initial import of "hat"

Author: ctron

.github/workflows/hat.yaml

@@ -0,0 +1,49 @@
+name: Hono Admin Tool
+
+on:
+  push:
+    branches: ["master"]
+    paths:
+      - 'hat/**'
+  pull_request:
+    branches: ["master"]
+    paths:
+      - 'hat/**'
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+
+  build:
+
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+
+    steps:
+
+    - uses: actions/checkout@v2
+
+    - uses: actions/cache@v2
+      with:
+        path: |
+          ~/.cargo/registry
+          ~/.cargo/git
+          target
+        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+
+    - name: Build
+      run: cargo build --release --verbose
+
+    - name: Run tests
+      run: cargo test --release --verbose
+
+    - uses: actions/upload-artifact@v2
+      with:
+        name: hat-${{ matrix.os }}
+        path: |
+          target/release/hat
+          target/release/hat.exe

hat/.gitignore

@@ -0,0 +1,14 @@
+# Rust
+
+target/
+
+# Eclipse
+
+.project
+.settings/
+
+# IntelliJ
+
+*.iml
+.idea/*
+

hat/Cargo.lock

@@ -0,0 +1,49 @@
+[package]
+name = "hat"
+version = "0.7.2"
+authors = ["Jens Reimann <jreimann@redhat.com>"]
+edition = "2018"
+
+[dependencies]
+clap = { version  = "2.33", features = ["suggestions", "wrap_help", "color"] }
+log = "0.4"
+simplelog = "0.5"
+
+serde = { version = "1.0", features = ["derive"] }
+serde_yaml = "0.8"
+serde_json = "1.0"
+
+failure_derive = "0.1"
+failure = "0.1"
+
+url = "2.1.1"
+percent-encoding = "2.1"
+
+dirs = "2"
+
+tokio = { version = "0.2", features = [ "macros", "rt-threaded" ] }
+reqwest = { version = "0.10.4", features = [ "gzip", "json" ] }
+
+http = "0.2"
+
+base64 = "0.10"
+
+rand = "0.6"
+
+sha2 = "0.8"
+bcrypt = "0.5"
+
+colored_json = "2.1"
+ansi_term = "0.12"
+
+futures = "0.3.4"
+
+[dependencies.kube]
+version = "0.28.1"
+default-features = false
+features = [ "rustls-tls" ]
+
+[dev-dependencies.k8s-openapi]
+version = "0.7.1"
+default-features = false
+features = ["v1_17"]

hat/Cargo.toml

@@ -0,0 +1,167 @@
+# HAT – Hono Admin Tool [![GitHub release](https://img.shields.io/github/release/ctron/hat.svg)](https://github.com/ctron/hat/releases)
+
+Getting help:
+
+    hat --help
+
+## Global switches
+
+Temporarily use a different context (with `-c` or `--context`):
+
+    hat -c context2 device create …
+
+Or override a tenant (with `-t` or `--tenant`):
+
+    hat -t my.tenant device get …
+
+## Managing contexts
+
+Create a new context:
+
+    hat context create foo https://device-registry.hono.my
+
+Create a new context with credentials:
+
+    hat context create foo https://device-registry.hono.my --username <username> --password <password>
+
+Create a new context, using local Kubernetes token:
+
+    hat context create foo https://device-registry.hono.my --use-kubernetes
+
+Update an existing context:
+
+    hat context update foo --url https://device-registry.hono.my
+    hat context update foo --username <username> --password <password>
+    hat context update foo --use-kubernetes
+
+Delete an existing context:
+
+    hat context delete foo
+
+Switch to an existing context:
+
+    hat context switch foo
+
+List existing contexts:
+
+    hat context list
+
+### Default tenant
+
+It is possible to set a *default tenant*, which is used on all calls when using
+this context.
+
+Set a default tenant when creating a context:
+
+    hat context create foo https://device-registry.hono.my --tenant <tenant>
+
+Or update later:
+
+    hat context update foo https://device-registry.hono.my --tenant <tenant>
+
+It is possible to override the default tenant with `-t` or `--tenant`:
+
+    hat device create -t my-tenant 4711
+
+Or by setting the environment variable `HAT_TENANT`:
+
+    HAT_TENANT=foo hat device create 4711
+
+## Tenants
+
+Creating a new tenant:
+
+    hat tenant create my-tenant
+
+Creating a new tenant with payload:
+
+    hat tenant create my-tenant '{"enabled": false}'
+
+Getting a tenant:
+
+    hat tenant get my-tenant
+
+Deleting a tenant:
+
+    hat tenant delete my-tenant
+
+Enable/Disable a tenant:
+
+    hat tenant enable my-tenant
+    hat tenant disable my-tenant
+    
+## Device registrations
+
+Register a new device:
+
+    hat device create 4711
+
+Register a new device with payload:
+
+    hat device create 4711 '{…}'
+
+Inspect the device:
+
+    hat device get 4711
+
+Enable/Disable a device:
+
+    hat device enable 4711
+    hat device disable 4711
+
+### Set via
+
+You can also set the "via" attribute directly:
+
+    hat device set-via 4711 my-gw
+
+### Set defaults entry
+
+Set a defaults entry using:
+
+    hat device set-defaults 4711 key value
+
+The value will be converted into a JSON value. If it cannot
+be parsed, it will be stored as a string (depending on the
+shell you are using, you might need different quotation marks):
+
+    hat device set-defaults 4711 key true           # Booolean: true
+    hat device set-defaults 4711 key '"true"'       # String: true
+    hat device set-defaults 4711 key 123            # Number: 123
+    hat device set-defaults 4711 key '"123"'        # String: 123
+    hat device set-defaults 4711 key foobar         # String: foobar
+    hat device set-defaults 4711 key '{"foo":123}'  # Object: {"foo":123}
+
+Delete an entry by omitting the value:
+
+    hat device set-defaults 4711 key value
+
+## Credentials
+
+Replace credentials:
+
+    hat creds set device1 '[]'
+
+Clear all credentials:
+
+    hat creds set device1
+
+Add a password:
+
+    hat creds add-password device1 sensor1 password
+
+Set password as only password:
+
+    hat creds set-password device1 sensor1 password
+
+Set password with pre-hashed password:
+
+    hat creds set-password device1 sensor1 password --hash sha-512
+
+Set PSK:
+
+    hat creds set-psk device1 sensor1 PSK
+
+Enable X509:
+
+    hat creds enable-x509 device1 sensor1

