TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 21:37:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(cli): init cli (#3186)

Browse Source 
* feat(cli): initilize cli

* fix(config): allow multiple files

* refactor(cli): constructor naming

* go mod tidy

* refactor: move code out of v2 package

* chore: logging v0.1

* chore: remove old gitignore

* fix func

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Silvan
2022-02-09 15:01:19 +01:00
committed by GitHub
parent 699fdaf68e
commit 9d471d0d30
29 changed files with 334 additions and 2600 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
cmd/admin/admin.go Normal file
View File

@@ -0,0 +1,30 @@
package admin
import (
_ "embed"
"github.com/caos/logging"
"github.com/caos/zitadel/cmd/admin/initialise"
"github.com/caos/zitadel/cmd/admin/setup"
"github.com/caos/zitadel/cmd/admin/start"
"github.com/spf13/cobra"
)
func New() *cobra.Command {
adminCMD := &cobra.Command{
Use: "admin",
Short: "The ZITADEL admin CLI let's you interact with your instance",
Long: `The ZITADEL admin CLI let's you interact with your instance`,
Run: func(cmd *cobra.Command, args []string) {
logging.New().Info("hello world")
},
}
adminCMD.AddCommand(
initialise.New(),
setup.New(),
start.New(),
)
return adminCMD
}

22
cmd/admin/initialise/init.go Normal file
View File

@@ -0,0 +1,22 @@
package initialise
import (
_ "embed"
"github.com/caos/logging"
"github.com/spf13/cobra"
)
func New() *cobra.Command {
return &cobra.Command{
Use: "init",
Short: "initialize ZITADEL instance",
Long: `init sets up the minimum requirements to start ZITADEL.
Prereqesits:
- cockroachdb`,
RunE: func(cmd *cobra.Command, args []string) error {
logging.New().Info("hello world")
return nil
},
}
}

22
cmd/admin/setup/setup.go Normal file
View File

@@ -0,0 +1,22 @@
package setup
import (
_ "embed"
"github.com/caos/logging"
"github.com/spf13/cobra"
)
func New() *cobra.Command {
return &cobra.Command{
Use: "setup",
Short: "setup ZITADEL instance",
Long: `sets up data to start ZITADEL.
Requirements:
- cockroachdb`,
RunE: func(cmd *cobra.Command, args []string) error {
logging.New().Info("hello world")
return nil
},
}
}

23
cmd/admin/start/start.go Normal file
View File

@@ -0,0 +1,23 @@
package start
import (
_ "embed"
"github.com/caos/logging"
"github.com/spf13/cobra"
)
func New() *cobra.Command {
return &cobra.Command{
Use: "start",
Short: "starts ZITADEL instance",
Long: `starts ZITADEL.
Requirements:
- cockroachdb`,
RunE: func(cmd *cobra.Command, args []string) error {
logging.New().Info("hello world")
logging.WithFields("field", 1).Info("hello world")
return nil
},
}
}

4
cmd/defaults.yaml Normal file
View File

@@ -0,0 +1,4 @@
Log:
Level: debug
Formatter:
Format: text

50
cmd/zitadel.go Normal file
View File

@@ -0,0 +1,50 @@
package cmd
import (
"bytes"
_ "embed"
"io"
"github.com/caos/logging"
"github.com/caos/zitadel/cmd/admin"
"github.com/spf13/cobra"
"github.com/spf13/viper"
)
var (
configFiles []string
//go:embed defaults.yaml
defaultConfig []byte
)
func New(out io.Writer, in io.Reader, args []string) *cobra.Command {
cmd := &cobra.Command{
Use: "zitadel",
Short: "The ZITADEL CLI let's you interact with ZITADEL",
Long: `The ZITADEL CLI let's you interact with ZITADEL`,
Run: func(cmd *cobra.Command, args []string) {
logging.New().Info("hello world")
},
}
viper.AutomaticEnv()
viper.SetConfigType("yaml")
err := viper.ReadConfig(bytes.NewBuffer(defaultConfig))
logging.New().OnError(err).Fatal("unable to read default config")
cobra.OnInitialize(initConfig)
cmd.PersistentFlags().StringArrayVar(&configFiles, "config", nil, "path to config file to overwrite system defaults")
cmd.AddCommand(admin.New())
return cmd
}
func initConfig() {
for _, file := range configFiles {
viper.SetConfigFile(file)
err := viper.MergeInConfig()
logging.WithFields("file", file).OnError(err).Warn("unable to read config file")
}
}

1
cmd/zitadel/.gitignore vendored
View File

@@ -1 +0,0 @@
local_*

395
cmd/zitadel/authz.yaml
View File

@@ -1,395 +0,0 @@
InternalAuthZ:
RolePermissionMappings:
- Role: 'IAM_OWNER'
Permissions:
- "iam.read"
- "iam.write"
- "iam.features.read"
- "iam.features.write"
- "iam.policy.read"
- "iam.policy.write"
- "iam.policy.delete"
- "iam.member.read"
- "iam.member.write"
- "iam.member.delete"
- "iam.idp.read"
- "iam.idp.write"
- "iam.idp.delete"
- "iam.action.read"
- "iam.action.write"
- "iam.action.delete"
- "iam.flow.read"
- "iam.flow.write"
- "iam.flow.delete"
- "org.read"
- "org.global.read"
- "org.create"
- "org.write"
- "org.member.read"
- "org.member.write"
- "org.member.delete"
- "org.idp.read"
- "org.idp.write"
- "org.idp.delete"
- "org.action.read"
- "org.action.write"
- "org.action.delete"
- "org.flow.read"
- "org.flow.write"
- "org.flow.delete"
- "user.read"
- "user.global.read"
- "user.write"
- "user.delete"
- "user.grant.read"
- "user.grant.write"
- "user.grant.delete"
- "user.membership.read"
- "user.credential.write"
- "features.read"
- "policy.read"
- "policy.write"
- "policy.delete"
- "project.read"
- "project.create"
- "project.write"
- "project.delete"
- "project.member.read"
- "project.member.write"
- "project.member.delete"
- "project.role.read"
- "project.role.write"
- "project.role.delete"
- "project.app.read"
- "project.app.write"
- "project.app.delete"
- "project.grant.read"
- "project.grant.write"
- "project.grant.delete"
- "project.grant.member.read"
- "project.grant.member.write"
- "project.grant.member.delete"
- Role: 'IAM_OWNER_VIEWER'
Permissions:
- "iam.read"
- "iam.features.read"
- "iam.policy.read"
- "iam.member.read"
- "iam.idp.read"
- "iam.action.read"
- "iam.flow.read"
- "org.read"
- "org.member.read"
- "org.idp.read"
- "org.action.read"
- "org.flow.read"
- "user.read"
- "user.global.read"
- "user.grant.read"
- "user.membership.read"
- "features.read"
- "policy.read"
- "project.read"
- "project.member.read"
- "project.role.read"
- "project.app.read"
- "project.grant.read"
- "project.grant.member.read"
- Role: 'IAM_ORG_MANAGER'
Permissions:
- "org.read"
- "org.global.read"
- "org.create"
- "org.write"
- "org.member.read"
- "org.member.write"
- "org.member.delete"
