From 3ea409b96efd279631bc02020e69278a9695fd48 Mon Sep 17 00:00:00 2001 From: pmahindrakar-oss <77798312+pmahindrakar-oss@users.noreply.github.com> Date: Mon, 3 May 2021 10:29:49 +0530 Subject: [PATCH] Oauth support in flytectl (#49) * Using changed flyteidl which contains oauth changes Signed-off-by: Prafulla Mahindrakar * Added zlando keyring as an implementation of tokencache Signed-off-by: Prafulla Mahindrakar * Fixed unit tests Signed-off-by: Prafulla Mahindrakar * Fixed linter issues Signed-off-by: Prafulla Mahindrakar * go mod tidy Signed-off-by: Prafulla Mahindrakar * Update to latest flyteidl Signed-off-by: Haytham Abuelfutuh Signed-off-by: Prafulla Mahindrakar * Update to released flyteidl Signed-off-by: Haytham Abuelfutuh Signed-off-by: Prafulla Mahindrakar Co-authored-by: Haytham Abuelfutuh --- flytectl/cmd/core/cmd.go | 17 +++-- flytectl/cmd/get/project.go | 5 +- flytectl/cmd/root.go | 2 +- flytectl/config.yaml | 5 +- flytectl/go.mod | 4 +- flytectl/go.sum | 20 +++--- .../pkg/pkce/testdata/empty_access_token.json | 6 ++ flytectl/pkg/pkce/testdata/token.json | 6 ++ flytectl/pkg/pkce/token_cache_keyring.go | 58 +++++++++++++++++ flytectl/pkg/pkce/token_cache_keyring_test.go | 64 +++++++++++++++++++ 10 files changed, 163 insertions(+), 24 deletions(-) create mode 100644 flytectl/pkg/pkce/testdata/empty_access_token.json create mode 100644 flytectl/pkg/pkce/testdata/token.json create mode 100644 flytectl/pkg/pkce/token_cache_keyring.go create mode 100644 flytectl/pkg/pkce/token_cache_keyring_test.go diff --git a/flytectl/cmd/core/cmd.go b/flytectl/cmd/core/cmd.go index 0e62c7369d8..27d8d56063f 100644 --- a/flytectl/cmd/core/cmd.go +++ b/flytectl/cmd/core/cmd.go @@ -4,12 +4,12 @@ import ( "context" "fmt" - "github.com/spf13/pflag" - + "github.com/flyteorg/flytectl/cmd/config" + "github.com/flyteorg/flytectl/pkg/pkce" "github.com/flyteorg/flyteidl/clients/go/admin" - "github.com/spf13/cobra" - "github.com/flyteorg/flytectl/cmd/config" + "github.com/spf13/cobra" + "github.com/spf13/pflag" ) type PFlagProvider interface { @@ -57,10 +57,15 @@ func generateCommandFunc(cmdEntry CommandEntry) func(cmd *cobra.Command, args [] return err } - adminClient, err := admin.InitializeAdminClientFromConfig(ctx) + clientSet, err := admin.ClientSetBuilder().WithConfig(admin.GetConfig(ctx)). + WithTokenCache(pkce.TokenCacheKeyringProvider{ + ServiceUser: pkce.KeyRingServiceUser, + ServiceName: pkce.KeyRingServiceName, + }).Build(ctx) if err != nil { return err } - return cmdEntry.CmdFunc(ctx, args, NewCommandContext(adminClient, cmd.OutOrStdout())) + + return cmdEntry.CmdFunc(ctx, args, NewCommandContext(clientSet.AdminClient(), cmd.OutOrStdout())) } } diff --git a/flytectl/cmd/get/project.go b/flytectl/cmd/get/project.go index f89b952d4b7..0fa2f704504 100644 --- a/flytectl/cmd/get/project.go +++ b/flytectl/cmd/get/project.go @@ -67,11 +67,9 @@ func getProjectsFunc(ctx context.Context, args []string, cmdCtx cmdCore.CommandC