aserto cli cleanup

.gitignore

@@ -14,4 +14,7 @@ cover.out
 config-dev*.yaml
 
 VERSION.txt
-/go.work.sum
+
+# https://github.com/golang/go/issues/53502
+# go.work.sum is machine specific and should not be checked in
+go.work.sum

.golangci.yaml

@@ -130,10 +130,12 @@ linters:
     - unused
 
   # don't enable:
+    # - depguard
     # - dupl
     # - gochecknoglobals
     # - gocognit
     # - godox
+    # - goerr113
     # - gomnd
     # - lll
     # - nestif

.vscode/settings.json

@@ -37,6 +37,7 @@
         "nolint",
         "onebox",
         "openid",
+        "overrider",
         "pb",
         "pkce",
         "protobuf",

README.md

@@ -8,100 +8,176 @@ Usage: aserto <command>
 Welcome to modern authorization!
 
 Commands:
-  login      login
-  logout     logout
-  version    version information
+  developer (xp)        developer commands
+  directory (ds)        directory commands
+  authorizer (az)       authorizer commands
+  decision-logs (dl)    decision logs commands
+  control-plane (cp)    control plane commands
+  tenant (tn)           tenant commands
+  login                 login
+  logout                logout
+  config                configuration commands
+  version               version information
 
+Flags:
+  -h, --help             Show context-sensitive help.
+      --tenant-id=STRING    tenant id override
+  -v, --verbosity=INT    Use to increase output verbosity.
+
+Run "aserto <command> --help" for more information on a command.
+```
+
+In order to use the commands you have to call `aserto login` first. The `developer` and
+`authorizer` commands can operate without a prior log in.
+
+## Configuration commands
+
+After log in, you can view your tenants by calling `aserto config get-tenants` and you can switch between your tenants using the `use-tenant` command.
+
+Contexts refer to an authorizer env. If you start a sidecar using the `developer`
+commands, you can run the `authorizer` commands against it by defining a new context
+using `set-context` and switching to it by `use-context` command. 
+
+```
+config
+  config user-info              get user profile information
+  config get-property           get property
+  config create-tenant-alias    create an alias for a tenant name
+  config get-tenants            get defined tenants
+  config use-tenant             use a specific tenant
+  config refresh-tenant         refetch api keys for a specific tenant context
+  config current-tenant         get the tenant name in use
+  config get-contexts           get defined contexts
+  config get-active-context     get active context config
+  config delete-context         delete a context config
+  config set-context            creates a context
+  config use-context            use a specific context
+
+Flags:
+  -h, --help             Show context-sensitive help.
+  -v, --verbosity=INT    Use to increase output verbosity.
+```
+
+## Developer commands 
+
+```
+developer
+  developer (xp) start                   start sidecar instance
+  developer (xp) stop                    stop sidecar instance
+  developer (xp) status                  status of sidecar instance
+  developer (xp) update                  download the latest aserto sidecar image
+  developer (xp) console                 launch web console
+  developer (xp) configure               configure a policy
+  developer (xp) policy-from-open-api    generate an open api policy
+  developer (xp) install                 install aserto sidecar
+  developer (xp) uninstall               uninstall aserto sidecar, removes all locally installed artifacts
+
+Flags:
+  -h, --help             Show context-sensitive help.
+  -v, --verbosity=INT    Use to increase output verbosity.
+```
+
+## Authorizer commands
+
+```
 authorizer
-  authorizer (a) eval-decision    evaluate policy decision
-  authorizer (a) decision-tree    get decision tree
-  authorizer (a) exec-query       execute query
+  authorizer (az) eval-decision    evaluate policy decision
+  authorizer (az) decision-tree    get decision tree
+  authorizer (az) exec-query       execute query
+  authorizer (az) compile          compile query
+  authorizer (az) get-policy       get policy
+  authorizer (az) list-policies    list policies
 