- "org.idp.read"
- "org.idp.write"
- "org.idp.delete"
- "org.action.read"
- "org.action.write"
- "org.action.delete"
- "org.flow.read"
- "org.flow.write"
- "org.flow.delete"
- "user.read"
- "user.global.read"
- "user.write"
- "user.delete"
- "user.grant.read"
- "user.grant.write"
- "user.grant.delete"
- "user.membership.read"
- "user.credential.write"
- "features.read"
- "policy.read"
- "policy.write"
- "policy.delete"
- "project.read"
- "project.create"
- "project.write"
- "project.delete"
- "project.member.read"
- "project.member.write"
- "project.member.delete"
- "project.role.read"
- "project.role.write"
- "project.role.delete"
- "project.app.read"
- "project.app.write"
- "project.app.delete"
- "project.grant.read"
- "project.grant.write"
- "project.grant.delete"
- "project.grant.member.read"
- "project.grant.member.write"
- "project.grant.member.delete"
- Role: 'IAM_USER_MANAGER'
Permissions:
- "org.read"
- "org.global.read"
- "org.member.read"
- "org.member.delete"
- "user.read"
- "user.global.read"
- "user.write"
- "user.delete"
- "user.grant.read"
- "user.grant.write"
- "user.grant.delete"
- "user.membership.read"
- "features.read"
- "project.read"
- "project.member.read"
- "project.role.read"
- "project.app.read"
- "project.grant.read"
- "project.grant.write"
- "project.grant.delete"
- "project.grant.member.read"
- Role: 'ORG_OWNER'
Permissions:
- "org.read"
- "org.global.read"
- "org.create"
- "org.write"
- "org.member.read"
- "org.member.write"
- "org.member.delete"
- "org.idp.read"
- "org.idp.write"
- "org.idp.delete"
- "org.action.read"
- "org.action.write"
- "org.action.delete"
- "org.flow.read"
- "org.flow.write"
- "org.flow.delete"
- "user.read"
- "user.global.read"
- "user.write"
- "user.delete"
- "user.grant.read"
- "user.grant.write"
- "user.grant.delete"
- "user.membership.read"
- "user.credential.write"
- "features.read"
- "policy.read"
- "policy.write"
- "policy.delete"
- "project.read"
- "project.create"
- "project.write"
- "project.delete"
- "project.member.read"
- "project.member.write"
- "project.member.delete"
- "project.role.read"
- "project.role.write"
- "project.role.delete"
- "project.app.read"
- "project.app.write"
- "project.grant.read"
- "project.grant.write"
- "project.grant.delete"
- "project.grant.member.read"
- "project.grant.member.write"
- "project.grant.member.delete"
- Role: 'ORG_USER_MANAGER'
Permissions:
- "user.read"
- "user.global.read"
- "user.write"
- "user.delete"
- "user.grant.read"
- "user.grant.write"
- "user.grant.delete"
- "user.membership.read"
- "project.read"
- "project.role.read"
- Role: 'ORG_OWNER_VIEWER'
Permissions:
- "org.read"
- "org.member.read"
- "org.idp.read"
- "org.action.read"
- "org.flow.read"
- "user.read"
- "user.global.read"
- "user.grant.read"
- "user.membership.read"
- "features.read"
- "policy.read"
- "project.read"
- "project.member.read"
- "project.role.read"
- "project.app.read"
- "project.grant.read"
- "project.grant.member.read"
- "project.grant.user.grant.read"
- Role: 'ORG_USER_PERMISSION_EDITOR'
Permissions:
- "org.read"
- "org.member.read"
- "user.read"
- "user.global.read"
- "user.grant.read"
- "user.grant.write"
- "user.grant.delete"
- "policy.read"
- "project.read"
- "project.member.read"
- "project.role.read"
- "project.app.read"
- "project.grant.read"
- "project.grant.member.read"
- Role: 'ORG_PROJECT_PERMISSION_EDITOR'
Permissions:
- "org.read"
- "org.member.read"
- "user.read"
- "user.global.read"
- "user.grant.read"
- "user.grant.write"
- "user.grant.delete"
- "policy.read"
- "project.read"
- "project.member.read"
- "project.role.read"
- "project.app.read"
- "project.grant.read"
- "project.grant.write"
- "project.grant.delete"
- "project.grant.member.read"
- Role: 'ORG_PROJECT_CREATOR'
Permissions:
- "user.global.read"
- "policy.read"
- "project.read:self"
- "project.create"
- Role: 'PROJECT_OWNER'
Permissions:
- "org.global.read"
- "policy.read"
- "project.read"
- "project.write"
- "project.delete"
- "project.member.read"
- "project.member.write"
- "project.member.delete"
- "project.role.read"
- "project.role.write"
- "project.role.delete"
- "project.app.read"
- "project.app.write"
- "project.app.delete"
- "project.grant.read"
- "project.grant.write"
- "project.grant.delete"
- "project.grant.member.read"
- "project.grant.member.write"
- "project.grant.member.delete"
- "user.read"
- "user.global.read"
- "user.grant.read"
- "user.grant.write"
- "user.grant.delete"
- "user.membership.read"
- Role: 'PROJECT_OWNER_VIEWER'
Permissions:
- "policy.read"
- "project.read"
- "project.member.read"
- "project.role.read"
- "project.app.read"
- "project.grant.read"
- "project.grant.member.read"
- "user.read"
- "user.global.read"
- "user.grant.read"
- "user.membership.read"
- Role: 'SELF_MANAGEMENT_GLOBAL'
Permissions:
- "org.create"
- "policy.read"
- "user.self.delete"
- Role: 'PROJECT_OWNER_GLOBAL'
Permissions:
- "org.global.read"
- "policy.read"
- "project.read"
- "project.write"
- "project.delete"
- "project.member.read"
- "project.member.write"
- "project.member.delete"
- "project.role.read"
- "project.role.write"
- "project.role.delete"
- "project.app.read"
- "project.app.write"
- "project.app.delete"
- "user.global.read"
- "user.grant.read"
- "user.grant.write"
- "user.grant.delete"
- "user.membership.read"
- Role: 'PROJECT_OWNER_VIEWER_GLOBAL'
Permissions:
- "policy.read"
- "project.read"
- "project.member.read"
- "project.role.read"
- "project.app.read"
- "project.grant.read"
- "project.grant.member.read"
- "user.global.read"
- "user.grant.read"
- "user.membership.read"
- Role: 'PROJECT_GRANT_OWNER'
Permissions:
- "policy.read"
- "org.global.read"
- "project.read"
- "project.grant.read"
- "project.grant.member.read"
- "project.grant.member.write"
- "project.grant.member.delete"
- "user.read"
- "user.global.read"
- "user.grant.read"
- "user.grant.write"
- "user.grant.delete"
- "user.membership.read"
- Role: 'PROJECT_GRANT_OWNER_VIEWER'
Permissions:
- "policy.read"
- "project.read"
- "project.grant.read"
- "project.grant.member.read"
- "user.read"
- "user.global.read"
- "user.grant.read"
- "user.membership.read"