if err != nil { return err } + if len(args) == 1 { name := args[0] - if err != nil { - return err - } logger.Debugf(ctx, "Retrieved %v projects", len(projects.Projects)) for _, v := range projects.Projects { if v.Name == name { @@ -84,6 +82,7 @@ func getProjectsFunc(ctx context.Context, args []string, cmdCtx cmdCore.CommandC } return nil } + logger.Debugf(ctx, "Retrieved %v projects", len(projects.Projects)) return adminPrinter.Print(config.GetConfig().MustOutputFormat(), projectColumns, ProjectToProtoMessages(projects.Projects)...) } diff --git a/flytectl/cmd/root.go b/flytectl/cmd/root.go index 56a371a75ab..200d6d4115c 100644 --- a/flytectl/cmd/root.go +++ b/flytectl/cmd/root.go @@ -46,7 +46,7 @@ func newRootCmd() *cobra.Command { configAccessor.InitializePflags(rootCmd.PersistentFlags()) - // Due to https://github.com/lyft/flyte/issues/341, project flag will have to be specified as + // Due to https://github.com/flyteorg/flyte/issues/341, project flag will have to be specified as // --root.project, this adds a convenience on top to allow --project to be used rootCmd.PersistentFlags().StringVarP(&(config.GetConfig().Project), "project", "p", "", "Specifies the Flyte project.") rootCmd.PersistentFlags().StringVarP(&(config.GetConfig().Domain), "domain", "d", "", "Specifies the Flyte project's domain.") diff --git a/flytectl/config.yaml b/flytectl/config.yaml index a6b72e57411..a4505fccf69 100644 --- a/flytectl/config.yaml +++ b/flytectl/config.yaml @@ -1,8 +1,7 @@ admin: # For GRPC endpoints you might want to use dns:///flyte.myexample.com - endpoint: dns:///flyte.lyft.net - # endpoint: dns:///flyte.lyft.net - insecure: true + endpoint: dns:///flyte.myexample.com + authType: Pkce logger: show-source: true level: 1 diff --git a/flytectl/go.mod b/flytectl/go.mod index ca000d677b2..cd987f766ac 100644 --- a/flytectl/go.mod +++ b/flytectl/go.mod @@ -4,7 +4,7 @@ go 1.13 require ( github.com/dustin/go-humanize v1.0.0 // indirect - github.com/flyteorg/flyteidl v0.18.32 + github.com/flyteorg/flyteidl v0.18.40 github.com/flyteorg/flytestdlib v0.3.15 github.com/ghodss/yaml v1.0.0 github.com/golang/protobuf v1.4.3 @@ -20,6 +20,8 @@ require ( github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.7.0 github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0 + github.com/zalando/go-keyring v0.1.1 + golang.org/x/oauth2 v0.0.0-20210126194326-f9ce19ea3013 google.golang.org/grpc v1.35.0 google.golang.org/protobuf v1.25.0 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f // indirect diff --git a/flytectl/go.sum b/flytectl/go.sum index 699d774fb8a..a1ceb251bd0 100644 --- a/flytectl/go.sum +++ b/flytectl/go.sum @@ -129,8 +129,6 @@ github.com/coocood/freecache v1.1.1 h1:uukNF7QKCZEdZ9gAV7WQzvh0SbjwdMF6m3x3rxEka github.com/coocood/freecache v1.1.1/go.mod h1:OKrEjkGVoxZhyWAJoeFi5BMLUJm2Tit0kpGkIr7NGYY= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-oidc v2.1.0+incompatible