hat/README.md

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Include>
+
+    <?define ProductName = "Eclipse Hono™ Admin Tool" ?>
+
+    <?define Win64 = "yes" ?>
+    <?define PlatformProgramFilesFolder = "ProgramFiles64Folder" ?>
+    <?define ProductUpgradeCode = "1b4094a4-2add-11e9-b676-c85b762e5a2c" ?>
+
+</Include>

hat/hat.wxi

@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<?include $(sys.CURRENTDIR)\hat.wxi?>
+
+<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
+    <Product Name='$(var.ProductName)'
+             Manufacturer='Jens Reimann'
+             Id='*'
+             UpgradeCode='fe1d0bba-2adb-11e9-aca7-c85b762e5a2c'
+             Language='1033' Codepage='1252'
+             Version='$(var.Version)'>
+
+        <Package Id='*'
+                 Keywords='Installer'
+                 Description="Eclipse Hono™ Admin Tool Installer"
+                 Manufacturer='Jens Reimann'
+                 InstallerVersion='300'
+                 Languages='1033' SummaryCodepage='1252'
+                 Compressed='yes' />
+
+        <Media Id="1" Cabinet="contents.cab" EmbedCab="yes" CompressionLevel="high"/>
+
+        <MajorUpgrade
+                DowngradeErrorMessage="A later version of [ProductName] is already installed. Setup will now exit."/>
+
+        <Directory Id="TARGETDIR" Name="SourceDir">
+            <Directory Id="$(var.PlatformProgramFilesFolder)" Name="PFiles">
+                <Directory Id="INSTALLDIR" Name="$(var.ProductName)">
+                    <Component Id="MainComponent" Guid="78d3b722-2add-11e9-a113-c85b762e5a2c" DiskId="1">
+                        <File Id="MainExe" Name="hat.exe" DiskId="1" Source="target/release/hat.exe" KeyPath="yes"/>
+                        <Environment Id="PATH" Name="PATH" Value="[INSTALLDIR]" Permanent="yes" Part="last" Action="set" System="yes" />
+                    </Component>
+                </Directory>
+            </Directory>
+        </Directory>
+
+        <DirectoryRef Id="TARGETDIR">
+            <Merge Id="VCRedist" SourceFile="c:\Program Files (x86)\Common Files\Merge Modules\Microsoft_VC140_CRT_x64.msm" DiskId="1" Language="0"/>
+        </DirectoryRef>
+
+        <Feature Id="Complete"
+                 Title="$(var.ProductName)"
+                 Description="The $(var.ProductName)"
+                 Level="1">
+            <ComponentRef Id="MainComponent"/>
+        </Feature>
+        <Feature Id="VCRedist" Title="Visual C++ Runtime" AllowAdvertise="no" Display="hidden" Level="1">
+            <MergeRef Id="VCRedist"/>
+        </Feature>
+
+    </Product>
+</Wix>

hat/hat.wxs

@@ -0,0 +1,72 @@
+/*******************************************************************************
+ * Copyright (c) 2019, 2020 Red Hat Inc
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *******************************************************************************/
+
+use crate::utils::Either;
+
+pub fn flag_arg(name: &str, matches: &clap::ArgMatches) -> Option<bool> {
+    matches.is_present(name).either(
+        Some(matches.value_of(name).map_or(true, map_switch_value)),
+        None,
+    )
+}
+
+pub fn map_switch_value(value: &str) -> bool {
+    match value {
+        "true" | "yes" | "on" => true,
+        _ => false,
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    fn setup<'a, 'b>() -> clap::App<'a, 'b> {
+        clap::App::new("test").arg(
+            clap::Arg::with_name("k")
+                .short("k")
+                .min_values(0)
+                .max_values(1)
+                .takes_value(true),
+        )
+    }
+
+    #[test]
+    fn test_flag_arg_1() {
+        let app = setup();
+        let m = app.get_matches_from(vec!["test"]);
+        assert_eq!(flag_arg("k", &m), None);
+    }
+
+    #[test]
+    fn test_flag_arg_2() {
+        let app = setup();
+        let m = app.get_matches_from(vec!["test", "-k"]);
+        assert_eq!(flag_arg("k", &m), Some(true));
+    }
+
+    #[test]
+    fn test_flag_arg_3() {
+        let app = setup();
+        let m = app.get_matches_from(vec!["test", "-k=false"]);
+        assert_eq!(flag_arg("k", &m), Some(false));
+    }
+
+    #[test]
+    fn test_flag_arg_4() {
+        let app = setup();
+
+        let m = app.get_matches_from(vec!["test", "-k=true"]);
+        assert_eq!(flag_arg("k", &m), Some(true));
+    }
+}

hat/src/args.rs

@@ -0,0 +1,30 @@
+/*******************************************************************************
+ * Copyright (c) 2020 Red Hat Inc
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *******************************************************************************/
+
+use crate::context::Context;
+use crate::error;
+use crate::overrides::Overrides;
+
+type Result<T> = std::result::Result<T, error::Error>;
+
+pub struct Client {
+    pub client: reqwest::Client,
+}
+
+impl Client {
+    pub async fn new(context: &Context, overrides: &Overrides) -> Result<Self> {
+        let client = context.create_client(overrides).await?;
+
+        Ok(Client { client })
+    }
+}