262
cmd/zitadel/main.go
View File

@@ -1,262 +0,0 @@
package main
import (
"context"
"flag"
"fmt"
"os"
"regexp"
"strconv"
"time"
"github.com/caos/logging"
"github.com/getsentry/sentry-go"
"github.com/rs/cors"
admin_es "github.com/caos/zitadel/internal/admin/repository/eventsourcing"
"github.com/caos/zitadel/internal/api"
"github.com/caos/zitadel/internal/api/assets"
internal_authz "github.com/caos/zitadel/internal/api/authz"
"github.com/caos/zitadel/internal/api/grpc/admin"
"github.com/caos/zitadel/internal/api/grpc/auth"
"github.com/caos/zitadel/internal/api/grpc/management"
"github.com/caos/zitadel/internal/api/oidc"
auth_es "github.com/caos/zitadel/internal/auth/repository/eventsourcing"
"github.com/caos/zitadel/internal/authz"
authz_repo "github.com/caos/zitadel/internal/authz/repository"
"github.com/caos/zitadel/internal/command"
"github.com/caos/zitadel/internal/config"
sd "github.com/caos/zitadel/internal/config/systemdefaults"
"github.com/caos/zitadel/internal/config/types"
"github.com/caos/zitadel/internal/eventstore"
"github.com/caos/zitadel/internal/id"
"github.com/caos/zitadel/internal/notification"
"github.com/caos/zitadel/internal/query"
"github.com/caos/zitadel/internal/query/projection"
"github.com/caos/zitadel/internal/setup"
"github.com/caos/zitadel/internal/static"
static_config "github.com/caos/zitadel/internal/static/config"
metrics "github.com/caos/zitadel/internal/telemetry/metrics/config"
tracing "github.com/caos/zitadel/internal/telemetry/tracing/config"
"github.com/caos/zitadel/internal/ui"
"github.com/caos/zitadel/internal/ui/console"
"github.com/caos/zitadel/internal/ui/login"
"github.com/caos/zitadel/openapi"
)
// build argument
var version = "dev"
type Config struct {
Log logging.Config
Tracing tracing.TracingConfig
Metrics metrics.MetricsConfig
AssetStorage static_config.AssetStorageConfig
InternalAuthZ internal_authz.Config
SystemDefaults sd.SystemDefaults
EventstoreBase types.SQLBase
Commands command.Config
Queries query.Config
Projections projection.Config
AuthZ authz.Config
Auth auth_es.Config
Admin admin_es.Config
API api.Config
UI ui.Config
Notification notification.Config
}
type setupConfig struct {
Log logging.Config
Eventstore types.SQL
SystemDefaults sd.SystemDefaults
SetUp setup.IAMSetUp
InternalAuthZ internal_authz.Config
}
var (
configPaths = config.NewArrayFlags("authz.yaml", "startup.yaml", "system-defaults.yaml")
setupPaths = config.NewArrayFlags("authz.yaml", "system-defaults.yaml", "setup.yaml")
adminEnabled = flag.Bool("admin", true, "enable admin api")
managementEnabled = flag.Bool("management", true, "enable management api")
authEnabled = flag.Bool("auth", true, "enable auth api")
oidcEnabled = flag.Bool("oidc", true, "enable oidc api")
assetsEnabled = flag.Bool("assets", true, "enable assets api")
loginEnabled = flag.Bool("login", true, "enable login ui")
consoleEnabled = flag.Bool("console", true, "enable console ui")
notificationEnabled = flag.Bool("notification", true, "enable notification handler")
localDevMode = flag.Bool("localDevMode", false, "enable local development specific configs")
)
const (
cmdStart = "start"
cmdSetup = "setup"
)
func main() {
enableSentry, _ := strconv.ParseBool(os.Getenv("SENTRY_USAGE"))
if enableSentry {
sentryVersion := version
if !regexp.MustCompile("^v?[0-9]+.[0-9]+.[0-9]$").Match([]byte(version)) {
sentryVersion = "dev"
}
err := sentry.Init(sentry.ClientOptions{
Environment: os.Getenv("SENTRY_ENVIRONMENT"),
Release: fmt.Sprintf("zitadel-%s", sentryVersion),
})
if err != nil {
logging.Log("MAIN-Gnzjw").WithError(err).Fatal("sentry init failed")
}
sentry.CaptureMessage("sentry started")
logging.Log("MAIN-adgf3").Info("sentry started")
defer func() {
err := recover()
if err != nil {
sentry.CurrentHub().Recover(err)
sentry.Flush(2 * time.Second)
panic(err)
}
}()
}
flag.Var(configPaths, "config-files", "paths to the config files")
flag.Var(setupPaths, "setup-files", "paths to the setup files")
flag.Parse()
arg := flag.Arg(0)
switch arg {
case cmdStart:
startZitadel(configPaths.Values())
case cmdSetup:
startSetup(setupPaths.Values())
default:
logging.Log("MAIN-afEQ2").Fatal("please provide an valid argument [start, setup]")
}
}
func startZitadel(configPaths []string) {
conf := new(Config)
err := config.Read(conf, configPaths...)
logging.Log("ZITAD-EDz31").OnError(err).Fatal("cannot read config")
logging.LogWithFields("MAIN-dsfg2",
"HTTP_PROXY", os.Getenv("HTTP_PROXY") != "",
"HTTPS_PROXY", os.Getenv("HTTPS_PROXY") != "",
"NO_PROXY", os.Getenv("NO_PROXY")).Info("http proxy settings")
ctx := context.Background()
esQueries, err := eventstore.StartWithUser(conf.EventstoreBase, conf.Queries.Eventstore)
if err != nil {
logging.Log("MAIN-Ddv21").OnError(err).Fatal("cannot start eventstore for queries")
}
keyChan := make(chan interface{})
queries, err := query.StartQueries(ctx, esQueries, conf.Projections, conf.SystemDefaults, keyChan, conf.InternalAuthZ.RolePermissionMappings)
logging.Log("MAIN-WpeJY").OnError(err).Fatal("cannot start queries")
authZRepo, err := authz.Start(conf.AuthZ, conf.SystemDefaults, queries)
logging.Log("MAIN-s9KOw").OnError(err).Fatal("error starting authz repo")
esCommands, err := eventstore.StartWithUser(conf.EventstoreBase, conf.Commands.Eventstore)
logging.Log("ZITAD-iRCMm").OnError(err).Fatal("cannot start eventstore for commands")
store, err := conf.AssetStorage.Config.NewStorage()
logging.Log("ZITAD-Bfhe2").OnError(err).Fatal("Unable to start asset storage")
commands, err := command.StartCommands(esCommands, conf.SystemDefaults, conf.InternalAuthZ, store, authZRepo)
if err != nil {
logging.Log("ZITAD-bmNiJ").OnError(err).Fatal("cannot start commands")
}
var authRepo *auth_es.EsRepository
if *authEnabled || *oidcEnabled || *loginEnabled {
authRepo, err = auth_es.Start(conf.Auth, conf.SystemDefaults, commands, queries)
logging.Log("MAIN-9oRw6").OnError(err).Fatal("error starting auth repo")
}
repo := struct {
authz_repo.Repository
query.Queries
}{
authZRepo,
*queries,
}
verifier := internal_authz.Start(&repo)
startAPI(ctx, conf, verifier, authZRepo, authRepo, commands, queries, store, esQueries, conf.Projections.CRDB, keyChan)
startUI(ctx, conf, authRepo, commands, queries, store)
if *notificationEnabled {
notification.Start(ctx, conf.Notification, conf.SystemDefaults, commands, queries, store != nil)
}
<-ctx.Done()
logging.Log("MAIN-s8d2h").Info("stopping zitadel")
}
func startUI(ctx context.Context, conf *Config, authRepo *auth_es.EsRepository, command *command.Commands, query *query.Queries, staticStorage static.Storage) {
uis := ui.Create(conf.UI)
if *loginEnabled {
login, prefix := login.Start(conf.UI.Login, command, query, authRepo, staticStorage, conf.SystemDefaults, *localDevMode)
uis.RegisterHandler(prefix, login.Handler())
}
if *consoleEnabled {
consoleHandler, prefix, err := console.Start(conf.UI.Console)
logging.Log("API-AGD1f").OnError(err).Fatal("error starting console")
uis.RegisterHandler(prefix, consoleHandler)
}
uis.Start(ctx)
}
func startAPI(ctx context.Context, conf *Config, verifier *internal_authz.TokenVerifier, authZRepo authz_repo.Repository, authRepo *auth_es.EsRepository, command *command.Commands, query *query.Queries, static static.Storage, es *eventstore.Eventstore, projections types.SQL, keyChan <-chan interface{}) {
repo, err := admin_es.Start(ctx, conf.Admin, conf.SystemDefaults, command, static, *localDevMode)
logging.Log("API-D42tq").OnError(err).Fatal("error starting auth repo")
apis := api.Create(conf.API, conf.InternalAuthZ, query, authZRepo, authRepo, repo, conf.SystemDefaults)
if *adminEnabled {
apis.RegisterServer(ctx, admin.CreateServer(command, query, repo, conf.SystemDefaults.Domain, conf.API.Domain+"/assets/v1/"))
}
if *managementEnabled {
apis.RegisterServer(ctx, management.CreateServer(command, query, conf.SystemDefaults, conf.API.Domain+"/assets/v1/"))
}
if *authEnabled {
apis.RegisterServer(ctx, auth.CreateServer(command, query, authRepo, conf.SystemDefaults, conf.API.Domain+"/assets/v1/"))
}
if *oidcEnabled {
op := oidc.NewProvider(ctx, conf.API.OIDC, command, query, authRepo, conf.SystemDefaults.KeyConfig, *localDevMode, es, projections, keyChan, conf.API.Domain+"/assets/v1/")
apis.RegisterHandler("/oauth/v2", op.HttpHandler())
}
if *assetsEnabled {
assetsHandler := assets.NewHandler(command, verifier, conf.InternalAuthZ, id.SonyFlakeGenerator, static, query)
apis.RegisterHandler("/assets/v1", assetsHandler)
}
openAPIHandler, err := openapi.Start()
logging.Log("ZITAD-8pRk1").OnError(err).Fatal("Unable to start openapi handler")
apis.RegisterHandler("/openapi/v2/swagger", cors.AllowAll().Handler(openAPIHandler))
apis.Start(ctx)
}
func startSetup(configPaths []string) {
conf := new(setupConfig)
err := config.Read(conf, configPaths...)
logging.Log("MAIN-FaF2r").OnError(err).Fatal("cannot read config")
ctx := context.Background()
es, err := eventstore.Start(conf.Eventstore)
logging.Log("MAIN-Ddt3").OnError(err).Fatal("cannot start eventstore")
commands, err := command.StartCommands(es, conf.SystemDefaults, conf.InternalAuthZ, nil, nil)
logging.Log("MAIN-dsjrr").OnError(err).Fatal("cannot start command side")
err = setup.Execute(ctx, conf.SetUp, conf.SystemDefaults.IamID, commands)
logging.Log("MAIN-djs3R").OnError(err).Panic("failed to execute setup steps")
}

