greentic_bundle/cli/
access.rs1use anyhow::Result;
2use clap::{Args, Subcommand};
3
4#[derive(Debug, Args)]
5pub struct AccessArgs {
6 #[command(subcommand)]
7 pub command: AccessCommand,
8}
9
10#[derive(Debug, Subcommand)]
11pub enum AccessCommand {
12 #[command(about = "cli.access.allow.about")]
13 Allow(AccessMutationArgs),
14 #[command(about = "cli.access.forbid.about")]
15 Forbid(AccessMutationArgs),
16}
17
18#[derive(Debug, Args)]
19pub struct AccessMutationArgs {
20 #[arg(value_name = "SUBJECT")]
21 pub subject: String,
22
23 #[arg(
24 long,
25 value_name = "PATH",
26 default_value = ".",
27 help = "cli.access.root.option"
28 )]
29 pub root: std::path::PathBuf,
30
31 #[arg(long, default_value = "default", help = "cli.access.tenant.option")]
32 pub tenant: String,
33
34 #[arg(long, help = "cli.access.team.option")]
35 pub team: Option<String>,
36
37 #[arg(long, default_value_t = false, help = "cli.option.dry_run")]
38 pub dry_run: bool,
39
40 #[arg(long, default_value_t = false, help = "cli.option.execute")]
41 pub execute: bool,
42}
43
44pub fn run(args: AccessArgs) -> Result<()> {
45 match args.command {
46 AccessCommand::Allow(args) => handle(args, crate::access::Policy::Public),
47 AccessCommand::Forbid(args) => handle(args, crate::access::Policy::Forbidden),
48 }
49}
50
51fn handle(args: AccessMutationArgs, policy: crate::access::Policy) -> Result<()> {
52 let target = crate::access::GmapTarget {
53 tenant: args.tenant,
54 team: args.team,
55 };
56 let mutation = crate::access::GmapMutation::new(&args.subject, policy)?;
57 let preview = crate::access::mutate_access(
58 &args.root,
59 &target,
60 &mutation,
61 args.dry_run || !args.execute,
62 )?;
63 println!("{}", serde_json::to_string_pretty(&preview)?);
64 Ok(())
65}