h1:sdJrfw8akMnCuUlaZU3tE/uYXFgfqom8DBE9so9EBsM= -github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= @@ -142,6 +140,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/danieljoos/wincred v1.1.0 h1:3RNcEpBg4IhIChZdFRSdlQt1QjCp1sMAPIrOnm7Yf8g= +github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -173,10 +173,8 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv github.com/fatih/color v1.10.0 h1:s36xzo75JdqLaaWoiEHk767eHiwo0598uUxyfiPkDsg= github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM= github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94= -github.com/flyteorg/flyteidl v0.18.25 h1:XbHwM4G1u5nGAcdKod+ENgbL84cHdNzQIWY+NajuHs8= -github.com/flyteorg/flyteidl v0.18.25/go.mod h1:b5Fq4Z8a5b0mF6pEwTd48ufvikUGVkWSjZiMT0ZtqKI= -github.com/flyteorg/flyteidl v0.18.32 h1:Z+DeBh4i+mZK75lfJwmsHPf23nbsp2Qiv+kCnGMY9Ds= -github.com/flyteorg/flyteidl v0.18.32/go.mod h1:b5Fq4Z8a5b0mF6pEwTd48ufvikUGVkWSjZiMT0ZtqKI= +github.com/flyteorg/flyteidl v0.18.40 h1:YuLBNpIotOFwyLSXSs0aj3B9N9vwPhzLRAQTWxYSI/w= +github.com/flyteorg/flyteidl v0.18.40/go.mod h1:IJD02cc/95QMkGDBJNibsr5aWd6V7TlQiJ8Iz5mVZ28= github.com/flyteorg/flytestdlib v0.3.13/go.mod h1:Tz8JCECAbX6VWGwFT6cmEQ+RJpZ/6L9pswu3fzWs220= github.com/flyteorg/flytestdlib v0.3.15 h1:vzsfqriENyavv6EBwsIm55di2wC+j0jkmjw30JGHAkM= github.com/flyteorg/flytestdlib v0.3.15/go.mod h1:Tz8JCECAbX6VWGwFT6cmEQ+RJpZ/6L9pswu3fzWs220= @@ -214,6 +212,8 @@ github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-test/deep v1.0.7 h1:/VSMRlnY/JSyqxQUzQLKVMAskpY/NZKFA5j2P+0pP2M= github.com/go-test/deep v1.0.7/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8= +github.com/godbus/dbus/v5 v5.0.3 h1:ZqHaoEF7TBzh4jzPmqVhE/5A1z9of6orkAe5uHoAeME= +github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= @@ -466,6 +466,8 @@ github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= +github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4 h1:Qj1ukM4GlMWXNdMBuXcXfz/Kw9s1qm0CLY32QxuSImI= +github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -476,8 +478,6 @@ github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 h1:J9b7z+QKAmPf4YLrFg6oQUotqHQeUNWwkvo7jZp1GLU= -github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= github.com/pquerna/ffjson v0.0.0-20190813045741-dac163c6c0a9/go.mod h1:YARuvh7BUWHNhzDq2OM5tzR2RiCcN2D7sapiKyCel/M= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= @@ -589,6 +589,8 @@ github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/zalando/go-keyring v0.1.1 h1:w2V9lcx/Uj4l+dzAf1m9s+DJ1O8ROkEHnynonHjTcYE= +github.com/zalando/go-keyring v0.1.1/go.mod h1:OIC+OZ28XbmwFxU/Rp9V7eKzZjamBJwRzC8UFJH9+L8= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= @@ -984,8 +986,6 @@ gopkg.in/ini.v1 v1.62.0 h1:duBzk771uxoUuOlyRLkHsygud9+5lrlGjdFBb4mSKDU= gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/kothar/go-backblaze.v0 v0.0.0-20190520213052-702d4e7eb465/go.mod h1:zJ2QpyDCYo1KvLXlmdnFlQAyF/Qfth0fB8239Qg7BIE= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/square/go-jose.v2 v2.4.1 h1:H0TmLt7/KmzlrDOpa1F+zr0Tk90PbJYBfsVUmRLrf9Y= -gopkg.in/square/go-jose.v2 v2.4.