200
cmd/zitadel/setup.yaml
View File

File diff suppressed because one or more lines are too long

382
cmd/zitadel/startup.yaml
View File

@@ -1,382 +0,0 @@
Log:
Level: $ZITADEL_LOG_LEVEL
Formatter:
Format: text
Tracing:
Type: $ZITADEL_TRACING_TYPE
Config:
ProjectID: $ZITADEL_TRACING_PROJECT_ID
MetricPrefix: ZITADEL-V1
Fraction: $ZITADEL_TRACING_FRACTION
Endpoint: $ZITADEL_TRACING_ENDPOINT
AssetStorage:
Type: $ZITADEL_ASSET_STORAGE_TYPE
Config:
Endpoint: $ZITADEL_ASSET_STORAGE_ENDPOINT
AccessKeyID: $ZITADEL_ASSET_STORAGE_ACCESS_KEY_ID
SecretAccessKey: $ZITADEL_ASSET_STORAGE_SECRET_ACCESS_KEY
SSL: $ZITADEL_ASSET_STORAGE_SSL
Location: $ZITADEL_ASSET_STORAGE_LOCATION
BucketPrefix: $ZITADEL_ASSET_STORAGE_BUCKET_PREFIX
MultiDelete: $ZITADEL_ASSET_STORAGE_MULTI_DELETE
Metrics:
Type: 'otel'
Config:
MeterName: 'github.com/caos/zitadel'
EventstoreBase:
Host: $ZITADEL_EVENTSTORE_HOST
Port: $ZITADEL_EVENTSTORE_PORT
Database: 'eventstore'
MaxOpenConns: 3
MaxConnLifetime: 30m
MaxConnIdleTime: 30m
Options: $CR_OPTIONS
SSL:
Mode: $CR_SSL_MODE
RootCert: $CR_ROOT_CERT
Cert: $CR_EVENTSTORE_CERT
Key: $CR_EVENTSTORE_KEY
Commands:
Eventstore:
User: 'eventstore'
Password: $CR_EVENTSTORE_PASSWORD
MaxOpenConns: 5
MaxConnLifetime: 30m
MaxConnIdleTime: 30m
SSL:
Mode: $CR_SSL_MODE
RootCert: $CR_ROOT_CERT
Cert: $CR_EVENTSTORE_CERT
Key: $CR_EVENTSTORE_KEY
Queries:
Eventstore:
User: 'queries'
Password: $CR_QUERIES_PASSWORD
MaxOpenConns: 2
MaxConnLifetime: 30m
MaxConnIdleTime: 30m
Options: $CR_OPTIONS
SSL:
Mode: $CR_SSL_MODE
RootCert: $CR_ROOT_CERT
Cert: $CR_QUERIES_CERT
Key: $CR_QUERIES_KEY
Projections:
RequeueEvery: 10s
RetryFailedAfter: 1s
MaxFailureCount: 5
BulkLimit: 200
MaxIterators: 1
CRDB:
Host: $ZITADEL_EVENTSTORE_HOST
Port: $ZITADEL_EVENTSTORE_PORT
User: 'queries'
Database: 'zitadel'
Schema: 'projections'
Password: $CR_QUERIES_PASSWORD
MaxOpenConns: 3
MaxConnLifetime: 30m
MaxConnIdleTime: 30m
Options: $CR_OPTIONS
SSL:
Mode: $CR_SSL_MODE
RootCert: $CR_ROOT_CERT
Cert: $CR_QUERIES_CERT
Key: $CR_QUERIES_KEY
Customizations:
projects:
BulkLimit: 2000
AuthZ:
Repository:
Eventstore:
ServiceName: 'AuthZ'
Repository:
SQL:
Host: $ZITADEL_EVENTSTORE_HOST
Port: $ZITADEL_EVENTSTORE_PORT
User: 'authz'
Database: 'eventstore'
Password: $CR_AUTHZ_PASSWORD
MaxOpenConns: 3
MaxConnLifetime: 30m
MaxConnIdleTime: 30m
Options: $CR_OPTIONS
SSL:
Mode: $CR_SSL_MODE
RootCert: $CR_ROOT_CERT
Cert: $CR_AUTHZ_CERT
Key: $CR_AUTHZ_KEY
Cache:
Type: 'fastcache'
Config:
MaxCacheSizeInByte: 10485760 #10mb
View:
Host: $ZITADEL_EVENTSTORE_HOST
Port: $ZITADEL_EVENTSTORE_PORT
User: 'authz'
Database: 'authz'
Password: $CR_AUTHZ_PASSWORD
MaxOpenConns: 3
MaxConnLifetime: 30m
MaxConnIdleTime: 30m
Options: $CR_OPTIONS
SSL:
Mode: $CR_SSL_MODE
RootCert: $CR_ROOT_CERT
Cert: $CR_AUTHZ_CERT
Key: $CR_AUTHZ_KEY
Spooler:
ConcurrentWorkers: 1
BulkLimit: 10000
FailureCountUntilSkip: 5
Auth:
SearchLimit: 1000
Domain: $ZITADEL_DEFAULT_DOMAIN
APIDomain: $ZITADEL_API_DOMAIN
Eventstore:
ServiceName: 'authAPI'
Repository:
SQL:
Host: $ZITADEL_EVENTSTORE_HOST
Port: $ZITADEL_EVENTSTORE_PORT
User: 'auth'
Database: 'eventstore'
Password: $CR_AUTH_PASSWORD
MaxOpenConns: 3
MaxConnLifetime: 30m
MaxConnIdleTime: 30m
Options: $CR_OPTIONS
SSL:
Mode: $CR_SSL_MODE
RootCert: $CR_ROOT_CERT
Cert: $CR_AUTH_CERT
Key: $CR_AUTH_KEY
Cache:
Type: 'fastcache'
Config:
MaxCacheSizeInByte: 10485760 #10mb
AuthRequest:
Connection:
Host: $ZITADEL_EVENTSTORE_HOST
Port: $ZITADEL_EVENTSTORE_PORT
User: 'auth'
Database: 'auth'
Password: $CR_AUTH_PASSWORD
MaxOpenConns: 3
MaxConnLifetime: 30m
MaxConnIdleTime: 30m
Options: $CR_OPTIONS
SSL:
Mode: $CR_SSL_MODE
RootCert: $CR_ROOT_CERT
Cert: $CR_AUTH_CERT
Key: $CR_AUTH_KEY
View:
Host: $ZITADEL_EVENTSTORE_HOST
Port: $ZITADEL_EVENTSTORE_PORT
User: 'auth'
Database: 'auth'
Password: $CR_AUTH_PASSWORD
MaxOpenConns: 3
MaxConnLifetime: 30m
MaxConnIdleTime: 30m
Options: $CR_OPTIONS
SSL:
Mode: $CR_SSL_MODE
RootCert: $CR_ROOT_CERT
Cert: $CR_AUTH_CERT
Key: $CR_AUTH_KEY
Spooler:
ConcurrentWorkers: 1
BulkLimit: 10000
FailureCountUntilSkip: 5
Admin:
SearchLimit: 1000
Domain: $ZITADEL_DEFAULT_DOMAIN
APIDomain: $ZITADEL_API_DOMAIN
Eventstore:
ServiceName: 'Admin'
Repository:
SQL:
Host: $ZITADEL_EVENTSTORE_HOST
Port: $ZITADEL_EVENTSTORE_PORT
User: 'adminapi'
Database: 'eventstore'
Password: $CR_ADMINAPI_PASSWORD
MaxOpenConns: 3
MaxConnLifetime: 30m
MaxConnIdleTime: 30m
Options: $CR_OPTIONS
SSL:
Mode: $CR_SSL_MODE
RootCert: $CR_ROOT_CERT
Cert: $CR_ADMINAPI_CERT
Key: $CR_ADMINAPI_KEY
Cache:
Type: 'fastcache'
Config:
MaxCacheSizeInByte: 10485760 #10mb
View:
Host: $ZITADEL_EVENTSTORE_HOST
Port: $ZITADEL_EVENTSTORE_PORT
User: 'adminapi'
Database: 'adminapi'
Password: $CR_ADMINAPI_PASSWORD
MaxOpenConns: 3
MaxConnLifetime: 30m
MaxConnIdleTime: 30m
Options: $CR_OPTIONS
SSL:
Mode: $CR_SSL_MODE
RootCert: $CR_ROOT_CERT
Cert: $CR_ADMINAPI_CERT
Key: $CR_ADMINAPI_KEY
Spooler:
ConcurrentWorkers: 1
BulkLimit: 10000
FailureCountUntilSkip: 5
API:
Domain: $ZITADEL_API_DOMAIN
GRPC:
ServerPort: 50001
GatewayPort: 50002
CustomHeaders:
- x-zitadel-
OIDC:
OPConfig:
Issuer: $ZITADEL_ISSUER
DefaultLogoutRedirectURI: $ZITADEL_ACCOUNTS/logout/done
StorageConfig:
DefaultLoginURL: $ZITADEL_ACCOUNTS/login?authRequestID=
DefaultAccessTokenLifetime: 12h
DefaultIdTokenLifetime: 12h
DefaultRefreshTokenIdleExpiration: 720h #30d
DefaultRefreshTokenExpiration: 2160h #90d
SigningKeyAlgorithm: RS256
UserAgentCookieConfig:
Name: caos.zitadel.useragent
Domain: $ZITADEL_COOKIE_DOMAIN
MaxAge: 8760h #365*24h (1 year)
Key:
EncryptionKeyID: $ZITADEL_COOKIE_KEY
Cache:
MaxAge: $ZITADEL_CACHE_MAXAGE
SharedMaxAge: $ZITADEL_CACHE_SHARED_MAXAGE
Endpoints:
Auth:
Path: 'authorize'
URL: '$ZITADEL_AUTHORIZE/authorize'
Token:
Path: 'token'
URL: '$ZITADEL_OAUTH/token'
Introspection:
Path: 'introspect'
URL: '$ZITADEL_OAUTH/introspect'
Revocation:
Path: 'revoke'
URL: '$ZITADEL_OAUTH/revoke'
EndSession:
Path: 'endsession'
URL: '$ZITADEL_AUTHORIZE/endsession'
Userinfo:
Path: 'userinfo'
URL: '$ZITADEL_OAUTH/userinfo'
Keys:
Path: 'keys'
URL: '$ZITADEL_OAUTH/keys'
UI:
Port: 50003
Login:
Handler:
BaseURL: '$ZITADEL_ACCOUNTS'
OidcAuthCallbackURL: '$ZITADEL_AUTHORIZE/authorize/callback?id='
ZitadelURL: '$ZITADEL_CONSOLE'
LanguageCookieName: 'caos.zitadel.login.lang'
DefaultLanguage: 'de'
CSRF:
CookieName: 'caos.zitadel.login.csrf'
Key:
EncryptionKeyID: $ZITADEL_CSRF_KEY
Development: $ZITADEL_CSRF_DEV
UserAgentCookieConfig:
Name: caos.zitadel.useragent
Domain: $ZITADEL_COOKIE_DOMAIN
MaxAge: 8760h #365*24h (1 year)
Key:
EncryptionKeyID: $ZITADEL_COOKIE_KEY
Cache:
MaxAge: $ZITADEL_CACHE_MAXAGE
SharedMaxAge: $ZITADEL_CACHE_SHARED_MAXAGE
StaticCache:
Type: bigcache
Config:
MaxCacheSizeInByte: 52428800 #50MB
Console:
ConsoleOverwriteDir: $ZITADEL_CONSOLE_DIR
ShortCache:
MaxAge: $ZITADEL_SHORT_CACHE_MAXAGE
SharedMaxAge: $ZITADEL_SHORT_CACHE_SHARED_MAXAGE
LongCache:
MaxAge: $ZITADEL_CACHE_MAXAGE
SharedMaxAge: $ZITADEL_CACHE_SHARED_MAXAGE
CSPDomain: $ZITADEL_DEFAULT_DOMAIN
Notification:
APIDomain: $ZITADEL_API_DOMAIN
Repository:
DefaultLanguage: 'de'
Domain: $ZITADEL_DEFAULT_DOMAIN
Eventstore:
ServiceName: 'Notification'
Repository:
SQL:
Host: $ZITADEL_EVENTSTORE_HOST
Port: $ZITADEL_EVENTSTORE_PORT
User: 'notification'
Database: 'eventstore'
Password: $CR_NOTIFICATION_PASSWORD
MaxOpenConns: 2
MaxConnLifetime: 30m
MaxConnIdleTime: 30m
Options: $CR_OPTIONS
SSL:
Mode: $CR_SSL_MODE
RootCert: $CR_ROOT_CERT
Cert: $CR_NOTIFICATION_CERT
Key: $CR_NOTIFICATION_KEY
Cache:
Type: 'fastcache'
Config:
MaxCacheSizeInByte: 10485760 #10mb
View:
Host: $ZITADEL_EVENTSTORE_HOST
Port: $ZITADEL_EVENTSTORE_PORT
User: 'notification'
Database: 'notification'
Password: $CR_NOTIFICATION_PASSWORD
MaxOpenConns: 2
MaxConnLifetime: 30m
MaxConnIdleTime: 30m
Options: $CR_OPTIONS
SSL:
Mode: $CR_SSL_MODE
RootCert: $CR_ROOT_CERT
Cert: $CR_NOTIFICATION_CERT
Key: $CR_NOTIFICATION_KEY
Spooler:
ConcurrentWorkers: 1
BulkLimit: 10000
FailureCountUntilSkip: 5
Handlers:

158
cmd/zitadel/system-defaults.yaml
View File

@@ -1,158 +0,0 @@
SystemDefaults:
DefaultLanguage: 'en'
Domain: $ZITADEL_DEFAULT_DOMAIN
ZitadelDocs:
Issuer: $ZITADEL_ISSUER
DiscoveryEndpoint: '$ZITADEL_ISSUER/.well-known/openid-configuration'
UserVerificationKey:
EncryptionKeyID: $ZITADEL_USER_VERIFICATION_KEY
IDPConfigVerificationKey:
EncryptionKeyID: $ZITADEL_IDP_CONFIG_VERIFICATION_KEY
SecretGenerators:
PasswordSaltCost: 14
ClientSecretGenerator:
Length: 64
IncludeLowerLetters: true
IncludeUpperLetters: true
IncludeDigits: true
IncludeSymbols: false
InitializeUserCode:
Length: 6
Expiry: '72h'
IncludeLowerLetters: false
IncludeUpperLetters: true
IncludeDigits: true
IncludeSymbols: false
EmailVerificationCode:
Length: 6
Expiry: '1h'
IncludeLowerLetters: false
IncludeUpperLetters: true
IncludeDigits: true
IncludeSymbols: false
PhoneVerificationCode:
Length: 6
Expiry: '1h'
IncludeLowerLetters: false
IncludeUpperLetters: true
IncludeDigits: true
IncludeSymbols: false
PasswordVerificationCode:
Length: 6
Expiry: '1h'
IncludeLowerLetters: false
IncludeUpperLetters: true
IncludeDigits: true
IncludeSymbols: false
PasswordlessInitCode:
Length: 12
Expiry: '1h'
IncludeLowerLetters: true
IncludeUpperLetters: true
IncludeDigits: true
IncludeSymbols: false
MachineKeySize: 2048
ApplicationKeySize: 2048
Multifactors:
OTP:
Issuer: 'ZITADEL'
VerificationKey:
EncryptionKeyID: $ZITADEL_OTP_VERIFICATION_KEY
VerificationLifetimes:
PasswordCheck: 240h #10d
ExternalLoginCheck: 240h #10d
MFAInitSkip: 720h #30d
SecondFactorCheck: 18h
MultiFactorCheck: 12h
IamID: 'IAM'
DomainVerification:
VerificationKey:
EncryptionKeyID: $ZITADEL_DOMAIN_VERIFICATION_KEY
VerificationGenerator:
Length: 32
IncludeLowerLetters: true
IncludeUpperLetters: true
IncludeDigits: true
IncludeSymbols: false
Notifications:
DebugMode: $DEBUG_MODE
Endpoints:
InitCode: '$ZITADEL_ACCOUNTS/user/init?userID={{.UserID}}&code={{.Code}}&passwordset={{.PasswordSet}}'
PasswordReset: '$ZITADEL_ACCOUNTS/password/init?userID={{.UserID}}&code={{.Code}}'
VerifyEmail: '$ZITADEL_ACCOUNTS/mail/verification?userID={{.UserID}}&code={{.Code}}'
DomainClaimed: '$ZITADEL_ACCOUNTS/login'
PasswordlessRegistration: '$ZITADEL_ACCOUNTS/login/passwordless/init'
Providers:
Email:
SMTP:
Host: $SMTP_HOST
User: $SMTP_USER
Password: $SMTP_PASSWORD
From: $EMAIL_SENDER_ADDRESS
FromName: $EMAIL_SENDER_NAME
Tls: $SMTP_TLS
Twilio:
SID: $TWILIO_SERVICE_SID
Token: $TWILIO_TOKEN
From: $TWILIO_SENDER_NAME
FileSystem:
Enabled: $FS_NOTIFICATIONS_ENABLED
Path: $FS_NOTIFICATIONS_PATH
Compact: $FS_NOTIFICATIONS_COMPACT
Log:
Enabled: $LOG_NOTIFICATIONS_ENABLED
Compact: $LOG_NOTIFICATIONS_COMPACT
Chat:
Enabled: $CHAT_ENABLED
Url: $CHAT_URL
Compact: $CHAT_COMPACT
SplitCount: 4000
TemplateData:
InitCode:
Title: 'InitCode.Title'
PreHeader: 'InitCode.PreHeader'
Subject: 'InitCode.Subject'
Greeting: 'InitCode.Greeting'
Text: 'InitCode.Text'
ButtonText: 'InitCode.ButtonText'
PasswordReset:
Title: 'PasswordReset.Title'
PreHeader: 'PasswordReset.PreHeader'
Subject: 'PasswordReset.Subject'
Greeting: 'PasswordReset.Greeting'
Text: 'PasswordReset.Text'
ButtonText: 'PasswordReset.ButtonText'
VerifyEmail:
Title: 'VerifyEmail.Title'
PreHeader: 'VerifyEmail.PreHeader'
Subject: 'VerifyEmail.Subject'
Greeting: 'VerifyEmail.Greeting'
Text: 'VerifyEmail.Text'
ButtonText: 'VerifyEmail.ButtonText'
VerifyPhone:
Title: 'VerifyPhone.Title'
PreHeader: 'VerifyPhone.PreHeader'
Subject: 'VerifyPhone.Subject'
Greeting: 'VerifyPhone.Greeting'
Text: 'VerifyPhone.Text'
ButtonText: 'VerifyPhone.ButtonText'
DomainClaimed:
Title: 'DomainClaimed.Title'
PreHeader: 'DomainClaimed.PreHeader'
Subject: 'DomainClaimed.Subject'
Greeting: 'DomainClaimed.Greeting'
Text: 'DomainClaimed.Text'
ButtonText: 'DomainClaimed.ButtonText'
WebAuthN:
ID: $ZITADEL_DEFAULT_DOMAIN
OriginLogin: $ZITADEL_ACCOUNTS
OriginConsole: $ZITADEL_CONSOLE
DisplayName: ZITADEL
KeyConfig:
Size: 2048
PrivateKeyLifetime: 6h
PublicKeyLifetime: 30h
EncryptionConfig:
EncryptionKeyID: $ZITADEL_OIDC_KEYS_ID
SigningKeyRotationCheck: 10s
SigningKeyGracefulPeriod: 10m

60
cmd/zitadelctl/cmds/backup.go
View File

@@ -1,60 +0,0 @@
package cmds
import (
"github.com/caos/orbos/pkg/kubernetes/cli"
"github.com/caos/zitadel/pkg/databases"
"github.com/spf13/cobra"
)
func BackupCommand(getRv GetRootValues) *cobra.Command {
var (
backup string
cmd = &cobra.Command{
Use: "backup",
Short: "Instant backup",
Long: "Instant backup",
}
)
flags := cmd.Flags()
flags.StringVar(&backup, "backup", "", "Name used for backup folder")
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
rv := getRv("backup", map[string]interface{}{"backup": backup}, "")
defer func() {
err = rv.ErrFunc(err)
}()
monitor := rv.Monitor
orbConfig := rv.OrbConfig
gitClient := rv.GitClient
k8sClient, err := cli.Client(monitor, orbConfig, gitClient, rv.Kubeconfig, rv.Gitops, true)
if err != nil {
return err
}
if rv.Gitops {
if err := databases.GitOpsInstantBackup(
monitor,
k8sClient,
gitClient,
backup,
); err != nil {
return err
}
} else {
if err := databases.CrdInstantBackup(
monitor,
k8sClient,
backup,
); err != nil {
return err
}
}
return nil
}
return cmd
}

60
cmd/zitadelctl/cmds/backuplist.go
View File

@@ -1,60 +0,0 @@
package cmds
import (
"fmt"
"github.com/caos/orbos/pkg/kubernetes/cli"
"sort"
"github.com/caos/zitadel/pkg/databases"
"github.com/spf13/cobra"
)
func BackupListCommand(getRv GetRootValues) *cobra.Command {
var (
cmd = &cobra.Command{
Use: "backuplist",
Short: "Get a list of all backups",
Long: "Get a list of all backups",
}
)
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
rv := getRv("backuplist", nil, "")
defer func() {
err = rv.ErrFunc(err)
}()
monitor := rv.Monitor
orbConfig := rv.OrbConfig
gitClient := rv.GitClient
backups := make([]string, 0)
k8sClient, err := cli.Client(monitor, orbConfig, rv.GitClient, rv.Kubeconfig, rv.Gitops, true)
if err != nil {
return err
}
if rv.Gitops {
backupsT, err := databases.GitOpsListBackups(monitor, gitClient, k8sClient)
if err != nil {
return err
}
backups = backupsT
} else {
backupsT, err := databases.CrdListBackups(monitor, k8sClient)
if err != nil {
return err
}
backups = backupsT
}
sort.Slice(backups, func(i, j int) bool {
return backups[i] > backups[j]
})
for _, backup := range backups {
fmt.Println(backup)
}
return nil
}
return cmd
}