hat/src/client.rs

@@ -0,0 +1,383 @@
+/*******************************************************************************
+ * Copyright (c) 2018, 2019 Red Hat Inc
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *******************************************************************************/
+
+use clap::{App, ArgMatches};
+
+use crate::context::Context;
+use crate::help::help;
+
+use serde_json::value::Value::Object;
+use serde_json::value::{Map, Value};
+
+use http::header::CONTENT_TYPE;
+use http::method::Method;
+use http::status::StatusCode;
+
+use crate::error;
+use crate::error::ErrorKind::*;
+
+use crate::utils::Either;
+
+use crate::client::Client;
+use crate::overrides::Overrides;
+use crate::resource::Tracer;
+use crate::resource::{
+    resource_append_path, resource_delete, resource_err_bad_request, resource_get,
+    resource_id_from_location, resource_modify, resource_url, AuthExt,
+};
+use futures::executor::block_on;
+
+type Result<T> = std::result::Result<T, error::Error>;
+const RESOURCE_NAME: &str = "devices";
+const RESOURCE_LABEL: &str = "Device";
+const PROP_ENABLED: &str = "enabled";
+const PROP_VIA: &str = "via";
+const PROP_DEFAULTS: &str = "defaults";
+
+pub async fn registration(
+    app: &mut App<'_, '_>,
+    matches: &ArgMatches<'_>,
+    overrides: &Overrides,
+    context: &Context,
+) -> Result<()> {
+    let client = Client::new(context, overrides).await?;
+
+    match matches.subcommand() {
+        ("create", Some(cmd_matches)) => {
+            registration_create(
+                context,
+                overrides,
+                cmd_matches.value_of("device"),
+                cmd_matches.value_of("payload"),
+            )
+            .await?
+        }
+        ("update", Some(cmd_matches)) => {
+            registration_update(
+                context,
+                overrides,
+                cmd_matches.value_of("device").unwrap(),
+                cmd_matches.value_of("payload"),
+            )
+            .await?
+        }
+        ("get", Some(cmd_matches)) => {
+            registration_get(context, overrides, cmd_matches.value_of("device").unwrap()).await?
+        }
+        ("delete", Some(cmd_matches)) => {
+            registration_delete(context, overrides, cmd_matches.value_of("device").unwrap()).await?
+        }
+        ("enable", Some(cmd_matches)) => {
+            registration_enable(
+                context,
+                overrides,
+                cmd_matches.value_of("device").unwrap(),
+                true,
+            )
+            .await?
+        }
+        ("disable", Some(cmd_matches)) => {
+            registration_enable(
+                context,
+                overrides,
+                cmd_matches.value_of("device").unwrap(),
+                false,
+            )
+            .await?
+        }
+        ("set-via", Some(cmd_matches)) => {
+            registration_via(
+                &client,
+                context,
+                overrides,
+                cmd_matches.value_of("device").unwrap(),
+                cmd_matches.values_of("via"),
+            )
+            .await?
+        }
+        ("set-default", Some(cmd_matches)) => {
+            registration_set_default(
+                &client,
+                context,
+                overrides,
+                cmd_matches.value_of("device").unwrap(),
+                cmd_matches.value_of("defaults-name").unwrap(),
+                cmd_matches.value_of("defaults-value"),
+            )
+            .await?
+        }
+        _ => help(app)?,
+    };
+
+    Ok(())
+}
+
+async fn registration_create(
+    context: &Context,
+    overrides: &Overrides,
+    device: Option<&str>,
+    payload: Option<&str>,
+) -> Result<()> {
+    let tenant = context.make_tenant(overrides)?;
+    let url = resource_url(context, overrides, RESOURCE_NAME, &[&tenant])?;
+
+    let url = resource_append_path(url, device)?;
+
+    let payload = match payload {
+        Some(_) => serde_json::from_str(payload.unwrap())?,
+        _ => serde_json::value::Map::new(),
+    };
+
+    let client = context.create_client(overrides).await?;
+
+    let device = client
+        .request(Method::POST, url)
+        .apply_auth(context)?
+        .header(CONTENT_TYPE, "application/json")
+        .json(&payload)
+        .trace()
+        .send()
+        .await
+        .trace()
+        .map_err(error::Error::from)
+        .and_then(|response| match response.status() {
+            StatusCode::CREATED => Ok(response),
+            StatusCode::CONFLICT => Err(AlreadyExists(device.unwrap().to_string()).into()),
+            StatusCode::BAD_REQUEST => block_on(resource_err_bad_request(response)),
+            _ => Err(UnexpectedResult(response.status()).into()),
+        })
+        .and_then(resource_id_from_location)?;
+
+    println!("Registered device {} for tenant {}", device, tenant);
+
+    Ok(())
+}
+
+async fn registration_update(
+    context: &Context,
+    overrides: &Overrides,
+    device: &str,
+    payload: Option<&str>,
+) -> Result<()> {
+    let tenant = context.make_tenant(overrides)?;
+    let url = resource_url(
+        context,
+        overrides,
+        RESOURCE_NAME,
+        &[&tenant, &device.into()],
+    )?;
+
+    let payload = match payload {
+        Some(_) => serde_json::from_str(payload.unwrap())?,
+        _ => serde_json::value::Map::new(),
+    };
+
+    let client = context.create_client(overrides).await?;
+
+    client
+        .request(Method::PUT, url)
+        .apply_auth(context)?
+        .header(CONTENT_TYPE, "application/json")
+        .json(&payload)
+        .trace()
+        .send()
+        .await
+        .trace()
+        .map_err(error::Error::from)
+        .and_then(|response| match response.status() {
+            StatusCode::NO_CONTENT => Ok(response),
+            StatusCode::NOT_FOUND => Err(NotFound(device.to_string()).into()),
+            StatusCode::BAD_REQUEST => block_on(resource_err_bad_request(response)),
+            _ => Err(UnexpectedResult(response.status()).into()),
+        })?;
+
+    println!("Updated device device {} for tenant {}", device, tenant);
+
+    Ok(())
+}
+
+async fn registration_delete(context: &Context, overrides: &Overrides, device: &str) -> Result<()> {
+    let url = resource_url(
+        context,
+        overrides,
+        RESOURCE_NAME,
+        &[&context.make_tenant(overrides)?, &device.into()],
+    )?;
+    resource_delete(&context, overrides, &url, RESOURCE_LABEL, &device).await
+}
+
+async fn registration_get(context: &Context, overrides: &Overrides, device: &str) -> Result<()> {
+    let url = resource_url(
+        context,
+        overrides,
+        RESOURCE_NAME,
+        &[&context.make_tenant(overrides)?, &device.into()],
+    )?;
+    resource_get(&context, overrides, &url, RESOURCE_LABEL).await
+}
+
+async fn registration_enable(
+    context: &Context,
+    overrides: &Overrides,
+    device: &str,
+    status: bool,
+) -> Result<()> {
+    let client = Client::new(context, overrides).await?;
+
+    let url = resource_url(
+        context,
+        overrides,
+        RESOURCE_NAME,
+        &[&context.make_tenant(overrides)?, &device.into()],
+    )?;
+
+    resource_modify(
+        &client,
+        &context,
+        &url,
+        &url,
+        RESOURCE_LABEL,
+        |reg: &mut Map<String, Value>| {
+            reg.insert(PROP_ENABLED.into(), serde_json::value::Value::Bool(status));
+            Ok(())
+        },
+    )
+    .await?;
+
+    println!(
+        "Registration for device {} {}",
+        device,
+        status.either("enabled", "disabled")
+    );
+
+    Ok(())
+}
+
+fn registration_url<S>(context: &Context, overrides: &Overrides, device: S) -> Result<url::Url>
+where
+    S: Into<String>,
+{
+    resource_url(
+        context,
+        overrides,
+        RESOURCE_NAME,
+        &[&context.make_tenant(overrides)?, &device.into()],
+    )
+}
+
+async fn registration_set_default(
+    client: &Client,
+    context: &Context,
+    overrides: &Overrides,
+    device: &str,
+    name: &str,
+    payload: Option<&str>,
+) -> Result<()> {
+    let payload: Option<Value> = match payload {
+        Some(p) => Some(serde_json::from_str(p).unwrap_or_else(|_| Value::String(p.into()))),
+        _ => None,
+    };
+
+    let url = registration_url(context, overrides, device)?;
+
+    resource_modify(
+        client,
+        &context,
+        &url,
+        &url,
+        RESOURCE_LABEL,
+        |reg: &mut Map<String, Value>| {
+            match &payload {
+                None => match reg.get_mut(PROP_DEFAULTS.into()) {
+                    Some(Object(ref mut defaults)) => {
+                        // remove from defaults map
+                        defaults.remove(name);
+                    }
+                    _ => {}
+                },
+                Some(payload) => match reg.get_mut(PROP_DEFAULTS.into()) {
+                    Some(Object(ref mut defaults)) => {
+                        // add to defaults map
+                        defaults.insert(name.into(), payload.clone());
+                    }
+                    _ => {
+                        // defaults is either not present, or not an object
+                        let mut defaults = Map::new();
+                        defaults.insert(name.into(), payload.clone());
+                        reg.insert(PROP_DEFAULTS.into(), Object(defaults));
+                    }
+                },
+            };
+
+            Ok(())
+        },
+    )
+    .await?;
+
+    match payload {
+        None => println!("Cleared default value {} for device {}", name, device),
+        Some(ref v) => {
+            println!(
+                "Set default value {} for device {} to {:#?}",
+                name, device, v
+            );
+        }
+    }
+
+    Ok(())
+}
+
+async fn registration_via(
+    client: &Client,
+    context: &Context,
+    overrides: &Overrides,
+    device: &str,
+    via: Option<clap::Values<'_>>,
+) -> Result<()> {
+    let url = registration_url(context, overrides, device)?;
+
+    resource_modify(
+        client,
+        &context,
+        &url,
+        &url,
+        RESOURCE_LABEL,
+        |reg: &mut Map<String, Value>| {
+            match via {
+                None => {
+                    reg.remove(PROP_VIA.into());
+                }
+                Some(ref v) => {
+                    let json = serde_json::value::to_value::<Vec<&str>>(v.clone().collect())?;
+                    reg.insert(PROP_VIA.into(), json);
+                }
+            };
+
+            Ok(())
+        },
+    )
+    .await?;
+
+    match via {
+        None => println!("Gateways cleared for device {}", device),
+        Some(v) => {
+            println!(
+                "Gateway(s) set for device {} {:#?}",
+                device,
+                v.collect::<Vec<&str>>()
+            );
+        }
+    }
+
+    Ok(())
+}