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= diff --git a/flytectl/pkg/pkce/testdata/empty_access_token.json b/flytectl/pkg/pkce/testdata/empty_access_token.json new file mode 100644 index 00000000000..474f4762e0a --- /dev/null +++ b/flytectl/pkg/pkce/testdata/empty_access_token.json @@ -0,0 +1,6 @@ +{ + "access_token":"", + "token_type":"bearer", + "refresh_token":"eyJhbGciOiJSUzI1NiIsImtleV9pZCI6IjlLZlNILXphZjRjY1dmTlNPbm91YmZUbnItVW5kMHVuY3ctWF9KNUJVdWciLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiaHR0cHM6Ly9kZW1vLm51Y2x5ZGUuaW8iXSwiY2xpZW50X2lkIjoiZmx5dGVjdGwiLCJleHAiOjE2MTk1MzM1MjcsImZvcm0iOnsiY29kZV9jaGFsbGVuZ2UiOiJ2bWNxazArZnJRS3Vvb2FMUHZwUDJCeUtod2VKR2VaeG1mdGtkMml0T042Tk13SVBQNWwySmNpWDd3NTdlaS9iVW1LTWhPSjJVUERnK0F5RXRaTG94SFJiMDl1cWRKSSIsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6IlN2WEgyeDh2UDUrSkJxQ0NjT2dCL0hNWjdLSmE3bkdLMDBaUVA0ekd4WGcifSwiaWF0IjoxNjE5NTAyNTM1LCJpc3MiOiJodHRwczovL2RlbW8ubnVjbHlkZS5pbyIsImp0aSI6IjQzMTM1ZWY2LTA5NjEtNGFlZC1hOTYxLWQyZGI1YWJmM2U1YyIsInNjcCI6WyJvZmZsaW5lIiwiZi5hbGwiLCJhY2Nlc3NfdG9rZW4iXSwic3ViIjoiMTE0NTI3ODE1MzA1MTI4OTc0NDcwIiwidXNlcl9pbmZvIjp7ImZhbWlseV9uYW1lIjoiTWFoaW5kcmFrYXIiLCJnaXZlbl9uYW1lIjoiUHJhZnVsbGEiLCJuYW1lIjoiUHJhZnVsbGEgTWFoaW5kcmFrYXIiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDMuZ29vZ2xldXNlcmNvbnRlbnQuY29tL2EtL0FPaDE0R2p1VDFrOC04YTV2QkdPSUYxYURnaFltRng4aEQ5S05pUjVqblp1PXM5Ni1jIiwic3ViamVjdCI6IjExNDUyNzgxNTMwNTEyODk3NDQ3MCJ9fQ.YKom5-gE4e84rJJIfxcpbMzgjZT33UZ27UTa1y8pK2BAWaPjIZtwudwDHQ5Rd3m0mJJWhBp0j0e8h9DvzBUdpsnGMXSCYKP-ag9y9k5OW59FMm9RqIakWHtj6NPnxGO1jAsaNCYePj8knR7pBLCLCse2taDHUJ8RU1F0DeHNr2y-JupgG5y1vjBcb-9eD8OwOSTp686_hm7XoJlxiKx8dj2O7HPH7M2pAHA_0bVrKKj7Y_s3fRhkm_Aq6LRdA-IiTl9xJQxgVUreejls9-RR9mSTKj6A81-Isz3qAUttVVaA4OT5OdW879_yT7OSLw_QwpXzNZ7qOR7OIpmL_xZXig", + "expiry":"2021-04-27T19:55:26.658635+05:30" +} \ No newline at end of file diff --git a/flytectl/pkg/pkce/testdata/token.json b/flytectl/pkg/pkce/testdata/token.json new file mode 100644 index 00000000000..721cecc5f6d --- /dev/null +++ b/flytectl/pkg/pkce/testdata/token.json @@ -0,0 +1,6 @@ +{ + "access_token":"eyJhbGciOiJSUzI1NiIsImtleV9pZCI6IjlLZlNILXphZjRjY1dmTlNPbm91YmZUbnItVW5kMHVuY3ctWF9KNUJVdWciLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiaHR0cHM6Ly9kZW1vLm51Y2x5ZGUuaW8iXSwiY2xpZW50X2lkIjoiZmx5dGVjdGwiLCJleHAiOjE2MTk1Mjk5MjcsImZvcm0iOnsiY29kZV9jaGFsbGVuZ2UiOiJ2bWNxazArZnJRS3Vvb2FMUHZwUDJCeUtod2VKR2VaeG1mdGtkMml0T042Tk13SVBQNWwySmNpWDd3NTdlaS9iVW1LTWhPSjJVUERnK0F5RXRaTG94SFJiMDl1cWRKSSIsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6IlN2WEgyeDh2UDUrSkJxQ0NjT2dCL0hNWjdLSmE3bkdLMDBaUVA0ekd4WGcifSwiaWF0IjoxNjE5NTAyNTM1LCJpc3MiOiJodHRwczovL2RlbW8ubnVjbHlkZS5pbyIsImp0aSI6IjQzMTM1ZWY2LTA5NjEtNGFlZC1hOTYxLWQyZGI1YWJmM2U1YyIsInNjcCI6WyJvZmZsaW5lIiwiYWxsIiwiYWNjZXNzX3Rva2VuIl0sInN1YiI6IjExNDUyNzgxNTMwNTEyODk3NDQ3MCIsInVzZXJfaW5mbyI6eyJmYW1pbHlfbmFtZSI6Ik1haGluZHJha2FyIiwiZ2l2ZW5fbmFtZSI6IlByYWZ1bGxhIiwibmFtZSI6IlByYWZ1bGxhIE1haGluZHJha2FyIiwicGljdHVyZSI6Imh0dHBzOi8vbGgzLmdvb2dsZXVzZXJjb250ZW50LmNvbS9hLS9BT2gxNEdqdVQxazgtOGE1dkJHT0lGMWFEZ2hZbUZ4OGhEOUtOaVI1am5adT1zOTYtYyIsInN1YmplY3QiOiIxMTQ1Mjc4MTUzMDUxMjg5NzQ0NzAifX0.ojbUOy2tF6HL8fIp1FJAQchU2MimlVMr3EGVPxMvYyahpW5YsWh6mz7qn4vpEnBuYZDf6cTaN50pJ8krlDX9RqtxF3iEfV2ZYHwyKMThI9sWh_kEBgGwUpyHyk98ZeqQX1uFOH3iwwhR-lPPUlpgdFGzKsxfxeFLOtu1y0V7BgA08KFqgYzl0lJqDYWBkJh_wUAv5g_r0NzSQCsMqb-B3Lno5ScMnlA3SZ_Hg-XdW8hnFIlrwJj4Cv47j3fcZxpqLbTNDXWWogmRbJb3YPlgn_LEnRAyZnFERHKMCE9vaBSTu-1Qstp-gRTORjyV7l3y680dEygQS-99KV3OSBlz6g", + "token_type":"bearer", + "refresh_token":"eyJhbGciOiJSUzI1NiIsImtleV9pZCI6IjlLZlNILXphZjRjY1dmTlNPbm91YmZUbnItVW5kMHVuY3ctWF9KNUJVdWciLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiaHR0cHM6Ly9kZW1vLm51Y2x5ZGUuaW8iXSwiY2xpZW50X2lkIjoiZmx5dGVjdGwiLCJleHAiOjE2MTk1MzM1MjcsImZvcm0iOnsiY29kZV9jaGFsbGVuZ2UiOiJ2bWNxazArZnJRS3Vvb2FMUHZwUDJCeUtod2VKR2VaeG1mdGtkMml0T042Tk13SVBQNWwySmNpWDd3NTdlaS9iVW1LTWhPSjJVUERnK0F5RXRaTG94SFJiMDl1cWRKSSIsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6IlN2WEgyeDh2UDUrSkJxQ0NjT2dCL0hNWjdLSmE3bkdLMDBaUVA0ekd4WGcifSwiaWF0IjoxNjE5NTAyNTM1LCJpc3MiOiJodHRwczovL2RlbW8ubnVjbHlkZS5pbyIsImp0aSI6IjQzMTM1ZWY2LTA5NjEtNGFlZC1hOTYxLWQyZGI1YWJmM2U1YyIsInNjcCI6WyJvZmZsaW5lIiwiZi5hbGwiLCJhY2Nlc3NfdG9rZW4iXSwic3ViIjoiMTE0NTI3ODE1MzA1MTI4OTc0NDcwIiwidXNlcl9pbmZvIjp7ImZhbWlseV9uYW1lIjoiTWFoaW5kcmFrYXIiLCJnaXZlbl9uYW1lIjoiUHJhZnVsbGEiLCJuYW1lIjoiUHJhZnVsbGEgTWFoaW5kcmFrYXIiLCJwaWN0dXJlIjoiaHR0cHM6Ly9saDMuZ29vZ2xldXNlcmNvbnRlbnQuY29tL2EtL0FPaDE0R2p1VDFrOC04YTV2QkdPSUYxYURnaFltRng4aEQ5S05pUjVqblp1PXM5Ni1jIiwic3ViamVjdCI6IjExNDUyNzgxNTMwNTEyODk3NDQ3MCJ9fQ.YKom5-gE4e84rJJIfxcpbMzgjZT33UZ27UTa1y8pK2BAWaPjIZtwudwDHQ5Rd3m0mJJWhBp0j0e8h9DvzBUdpsnGMXSCYKP-ag9y9k5OW59FMm9RqIakWHtj6NPnxGO1jAsaNCYePj8knR7pBLCLCse2taDHUJ8RU1F0DeHNr2y-JupgG5y1vjBcb-9eD8OwOSTp686_hm7XoJlxiKx8dj2O7HPH7M2pAHA_0bVrKKj7Y_s3fRhkm_Aq6LRdA-IiTl9xJQxgVUreejls9-RR9mSTKj6A81-Isz3qAUttVVaA4OT5OdW879_yT7OSLw_QwpXzNZ7qOR7OIpmL_xZXig", + "expiry":"2021-04-27T19:55:26.658635+05:30" +} \ No newline at end of file diff --git a/flytectl/pkg/pkce/token_cache_keyring.go b/flytectl/pkg/pkce/token_cache_keyring.go new file mode 100644 index 00000000000..119fea50335 --- /dev/null +++ b/flytectl/pkg/pkce/token_cache_keyring.go @@ -0,0 +1,58 @@ +package pkce + +import ( + "encoding/json" + "fmt" + + "github.com/zalando/go-keyring" + "golang.org/x/oauth2" +) + +// TokenCacheKeyringProvider wraps the logic to save and retrieve tokens from the OS's keyring implementation. +type TokenCacheKeyringProvider struct { + ServiceName string + ServiceUser string +} + +const ( + KeyRingServiceUser = "flytectl-user" + KeyRingServiceName = "flytectl" +) + +func (t TokenCacheKeyringProvider) SaveToken(token *oauth2.Token) error { + var tokenBytes []byte + if token.AccessToken == "" { + return fmt.Errorf("cannot