Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add profile support for cli #289

Merged
merged 8 commits into from
Aug 21, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 1 addition & 29 deletions cmd/auth-clearCachedCredentials.go
Original file line number Diff line number Diff line change
@@ -1,39 +1,11 @@
package cmd

import (
"fmt"

"github.com/opentdf/otdfctl/pkg/cli"
"github.com/opentdf/otdfctl/pkg/handlers"
"github.com/opentdf/otdfctl/pkg/man"
"github.com/spf13/cobra"
)

var auth_clearClientCredentialsCmd = man.Docs.GetCommand("auth/clear-client-credentials",
man.WithRun(auth_clearCreds),
man.WithHiddenFlags("with-client-creds", "with-client-creds-file"),
)

func auth_clearCreds(cmd *cobra.Command, args []string) {
flagHelper := cli.NewFlagHelper(cmd)
host := flagHelper.GetRequiredString("host")

p := cli.NewPrinter(true)

p.Printf("Clearing cached client credentials for %s... ", host)
if err := handlers.NewKeyring(host).DeleteClientCredentials(); err != nil {
fmt.Println("failed")
cli.ExitWithError("Failed to clear cached client credentials", err)
}
p.Println("ok")
}
var auth_clearClientCredentialsCmd = man.Docs.GetCommand("auth/clear-client-credentials")

func init() {
auth_clearClientCredentialsCmd.Flags().String(
auth_clearClientCredentialsCmd.GetDocFlag("all").Name,
auth_clearClientCredentialsCmd.GetDocFlag("all").Description,
auth_clearClientCredentialsCmd.GetDocFlag("all").Default,
)

authCmd.AddCommand(&auth_clearClientCredentialsCmd.Command)
}
41 changes: 25 additions & 16 deletions cmd/auth-clientCredentials.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,10 @@ package cmd
import (
"fmt"

"github.com/opentdf/otdfctl/pkg/auth"
"github.com/opentdf/otdfctl/pkg/cli"
"github.com/opentdf/otdfctl/pkg/handlers"
"github.com/opentdf/otdfctl/pkg/man"
"github.com/opentdf/otdfctl/pkg/profiles"
"github.com/spf13/cobra"
)

Expand All @@ -15,39 +16,47 @@ var clientCredentialsCmd = man.Docs.GetCommand("auth/client-credentials",
)

func auth_clientCredentials(cmd *cobra.Command, args []string) {
var c handlers.ClientCredentials

flagHelper := cli.NewFlagHelper(cmd)
host := flagHelper.GetRequiredString("host")
tlsNoVerify := flagHelper.GetOptionalBool("tls-no-verify")
cp := InitProfile(cmd, false)

p := cli.NewPrinter(true)

var clientId string
var clientSecret string

if len(args) > 0 {
c.ClientId = args[0]
clientId = args[0]
}
if len(args) > 1 {
c.ClientSecret = args[1]
clientSecret = args[1]
}

if c.ClientId == "" {
c.ClientId = cli.AskForInput("Enter client id: ")
if clientId == "" {
clientId = cli.AskForInput("Enter client id: ")
}
if c.ClientSecret == "" {
c.ClientSecret = cli.AskForSecret("Enter client secret: ")
if clientSecret == "" {
clientSecret = cli.AskForSecret("Enter client secret: ")
}

p.Printf("Logging in with client ID and secret for %s... ", host)
if _, err := handlers.GetTokenWithClientCreds(cmd.Context(), host, c, tlsNoVerify); err != nil {
// Set the client credentials
cp.SetAuthCredentials(profiles.AuthCredentials{
AuthType: profiles.PROFILE_AUTH_TYPE_CLIENT_CREDENTIALS,
ClientId: clientId,
ClientSecret: clientSecret,
})

// Validate the client credentials
p.Printf("Validating client credentials for %s... ", cp.GetEndpoint())
if err := auth.ValidateProfileAuthCredentials(cmd.Context(), cp); err != nil {
fmt.Println("failed")
cli.ExitWithError("An error occurred during login. Please check your credentials and try again", err)
}
p.Println("ok")

// Save the client credentials
p.Print("Storing client ID and secret in keyring... ")
if err := handlers.NewKeyring(host).SetClientCredentials(c); err != nil {
if err := cp.Save(); err != nil {
fmt.Println("failed")
cli.ExitWithError("Failed to cache client credentials", err)
cli.ExitWithError("An error occurred while storing client credentials", err)
}
p.Println("ok")
}
Expand Down
6 changes: 3 additions & 3 deletions cmd/auth-code.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ package cmd
import (
"fmt"

"github.com/opentdf/otdfctl/pkg/auth"
"github.com/opentdf/otdfctl/pkg/cli"
"github.com/opentdf/otdfctl/pkg/handlers"
"github.com/opentdf/otdfctl/pkg/man"
"github.com/spf13/cobra"
)
Expand All @@ -19,14 +19,14 @@ func auth_codeLogin(cmd *cobra.Command, args []string) {

printer := cli.NewPrinter(!noCacheCreds)

tok, err := handlers.LoginWithPKCE(host, clientID, tlsNoVerify, noCacheCreds)
tok, err := auth.LoginWithPKCE(host, clientID, tlsNoVerify)
if err != nil {
cli.ExitWithError("could not authenticate", err)
}
if noCacheCreds {
fmt.Print(tok.AccessToken)
}
// TODO: set to the keyring/profile here

printer.Println(cli.SuccessMessage("Successfully logged in with auth code PKCE flow. Credentials cached on native OS."))
}

Expand Down
42 changes: 19 additions & 23 deletions cmd/auth-printAccessToken.go
Original file line number Diff line number Diff line change
@@ -1,46 +1,42 @@
package cmd

import (
"context"
"encoding/json"
"fmt"

"github.com/opentdf/otdfctl/pkg/auth"
"github.com/opentdf/otdfctl/pkg/cli"
"github.com/opentdf/otdfctl/pkg/handlers"
"github.com/opentdf/otdfctl/pkg/man"
"github.com/opentdf/otdfctl/pkg/profiles"
"github.com/spf13/cobra"
"golang.org/x/oauth2"
)

var auth_printAccessTokenCmd = man.Docs.GetCommand("auth/print-access-token",
man.WithRun(auth_printAccessToken),
)
man.WithRun(auth_printAccessToken))

func auth_printAccessToken(cmd *cobra.Command, args []string) {
flagHelper := cli.NewFlagHelper(cmd)
host := flagHelper.GetRequiredString("host")
jsonOut := flagHelper.GetOptionalBool("json")

cp := InitProfile(cmd, false)

printEnabled := !jsonOut
p := cli.NewPrinter(printEnabled)

p.Printf("Getting stored client credentials for %s... ", host)
clientCredentials, err := handlers.NewKeyring(host).GetClientCredentials()
if err != nil {
p.Println("failed")
cli.ExitWithError("Client credentials not found. Please use `auth client-credentials` to set them", err)
}
p.Println("ok")

p.Printf("Getting access token for %s... ", clientCredentials.ClientId)
tok, err := handlers.GetTokenWithClientCreds(
context.Background(),
host,
clientCredentials,
flagHelper.GetOptionalBool("tls-no-verify"),
)
if err != nil {
p.Println("failed")
cli.ExitWithError("Failed to get token", err)
var tok *oauth2.Token
ac := cp.GetAuthCredentials()
switch ac.AuthType {
case profiles.PROFILE_AUTH_TYPE_CLIENT_CREDENTIALS:
var err error
p.Printf("Getting access token for %s... ", ac.ClientId)
tok, err = auth.GetTokenWithProfile(cmd.Context(), cp)
if err != nil {
p.Println("failed")
cli.ExitWithError("Failed to get token", err)
}
default:
cli.ExitWithError("Invalid auth type", nil)
}
p.Println("ok")
p.Printf("Access Token: %s\n", tok.AccessToken)
Expand Down
26 changes: 0 additions & 26 deletions cmd/dev.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package cmd

import (
"encoding/json"
"errors"
"fmt"
"io"
"os"
Expand All @@ -11,7 +10,6 @@ import (
"github.com/evertras/bubble-table/table"
"github.com/opentdf/otdfctl/pkg/cli"
"github.com/opentdf/otdfctl/pkg/config"
"github.com/opentdf/otdfctl/pkg/handlers"
"github.com/opentdf/otdfctl/pkg/man"
"github.com/opentdf/platform/protocol/go/common"
"github.com/spf13/cobra"
Expand Down Expand Up @@ -159,30 +157,6 @@ func readBytesFromFile(filePath string) []byte {
return bytes
}

// instantiates a new handler with authentication via client credentials
func NewHandler(cmd *cobra.Command) handlers.Handler {
flag := cli.NewFlagHelper(cmd)
host := flag.GetRequiredString("host")
tlsNoVerify := flag.GetOptionalBool("tls-no-verify")
clientCredsFile := flag.GetOptionalString("with-client-creds-file")
clientCredsJSON := flag.GetOptionalString("with-client-creds")

// Get any credentials we can from the cache or flags
creds, err := handlers.GetClientCreds(host, clientCredsFile, []byte(clientCredsJSON))
if err != nil {
cli.ExitWithError("Failed to get client credentials", err)
}

h, err := handlers.NewWithCredentials(host, creds.ClientId, creds.ClientSecret, tlsNoVerify)
if err != nil {
if errors.Is(err, handlers.ErrUnauthenticated) {
cli.ExitWithError(fmt.Sprintf("Not logged in. Please authenticate via CLI auth flow(s) before using command (%s %s)", cmd.Parent().Use, cmd.Use), err)
}
cli.ExitWithError("Failed to connect to server", err)
}
return h
}

func init() {
designCmd := man.Docs.GetCommand("dev/design-system",
man.WithRun(dev_designSystem),
Expand Down
Loading