-tenant
-  tenant (t) get-account          get account info
-  tenant (t) list-connections     list connections
-  tenant (t) get-connection       get connection instance info
-  tenant (t) update-connection    update connection configuration fields
-  tenant (t) verify-connection    verify connection settings
-  tenant (t) sync-connection      trigger sync of IDP connection
-  tenant (t) list-policy-references
-                                  list policy references
-  tenant (t) list-provider-kinds
-                                  list provider kinds
-  tenant (t) list-providers       list providers
-  tenant (t) get-provider         get provider info
-
-identity
-  directory (d) get-identity     resolve user identity
-  directory (d) list-users       list users
-  directory (d) get-user         retrieve user object
-  directory (d) load-users       load users
-  directory (d) load-user-ext    load user extensions
-  directory (d) set-user         disable|enable user
-  directory (d) delete-users     delete users from edge directory
-
-user extensions
-  directory (d) get-user-props    get properties
-  directory (d) set-user-prop     set property
-  directory (d) del-user-prop     delete property
-  directory (d) get-user-roles    get roles
-  directory (d) set-user-role     set role
-  directory (d) del-user-role     delete role
-  directory (d) get-user-perms    get permissions
-  directory (d) set-user-perm     set permission
-  directory (d) del-user-perm     delete permission
-
-user application extensions
-  directory (d) list-user-apps    list user applications
-  directory (d) set-user-app      set user application
-  directory (d) del-user-app      delete user application
-  directory (d) get-appl-props    get properties
-  directory (d) set-appl-prop     set property
-  directory (d) del-appl-prop     delete property
-  directory (d) get-appl-roles    get roles
-  directory (d) set-appl-role     set role
-  directory (d) del-appl-role     delete role
-  directory (d) get-appl-perms    get permissions
-  directory (d) set-appl-perm     set permission
-  directory (d) del-appl-perm     delete permission
-
-tenant resources
-  directory (d) list-res    list resources
-  directory (d) get-res     get resource
-  directory (d) set-res     set resource
-  directory (d) del-res     delete resource
+Flags:
+  Flags:
+  -h, --help                   Show context-sensitive help.
+      --tenant-id=STRING       tenant id override
+  -v, --verbosity=INT          Use to increase output verbosity.
+
+      --address=""             address override ($ASERTO_SERVICES_AUTHORIZER_ADDRESS)
+      --api-key=key            service api key ($ASERTO_SERVICES_AUTHORIZER_KEY)
+      --no-auth                do not provide any credentials
+      --insecure               skip TLS verification
+      --ca-cert-path=STRING    path to grpc CA cert
+```
 
+## Decision logs commands
+
+```
 decision-logs
-  decision-logs (l) list          list available decision log files
-  decision-logs (l) get           download one or more decision log files
-  decision-logs (l) list-users    list available user data files
-  decision-logs (l) get-user      download one or more user data files
+  decision-logs (dl) list          list available decision log files
+  decision-logs (dl) get           download one or more decision log files
+  decision-logs (dl) list-users    list available user data files
+  decision-logs (dl) get-user      download one or more user data files
+  decision-logs (dl) stream        stream decision log events to stdout
 
-developer
-  developer (x) start        start sidecar instance
-  developer (x) stop         stop sidecar instance
-  developer (x) status       status of sidecar instance
-  developer (x) update       download the latest aserto sidecar image
-  developer (x) console      launch web console
-  developer (x) configure    configure a policy
-  developer (x) install      install aserto sidecar
-  developer (x) uninstall    uninstall aserto sidecar, removes all locally
-                             installed artifacts
-
-user
-  user (u) info    get user profile information
-  user (u) get     get property
+Flags:
+  -h, --help             Show context-sensitive help.
+  -v, --verbosity=INT    Use to increase output verbosity.
 
-config
-  config (c) get-tenant    get tenant list
-  config (c) set-tenant    set default tenant
-  config (c) get-env       get environment info
+      --api-key=key      service api key ($ASERTO_DECISION_LOGS_KEY)
+      --no-auth          do not provide any credentials
+      --insecure         skip TLS verification
+```
+
+## Control plane commands
+
+```
+control-plane
+  control-plane (cp) list-connections    list edge authorizer connections
+  control-plane (cp) client-cert         get client certificates for an edge authorizer connection
+  control-plane (cp) list-instance-registrations
+                                         list instance registrations
+  control-plane (cp) discovery           run discovery on a registered instance
+  control-plane (cp) edge-dir-sync       sync the directory on an edge authorizer
 
 Flags:
   -h, --help             Show context-sensitive help.
-  -c, --config=STRING    name or path of configuration file ($ASERTO_ENV)
   -v, --verbosity=INT    Use to increase output verbosity.
-      --tenant=STRING    tenant id override ($ASERTO_TENANT_ID)
+```
 