hat/src/context.rs

@@ -0,0 +1,187 @@
+/*******************************************************************************
+ * Copyright (c) 2018 Red Hat Inc
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *******************************************************************************/
+
+use failure::{Backtrace, Context, Fail};
+use std::fmt::{self, Display};
+
+#[derive(Debug)]
+pub struct Error {
+    inner: Context<ErrorKind>,
+}
+
+#[derive(Clone, Debug, Fail)]
+pub enum ErrorKind {
+    #[fail(display = "{}", _0)]
+    GenericError(String),
+
+    #[fail(display = "I/O error: {:?}", _0)]
+    Io(::std::io::ErrorKind),
+
+    #[fail(display = "Command Line Error: {:?}", _0)]
+    CommandLine(::clap::ErrorKind),
+
+    #[fail(display = "Request error: {}", _0)]
+    Request(String),
+
+    #[fail(display = "Response error: {}", _0)]
+    Response(String),
+
+    #[fail(display = "URL format error")]
+    UrlError,
+
+    #[fail(display = "JSON format error: {:?}", _0)]
+    JsonError(::serde_json::error::Category),
+
+    #[fail(display = "YAML format error")]
+    YamlError,
+
+    #[fail(display = "Invalid UTF-8 string")]
+    Utf8Error,
+
+    #[fail(display = "Kubernetes client error")]
+    KubeError,
+
+    // context errors
+    #[fail(display = "Context '{}' already exists", _0)]
+    ContextExistsError(String),
+    #[fail(display = "Unknown context '{}'", _0)]
+    ContextUnknownError(String),
+    #[fail(display = "Invalid context name: {}", _0)]
+    ContextNameError(String),
+
+    // remote errors
+    #[fail(display = "Resource not found: {}", _0)]
+    NotFound(String),
+
+    #[fail(display = "Resource already exists: {}", _0)]
+    AlreadyExists(String),
+
+    #[fail(display = "Malformed request: {}", _0)]
+    MalformedRequest(String),
+
+    #[fail(display = "Unexpected return code: {}", _0)]
+    UnexpectedResult(http::StatusCode),
+}
+
+impl Fail for Error {
+    fn cause(&self) -> Option<&dyn Fail> {
+        self.inner.cause()
+    }
+
+    fn backtrace(&self) -> Option<&Backtrace> {
+        self.inner.backtrace()
+    }
+}
+
+impl Display for Error {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        Display::fmt(&self.inner, f)
+    }
+}
+
+#[allow(dead_code)]
+impl Error {
+    pub fn kind(&self) -> ErrorKind {
+        self.inner.get_context().clone()
+    }
+}
+
+impl From<ErrorKind> for Error {
+    fn from(kind: ErrorKind) -> Error {
+        Error {
+            inner: Context::new(kind),
+        }
+    }
+}
+
+impl From<Context<ErrorKind>> for Error {
+    fn from(inner: Context<ErrorKind>) -> Error {
+        Error { inner }
+    }
+}
+
+impl From<reqwest::Error> for Error {
+    fn from(err: reqwest::Error) -> Error {
+        let msg = format!("{}", err);
+        err.context(ErrorKind::Request(msg)).into()
+    }
+}
+
+impl From<http::header::ToStrError> for Error {
+    fn from(err: http::header::ToStrError) -> Error {
+        let msg = err.to_string();
+        err.context(ErrorKind::Request(msg)).into()
+    }
+}
+
+impl From<url::ParseError> for Error {
+    fn from(_err: url::ParseError) -> Error {
+        ErrorKind::UrlError.into()
+    }
+}
+
+impl From<serde_json::Error> for Error {
+    fn from(err: serde_json::Error) -> Error {
+        let cat = err.classify();
+        err.context(ErrorKind::JsonError(cat)).into()
+    }
+}
+
+impl From<serde_yaml::Error> for Error {
+    fn from(err: serde_yaml::Error) -> Error {
+        err.context(ErrorKind::YamlError).into()
+    }
+}
+
+impl From<std::io::Error> for Error {
+    fn from(err: std::io::Error) -> Error {
+        let kind = err.kind();
+        err.context(ErrorKind::Io(kind)).into()
+    }
+}
+
+impl From<clap::Error> for Error {
+    fn from(err: clap::Error) -> Error {
+        let kind = err.kind;
+        err.context(ErrorKind::CommandLine(kind)).into()
+    }
+}
+
+impl From<std::str::Utf8Error> for Error {
+    fn from(err: std::str::Utf8Error) -> Error {
+        err.context(ErrorKind::Utf8Error).into()
+    }
+}
+
+impl From<std::string::FromUtf8Error> for Error {
+    fn from(err: std::string::FromUtf8Error) -> Error {
+        err.context(ErrorKind::Utf8Error).into()
+    }
+}
+
+impl From<bcrypt::BcryptError> for Error {
+    fn from(err: bcrypt::BcryptError) -> Error {
+        err.context(ErrorKind::GenericError(
+            "Failed to generate BCrypt hash".into(),
+        ))
+        .into()
+    }
+}
+
+impl From<kube::Error> for Error {
+    fn from(err: kube::Error) -> Error {
+        Error {
+            inner: err.context(ErrorKind::KubeError),
+        }
+    }
+}

