Add Updatecli integration with Udash (updatecli#1344)

* Add updatecli login for authenticating on an API backend Signed-off-by: Olblak <[email protected]> * mitigate slowloris attack handle error Signed-off-by: Olblak <[email protected]> * fix logrus error-wrapping directive Signed-off-by: Olblak <[email protected]> * Add checkspelling allow word Signed-off-by: Olblak <[email protected]> * Update url used to publish report Signed-off-by: Olblak <[email protected]> * refactor publish command Signed-off-by: Olblak <[email protected]> * Rename target result field OldInformation to information Signed-off-by: Olblak <[email protected]> * Remove missing line Signed-off-by: Olblak <[email protected]> * show url after publishing Signed-off-by: Olblak <[email protected]> * sanitize audience name by removing http scheme Signed-off-by: Olblak <[email protected]> * Refactor auth package Signed-off-by: Olblak <[email protected]> * Remove pointer in pipeline report Signed-off-by: Olblak <[email protected]> * refactor report Signed-off-by: Olblak <[email protected]> * Add ID for each result Signed-off-by: Olblak <[email protected]> * go mod tidy Signed-off-by: Olblak <[email protected]> * Add allow text to spellcheck Signed-off-by: Olblak <[email protected]> * fix cross site scripting error Signed-off-by: Olblak <[email protected]> * Only run updatecli in experimental mode Signed-off-by: Olblak <[email protected]> * Set scm ID Add reportURL param Signed-off-by: Olblak <[email protected]> * Show report url in final report Signed-off-by: Olblak <[email protected]> * refactor auth package Signed-off-by: Olblak <[email protected]> * Improve report publishing UX The purpose of this commit is to reduce the need to specify front and back url by storing those two informations in the configuration file Then a report API can either be specified using a environment variable or relying on the default config Signed-off-by: Olblak <[email protected]> * handle error Signed-off-by: Olblak <[email protected]> * Specify correct return Signed-off-by: Olblak <[email protected]> * fix spelling warning Signed-off-by: Olblak <[email protected]> * Update pkg/core/result/target.go Co-authored-by: Damien Duportal <[email protected]> * Revert "Remove pointer in pipeline report" This reverts commit fc32d7f. * Show report url per pipeline Signed-off-by: Olblak <[email protected]> * Add dryRun information to target result Signed-off-by: Olblak <[email protected]> * Remove reports.Publish in favor of report.Publish Signed-off-by: Olblak <[email protected]> * rename OAUTH to Oauth Signed-off-by: Olblak <[email protected]> --------- Signed-off-by: Olblak <[email protected]> Co-authored-by: Damien Duportal <[email protected]>
updatecli-test · Jul 12, 2023 · 82c294f · 82c294f
1 parent 4d6ec5b
commit 82c294f
Show file tree

Hide file tree

Showing 35 changed files with 900 additions and 33 deletions.
diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt
@@ -10,4 +10,13 @@ minoronly
 majoronly
 nce
 WRONLY
+nirasan
+skratchdot
+pkce
+errmsg
+authdata
+APIURL
 oidc
+udash
+Udash
+CLIENTID
diff --git a/cmd/apply.go b/cmd/apply.go
@@ -37,6 +37,7 @@ var (
 
 func init() {
 	applyCmd.Flags().StringVarP(&cfgFile, "config", "c", "", "Sets config file or directory. By default, Updatecli looks for a file named 'updatecli.yaml' or a directory named 'updatecli.d'")
+	applyCmd.Flags().StringVar(&oAuthAudience, "reportAPI", "", "Set the report API URL where to publish pipeline reports")
 	applyCmd.Flags().StringArrayVarP(&valuesFiles, "values", "v", []string{}, "Sets values file uses for templating")
 	applyCmd.Flags().StringArrayVar(&secretsFiles, "secrets", []string{}, "Sets Sops secrets file uses for templating")
 

diff --git a/cmd/diff.go b/cmd/diff.go
@@ -35,6 +35,7 @@ var (
 
 func init() {
 	diffCmd.Flags().StringVarP(&cfgFile, "config", "c", "", "Sets config file or directory. By default, Updatecli looks for a file named 'updatecli.yaml' or a directory named 'updatecli.d'")
+	diffCmd.Flags().StringVar(&oAuthAudience, "reportAPI", "", "Set the report API URL where to publish pipeline reports")
 	diffCmd.Flags().StringArrayVarP(&valuesFiles, "values", "v", []string{}, "Sets values file uses for templating")
 	diffCmd.Flags().StringArrayVar(&secretsFiles, "secrets", []string{}, "Sets Sops secrets file uses for templating")
 	diffCmd.Flags().BoolVar(&diffClean, "clean", false, "Remove updatecli working directory like '--clean=true'")