-Run "aserto <command> --help" for more information on a command.
+## Tenant commands
+
+```
+tenant
+  tenant (tn) get-account               get account info
+  tenant (tn) list-connections          list connections
+  tenant (tn) get-connection            get connection instance info
+  tenant (tn) update-connection         update connection configuration fields
+  tenant (tn) verify-connection         verify connection settings
+  tenant (tn) sync-connection           trigger sync of IDP connection
+  tenant (tn) list-policy-references    list policy references
+  tenant (tn) list-provider-kinds       list provider kinds
+  tenant (tn) list-providers            list providers
+  tenant (tn) get-provider              get provider info
+
+Flags:
+  -h, --help             Show context-sensitive help.
+  -v, --verbosity=INT    Use to increase output verbosity.
 ```
+
+## Directory commands
+
+```
+directory
+  directory (ds) get-manifest-metadata    get manifest metadata
+  directory (ds) get-manifest             get manifest
+  directory (ds) set-manifest             set manifest
+  directory (ds) delete-manifest          delete manifest
+  directory (ds) get-object               get object
+  directory (ds) set-object               set object
+  directory (ds) delete-object            delete object
+  directory (ds) list-objects             list objects
+  directory (ds) get-relation             get relation
+  directory (ds) set-relation             set relation
+  directory (ds) delete-relation          delete relation
+  directory (ds) list-relations           list relations
+  directory (ds) check-relation           check relation
+  directory (ds) check-permission         check permission
+  directory (ds) get-graph                get relation graph
+
+Flags:
+  -h, --help                Show context-sensitive help.
+      --tenant-id=STRING    tenant id override
+  -v, --verbosity=INT       Use to increase output verbosity.
+```

cmd/aserto/main.go

@@ -3,6 +3,7 @@ package main
 import (
 	"fmt"
 	"os"
+	"path"
 	"path/filepath"
 	"strconv"
 	"sync"
@@ -39,16 +40,21 @@ func main() {
 			Tree:                false,
 			FlagsLast:           true,
 			Indenter:            kong.SpaceIndenter,
-			NoExpandSubcommands: false,
+			NoExpandSubcommands: true,
 		}),
 		kong.Resolvers(ConfigResolver()),
 		kong.NamedMapper("conf", conf.ConfigFileMapper(configDir)), // attach to tag `type:"conf"`
 		kong.BindTo(serviceOptions, (*cmd.ServiceOptions)(nil)),
 	)
 
+	configPath := cli.Login.Cfg
+	if configPath == "" {
+		configPath = path.Join(configDir, config.ConfigPath)
+	}
+
 	ctx, err := cc.BuildCommonCtx(
-		config.Path(cli.Cfg),
-		cli.ConfigOverrider,
+		config.Path(configPath),
+		clients.TenantID(cli.TenantID),
 		serviceOptions.ConfigOverrider,
 	)
 	if err != nil {
@@ -82,7 +88,7 @@ func ConfigResolver() kong.Resolver {
 
 		// Only the authorizer and decision logs services have CLI flags to override service options.
 		switch flag.Tag.EnvPrefix {
-		case "ASERTO_AUTHORIZER_":
+		case "ASERTO_SERVICES_AUTHORIZER_":
 			svcOptions = &tmpConfig.Services.AuthorizerService
 		case "ASERTO_DECISION_LOGS_":
 			svcOptions = &tmpConfig.Services.DecisionLogsService
@@ -99,7 +105,7 @@ func ConfigResolver() kong.Resolver {
 		case "insecure":
 			flag.Default = strconv.FormatBool(svcOptions.Insecure)
 			resolved = flag.Default
-		case "authorizer":
+		case "address":
 			flag.Default = svcOptions.Address
 			resolved = flag.Default
 		}
@@ -119,5 +125,5 @@ func loadConfig(context *kong.Context) (*config.Config, error) {
 		}
 	}
 
-	return nil, nil
+	return config.NewConfig(config.Path(""))
 }

go.mod

@@ -38,7 +38,7 @@ require (
 )
 
 require (
-	github.com/PuerkitoBio/rehttp v1.0.0 // indirect
+	buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.31.0-20231030212536-12f9cba37c9d.2 // indirect
 	github.com/alessio/shellescape v1.4.1 // indirect
 	github.com/aserto-dev/header v0.0.7 // indirect
 	github.com/benbjohnson/clock v1.1.0 // indirect
@@ -58,6 +58,11 @@ require (
 	github.com/invopop/yaml v0.2.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/kyokomi/emoji v2.2.4+incompatible // indirect
+	github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect
+	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
+	github.com/lestrrat-go/httpcc v1.0.1 // indirect
+	github.com/lestrrat-go/iter v1.0.2 // indirect
+	github.com/lestrrat-go/option v1.0.1 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect