From bf70ed239f33dc280433963e3e6d1c6bf954920a Mon Sep 17 00:00:00 2001 From: Martin Norbury Date: Tue, 14 Nov 2023 14:52:36 +0000 Subject: [PATCH] feat: Add a `Token` struct to allow the CLI to differentiate between `Bearer` and `APIKey` tokens (#66) This PR adds a `Token` struct to allow the CLI to differentiate between the auth methods. The CLI will have a different download flow depending on if the auth is using a bearer token vs an API key. For the bearer token the `team_name` is configured using the `cloudquery switch` command. For the API key, the key is associated with a team name already. --- auth/token.go | 33 ++++++++++++++++++++++++--------- auth/token_test.go | 10 +++++----- 2 files changed, 29 insertions(+), 14 deletions(-) diff --git a/auth/token.go b/auth/token.go index 5813743..d1cf72e 100644 --- a/auth/token.go +++ b/auth/token.go @@ -29,6 +29,21 @@ type tokenResponse struct { ProjectID string `json:"project_id"` } +type TokenType int + +const ( + Undefined TokenType = iota + BearerToken + APIKey +) + +var UndefinedToken = Token{Type: Undefined, Value: ""} + +type Token struct { + Type TokenType + Value string +} + type TokenClient struct { url string apiKey string @@ -45,37 +60,37 @@ func NewTokenClient() *TokenClient { // GetToken returns the ID token // If CLOUDQUERY_API_KEY is set, it returns that value, otherwise it returns an ID token generated from the refresh token. -func (tc *TokenClient) GetToken() (string, error) { +func (tc *TokenClient) GetToken() (Token, error) { if token := os.Getenv(EnvVarCloudQueryAPIKey); token != "" { - return token, nil + return Token{Type: APIKey, Value: token}, nil } // If the token is not expired, return it if !tc.expiresAt.IsZero() && tc.expiresAt.Sub(time.Now().UTC()) > ExpiryBuffer { - return tc.idToken, nil + return Token{Type: BearerToken, Value: tc.idToken}, nil } refreshToken, err := ReadRefreshToken() if err != nil { - return "", fmt.Errorf("failed to read refresh token: %w. Hint: You may need to run `cloudquery login` or set %s", err, EnvVarCloudQueryAPIKey) + return UndefinedToken, fmt.Errorf("failed to read refresh token: %w. Hint: You may need to run `cloudquery login` or set %s", err, EnvVarCloudQueryAPIKey) } if refreshToken == "" { - return "", fmt.Errorf("authentication token not found. Hint: You may need to run `cloudquery login` or set %s", EnvVarCloudQueryAPIKey) + return UndefinedToken, fmt.Errorf("authentication token not found. Hint: You may need to run `cloudquery login` or set %s", EnvVarCloudQueryAPIKey) } tokenResponse, err := tc.generateToken(refreshToken) if err != nil { - return "", fmt.Errorf("failed to sign in with custom token: %w", err) + return UndefinedToken, fmt.Errorf("failed to sign in with custom token: %w", err) } if err := SaveRefreshToken(tokenResponse.RefreshToken); err != nil { - return "", fmt.Errorf("failed to save refresh token: %w", err) + return UndefinedToken, fmt.Errorf("failed to save refresh token: %w", err) } if err := tc.updateIDToken(tokenResponse); err != nil { - return "", fmt.Errorf("failed to update ID token: %w", err) + return UndefinedToken, fmt.Errorf("failed to update ID token: %w", err) } - return tc.idToken, nil + return Token{Type: BearerToken, Value: tc.idToken}, nil } func (tc *TokenClient) generateToken(refreshToken string) (*tokenResponse, error) { diff --git a/auth/token_test.go b/auth/token_test.go index bbaffa8..32879e0 100644 --- a/auth/token_test.go +++ b/auth/token_test.go @@ -46,7 +46,7 @@ func TestTokenClient_EnvironmentVariable(t *testing.T) { token, err := NewTokenClient().GetToken() require.NoError(t, err) - require.Equal(t, "my_token", token) + require.Equal(t, Token{Type: APIKey, Value: "my_token"}, token) } func TestTokenClient_GetToken_ShortExpiry(t *testing.T) { @@ -66,13 +66,13 @@ func TestTokenClient_GetToken_ShortExpiry(t *testing.T) { token, err := tc.GetToken() require.NoError(t, err) - require.Equal(t, "my_id_token_0", token, "first token") + require.Equal(t, Token{Type: BearerToken, Value: "my_id_token_0"}, token, "first token") tc.expiresAt = t0 token, err = tc.GetToken() require.NoError(t, err) - require.Equal(t, "my_id_token_1", token, "expected to issue new token") + require.Equal(t, Token{Type: BearerToken, Value: "my_id_token_1"}, token, "expected to issue new token") } func TestTokenClient_GetToken_LongExpiry(t *testing.T) { @@ -89,11 +89,11 @@ func TestTokenClient_GetToken_LongExpiry(t *testing.T) { token, err := tc.GetToken() require.NoError(t, err) - require.Equal(t, "my_id_token_0", token, "first token") + require.Equal(t, Token{Type: BearerToken, Value: "my_id_token_0"}, token, "first token") token, err = tc.GetToken() require.NoError(t, err) - require.Equal(t, "my_id_token_0", token, "expected to reuse token") + require.Equal(t, Token{Type: BearerToken, Value: "my_id_token_0"}, token, "expected to reuse token") } func overrideEnvironmentVariable(t *testing.T, key, value string) func() {