Katta Admin CLI #139

chenkins · 2025-07-01T13:39:46Z

admin-cli/src/main/java/cloud/katta/cli/commands/setup/AwsStsSetup.java

admin-cli/src/main/java/cloud/katta/cli/commands/AbstractAuthorizationCode.java

chenkins · 2025-07-12T11:46:43Z

admin-cli/src/main/java/cloud/katta/cli/commands/storage/AwsStsSetup.java

+ * See also: <a href="https://github.com/shift7-ch/katta-docs/blob/main/SETUP_KATTA_SERVER.md#setup-aws">Katta Docs</a>.
+ */
+@CommandLine.Command(name = "awsSetup", description = "Setup/update OIDC provider and roles for STS in AWS.", mixinStandardHelpOptions = true)
+public class AwsStsSetup implements Callable<Void> {


@dkocher Add option to print out command line commands instead of applying them - or is this overkill?

chenkins · 2025-07-12T11:47:53Z

admin-cli/pom.xml

Add native image buildhttps://github.com/cryptomator/hub-cli/blob/develop/.github/workflows/native-image.yml

chenkins · 2025-07-12T11:48:35Z

admin-cli/pom.xml

Add README similar to https://github.com/cryptomator/hub-cli/blob/develop/README.md

admin-cli/src/main/java/cloud/katta/cli/commands/hub/StorageProfileAwsStaticSetup.java

chenkins · 2025-07-12T11:50:34Z

admin-cli/src/main/java/cloud/katta/cli/commands/hub/StorageProfileAwsStsSetup.java

+                .region("eu-west-1")
+                .regions(Arrays.asList("eu-west-1",
+                        "eu-west-2",
+                        "eu-west-3"))


extract cli options

admin-cli/src/main/java/cloud/katta/cli/commands/hub/StorageProfileAwsStsSetup.java

chenkins · 2025-07-12T12:08:07Z

admin-cli/src/main/java/cloud/katta/cli/commands/storage/AwsStsSetup.java

+            if(existingOIDCProvider.isEmpty()) {
+                final CreateOpenIdConnectProviderResponse openIDConnectProvider = iam.createOpenIDConnectProvider(CreateOpenIdConnectProviderRequest.builder()
+                        .url(realmUrl)
+                        .clientIDList("cryptomator", "cryptomatorhub", "cryptomatorvaults")


Harden conditions in trust policies on client_id and possibly role?

admin-cli/src/main/java/cloud/katta/cli/commands/storage/AwsStsSetup.java

chenkins · 2025-11-04T13:27:33Z

admin-cli/src/main/java/cloud/katta/cli/commands/storage/AwsStsSetup.java

+            //		aws iam create-role --role-name cipherduck-createbucket --assume-role-policy-document file://src/main/resources/cipherduck/setup/aws_stscreatebuckettrustpolicy.json
+            //		aws iam put-role-policy --role-name cipherduck-createbucket --policy-name cipherduck-createbucket --policy-document file://src/main/resources/cipherduck/setup/aws_stscreatebucketpermissionpolicy.json
+            final String awsSTSCreateBucketRoleName = String.format("%s-createbucket", arnPostfixSanitized);
+            final JSONObject awsSTSCreateBuckeTrustPolicyTemplate = new JSONObject(IOUtils.toString(KattaSetupCli.class.getResourceAsStream("/setup/aws_sts/createbuckettrustpolicy.json"), Charset.defaultCharset()));


Remove dependency to test resources.

chenkins · 2025-11-04T13:36:50Z

admin-cli/pom.xml

+                        <configuration>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>cloud.katta</groupId>
+                                    <artifactId>katta-clientlib-hub</artifactId>
+                                    <version>${project.version}</version>
+                                    <classifier>tests</classifier>
+                                    <type>jar</type>
+                                    <overWrite>false</overWrite>
+                                    <outputDirectory>${project.build.directory}/test-classes</outputDirectory>
+                                    <includes>**/*</includes>
+                                </artifactItem>
+                            </artifactItems>
+                        </configuration>


needs packaged/installed dependency in reactory - is there a better way?

chenkins · 2025-11-04T14:00:40Z

admin-cli/src/main/java/cloud/katta/cli/commands/hub/StorageProfileAwsStaticSetup.java

+                .protocol(Protocol.S3_STATIC)
+                .storageClass(S3STORAGECLASSES.STANDARD)
+                .archived(false)
+                .scheme("https")
+                .port(443)


extract cli options

chenkins · 2025-11-04T14:01:58Z

hub/pom.xml

+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <version>3.4.2</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>test-jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>


De-normalize instead?

chenkins · 2025-11-04T20:04:22Z

admin-cli/src/test/java/cloud/katta/cli/commands/hub/StorageProfileArchiveIT.java

ITs take very long! Can we speed up?

…ose file, no need for HubSession in admin cli tests any more.

chenkins force-pushed the feature/admin-cli branch from d85ee87 to 49f2fa1 Compare July 1, 2025 13:40

chenkins force-pushed the feature/admin-cli branch 3 times, most recently from c624b78 to 8a67fb0 Compare July 12, 2025 11:41