137
cmd/zitadelctl/cmds/configure.go
View File

@@ -1,137 +0,0 @@
package cmds
import (
"errors"
"github.com/caos/orbos/mntr"
"github.com/caos/orbos/pkg/tree"
"github.com/caos/orbos/pkg/cfg"
"github.com/caos/orbos/pkg/git"
"github.com/caos/orbos/pkg/kubernetes/cli"
"github.com/caos/orbos/pkg/orb"
"github.com/spf13/cobra"
orbdb "github.com/caos/zitadel/operator/database/kinds/orb"
orbzit "github.com/caos/zitadel/operator/zitadel/kinds/orb"
)
func ConfigCommand(getRv GetRootValues, ghClientID, ghClientSecret string) *cobra.Command {
var (
newMasterKey string
newRepoURL string
newRepoKey string
cmd = &cobra.Command{
Use: "configure",
Short: "Configures and reconfigures an orb",
Long: "Generates missing secrets where it makes sense",
Aliases: []string{"reconfigure", "config", "reconfig"},
}
)
flags := cmd.Flags()
flags.StringVar(&newMasterKey, "masterkey", "", "Reencrypts all secrets")
flags.StringVar(&newRepoURL, "repourl", "", "Configures the repository URL")
flags.StringVar(&newRepoKey, "repokey", "", "Configures the used key to communicate with the repository")
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
rv := getRv("configure", map[string]interface{}{
"masterkey": newMasterKey != "",
"newRepoURL": newRepoURL,
"newRepoKey": newRepoKey != "",
}, "")
defer func() {
err = rv.ErrFunc(err)
}()
if !rv.Gitops {
return mntr.ToUserError(errors.New("configure command is only supported with the --gitops flag"))
}
if err := orb.Reconfigure(
rv.Ctx,
rv.Monitor,
rv.OrbConfig,
newRepoURL,
newMasterKey,
newRepoKey,
rv.GitClient,
ghClientID,
ghClientSecret,
); err != nil {
return err
}
k8sClient, err := cli.Client(rv.Monitor, rv.OrbConfig, rv.GitClient, rv.Kubeconfig, rv.Gitops, false)
if err != nil {
rv.Monitor.WithField("reason", err.Error()).Info("Continuing without having a Kubernetes connection")
err = nil
}
if err := cfg.ApplyOrbconfigSecret(
rv.OrbConfig,
k8sClient,
rv.Monitor,
); err != nil {
return err
}
queried := make(map[string]interface{})
if err := cfg.ConfigureOperators(
rv.GitClient,
rv.OrbConfig.Masterkey,
append(cfg.ORBOSConfigurers(
rv.Ctx,
rv.Monitor,
rv.OrbConfig,
rv.GitClient,
), cfg.OperatorConfigurer(
git.DatabaseFile,
rv.Monitor,
rv.GitClient,
func() (*tree.Tree, interface{}, error) {
desired, err := rv.GitClient.ReadTree(git.DatabaseFile)
if err != nil {
return nil, nil, err
}
_, _, configure, _, _, _, err := orbdb.AdaptFunc("", nil, rv.Gitops)(rv.Monitor, desired, &tree.Tree{})
if err != nil {
return nil, nil, err
}
return desired, desired.Parsed, configure(k8sClient, queried, rv.Gitops)
},
), cfg.OperatorConfigurer(
git.ZitadelFile,
rv.Monitor,
rv.GitClient,
func() (*tree.Tree, interface{}, error) {
desired, err := rv.GitClient.ReadTree(git.ZitadelFile)
if err != nil {
return nil, nil, err
}
_, _, configure, _, _, _, err := orbzit.AdaptFunc(
rv.OrbConfig,
"configure",
nil,
rv.Gitops,
nil,
)(rv.Monitor, desired, &tree.Tree{})
if err != nil {
return nil, nil, err
}
return desired, desired.Parsed, configure(k8sClient, queried, rv.Gitops)
},
))); err != nil {
return err
}
rv.Monitor.Info("Configuration succeeded")
return nil
}
return cmd
}

162
cmd/zitadelctl/cmds/destroy.go
View File

@@ -1,162 +0,0 @@
package cmds
import (
"github.com/caos/orbos/mntr"
"github.com/caos/orbos/pkg/git"
"github.com/caos/orbos/pkg/kubernetes"
"github.com/caos/orbos/pkg/kubernetes/cli"
"github.com/caos/zitadel/operator/crtlcrd"
"github.com/caos/zitadel/operator/crtlgitops"
orbdb "github.com/caos/zitadel/operator/database/kinds/orb"
orbzit "github.com/caos/zitadel/operator/zitadel/kinds/orb"
kuberneteszit "github.com/caos/zitadel/pkg/kubernetes"
"github.com/spf13/cobra"
)
func TeardownCommand(getRv GetRootValues) *cobra.Command {
var (
cmd = &cobra.Command{
Use: "teardown",
Short: "Tear down an Orb",
Long: "Destroys a whole Orb",
Aliases: []string{
"shoot",
"destroy",
"devastate",
"annihilate",
"crush",
"bulldoze",
"total",
"smash",
"decimate",
"kill",
"trash",
"wipe-off-the-map",
"pulverize",
"take-apart",
"destruct",
"obliterate",
"disassemble",
"explode",
"blow-up",
},
}
)
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
rv := getRv("destroy", nil, "")
defer func() {
err = rv.ErrFunc(err)
}()
monitor := rv.Monitor
orbConfig := rv.OrbConfig
gitClient := rv.GitClient
version := rv.Version
k8sClient, err := cli.Client(
monitor,
orbConfig,
gitClient,
rv.Kubeconfig,
rv.Gitops,
true,
)
if err != nil {
return err
}
monitor.WithFields(map[string]interface{}{
"version": version,
}).Info("Destroying Orb")
if err := kuberneteszit.ScaleZitadelOperator(monitor, k8sClient, 0); err != nil {
return err
}
if err := kuberneteszit.ScaleDatabaseOperator(monitor, k8sClient, 0); err != nil {
return err
}
if rv.Gitops {
if err := crtlgitops.DestroyOperator(monitor, orbConfig.Path, k8sClient, &version, rv.Gitops); err != nil {
return err
}
if err := crtlgitops.DestroyDatabase(monitor, orbConfig.Path, k8sClient, &version, rv.Gitops); err != nil {
return err
}
} else {
if err := crtlcrd.Destroy(monitor, k8sClient, version, "zitadel", "database"); err != nil {
return err
}
}
if err := destroyOperator(monitor, gitClient, k8sClient, rv.Gitops); err != nil {
return err
}
if err := destroyDatabase(monitor, gitClient, k8sClient, rv.Gitops); err != nil {
return err
}
return nil
}
return cmd
}
func destroyOperator(monitor mntr.Monitor, gitClient *git.Client, k8sClient kubernetes.ClientInt, gitops bool) error {
if gitops {
if gitClient.Exists(git.ZitadelFile) {
desiredTree, err := gitClient.ReadTree(git.ZitadelFile)
if err != nil {
return err
}
desired, err := orbzit.ParseDesiredV0(desiredTree)
if err != nil {
return err
}
spec := desired.Spec
_, del := orbzit.Reconcile(monitor, spec, gitops)
if err := del(k8sClient); err != nil {
return err
}
}
} else {
_, del := orbzit.Reconcile(monitor, &orbzit.Spec{}, gitops)
if err := del(k8sClient); err != nil {
return err
}
}
return nil
}
func destroyDatabase(monitor mntr.Monitor, gitClient *git.Client, k8sClient kubernetes.ClientInt, gitops bool) error {
if gitops {
if gitClient.Exists(git.DatabaseFile) {
desiredTree, err := gitClient.ReadTree(git.DatabaseFile)
if err != nil {
return err
}
desired, err := orbdb.ParseDesiredV0(desiredTree)
if err != nil {
return err
}
spec := desired.Spec
_, del := orbdb.Reconcile(monitor, spec, gitops)
if err := del(k8sClient); err != nil {
return err
}
}
} else {
_, del := orbdb.Reconcile(monitor, &orbdb.Spec{}, gitops)
if err := del(k8sClient); err != nil {
return err
}
}
return nil
}

57
cmd/zitadelctl/cmds/readsecret.go
View File

@@ -1,57 +0,0 @@
package cmds
import (
"os"
"github.com/caos/orbos/pkg/kubernetes/cli"
"github.com/caos/zitadel/operator/secrets"
"github.com/caos/orbos/pkg/secret"
"github.com/spf13/cobra"
)
func ReadSecretCommand(getRv GetRootValues) *cobra.Command {
return &cobra.Command{
Use: "readsecret [path]",
Short: "Print a secrets decrypted value to stdout",
Long: "Print a secrets decrypted value to stdout.\nIf no path is provided, a secret can interactively be chosen from a list of all possible secrets",
Args: cobra.MaximumNArgs(1),
Example: `zitadelctl readsecret database.bucket.serviceaccountjson.encrypted > ~/googlecloudstoragesa.json`,
RunE: func(cmd *cobra.Command, args []string) (err error) {
path := ""
if len(args) > 0 {
path = args[0]
}
rv := getRv("readsecret", map[string]interface{}{"path": path}, "")
defer func() {
err = rv.ErrFunc(err)
}()
monitor := rv.Monitor
orbConfig := rv.OrbConfig
gitClient := rv.GitClient
k8sClient, err := cli.Client(monitor, orbConfig, gitClient, rv.Kubeconfig, rv.Gitops, true)
if err != nil && !rv.Gitops {
return err
}
value, err := secret.Read(
k8sClient,
path,
secrets.GetAllSecretsFunc(monitor, path == "", rv.Gitops, gitClient, k8sClient, orbConfig),
)
if err != nil {
return err
}
if _, err := os.Stdout.Write([]byte(value)); err != nil {
return err
}
return nil
},
}
}

