handle accountKey arg with user and secret (#500)

* handle accountKey arg with user and secret * Update src/lib/command-helpers.mjs Co-authored-by: James Rodewig <[email protected]> * use camel case --------- Co-authored-by: James Rodewig <[email protected]>
fauna · Dec 10, 2024 · 42d02d6 · 42d02d6
1 parent 4eed51c
commit 42d02d6
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 12 deletions.
diff --git a/src/lib/auth/credentials.mjs b/src/lib/auth/credentials.mjs
@@ -7,15 +7,24 @@ import { AccountKeys } from "./accountKeys.mjs";
 import { DatabaseKeys } from "./databaseKeys.mjs";
 
 const validateCredentialArgs = (argv) => {
-  if (argv.database && argv.secret && !argv.local) {
-    throw new ValidationError(
-      "Cannot use both the '--secret' and '--database' options together. Please specify only one.",
-    );
-  } else if (argv.role && argv.secret && !argv.local) {
-    // The '--role' option is not supported when using a secret. Secrets have an
-    // implicit role.
-    throw new ValidationError(
-      "The '--role' option is not supported when using a '--secret'. Please specify only one.",
+  const logger = container.resolve("logger");
+  const illegalArgCombos = [
+    ["accountKey", "secret", "local"],
+    ["secret", "database", "local"],
+    ["secret", "role", "local"],
+  ];
+  for (const [first, second, conditional] of illegalArgCombos) {
+    if (argv[first] && argv[second] && !argv[conditional]) {
+      throw new ValidationError(
+        `Cannot use both the '--${first}' and '--${second}' options together. Please specify only one.`,
+      );
+    }
+  }
+
+  if (argv.user && argv.accountKey) {
+    logger.debug(
+      "Both 'user' and 'accountKey' arguments were specified. 'accountKey' will be used to mint database secrets. 'user' will be ignored.",
+      "creds",
     );
   }
 };

diff --git a/src/lib/auth/databaseKeys.mjs b/src/lib/auth/databaseKeys.mjs
@@ -50,7 +50,7 @@ export class DatabaseKeys {
     // argv.secret comes from flag, config, or FAUNA_SECRET
     if (argv.secret) {
       key = argv.secret;
-      keySource = "--secret";
+      keySource = "user";
     } else {
       key = storedKey;
       keySource = "credentials-file";

diff --git a/src/lib/command-helpers.mjs b/src/lib/command-helpers.mjs
@@ -57,8 +57,10 @@ const COMMON_QUERY_OPTIONS = {
   },
   accountKey: {
     type: "string",
-    description: "The account key to use when calling Fauna",
+    description:
+      "Fauna account key used for authentication. Negates the need for a user login. The key is used to generate short-lived database secrets for the CLI. Mutually exclusive with `--user` and `--secret`.",
     required: false,
+    group: "API:",
   },
   database: {
     alias: "d",

diff --git a/test/credentials.mjs b/test/credentials.mjs
@@ -95,7 +95,7 @@ describe("credentials", function () {
           databaseKeys: {
             role: undefined,
             key: "user-secret",
-            keySource: "--secret",
+            keySource: "user",
           },
         },
       },