokenSubcommand(),
|
|
},
|
|
}
|
|
}
|
|
|
|
// buildTokenSubcommand creates the token subcommand
|
|
func buildTokenSubcommand() *cli.Command {
|
|
return &cli.Command{
|
|
Name: "token",
|
|
Action: cliutil.ConfiguredAction(tokenCommand),
|
|
Usage: "Get management access jwt for a specific resource",
|
|
UsageText: "cloudflared management token --resource <resource> TUNNEL_ID",
|
|
Description: "Get management access jwt for a tunnel with specified resource permissions (logs, admin, host_details)",
|
|
Hidden: true,
|
|
Flags: []cli.Flag{
|
|
&cli.StringFlag{
|
|
Name: "resource",
|
|
Usage: "Resource type for token permissions: logs, admin, or host_details",
|
|
Required: true,
|
|
},
|
|
&cli.StringFlag{
|
|
Name: cfdflags.OriginCert,
|
|
Usage: "Path to the certificate generated for your origin when you run cloudflared login.",
|
|
EnvVars: []string{"TUNNEL_ORIGIN_CERT"},
|
|
Value: credentials.FindDefaultOriginCertPath(),
|
|
},
|
|
&cli.StringFlag{
|
|
Name: cfdflags.LogLevel,
|
|
Value: "info",
|
|
Usage: "Application logging level {debug, info, warn, error, fatal}",
|
|
EnvVars: []string{"TUNNEL_LOGLEVEL"},
|
|
},
|
|
cliutil.FlagLogOutput,
|
|
},
|
|
}
|
|
}
|
|
|
|
// tokenCommand handles the token subcommand execution
|
|
func tokenCommand(c *cli.Context) error {
|
|
log := cliutil.CreateStderrLogger(c)
|
|
|
|
// Parse and validate resource flag
|
|
resourceStr := c.String("resource")
|
|
resource, err := parseResource(resourceStr)
|
|
if err != nil {
|
|
return fmt.Errorf("invalid resource '%s': %w", resourceStr, err)
|
|
}
|
|
|
|
// Get management token
|
|
token, err := cliutil.GetManagementToken(c, log, resource, buildInfo)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// Output JSON to stdout
|
|
tokenResponse := struct {
|
|
Token string `json:"token"`
|
|
}{Token: token}
|
|
|
|
return json.NewEncoder(os.Stdout).Encode(tokenResponse)
|
|
}
|
|
|
|
// parseResource converts resource string to ManagementResource enum
|
|
func parseResource(resource string) (cfapi.ManagementResource, error) {
|
|
switch resource {
|
|
case "logs":
|
|
return cfapi.Logs, nil
|
|
case "admin":
|
|
return cfapi.Admin, nil
|
|
case "host_details":
|
|
return cfapi.HostDetails, nil
|
|
default:
|
|
return 0, fmt.Errorf("must be one of: logs, admin, host_details")
|
|
}
|
|
}
|