98
cmd/zitadelctl/cmds/restore.go
View File

@@ -1,98 +0,0 @@
package cmds
import (
"errors"
"github.com/caos/orbos/mntr"
"github.com/caos/orbos/pkg/kubernetes/cli"
"github.com/caos/zitadel/operator/crtlcrd"
"github.com/caos/zitadel/operator/crtlgitops"
"github.com/caos/zitadel/pkg/databases"
"github.com/manifoldco/promptui"
"github.com/spf13/cobra"
)
func RestoreCommand(getRv GetRootValues) *cobra.Command {
var (
backup string
cmd = &cobra.Command{
Use: "restore",
Short: "Restore from backup",
Long: "Restore from backup",
}
)
flags := cmd.Flags()
flags.StringVar(&backup, "backup", "", "Backup used for db restore")
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
rv := getRv("restore", map[string]interface{}{"backup": backup}, "")
defer func() {
err = rv.ErrFunc(err)
}()
// TODO: Why?
monitor := rv.Monitor
orbConfig := rv.OrbConfig
gitClient := rv.GitClient
version := rv.Version
k8sClient, err := cli.Client(monitor, orbConfig, gitClient, rv.Kubeconfig, rv.Gitops, true)
if err != nil {
return err
}
list := make([]string, 0)
if rv.Gitops {
listT, err := databases.GitOpsListBackups(monitor, gitClient, k8sClient)
if err != nil {
return err
}
list = listT
} else {
listT, err := databases.CrdListBackups(monitor, k8sClient)
if err != nil {
return err
}
list = listT
}
if backup == "" {
prompt := promptui.Select{
Label: "Select backup to restore",
Items: list,
}
_, result, err := prompt.Run()
if err != nil {
return err
}
backup = result
}
existing := false
for _, listedBackup := range list {
if listedBackup == backup {
existing = true
}
}
if !existing {
return mntr.ToUserError(errors.New("chosen backup is not existing"))
}
ensure := func() error { return nil }
if rv.Gitops {
ensure = func() error {
return crtlgitops.Restore(monitor, gitClient, k8sClient, backup)
}
} else {
ensure = func() error {
return crtlcrd.Restore(monitor, k8sClient, backup)
}
}
return scaleForFunction(monitor, gitClient, orbConfig, k8sClient, &version, rv.Gitops, ensure)
}
return cmd
}

115
cmd/zitadelctl/cmds/root.go
View File

@@ -1,115 +0,0 @@
package cmds
import (
"context"
"os"
"github.com/caos/orbos/mntr"
"github.com/caos/orbos/pkg/git"
"github.com/caos/orbos/pkg/orb"
"github.com/caos/zitadel/operator/helpers"
"github.com/spf13/cobra"
)
type RootValues struct {
Ctx context.Context
Monitor mntr.Monitor
Version string
Gitops bool
OrbConfig *orb.Orb
GitClient *git.Client
Kubeconfig string
ErrFunc errFunc
}
type GetRootValues func(command string, tags map[string]interface{}, component string, moreComponents ...string) *RootValues
type errFunc func(err error) error
func RootCommand(version string, monitor mntr.Monitor) (*cobra.Command, GetRootValues) {
var (
ctx = context.Background()
rv = &RootValues{
Ctx: ctx,
Version: version,
ErrFunc: func(err error) error {
if err != nil {
monitor.Error(err)
os.Exit(1)
}
return nil
},
}
orbConfigPath string
verbose bool
disableAnalytics bool
)
cmd := &cobra.Command{
Use: "zitadelctl [flags]",
Short: "Interact with your IAM orbs",
Long: `zitadelctl launches zitadel and simplifies common tasks such as deploying operators or reading and writing secrets.
Participate in our community on https://github.com/caos/orbos
and visit our website at https://caos.ch`,
Example: `$ # For being able to use the --gitops flag, you need to create an orbconfig and add an SSH deploy key to your github project
$ # Create an ssh key pair
$ ssh-keygen -b 2048 -t rsa -f ~/.ssh/myorbrepo -q -N ""
$ # Create the orbconfig
$ mkdir -p ~/.orb
$ cat > ~/.orb/myorb << EOF
> # this is the ssh URL to your git repository
> url: git@github.com:me/my-orb.git
> masterkey: "$(openssl rand -base64 21)" # used for encrypting and decrypting secrets
> # the repokey is used to connect to your git repository
> repokey: |
> $(cat ~/.ssh/myorbrepo | sed s/^/\ \ /g)
> EOF
$ zitadelctl --gitops -f ~/.orb/myorb [command]
`,
}
flags := cmd.PersistentFlags()
flags.BoolVar(&rv.Gitops, "gitops", false, "Run zitadelctl in gitops mode")
flags.StringVarP(&orbConfigPath, "orbconfig", "f", "~/.orb/config", "Path to the file containing the orbs git repo URL, deploy key and the master key for encrypting and decrypting secrets")
flags.StringVarP(&rv.Kubeconfig, "kubeconfig", "k", "~/.kube/config", "Path to the kubeconfig file to the cluster zitadelctl should target")
flags.BoolVar(&verbose, "verbose", false, "Print debug levelled logs")
flags.BoolVar(&disableAnalytics, "disable-analytics", false, "Don't help CAOS AG to improve ZITADEL by sending them errors and usage data")
return cmd, func(command string, tags map[string]interface{}, component string, moreComponents ...string) *RootValues {
if verbose {
monitor = monitor.Verbose()
}
rv.Monitor = monitor
rv.Kubeconfig = helpers.PruneHome(rv.Kubeconfig)
rv.GitClient = git.New(ctx, monitor, "zitadel", "orbos@caos.ch")
if rv.Gitops {
prunedPath := helpers.PruneHome(orbConfigPath)
rv.OrbConfig, _ = orb.ParseOrbConfig(prunedPath)
if rv.OrbConfig == nil {
rv.OrbConfig = &orb.Orb{Path: prunedPath}
}
}
env := "unknown"
if orbID, err := rv.OrbConfig.ID(); err == nil {
env = orbID
}
if component == "" {
component = "zitadelctl"
}
if !disableAnalytics {
if err := mntr.Ingest(rv.Monitor, "zitadel", version, env, component, moreComponents...); err != nil {
panic(err)
}
}
rv.Monitor.WithFields(map[string]interface{}{"command": command, "gitops": rv.Gitops}).WithFields(tags).CaptureMessage("zitadelctl invoked")
return rv
}
}

85
cmd/zitadelctl/cmds/scale.go
View File

@@ -1,85 +0,0 @@
package cmds
import (
"github.com/caos/orbos/mntr"
"github.com/caos/orbos/pkg/git"
"github.com/caos/orbos/pkg/kubernetes"
orbconfig "github.com/caos/orbos/pkg/orb"
"github.com/caos/zitadel/operator/crtlcrd/zitadel"
"github.com/caos/zitadel/operator/crtlgitops"
kubernetes2 "github.com/caos/zitadel/pkg/kubernetes"
macherrs "k8s.io/apimachinery/pkg/api/errors"
)
func scaleForFunction(
monitor mntr.Monitor,
gitClient *git.Client,
orbCfg *orbconfig.Orb,
k8sClient *kubernetes.Client,
version *string,
gitops bool,
ensureFunc func() error,
) error {
noOperator := false
if err := kubernetes2.ScaleZitadelOperator(monitor, k8sClient, 0); err != nil {
if macherrs.IsNotFound(err) {
noOperator = true
} else {
return err
}
}
noZitadel := false
if gitops {
noZitadelT, err := crtlgitops.ScaleDown(monitor, gitClient, k8sClient, orbCfg, version, gitops)
if err != nil {
return err
}
noZitadel = noZitadelT
} else {
noZitadelT, err := zitadel.ScaleDown(monitor, k8sClient, version)
if err != nil {
return err
}
noZitadel = noZitadelT
}
noDatabase := false
if err := kubernetes2.ScaleDatabaseOperator(monitor, k8sClient, 0); err != nil {
if macherrs.IsNotFound(err) {
noDatabase = true
} else {
return err
}
}
if err := ensureFunc(); err != nil {
return err
}
if !noDatabase {
if err := kubernetes2.ScaleDatabaseOperator(monitor, k8sClient, 1); err != nil {
return err
}
}
if !noZitadel {
if gitops {
if err := crtlgitops.ScaleUp(monitor, gitClient, k8sClient, orbCfg, version, gitops); err != nil {
return err
}
} else {
if err := zitadel.ScaleUp(monitor, k8sClient, version); err != nil {
return err
}
}
}
if !noOperator {
if err := kubernetes2.ScaleZitadelOperator(monitor, k8sClient, 1); err != nil {
return err
}
}
return nil
}