diff --git a/cmd/login.go b/cmd/login.go
@@ -0,0 +1,53 @@
+package cmd
+
+import (
+	"os"
+
+	"github.com/sirupsen/logrus"
+
+	"github.com/spf13/cobra"
+)
+
+var (
+	oAuthClientID string
+	oAuthIssuer   string
+	oAuthAudience string
+	endpointURL   string
+
+	loginCmd = &cobra.Command{
+		Use:     "login url",
+		Short:   "[Experimental] login authenticates with the Updatecli service.",
+		Example: "updatecli login app.updatecli.io",
+		Run: func(cmd *cobra.Command, args []string) {
+
+			// TODO: To be removed once not experimental anymore
+			if !experimental {
+				logrus.Warningf("The 'login' feature requires the flag experimental to work, such as:\n\t`updatecli login --experimental`")
+				os.Exit(1)
+			}
+
+			switch len(args) {
+			case 0:
+				logrus.Errorf("missing URL to login to")
+				os.Exit(1)
+			case 1:
+				endpointURL = args[0]
+			default:
+				logrus.Errorf("can only login to one URL at a time")
+				os.Exit(1)
+			}
+
+			err := run("login")
+			if err != nil {
+				logrus.Errorf("command failed")
+				os.Exit(1)
+			}
+		},
+	}
+)
+
+func init() {
+	loginCmd.Flags().StringVar(&oAuthClientID, "oauth-clientId", "", "oauth-clientId defines the Oauth client ID")
+	loginCmd.Flags().StringVar(&oAuthIssuer, "oauth-issuer", "", "oauth-issuer defines the Oauth authentication URL")
+	loginCmd.Flags().StringVar(&oAuthAudience, "oauth-audience", "", "oauth-audience defines the Oauth audience URL")
+}
diff --git a/cmd/root.go b/cmd/root.go
@@ -4,6 +4,7 @@ import (
 	"os"
 
 	"github.com/sirupsen/logrus"
+	"github.com/updatecli/updatecli/pkg/core/auth"
 	"github.com/updatecli/updatecli/pkg/core/cmdoptions"
 	"github.com/updatecli/updatecli/pkg/core/log"
 
@@ -63,6 +64,7 @@ func init() {
 		diffCmd,
 		prepareCmd,
 		manifestCmd,
+		loginCmd,
 		showCmd,
 		versionCmd,
 		docsCmd,
@@ -74,6 +76,7 @@ func run(command string) error {
 
 	switch command {
 	case "apply":
+		auth.Audience = oAuthAudience
 		if applyClean {
 			defer func() {
 				if err := e.Clean(); err != nil {
@@ -94,6 +97,7 @@ func run(command string) error {
 			return err
 		}
 	case "diff":
+		auth.Audience = oAuthAudience
 		if diffClean {
 			defer func() {
 				if err := e.Clean(); err != nil {
@@ -134,6 +138,13 @@ func run(command string) error {
 			return err
 		}
 
+	case "login":
+		err := auth.Login(endpointURL, oAuthClientID, oAuthIssuer, oAuthAudience)
+		if err != nil {
+			logrus.Errorf("%s %s", result.FAILURE, err)
+			return err
+		}
+
 	// Show is deprecated
 	case "show", "manifest/show":
 		if showClean {

diff --git a/go.mod b/go.mod
@@ -43,6 +43,9 @@ require (
 	github.com/invopop/jsonschema v0.7.0
 	github.com/muesli/mango-cobra v1.2.0
 	github.com/muesli/roff v0.1.0
+	github.com/nirasan/go-oauth-pkce-code-verifier v0.0.0-20220510032225-4f9f17eaec4c
+	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
+	github.com/spf13/viper v1.15.0
 	github.com/tomwright/dasel v1.27.3
 	golang.org/x/text v0.10.0
 	golang.org/x/time v0.3.0
@@ -53,7 +56,13 @@ require (
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
+	github.com/spf13/afero v1.9.3 // indirect
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/subosito/gotenv v1.4.2 // indirect
 	github.com/vbatts/tar-split v0.11.3 // indirect
 	go.opentelemetry.io/otel v1.14.0 // indirect
 	go.opentelemetry.io/otel/trace v1.14.0 // indirect
@@ -80,7 +89,7 @@ require (
 	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/alecthomas/chroma v0.9.2 // indirect
-	github.com/armon/go-metrics v0.3.10 // indirect
+	github.com/armon/go-metrics v0.4.0 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect