From 780040f46f3e63b4ce1f6f1167caa599fbf82ee0 Mon Sep 17 00:00:00 2001
From: Riccardo Binetti <riccardo.binetti@secomind.com>
Date: Fri, 24 May 2024 15:15:59 +0200
Subject: [PATCH] tools: allow creating admin JWT with gen-edgehog-jwt

Close #508
---
 tools/gen-edgehog-jwt | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/tools/gen-edgehog-jwt b/tools/gen-edgehog-jwt
index 6cfb2acfd..871490d91 100755
--- a/tools/gen-edgehog-jwt
+++ b/tools/gen-edgehog-jwt
@@ -2,7 +2,7 @@
 #
 # This file is part of Edgehog.
 #
-# Copyright 2021 SECO Mind Srl
+# Copyright 2021-2024 SECO Mind Srl
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,7 +23,7 @@ import argparse
 import datetime
 import jwt
 
-default_auth_paths = [".*::.*"]
+default_claim_payload = True
 
 if __name__ == "__main__":
     parser = argparse.ArgumentParser(description="Generate a valid JWT for Edgehog")
@@ -31,17 +31,22 @@ if __name__ == "__main__":
         "the Authorization token.")
     parser.add_argument("-e", "--expiry", type=int, required=False, default=86400, help="Expiry of the token in seconds. "\
         "If 0, the token never expires. Defaults to 24 hours.")
-    parser.add_argument("-a", "--auth-paths", type=str, required=False, nargs='+', default=default_auth_paths,
-        help="Defines a series of regular expressions for path-based authorization.")
+    parser.add_argument("-t", "--token-type", required=True, choices=["tenant", "admin"], help="The type of token to "\
+        "generate. `tenant` generates a token for the Tenant GraphQL API, `admin` generates a token for the Admin REST API")
     args = parser.parse_args()
     args_map = vars(args)
 
     with open(args_map["private_key"], "r") as pk:
         private_key_pem = pk.read()
 
-        auth_paths = args_map["auth_paths"]
         now = datetime.datetime.utcnow()
-        claims = {"e_tga": auth_paths, "iat": now}
+        claims = {"iat": now}
+        if args_map["token_type"] == "tenant":
+            # Currently claims can have any payload, we just pass True
+            claims["e_tga"] = default_claim_payload
+        else:
+            # Currently claims can have any payload, we just pass True
+            claims["e_ara"] = default_claim_payload
         expiry = args_map["expiry"]
         if expiry > 0:
             claims["exp"] = now + datetime.timedelta(seconds=expiry)