tools: allow creating admin JWT with gen-edgehog-jwt

Close edgehog-device-manager#508
rbino · May 24, 2024 · 780040f · 780040f
1 parent f01f82a
commit 780040f
Showing 1 changed file with 11 additions and 6 deletions.
diff --git a/tools/gen-edgehog-jwt b/tools/gen-edgehog-jwt
@@ -2,7 +2,7 @@
 #
 # This file is part of Edgehog.
 #
-# Copyright 2021 SECO Mind Srl
+# Copyright 2021-2024 SECO Mind Srl
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,25 +23,30 @@ import argparse
 import datetime
 import jwt
 
-default_auth_paths = [".*::.*"]
+default_claim_payload = True
 
 if __name__ == "__main__":
     parser = argparse.ArgumentParser(description="Generate a valid JWT for Edgehog")
     parser.add_argument("-k", "--private-key", type=str, required=True, help="Path to the private key file for signing "\
         "the Authorization token.")
     parser.add_argument("-e", "--expiry", type=int, required=False, default=86400, help="Expiry of the token in seconds. "\
         "If 0, the token never expires. Defaults to 24 hours.")
-    parser.add_argument("-a", "--auth-paths", type=str, required=False, nargs='+', default=default_auth_paths,
-        help="Defines a series of regular expressions for path-based authorization.")
+    parser.add_argument("-t", "--token-type", required=True, choices=["tenant", "admin"], help="The type of token to "\
+        "generate. `tenant` generates a token for the Tenant GraphQL API, `admin` generates a token for the Admin REST API")
     args = parser.parse_args()
     args_map = vars(args)
 
     with open(args_map["private_key"], "r") as pk:
         private_key_pem = pk.read()
 
-        auth_paths = args_map["auth_paths"]
         now = datetime.datetime.utcnow()
-        claims = {"e_tga": auth_paths, "iat": now}
+        claims = {"iat": now}
+        if args_map["token_type"] == "tenant":
+            # Currently claims can have any payload, we just pass True
+            claims["e_tga"] = default_claim_payload
+        else:
+            # Currently claims can have any payload, we just pass True
+            claims["e_ara"] = default_claim_payload
         expiry = args_map["expiry"]
         if expiry > 0:
             claims["exp"] = now + datetime.timedelta(seconds=expiry)