hat/src/credentials.rs

@@ -0,0 +1,149 @@
+/*******************************************************************************
+ * Copyright (c) 2018 Red Hat Inc
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *******************************************************************************/
+
+use sha2::Digest;
+use sha2::{Sha256, Sha512};
+
+use rand::rngs::EntropyRng;
+use rand::RngCore;
+
+use std::fmt;
+
+use serde_json::value::{Map, Value};
+
+pub enum HashFunction {
+    Plain,
+    Sha256,
+    Sha512,
+    Bcrypt(u8),
+}
+
+use crate::error;
+type Result<T> = std::result::Result<T, error::Error>;
+
+impl std::str::FromStr for HashFunction {
+    type Err = &'static str;
+
+    fn from_str(s: &str) -> std::result::Result<Self, Self::Err> {
+        match s {
+            "plain" => Ok(HashFunction::Plain),
+            "sha-256" => Ok(HashFunction::Sha256),
+            "sha-512" => Ok(HashFunction::Sha512),
+            "bcrypt" => Ok(HashFunction::Bcrypt(10)),
+            _ => HashFunction::from_bcrypt(s).unwrap_or_else(|| Err("Unknown hash function")),
+        }
+    }
+}
+
+impl fmt::Display for HashFunction {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        match self {
+            HashFunction::Plain => write!(f, "plain"),
+            HashFunction::Sha256 => write!(f, "sha-256"),
+            HashFunction::Sha512 => write!(f, "sha-512"),
+            HashFunction::Bcrypt(i) => write!(f, "bcrypt:{}", i),
+        }
+    }
+}
+
+fn do_hash<D: Digest + Default>(salt: &[u8], password: &str) -> (String, Option<String>) {
+    let mut md = D::default();
+    md.input(salt);
+    md.input(password);
+
+    let dig = md.result();
+
+    (base64::encode(&dig), Some(base64::encode(&salt)))
+}
+
+fn do_bcrypt(password: &str, iterations: u8) -> Result<(String, Option<String>)> {
+    let mut hash = bcrypt::hash(password, u32::from(iterations))?;
+
+    hash.replace_range(1..3, "2a");
+
+    Ok((hash, None))
+}
+
+fn gen_salt(size: usize) -> Vec<u8> {
+    let mut rnd = EntropyRng::new();
+    let mut salt = vec![0; size];
+
+    rnd.fill_bytes(&mut salt);
+    salt
+}
+
+impl HashFunction {
+    pub fn name(&self) -> &str {
+        match self {
+            HashFunction::Plain => "plain",
+            HashFunction::Sha256 => "sha-256",
+            HashFunction::Sha512 => "sha-512",
+            HashFunction::Bcrypt(_) => "bcrypt", // we omit the iterations here
+        }
+    }
+
+    fn from_bcrypt(s: &str) -> Option<std::result::Result<HashFunction, &'static str>> {
+        let v: Vec<&str> = s.splitn(2, ':').collect();
+
+        match (v.get(0), v.get(1)) {
+            (Some(t), None) if *t == "bcrypt" => Some(Ok(HashFunction::Bcrypt(10))),
+            (Some(t), Some(i)) if *t == "bcrypt" => {
+                let iter = i.parse::<u8>();
+
+                Some(
+                    iter.map(HashFunction::Bcrypt)
+                        .map_err(|_| "Failed to parse number of iterations"),
+                )
+            }
+            _ => None,
+        }
+    }
+
+    fn insert_hash<D: Digest + Default>(
+        &self,
+        new_pair: &mut Map<String, Value>,
+        password: &str,
+    ) -> Result<()> {
+        new_pair.insert("hash-function".into(), self.name().into());
+        let r = do_hash::<D>(gen_salt(16).as_slice(), password);
+        new_pair.insert("pwd-hash".into(), r.0.into());
+        if let Some(salt) = r.1 {
+            new_pair.insert("salt".into(), salt.into());
+        }
+        Ok(())
+    }
+
+    fn insert_bcrypt(
+        &self,
+        new_pair: &mut Map<String, Value>,
+        password: &str,
+        i: u8,
+    ) -> Result<()> {
+        new_pair.insert("hash-function".into(), self.name().into());
+        let r = do_bcrypt(password, i)?;
+        new_pair.insert("pwd-hash".into(), r.0.into());
+        Ok(())
+    }
+
+    pub fn insert(&self, new_pair: &mut Map<String, Value>, password: &str) -> Result<()> {
+        match self {
+            HashFunction::Plain => {
+                new_pair.insert("pwd-plain".into(), password.into());
+                Ok(())
+            }
+            HashFunction::Sha256 => self.insert_hash::<Sha256>(new_pair, password),
+            HashFunction::Sha512 => self.insert_hash::<Sha512>(new_pair, password),
+            HashFunction::Bcrypt(i) => self.insert_bcrypt(new_pair, password, *i),
+        }
+    }
+}

