Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

handle accountKey arg with user and secret #500

Merged
merged 6 commits into from
Dec 10, 2024
Merged

handle accountKey arg with user and secret #500

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
b2d5098
handle accountKey arg with user and secret
mwilde345 Dec 10, 2024
c3b9413
Merge branch 'v3' into fe-6231
mwilde345 Dec 10, 2024
5b8b883
Update src/lib/command-helpers.mjs
mwilde345 Dec 10, 2024
c284bf7
Merge branch 'v3' into fe-6231
mwilde345 Dec 10, 2024
779f7d5
Merge branch 'v3' into fe-6231
mwilde345 Dec 10, 2024
c1b06fb
use camel case
mwilde345 Dec 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 18 additions & 9 deletions src/lib/auth/credentials.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,24 @@
import { DatabaseKeys } from "./databaseKeys.mjs";

const validateCredentialArgs = (argv) => {
if (argv.database && argv.secret && !argv.local) {
throw new ValidationError(
"Cannot use both the '--secret' and '--database' options together. Please specify only one.",
);
} else if (argv.role && argv.secret && !argv.local) {
// The '--role' option is not supported when using a secret. Secrets have an
// implicit role.
throw new ValidationError(
"The '--role' option is not supported when using a '--secret'. Please specify only one.",
const logger = container.resolve("logger");
const illegalArgCombos = [
["accountKey", "secret", "local"],
["secret", "database", "local"],
["secret", "role", "local"],
];
for (const [first, second, conditional] of illegalArgCombos) {
if (argv[first] && argv[second] && !argv[conditional]) {
throw new ValidationError(
`Cannot use both the '--${first}' and '--${second}' options together. Please specify only one.`,
);
}
}

if (argv.user && argv.accountKey) {
logger.debug(
"Both 'user' and 'accountKey' arguments were specified. 'accountKey' will be used to mint database secrets. 'user' will be ignored.",
"creds",
);
}
};
Expand Down Expand Up @@ -54,7 +63,7 @@
this.accountKeys.keyStore.save({
accountKey,
refreshToken,
// TODO: set expiration

Check warning on line 66 in src/lib/auth/credentials.mjs

View workflow job for this annotation

GitHub Actions / lint 

Unexpected 'todo' comment: 'TODO: set expiration'
});
this.accountKeys.key = accountKey;
}
Expand Down
2 changes: 1 addition & 1 deletion src/lib/auth/databaseKeys.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ export class DatabaseKeys {
// argv.secret comes from flag, config, or FAUNA_SECRET
if (argv.secret) {
key = argv.secret;
keySource = "--secret";
keySource = "user";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this is this describing that the source of the key is a user-provided value? Not that specifically the --user arg was provided, correct?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

correct

} else {
key = storedKey;
keySource = "credentials-file";
Expand Down
4 changes: 3 additions & 1 deletion src/lib/command-helpers.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,10 @@ const COMMON_QUERY_OPTIONS = {
},
accountKey: {
type: "string",
description: "The account key to use when calling Fauna",
description:
"Fauna account key used for authentication. Negates the need for a user login. The key is used to generate short-lived database secrets for the CLI. Mutually exclusive with `--user` and `--secret`.",
required: false,
group: "API:",
},
database: {
alias: "d",
Expand Down
2 changes: 1 addition & 1 deletion test/credentials.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ describe("credentials", function () {
databaseKeys: {
role: undefined,
key: "user-secret",
keySource: "--secret",
keySource: "user",
},
},
},
Expand Down
Loading