-
Notifications
You must be signed in to change notification settings - Fork 61
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: support SSO (Single Sign-On) (#1010)
* feat(authenticate): support pkce * refactor: authentication * fix: acquire session token from api endpoint * feat(undocumented): support debug output * fix(app): avoid auth for config command * fix: acquire api token * feat(auth): implement refresh behaviour * refactor: move FastlyAPIClient out of app package * refactor: variable naming * refactor: display profile name * refactor: clarify tokenless commands * doc(testing): explain delve debugging * tests: fix * refactor(app): move kingpin config * refactor(app): small doc clean-ups * refactor: support flag/env-var override for accounts endpoint * refactor: move token exchange to separate function * refactor: move auth logic to separate functions * fix(config): update config version * refactor(app): make prompt less scary * test: fix whoami test * fix: support skipping OAuth * refactor(app): move more logic from Run function * refactor(app): move more logic to separate functions + support new env var * fix(profile/create): support OAuth token flow * refactor(authenticate): move new default logic to separate function * fix: allow profile override for authenticate command + skip auth prompt * fix: allow profile override for profile update command * refactor(profile/update): move static token flow to separate function * fix(profile/update): support OAuth flow * fix(app): move endpoint display before token validation * fix: avoid breaking change by switching SSO to be opt-in * refactor(app): group token processing logic * refactor(profile/create): update prompt description * fix: profile logic * fix: resolve semgrep concern for modified variable * refactor(authenticate): move profile logic to separate function * fix(app): wrap prompt in flag checks * doc(authenticate): explain prompt skip * doc(authenticate): explain processProfiles logic * refactor(authenticate): move case conditionals to separate functions * doc(profile/update): clarify else if conditional * fix: set Default correctly when invoking authenticate command directly * refactor: clean-up profile.Get interface * fix: refactor profile.Default interface * refactor: rename OAuth to SSO * refactor: inject browser opener behaviour * refactor: inject auth server * test(authenticate): add validation for authenticate command * doc(app): clarify env var usage * fix: vcl/conditions test after rebase from main * refactor(app): hide token message with --quiet * feat: add Important text header * feat(profile): add SetADefault * test(authenticate): add more test assertions * refactor: support profile arg to authenticate command * refactor: rename authenticate command to sso * doc: rename DEVELOP to DEVELOPMENT * fix: split command name to avoid arguments being included * fix: use correct profile name after authentication * refactor: rename all instances of authenticate to sso * refactor(app): reword instructions for SSO opt-in * refactor(profile/update): avoid excessive config writes * refactor(sso): change text function depending on how command is invoked * feat(sso): validate azp/aud claims * fix: resolve linter feedback * refactor: rename testcase field * test: add more tests to validate pre-command token processing * refactor: move INFO output related to expired tokens to verbose mode * fix: set Authorization header alongside Fastly-Key * doc: warn callers of memory concern with undocumented.Call() * refactor(whoami): replace manual request with existing abstraction * feat: FASTLY_DEBUG_MODE * refactor: remove unnecessary profile check * fix(undocumented): print correct output * refactor: deduplicate JWT validation and token logic * fix(profile/update): ensure SetDefault() is called * fix: avoid breaking flow in profile commands * fix(profile/update): put back the flow to how it was prior to sso * fix(testutil): correct annotations * fix(undocumented): move response output to before error check * style(profile/update): add line breaks to info output * fix(config): remove duplicate key * fix(app): move verbose flag out of signature * fix(app): add compute metadata to the no token switch * fix(tests): remove extra line break * fix(undocumented): remove unnecessary Authorization header * fix(config): bump config_version * refactor: rename Endpoint to APIEndpoint for clarity * style(app): add line breaks * doc(auth): add well-known path * style: tweak line breaks * fix(sso): hide command until GA * remove: SSO messaging until GA * refactor(global): rename constants * refactor(profile): hide sso flag until GA * fix(auth): check type assert * refactor(main): rename s to authServer * feat: store .well-known inside of auth.Server * refactor: store well-known as struct not bytes * refactor: rename Account to AccountEndpoint * refactor: move main logic to custom init * refactor: correct some linter items * refactor: all the things * fix: move functions inside auth server + set api endpoint * remove(testutil): SetAccountEndpoint mock method * fix: stop processing if user doesn't want to continue * test: add DontWantOutput for TestSSO * feat: add --enable-sso flag * fix: don't os.Exit(1) for Yes/No * style(app): remove line break * fix(app): don't auto SSO if no profiles * refactor: auth flow * refactor: naming of variables * feat: support account endpoint override
- Loading branch information
1 parent
4e9fe46
commit 60e53e3
Showing
400 changed files
with
6,234 additions
and
4,218 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.