hat/src/devices.rs

@@ -0,0 +1,21 @@
+/*******************************************************************************
+ * Copyright (c) 2018 Red Hat Inc
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *******************************************************************************/
+
+use crate::error;
+use clap::App;
+
+pub fn help(app: &mut App) -> Result<(), error::Error> {
+    app.print_help()?;
+    println!();
+    Ok(())
+}

hat/src/error.rs

@@ -0,0 +1,34 @@
+/*******************************************************************************
+ * Copyright (c) 2018 Red Hat Inc
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *******************************************************************************/
+
+use colored_json::write_colored_json;
+
+use serde_json::value::Value;
+
+use crate::error;
+use std::io::stdout;
+use std::io::Write;
+
+pub fn display_json_value(value: &Value) -> std::result::Result<(), error::Error> {
+    let mut out = stdout();
+
+    {
+        let mut out = out.lock();
+        write_colored_json(value, &mut out)?;
+        out.write_all("\n".as_bytes())?;
+    }
+
+    out.flush()?;
+
+    Ok(())
+}

hat/src/hash.rs

@@ -0,0 +1,66 @@
+/*******************************************************************************
+ * Copyright (c) 2018 Red Hat Inc
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *******************************************************************************/
+
+use crate::args::flag_arg;
+
+pub struct Overrides {
+    context: Option<String>,
+    url: Option<String>,
+    tenant: Option<String>,
+    use_kubernetes: Option<bool>,
+    kubernetes_context: Option<String>,
+    kubernetes_cluster: Option<String>,
+    insecure: Option<bool>,
+}
+
+impl Overrides {
+    pub fn context(&self) -> Option<String> {
+        self.context.clone()
+    }
+    pub fn url(&self) -> Option<&String> {
+        self.url.as_ref()
+    }
+    pub fn tenant(&self) -> Option<String> {
+        self.tenant.clone()
+    }
+    pub fn use_kubernetes(&self) -> Option<bool> {
+        self.use_kubernetes
+    }
+    pub fn kubernetes_cluster(&self) -> Option<&String> {
+        self.kubernetes_cluster.as_ref()
+    }
+    pub fn kubernetes_context(&self) -> Option<&String> {
+        self.kubernetes_context.as_ref()
+    }
+    pub fn insecure(&self) -> Option<bool> {
+        self.insecure
+    }
+}
+
+impl<'a> From<&'a clap::ArgMatches<'a>> for Overrides {
+    fn from(matches: &'a clap::ArgMatches) -> Self {
+        Overrides {
+            context: matches.value_of("context").map(ToString::to_string),
+            url: matches.value_of("url").map(ToString::to_string),
+            tenant: matches.value_of("tenant").map(ToString::to_string),
+            use_kubernetes: flag_arg("use-kubernetes", matches),
+            kubernetes_cluster: matches
+                .value_of("kubernetes-cluster")
+                .map(ToString::to_string),
+            kubernetes_context: matches
+                .value_of("kubernetes-context")
+                .map(ToString::to_string),
+            insecure: flag_arg("insecure", matches),
+        }
+    }
+}

