From b2d5098a8fbf31ef0d426c299b60a3994ab433c7 Mon Sep 17 00:00:00 2001 From: Matt Wilde Date: Tue, 10 Dec 2024 13:12:10 -0500 Subject: [PATCH 1/3] handle accountKey arg with user and secret --- src/lib/auth/credentials.mjs | 27 ++++++++++++++++++--------- src/lib/auth/databaseKeys.mjs | 2 +- src/lib/command-helpers.mjs | 4 +++- test/credentials.mjs | 2 +- 4 files changed, 23 insertions(+), 12 deletions(-) diff --git a/src/lib/auth/credentials.mjs b/src/lib/auth/credentials.mjs index 6f8122a4..0abaa595 100644 --- a/src/lib/auth/credentials.mjs +++ b/src/lib/auth/credentials.mjs @@ -7,15 +7,24 @@ import { AccountKeys } from "./accountKeys.mjs"; import { DatabaseKeys } from "./databaseKeys.mjs"; const validateCredentialArgs = (argv) => { - if (argv.database && argv.secret && !argv.local) { - throw new ValidationError( - "Cannot use both the '--secret' and '--database' options together. Please specify only one.", - ); - } else if (argv.role && argv.secret && !argv.local) { - // The '--role' option is not supported when using a secret. Secrets have an - // implicit role. - throw new ValidationError( - "The '--role' option is not supported when using a '--secret'. Please specify only one.", + const logger = container.resolve("logger"); + const illegalArgCombos = [ + ["accountKey", "secret", "local"], + ["secret", "database", "local"], + ["secret", "role", "local"], + ]; + for (const [first, second, conditional] of illegalArgCombos) { + if (argv[first] && argv[second] && !argv[conditional]) { + throw new ValidationError( + `Cannot use both the '--${first}' and '--${second}' options together. Please specify only one.`, + ); + } + } + + if (argv.user && argv.accountKey) { + logger.debug( + "Both 'user' and 'account-key' arguments were specified. 'account-key' will be used to mint database secrets. 'user' will be ignored.", + "creds", ); } }; diff --git a/src/lib/auth/databaseKeys.mjs b/src/lib/auth/databaseKeys.mjs index 44a82000..f62a552c 100644 --- a/src/lib/auth/databaseKeys.mjs +++ b/src/lib/auth/databaseKeys.mjs @@ -50,7 +50,7 @@ export class DatabaseKeys { // argv.secret comes from flag, config, or FAUNA_SECRET if (argv.secret) { key = argv.secret; - keySource = "--secret"; + keySource = "user"; } else { key = storedKey; keySource = "credentials-file"; diff --git a/src/lib/command-helpers.mjs b/src/lib/command-helpers.mjs index ce508eff..a83d7d88 100644 --- a/src/lib/command-helpers.mjs +++ b/src/lib/command-helpers.mjs @@ -54,8 +54,10 @@ const COMMON_QUERY_OPTIONS = { }, accountKey: { type: "string", - description: "The account key to use when calling Fauna", + description: + "The key to use for calling the Fauna Account API. Providing an account key will negate the need for a user login. The key will be used to generate short-lived database secrets. Cannot be used with --user or --secret.", required: false, + group: "API:", }, database: { alias: "d", diff --git a/test/credentials.mjs b/test/credentials.mjs index 61551410..2ec749f4 100644 --- a/test/credentials.mjs +++ b/test/credentials.mjs @@ -95,7 +95,7 @@ describe("credentials", function () { databaseKeys: { role: undefined, key: "user-secret", - keySource: "--secret", + keySource: "user", }, }, }, From 5b8b8833dacee24de728b957646ab9fe564ac963 Mon Sep 17 00:00:00 2001 From: Matthew Wilde Date: Tue, 10 Dec 2024 16:05:51 -0500 Subject: [PATCH 2/3] Update src/lib/command-helpers.mjs Co-authored-by: James Rodewig --- src/lib/command-helpers.mjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/command-helpers.mjs b/src/lib/command-helpers.mjs index a83d7d88..8e594790 100644 --- a/src/lib/command-helpers.mjs +++ b/src/lib/command-helpers.mjs @@ -55,7 +55,7 @@ const COMMON_QUERY_OPTIONS = { accountKey: { type: "string", description: - "The key to use for calling the Fauna Account API. Providing an account key will negate the need for a user login. The key will be used to generate short-lived database secrets. Cannot be used with --user or --secret.", + "Fauna account key used for authentication. Negates the need for a user login. The key is used to generate short-lived database secrets for the CLI. Mutually exclusive with `--user` and `--secret`.", required: false, group: "API:", }, From c1b06fb2363884014cc605d5457146ae164f9a9e Mon Sep 17 00:00:00 2001 From: Matt Wilde Date: Tue, 10 Dec 2024 16:25:50 -0500 Subject: [PATCH 3/3] use camel case --- src/lib/auth/credentials.mjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/auth/credentials.mjs b/src/lib/auth/credentials.mjs index 0abaa595..160d3b33 100644 --- a/src/lib/auth/credentials.mjs +++ b/src/lib/auth/credentials.mjs @@ -23,7 +23,7 @@ const validateCredentialArgs = (argv) => { if (argv.user && argv.accountKey) { logger.debug( - "Both 'user' and 'account-key' arguments were specified. 'account-key' will be used to mint database secrets. 'user' will be ignored.", + "Both 'user' and 'accountKey' arguments were specified. 'accountKey' will be used to mint database secrets. 'user' will be ignored.", "creds", ); }