save empty token with expiration %v", token.Expiry) + } + + var err error + if tokenBytes, err = json.Marshal(token); err != nil { + return fmt.Errorf("unable to marshal token to save in cache due to %w", err) + } + + // set token in keyring + if err = keyring.Set(t.ServiceName, t.ServiceUser, string(tokenBytes)); err != nil { + return fmt.Errorf("unable to save token. Error: %w", err) + } + + return nil +} + +func (t TokenCacheKeyringProvider) GetToken() (*oauth2.Token, error) { + // get saved token + tokenJSON, err := keyring.Get(t.ServiceName, t.ServiceUser) + if len(tokenJSON) == 0 { + return nil, fmt.Errorf("no token found in the cache") + } + + if err != nil { + return nil, err + } + + token := oauth2.Token{} + if err = json.Unmarshal([]byte(tokenJSON), &token); err != nil { + return nil, fmt.Errorf("unmarshalling error for saved token. Error: %w", err) + } + + return &token, nil +} diff --git a/flytectl/pkg/pkce/token_cache_keyring_test.go b/flytectl/pkg/pkce/token_cache_keyring_test.go new file mode 100644 index 00000000000..11946b677db --- /dev/null +++ b/flytectl/pkg/pkce/token_cache_keyring_test.go @@ -0,0 +1,64 @@ +package pkce + +import ( + "encoding/json" + "io/ioutil" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/zalando/go-keyring" + "golang.org/x/oauth2" +) + +func TestSaveAndGetToken(t *testing.T) { + keyring.MockInit() + tokenCacheProvider := TokenCacheKeyringProvider{ + ServiceUser: "testServiceUser", + ServiceName: "testServiceName", + } + + t.Run("Valid Save/Get Token", func(t *testing.T) { + plan, _ := ioutil.ReadFile("testdata/token.json") + var tokenData oauth2.Token + err := json.Unmarshal(plan, &tokenData) + assert.NoError(t, err) + err = tokenCacheProvider.SaveToken(&tokenData) + assert.NoError(t, err) + var savedToken *oauth2.Token + savedToken, err = tokenCacheProvider.GetToken() + assert.NoError(t, err) + assert.NotNil(t, savedToken) + assert.Equal(t, tokenData.AccessToken, savedToken.AccessToken) + assert.Equal(t, tokenData.TokenType, savedToken.TokenType) + assert.Equal(t, tokenData.Expiry, savedToken.Expiry) + }) + + t.Run("Empty access token Save", func(t *testing.T) { + plan, _ := ioutil.ReadFile("testdata/empty_access_token.json") + var tokenData oauth2.Token + var err error + err = json.Unmarshal(plan, &tokenData) + assert.NoError(t, err) + + err = tokenCacheProvider.SaveToken(&tokenData) + assert.Error(t, err) + }) + + t.Run("Different service name", func(t *testing.T) { + plan, _ := ioutil.ReadFile("testdata/token.json") + var tokenData oauth2.Token + err := json.Unmarshal(plan, &tokenData) + assert.NoError(t, err) + err = tokenCacheProvider.SaveToken(&tokenData) + assert.NoError(t, err) + tokenCacheProvider2 := TokenCacheKeyringProvider{ + ServiceUser: "testServiceUser2", + ServiceName: "testServiceName2", + } + + var savedToken *oauth2.Token + savedToken, err = tokenCacheProvider2.GetToken() + assert.Error(t, err) + assert.Nil(t, savedToken) + }) +}