hat/src/help.rs

@@ -0,0 +1,318 @@
+/*******************************************************************************
+ * Copyright (c) 2018, 2019 Red Hat Inc
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *******************************************************************************/
+
+use log::info;
+
+use url;
+use url::Url;
+
+use std::collections::HashMap;
+
+use http::header::{CONTENT_TYPE, ETAG, IF_MATCH, LOCATION};
+use http::Method;
+use http::StatusCode;
+
+use crate::error::ErrorKind::{MalformedRequest, NotFound, Response, UnexpectedResult};
+
+use crate::context::Context;
+use crate::error;
+
+use crate::client::Client;
+use crate::output::display_json_value;
+use crate::overrides::Overrides;
+use futures::executor::block_on;
+use serde::de::DeserializeOwned;
+use serde::Serialize;
+
+type Result<T> = std::result::Result<T, error::Error>;
+
+pub trait AuthExt
+where
+    Self: Sized,
+{
+    fn apply_auth(self, context: &Context) -> Result<Self>;
+}
+
+impl AuthExt for reqwest::RequestBuilder {
+    fn apply_auth(self, context: &Context) -> Result<Self> {
+        if context.use_kubernetes() {
+            // we already got configured, do nothing in addition
+            Ok(self)
+        } else if let Some(token) = context.token() {
+            Ok(self.bearer_auth(token))
+        } else if let Some(user) = context.username() {
+            Ok(self.basic_auth(user, context.password().clone()))
+        } else {
+            Ok(self)
+        }
+    }
+}
+
+pub trait IfMatch {
+    fn if_match(self, value: Option<&http::header::HeaderValue>) -> Self;
+}
+
+impl IfMatch for reqwest::RequestBuilder {
+    fn if_match(self, value: Option<&http::header::HeaderValue>) -> Self {
+        if let Some(etag) = value {
+            self.header(IF_MATCH, etag.clone())
+        } else {
+            self
+        }
+    }
+}
+
+pub trait Tracer {
+    fn trace(self) -> Self;
+}
+
+impl Tracer for reqwest::RequestBuilder {
+    fn trace(self) -> Self {
+        info!("{:#?}", self);
+        self
+    }
+}
+
+impl Tracer for reqwest::Client {
+    fn trace(self) -> Self {
+        info!("{:#?}", self);
+        self
+    }
+}
+
+impl Tracer for std::result::Result<reqwest::Response, reqwest::Error> {
+    fn trace(self) -> Self {
+        info!("{:#?}", self);
+        self
+    }
+}
+
+pub fn resource_url<S>(
+    context: &Context,
+    overrides: &Overrides,
+    resource: &str,
+    segments: S,
+) -> Result<url::Url>
+where
+    S: IntoIterator,
+    S::Item: AsRef<str>,
+{
+    resource_url_query(context, overrides, resource, segments, None)
+}
+
+pub fn resource_append_path<S>(url: url::Url, segments: S) -> Result<url::Url>
+where
+    S: IntoIterator,
+    S::Item: AsRef<str>,
+{
+    let mut url = url.clone();
+    {
+        let mut path = url
+            .path_segments_mut()
+            .map_err(|_| error::ErrorKind::UrlError)?;
+
+        path.extend(segments);
+    }
+
+    Ok(url)
+}
+
+pub fn resource_url_query<S>(
+    context: &Context,
+    overrides: &Overrides,
+    resource: &str,
+    segments: S,
+    query: Option<&HashMap<String, String>>,
+) -> Result<url::Url>
+where
+    S: IntoIterator,
+    S::Item: AsRef<str>,
+{
+    let url = context.to_url(overrides)?;
+    let url = resource_append_path(url, Some(resource))?;
+    let mut url = resource_append_path(url, segments)?;
+
+    if let Some(q) = query {
+        let mut query = url.query_pairs_mut();
+        for (name, value) in q {
+            query.append_pair(name, value);
+        }
+    }
+
+    Ok(url)
+}
+
+pub async fn resource_delete(
+    context: &Context,
+    overrides: &Overrides,
+    url: &url::Url,
+    resource_type: &str,
+    resource_name: &str,
+) -> Result<()> {
+    let client = context.create_client(overrides).await?;
+
+    client
+        .request(Method::DELETE, url.clone())
+        .apply_auth(context)?
+        .trace()
+        .send()
+        .await
+        .trace()
+        .map_err(error::Error::from)
+        .and_then(|response| match response.status() {
+            StatusCode::NO_CONTENT => Ok(response),
+            StatusCode::NOT_FOUND => Ok(response),
+            _ => Err(UnexpectedResult(response.status()).into()),
+        })?;
+
+    println!("{} deleted: {}", resource_type, resource_name);
+
+    Ok(())
+}
+
+pub async fn resource_get(
+    context: &Context,
+    overrides: &Overrides,
+    url: &url::Url,
+    resource_type: &str,
+) -> Result<()> {
+    let client = context.create_client(overrides).await?;
+
+    let result: serde_json::value::Value = client
+        .request(Method::GET, url.clone())
+        .apply_auth(context)?
+        .trace()
+        .send()
+        .await
+        .trace()
+        .map_err(error::Error::from)
+        .and_then(|response| match response.status() {
+            StatusCode::OK => Ok(response),
+            StatusCode::NOT_FOUND => Err(NotFound(resource_type.to_string()).into()),
+            _ => Err(UnexpectedResult(response.status()).into()),
+        })?
+        .json()
+        .await?;
+
+    display_json_value(&result)?;
+
+    Ok(())
+}
+
+pub async fn resource_modify_with_create<C, F, T>(
+    client: &Client,
+    context: &Context,
+    read_url: &Url,
+    update_url: &Url,
+    resource_name: &str,
+    creator: C,
+    mut modifier: F,
+) -> Result<reqwest::Response>
+where
+    F: FnMut(&mut T) -> Result<()>,
+    C: Fn() -> Result<T>,
+    T: Serialize + DeserializeOwned + std::fmt::Debug,
+{
+    // get
+
+    let response = client
+        .client
+        .request(Method::GET, read_url.clone())
+        .apply_auth(context)?
+        .trace()
+        .send()
+        .await
+        .trace()
+        .map_err(error::Error::from)?;
+
+    // retrieve ETag header
+    let etag = &response.headers().get(ETAG).map(|o| o.clone());
+
+    let mut payload: T = match response.status() {
+        StatusCode::OK => response.json().await.map_err(error::Error::from),
+        StatusCode::NOT_FOUND => creator(),
+        _ => Err(UnexpectedResult(response.status()).into()),
+    }?;
+
+    info!("GET Payload: {:#?}", payload);
+
+    // call consumer
+
+    modifier(&mut payload)?;
+
+    info!("PUT Payload: {:#?}", payload);
+
+    // update
+
+    client
+        .client
+        .request(Method::PUT, update_url.clone())
+        .apply_auth(context)?
+        .header(CONTENT_TYPE, "application/json")
+        .if_match(etag.as_ref())
+        .json(&payload)
+        .trace()
+        .send()
+        .await
+        .trace()
+        .map_err(error::Error::from)
+        .and_then(|response| match response.status() {
+            StatusCode::NO_CONTENT => Ok(response),
+            StatusCode::NOT_FOUND => Err(NotFound(resource_name.into()).into()),
+            StatusCode::BAD_REQUEST => block_on(resource_err_bad_request(response)),
+            _ => Err(UnexpectedResult(response.status()).into()),
+        })
+}
+
+pub async fn resource_err_bad_request<T>(response: reqwest::Response) -> Result<T> {
+    Err(MalformedRequest(response.text().await.unwrap_or_else(|_| "<unknown>".into())).into())
+}
+
+pub async fn resource_modify<F, T>(
+    client: &Client,
+    context: &Context,
+    read_url: &Url,
+    update_url: &Url,
+    resource_name: &str,
+    modifier: F,
+) -> Result<reqwest::Response>
+where
+    F: FnMut(&mut T) -> Result<()>,
+    T: Serialize + DeserializeOwned + std::fmt::Debug,
+{
+    resource_modify_with_create(
+        client,
+        context,
+        read_url,
+        update_url,
+        resource_name,
+        || Err(NotFound(resource_name.into()).into()),
+        modifier,
+    )
+    .await
+}
+
+pub fn resource_id_from_location(response: reqwest::Response) -> Result<String> {
+    let loc = response.headers().get(LOCATION);
+
+    if let Some(s) = loc {
+        let id: String = s.to_str()?.into();
+
+        let s = id.split('/').last();
+
+        s.map(|s| s.into())
+            .ok_or_else(|| Response(String::from("Missing ID element in 'Location' header")).into())
+    } else {
+        Err(Response(String::from("Missing 'Location' header in response")).into())
+    }
+}