87
cmd/zitadelctl/cmds/start.go
View File

@@ -1,87 +0,0 @@
package cmds
import (
"github.com/caos/orbos/pkg/kubernetes"
"github.com/caos/zitadel/operator/crtlcrd"
"github.com/caos/zitadel/operator/crtlgitops"
"github.com/spf13/cobra"
)
func StartOperator(getRv GetRootValues) *cobra.Command {
var (
metricsAddr string
cmd = &cobra.Command{
Use: "operator",
Short: "Launch a ZITADEL operator",
Long: "Ensures a desired state of ZITADEL",
}
)
flags := cmd.Flags()
flags.StringVar(&metricsAddr, "metrics-addr", "", "The address the metric endpoint binds to.")
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
rv := getRv("operator", nil, "zitadel-operator", "zitadel")
defer func() {
err = rv.ErrFunc(err)
}()
monitor := rv.Monitor
orbConfig := rv.OrbConfig
version := rv.Version
if rv.Gitops {
k8sClient, err := kubernetes.NewK8sClientWithPath(monitor, rv.Kubeconfig)
if err != nil {
return err
}
return crtlgitops.Operator(monitor, orbConfig.Path, k8sClient, &version, rv.Gitops)
} else {
if err := crtlcrd.Start(monitor, version, metricsAddr, crtlcrd.Zitadel); err != nil {
return err
}
}
return nil
}
return cmd
}
func StartDatabase(getRv GetRootValues) *cobra.Command {
var (
metricsAddr string
cmd = &cobra.Command{
Use: "database",
Short: "Launch a database operator",
Long: "Ensures a desired state of the database",
}
)
flags := cmd.Flags()
flags.StringVar(&metricsAddr, "metrics-addr", "", "The address the metric endpoint binds to.")
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
rv := getRv("database", nil, "database-operator")
defer func() {
err = rv.ErrFunc(err)
}()
monitor := rv.Monitor
orbConfig := rv.OrbConfig
version := rv.Version
if rv.Gitops {
k8sClient, err := kubernetes.NewK8sClientWithPath(monitor, rv.Kubeconfig)
if err != nil {
return err
}
return crtlgitops.Database(monitor, orbConfig.Path, k8sClient, &version, rv.Gitops)
} else {
if err := crtlcrd.Start(monitor, version, metricsAddr, crtlcrd.Database); err != nil {
return err
}
}
return nil
}
return cmd
}

150
cmd/zitadelctl/cmds/takeoff.go
View File

@@ -1,150 +0,0 @@
package cmds
import (
"github.com/caos/orbos/pkg/kubernetes/cli"
"gopkg.in/yaml.v3"
orbdb "github.com/caos/zitadel/operator/database/kinds/orb"
"github.com/caos/orbos/mntr"
"github.com/caos/orbos/pkg/git"
"github.com/caos/orbos/pkg/kubernetes"
orbzit "github.com/caos/zitadel/operator/zitadel/kinds/orb"
"github.com/spf13/cobra"
_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
)
func TakeoffCommand(getRv GetRootValues) *cobra.Command {
var (
cmd = &cobra.Command{
Use: "takeoff",
Short: "Launch a ZITADEL operator and database operator on the orb",
Long: "Ensures a desired state of the resources on the orb",
}
)
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
rv := getRv("takeoff", nil, "")
defer func() {
err = rv.ErrFunc(err)
}()
monitor := rv.Monitor
orbConfig := rv.OrbConfig
gitClient := rv.GitClient
k8sClient, err := cli.Client(
monitor,
orbConfig,
gitClient,
rv.Kubeconfig,
rv.Gitops,
true,
)
if err != nil {
return err
}
if err := kubernetes.EnsureCaosSystemNamespace(monitor, k8sClient); err != nil {
return err
}
if rv.Gitops {
orbConfigBytes, err := yaml.Marshal(orbConfig)
if err != nil {
return err
}
if err := kubernetes.EnsureOrbconfigSecret(monitor, k8sClient, orbConfigBytes); err != nil {
return err
}
}
if err := deployOperator(
monitor,
gitClient,
k8sClient,
rv.Version,
rv.Gitops,
); err != nil {
return err
}
return deployDatabase(
monitor,
gitClient,
k8sClient,
rv.Version,
rv.Gitops,
)
}
return cmd
}
func deployOperator(monitor mntr.Monitor, gitClient *git.Client, k8sClient kubernetes.ClientInt, version string, gitops bool) error {
if !gitops {
// at takeoff the artifacts have to be applied
spec := &orbzit.Spec{
Version: version,
SelfReconciling: true,
}
rec, _ := orbzit.Reconcile(monitor, spec, gitops)
return rec(k8sClient)
}
if !gitClient.Exists(git.ZitadelFile) {
monitor.WithField("file", git.ZitadelFile).Info("File not found in git, skipping deployment")
return nil
}
desiredTree, err := gitClient.ReadTree(git.ZitadelFile)
if err != nil {
return err
}
desired, err := orbzit.ParseDesiredV0(desiredTree)
if err != nil {
return err
}
spec := desired.Spec
// at takeoff the artifacts have to be applied
spec.SelfReconciling = true
rec, _ := orbzit.Reconcile(monitor, spec, gitops)
return rec(k8sClient)
}
func deployDatabase(monitor mntr.Monitor, gitClient *git.Client, k8sClient kubernetes.ClientInt, version string, gitops bool) error {
if !gitops {
// at takeoff the artifacts have to be applied
spec := &orbdb.Spec{
Version: version,
SelfReconciling: true,
}
rec, _ := orbdb.Reconcile(monitor, spec, gitops)
return rec(k8sClient)
}
if !gitClient.Exists(git.DatabaseFile) {
monitor.WithField("file", git.DatabaseFile).Info("File not found in git, skipping deployment")
return nil
}
desiredTree, err := gitClient.ReadTree(git.DatabaseFile)
if err != nil {
return err
}
desired, err := orbdb.ParseDesiredV0(desiredTree)
if err != nil {
return err
}
spec := desired.Spec
// at takeoff the artifacts have to be applied
spec.SelfReconciling = true
rec, _ := orbdb.Reconcile(monitor, spec, gitops)
return rec(k8sClient)
}

114
cmd/zitadelctl/cmds/writesecret.go
View File

@@ -1,114 +0,0 @@
package cmds
import (
"errors"
"fmt"
"io/ioutil"
"os"
"github.com/caos/orbos/pkg/kubernetes/cli"
"github.com/caos/orbos/pkg/secret"
"github.com/caos/zitadel/operator/secrets"
"github.com/spf13/cobra"
)
func WriteSecretCommand(getRv GetRootValues) *cobra.Command {
var (
value string
file string
stdin bool
cmd = &cobra.Command{
Use: "writesecret [path]",
Short: "Encrypt a secret and push it to the repository",
Long: "Encrypt a secret and push it to the repository.\nIf no path is provided, a secret can interactively be chosen from a list of all possible secrets",
Args: cobra.MaximumNArgs(1),
Example: `zitadelctl writesecret database.bucket.serviceaccountjson.encrypted --file ~/googlecloudstoragesa.json
zitadelctl writesecret database.bucket.serviceaccountjson.encrypted --value "$(cat ~/googlecloudstoragesa.json)"
cat ~/googlecloudstoragesa.json | zitadelctl writesecret database.bucket.serviceaccountjson.encrypted --stdin`,
}
)
flags := cmd.Flags()
flags.StringVar(&value, "value", "", "Secret value to encrypt")
flags.StringVarP(&file, "file", "s", "", "File containing the value to encrypt")
flags.BoolVar(&stdin, "stdin", false, "Value to encrypt is read from standard input")
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
path := ""
if len(args) > 0 {
path = args[0]
}
rv := getRv("writesecret", map[string]interface{}{"path": path, "value": value != "", "file": file, "stdin": stdin}, "")
defer func() {
err = rv.ErrFunc(err)
}()
monitor := rv.Monitor
orbConfig := rv.OrbConfig
gitClient := rv.GitClient
s, err := key(value, file, stdin)
if err != nil {
return err
}
k8sClient, err := cli.Client(monitor, orbConfig, gitClient, rv.Kubeconfig, rv.Gitops, true)
if err != nil && !rv.Gitops {
return err
}
err = nil
return secret.Write(
monitor,
k8sClient,
path,
s,
"zitadelctl",
fmt.Sprintf(rv.Version),
secrets.GetAllSecretsFunc(monitor, path != "", rv.Gitops, gitClient, k8sClient, orbConfig),
secrets.PushFunc(monitor, rv.Gitops, gitClient, k8sClient),
)
}
return cmd
}
func key(value string, file string, stdin bool) (string, error) {
channels := 0
if value != "" {
channels++
}
if file != "" {
channels++
}
if stdin {
channels++
}
if channels != 1 {
return "", errors.New("Key must be provided eighter by value or by file path or by standard input")
}
if value != "" {
return value, nil
}
readFunc := func() ([]byte, error) {
return ioutil.ReadFile(file)
}
if stdin {
readFunc = func() ([]byte, error) {
return ioutil.ReadAll(os.Stdin)
}
}
key, err := readFunc()
if err != nil {
panic(err)
}
return string(key), err
}

48
cmd/zitadelctl/main.go
View File

@@ -1,48 +0,0 @@
package main
import (
"fmt"
"os"
"github.com/caos/orbos/mntr"
"github.com/caos/zitadel/cmd/zitadelctl/cmds"
)
var (
Version = "unknown"
githubClientID = "none"
githubClientSecret = "none"
)
func main() {
monitor := mntr.Monitor{
OnInfo: mntr.LogMessage,
OnChange: mntr.LogMessage,
OnError: mntr.LogError,
OnRecoverPanic: mntr.LogPanic,
}
defer func() { monitor.RecoverPanic(recover()) }()
rootCmd, rootValues := cmds.RootCommand(Version, monitor)
rootCmd.Version = fmt.Sprintf("%s\n", Version)
rootCmd.AddCommand(
cmds.StartOperator(rootValues),
cmds.TakeoffCommand(rootValues),
cmds.BackupListCommand(rootValues),
cmds.RestoreCommand(rootValues),
cmds.ReadSecretCommand(rootValues),
cmds.WriteSecretCommand(rootValues),
cmds.BackupCommand(rootValues),
cmds.StartDatabase(rootValues),
cmds.ConfigCommand(rootValues, githubClientID, githubClientSecret),
cmds.TeardownCommand(rootValues),
)
if err := rootCmd.Execute(); err != nil {
monitor.Error(mntr.ToUserError(err))
os.Exit(1)
}
}