seaplane_cli/
api.rs

1//! Wrapping seaplane SDK calls with things like CLI specific contexts, errors, etc.
2
3mod formations;
4mod locks;
5mod metadata;
6mod restrict;
7
8pub use formations::FormationsReq;
9pub use locks::LocksReq;
10pub use metadata::MetadataReq;
11use reqwest::Url;
12pub use restrict::RestrictReq;
13use seaplane::api::identity::v0::{AccessToken, TokenRequest};
14
15use crate::error::{CliError, Context, Result};
16
17/// Follows the same process as `request_token` but only returns the raw JWT string part of the
18/// token
19///
20/// **WARNING**: `allow_insecure` enables using HTTP endpoints, but only has an affect when
21/// compiled with feature `allow_insecure_urls`. It is ignored otherwise, it is ignored otherwise.
22pub fn request_token_jwt(
23    api_key: &str,
24    identity_url: Option<&Url>,
25    allow_insecure: bool,
26    allow_invalid_certs: bool,
27) -> Result<String> {
28    Ok(request_token(api_key, identity_url, allow_insecure, allow_invalid_certs)?.token)
29}
30
31/// Makes a request against the `/token` endpoint of FlightDeck using the discovered API key and
32/// returns the short lived Access token response.
33///
34/// Subject to change, but the access token is only good for 60 seconds (the raw JWT under the
35/// `token` field contains `iat`, `nbf` and `exp` fields to determine the exact length of time the
36/// token is valid for. However we don't want to introspect the token if possible as it's not
37/// stable)
38///
39/// **WARNING**: `allow_insecure` enables using HTTP endpoints, but only has an affect when
40/// compiled with feature `allow_insecure_urls`. It is ignored otherwise, it is ignored otherwise.
41#[cfg_attr(not(feature = "allow_insecure_urls"), allow(unused_variables))]
42pub fn request_token(
43    api_key: &str,
44    identity_url: Option<&Url>,
45    allow_insecure: bool,
46    allow_invalid_certs: bool,
47) -> Result<AccessToken> {
48    let mut builder = TokenRequest::builder().api_key(api_key);
49
50    #[cfg(feature = "allow_insecure_urls")]
51    {
52        builder = builder.allow_http(allow_insecure);
53    }
54    #[cfg(feature = "allow_invalid_certs")]
55    {
56        builder = builder.allow_invalid_certs(allow_invalid_certs);
57    }
58    if let Some(url) = identity_url {
59        builder = builder.base_url(url);
60    }
61
62    builder
63        .build()
64        .map_err(CliError::from)
65        .context("Context: failed to build Access Token request\n")?
66        .access_token_json()
67        .map_err(CliError::from)
68        .context("Context: failed to retrieve an Access Token\n")
69}