1 files changed, 45 insertions, 19 deletions

diff --git a/tools/jwt_producer.py b/tools/jwt_producer.py
index ea033a6..a024c13 100644
--- a/tools/jwt_producer.py
+++ b/tools/jwt_producer.py
@@ -7,17 +7,30 @@ import jwt
 def usage():
     progname = sys.argv[0]
 
-    print(f'{progname} -p <path to private key> ' +
-          '-d <domain, for example sunet.se> ',
-          '-t <type, can be access or scanner>')
+    print(f'Usage: {progname} [-p <path>] [-w <value>] [-r <value>]\n' +
+          '  -p <path to private key>\n' +
+          '  -w <write, comma separated list of domains>\n' +
+          '  -r <read, comma separated list of domains>\n' +
+          '  -e <print export statement')
     sys.exit(0)
 
 
-def create_token(private_key, token_type, domain):
+def create_token(private_key, write_domains, read_domains):
+    write_claim = list()
+    read_claim = list()
+
+    if write_domains:
+        write_claim = write_domains.split(',')
+
+    if read_domains:
+        read_claim = read_domains.split(',')
+
     payload = {
+        'sub': 'test',
+        'fresh': False,
         'type': 'access',
-        'domains': [domain],  # We'll just do one domain now
-        'user': token_type
+        'write': write_claim,
+        'read': read_claim
     }
 
     with open(private_key, "r") as fd:
@@ -27,27 +40,40 @@ def create_token(private_key, token_type, domain):
 
 
 if __name__ == '__main__':
+    read_domains = None
+    write_domains = None
+    private_key = None
+    export = False
+
     try:
-        opts, args = getopt.getopt(sys.argv[1:], 'p:d:t:')
+        opts, args = getopt.getopt(sys.argv[1:], 'p:w:r:eh')
     except getopt.GetoptError:
         usage()
 
-    if len(sys.argv) != 7:
-        usage()
-
     for opt, arg in opts:
         if opt == '-p':
             private_key = arg
-        elif opt == '-d':
-            domain = arg
-        elif opt == '-t':
-            token_type = arg
-
-            if token_type != "access" and token_type != "scanner":
-                usage()
+        elif opt == '-w':
+            write_domains = arg
+        elif opt == '-r':
+            read_domains = arg
+        elif opt == '-e':
+            export = True
+        elif opt == '-h':
+            usage()
         else:
             usage()
 
-    token = create_token(private_key, token_type, domain).decode('utf-8')
+    if not private_key:
+        usage()
+
+    if not write_domains and not read_domains:
+        usage()
+
+    token = create_token(private_key, write_domains,
+                         read_domains)
 
-    print(f'{token}')
+    if export:
+        print(f'export JWT_TOKEN={token}')
+    else:
+        print(f'{token}')