hat/src/main.rs

@@ -0,0 +1,249 @@
+/*******************************************************************************
+ * Copyright (c) 2018 Red Hat Inc
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *******************************************************************************/
+
+use clap::{App, ArgMatches};
+
+use crate::context::Context;
+use crate::help::help;
+
+use http::header::*;
+use http::method::Method;
+use http::status::StatusCode;
+
+use serde_json::value::*;
+
+use crate::error;
+use crate::error::ErrorKind::*;
+
+use crate::resource::{
+    resource_delete, resource_err_bad_request, resource_get, resource_id_from_location,
+    resource_modify, resource_url, AuthExt,
+};
+
+use crate::client::Client;
+use crate::overrides::Overrides;
+use crate::resource::Tracer;
+use futures::executor::block_on;
+
+type Result<T> = std::result::Result<T, error::Error>;
+
+static KEY_ENABLED: &str = "enabled";
+static RESOURCE_NAME: &str = "devices";
+
+pub async fn tenant(
+    app: &mut App<'_, '_>,
+    matches: &ArgMatches<'_>,
+    overrides: &Overrides,
+    context: &Context,
+) -> Result<()> {
+    let client = Client::new(context, overrides).await?;
+
+    match matches.subcommand() {
+        ("create", Some(cmd_matches)) => {
+            tenant_create(
+                context,
+                overrides,
+                cmd_matches.value_of("tenant_name"),
+                cmd_matches.value_of("payload"),
+            )
+            .await?
+        }
+        ("update", Some(cmd_matches)) => {
+            tenant_update(
+                context,
+                overrides,
+                cmd_matches.value_of("tenant_name").unwrap(),
+                cmd_matches.value_of("payload"),
+            )
+            .await?
+        }
+        ("get", Some(cmd_matches)) => {
+            tenant_get(
+                context,
+                overrides,
+                cmd_matches.value_of("tenant_name").unwrap(),
+            )
+            .await?
+        }
+        ("delete", Some(cmd_matches)) => {
+            tenant_delete(
+                context,
+                overrides,
+                cmd_matches.value_of("tenant_name").unwrap(),
+            )
+            .await?
+        }
+        ("enable", Some(cmd_matches)) => {
+            tenant_enable(
+                &client,
+                context,
+                overrides,
+                cmd_matches.value_of("tenant_name").unwrap(),
+            )
+            .await?
+        }
+        ("disable", Some(cmd_matches)) => {
+            tenant_disable(
+                &client,
+                context,
+                overrides,
+                cmd_matches.value_of("tenant_name").unwrap(),
+            )
+            .await?
+        }
+        _ => help(app)?,
+    };
+
+    Ok(())
+}
+
+async fn tenant_create(
+    context: &Context,
+    overrides: &Overrides,
+    tenant: Option<&str>,
+    payload: Option<&str>,
+) -> Result<()> {
+    let url = resource_url(context, overrides, RESOURCE_NAME, tenant)?;
+
+    let payload = match payload {
+        Some(_) => serde_json::from_str(payload.unwrap())?,
+        _ => serde_json::value::Map::new(),
+    };
+
+    let client = context.create_client(overrides).await?;
+
+    let tenant = client
+        .request(Method::POST, url)
+        .apply_auth(context)?
+        .header(CONTENT_TYPE, "application/json")
+        .json(&payload)
+        .trace()
+        .send()
+        .await
+        .trace()
+        .map_err(error::Error::from)
+        .and_then(|response| match response.status() {
+            StatusCode::CREATED => Ok(response),
+            StatusCode::CONFLICT => Err(AlreadyExists(tenant.unwrap().to_string()).into()),
+            StatusCode::BAD_REQUEST => block_on(resource_err_bad_request(response)),
+            _ => Err(UnexpectedResult(response.status()).into()),
+        })
+        .and_then(resource_id_from_location)?;
+
+    println!("Created tenant: {}", tenant);
+
+    Ok(())
+}
+
+async fn tenant_update(
+    context: &Context,
+    overrides: &Overrides,
+    tenant: &str,
+    payload: Option<&str>,
+) -> Result<()> {
+    let url = resource_url(context, overrides, RESOURCE_NAME, Some(tenant))?;
+
+    let mut payload = match payload {
+        Some(_) => serde_json::from_str(payload.unwrap())?,
+        _ => serde_json::value::Map::new(),
+    };
+
+    payload.insert(
+        "tenant-id".to_string(),
+        serde_json::value::to_value(tenant)?,
+    );
+
+    let client = context.create_client(overrides).await?;
+
+    client
+        .request(Method::PUT, url)
+        .apply_auth(context)?
+        .header(CONTENT_TYPE, "application/json")
+        .json(&payload)
+        .trace()
+        .send()
+        .await
+        .map_err(error::Error::from)
+        .and_then(|response| match response.status() {
+            StatusCode::NO_CONTENT => Ok(response),
+            StatusCode::NOT_FOUND => Err(NotFound(tenant.to_string()).into()),
+            StatusCode::BAD_REQUEST => block_on(resource_err_bad_request(response)),
+            _ => Err(UnexpectedResult(response.status()).into()),
+        })?;
+
+    println!("Updated tenant: {}", tenant);
+
+    Ok(())
+}
+
+async fn tenant_delete(context: &Context, overrides: &Overrides, tenant: &str) -> Result<()> {
+    let url = resource_url(context, overrides, RESOURCE_NAME, Some(tenant))?;
+    resource_delete(&context, overrides, &url, "Tenant", tenant).await
+}
+
+async fn tenant_enable(
+    client: &Client,
+    context: &Context,
+    overrides: &Overrides,
+    tenant: &str,
+) -> Result<()> {
+    let url = resource_url(context, overrides, RESOURCE_NAME, Some(tenant))?;
+
+    resource_modify(
+        client,
+        &context,
+        &url,
+        &url,
+        tenant,
+        |payload: &mut Map<String, Value>| {
+            payload.insert(KEY_ENABLED.into(), Value::Bool(true));
+            Ok(())
+        },
+    )
+    .await?;
+
+    println!("Tenant {} enabled", tenant);
+
+    Ok(())
+}
+
+async fn tenant_disable(
+    client: &Client,
+    context: &Context,
+    overrides: &Overrides,
+    tenant: &str,
+) -> Result<()> {
+    let url = resource_url(context, overrides, RESOURCE_NAME, Some(tenant))?;
+
+    resource_modify(
+        client,
+        &context,
+        &url,
+        &url,
+        tenant,
+        |payload: &mut Map<String, Value>| {
+            payload.insert(KEY_ENABLED.into(), Value::Bool(false));
+            Ok(())
+        },
+    )
+    .await?;
+
+    println!("Tenant {} disabled", tenant);
+
+    Ok(())
+}
+
+async fn tenant_get(context: &Context, overrides: &Overrides, tenant: &str) -> Result<()> {
+    let url = resource_url(context, overrides, RESOURCE_NAME, Some(tenant))?;
+    resource_get(&context, overrides, &url, "Tenant").await
+}

hat/src/output.rs

@@ -0,0 +1,28 @@
+/*******************************************************************************
+ * Copyright (c) 2018 Red Hat Inc
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *******************************************************************************/
+
+pub trait Either {
+    fn either<T>(&self, this: T, that: T) -> T;
+}
+
+impl Either for bool {
+    /// transforms the bool in a value of either the first (when true) or the second (when false)
+    /// parameter.
+    fn either<T>(&self, when_true: T, when_false: T) -> T {
+        if *self {
+            when_true
+        } else {
+            when_false
+        }
+    }
+}