IAM integrated with gateway

trustgraph-cli/trustgraph/cli/bootstrap_iam.py

@@ -16,21 +16,21 @@ import sys
 import requests
 
 default_url = os.getenv("TRUSTGRAPH_URL", "http://localhost:8088/")
-default_token = os.getenv("TRUSTGRAPH_TOKEN", None)
 
 
-def bootstrap(url, token):
+def bootstrap(url):
 
-    endpoint = url.rstrip("/") + "/api/v1/iam"
+    # Unauthenticated public endpoint — IAM refuses the bootstrap
+    # operation unless the service is running in bootstrap mode with
+    # empty tables, so the safety gate lives on the server side.
+    endpoint = url.rstrip("/") + "/api/v1/auth/bootstrap"
 
     headers = {"Content-Type": "application/json"}
-    if token:
-        headers["Authorization"] = f"Bearer {token}"
 
     resp = requests.post(
         endpoint,
         headers=headers,
-        data=json.dumps({"operation": "bootstrap"}),
+        data=json.dumps({}),
     )
 
     if resp.status_code != 200:
@@ -71,16 +71,11 @@ def main():
         default=default_url,
         help=f"API URL (default: {default_url})",
     )
-    parser.add_argument(
-        "-t", "--token",
-        default=default_token,
-        help="Gateway bearer token (default: $TRUSTGRAPH_TOKEN)",
-    )
 
     args = parser.parse_args()
 
     try:
-        user_id, api_key = bootstrap(args.api_url, args.token)
+        user_id, api_key = bootstrap(args.api_url)
     except Exception as e:
         print("Exception:", e, file=sys.stderr, flush=True)
         sys.exit(1)