Google Git
Sign in
apache/openserverless-cli/refs/heads/main/./auth/login.go
blob: 4d5d82e61589d9bb217ee362f92b9116431bf79c [file] [log] [blame]
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package auth
import (
"bytes"
"encoding/json"
"errors"
"flag"
"fmt"
"io"
"log"
"net/http"
"os"
"path/filepath"
"strings"
"github.com/apache/openserverless-cli/config"
"github.com/zalando/go-keyring"
)
type LoginResult struct {
Login string
Auth string
ApiHost string
}
const usage = `Usage:
ops -login <apihost> [<user>]
Login to an OpenServerless instance. If no user is specified, the default user "nuvolaris" is used.
You can set the environment variables OPS_APIHOST and OPS_USER to avoid specifying them on the command line.
You can set OPS_PASSWORD to avoid entering the password interactively.
Options:
-h, --help Show usage`
const whiskLoginPath = "/api/v1/web/whisk-system/nuv/login"
const defaultUser = "nuvolaris"
const opsSecretServiceName = "nuvolaris"
func LoginCmd() (*LoginResult, error) {
// enable log output if requested
if os.Getenv("DEBUG")+os.Getenv("TRACE") != "" {
log.SetOutput(os.Stdout)
}
flag := flag.NewFlagSet("-login", flag.ExitOnError)
flag.Usage = func() {
fmt.Println(usage)
}
var helpFlag bool
flag.BoolVar(&helpFlag, "h", false, "Show usage")
flag.BoolVar(&helpFlag, "help", false, "Show usage")
err := flag.Parse(os.Args[1:])
if err != nil {
return nil, err
}
if helpFlag {
flag.Usage()
return nil, nil
}
args := flag.Args()
if len(args) == 0 && os.Getenv("OPS_APIHOST") == "" {
flag.Usage()
return nil, errors.New("missing apihost")
}
apihost := os.Getenv("OPS_APIHOST")
if apihost == "" {
apihost = args[0]
}
url := apihost + whiskLoginPath
apihost = ensureSchema(apihost)
// try to get the user from the environment
user := os.Getenv("OPS_USER")
if user == "" {
// if env var not set, try to get it from the command line
if os.Getenv("OPS_APIHOST") != "" {
// if apihost env var was set, treat the first arg as the user
if len(args) > 0 {
user = args[0]
}
} else {
// if apihost env var was not set, treat the second arg as the user
if len(args) > 1 {
user = args[1]
}
}
}
// if still not set, use the default user
if user == "" {
fmt.Println("Using the default user:", defaultUser)
user = defaultUser
}
fmt.Println("Logging in", apihost, "as", user)
password := os.Getenv("OPS_PASSWORD")
if password == "" {
fmt.Print("Enter Password: ")
pwd, err := AskPassword()
if err != nil {
return nil, err
}
password = pwd
fmt.Println()
}
creds, err := doLogin(url, user, password)
if err != nil {
return nil, err
}
if _, ok := creds["AUTH"]; !ok {
return nil, errors.New("missing AUTH token from login response")
}
opsHome := os.Getenv("OPS_HOME")
if opsHome == "" {
return nil, fmt.Errorf("OPS_HOME not defined")
}
configMap, err := config.NewConfigMapBuilder().
WithConfigJson(filepath.Join(opsHome, "config.json")).
Build()
if err != nil {
return nil, err
}
for k, v := range creds {
if err := configMap.Insert(k, v); err != nil {
return nil, err
}
}
if err := configMap.Insert("STATUS_LOGGED_USER", user); err != nil {
log.Println("[Warning] Failed to insert STATUS_LOGGED_USER")
}
err = configMap.SaveConfig()
if err != nil {
return nil, err
}
// if err := storeCredentials(creds); err != nil {
// return nil, err
// }
// auth, err := keyring.Get(opsSecretServiceName, "AUTH")
// if err != nil {
// return nil, err
// }
return &LoginResult{
Login: user,
Auth: creds["AUTH"],
ApiHost: apihost,
}, nil
}
func ensureSchema(apihost string) string {
if !strings.HasPrefix(apihost, "http://") && !strings.HasPrefix(apihost, "https://") {
if apihost == "localhost" {
apihost = "http://" + apihost
} else {
apihost = "https://" + apihost
}
}
return apihost
}
func doLogin(url, user, password string) (map[string]string, error) {
data := map[string]string{
"login": user,
"password": password,
}
loginJson, err := json.Marshal(data)
if err != nil {
return nil, err
}
resp, err := http.Post(url, "application/json", bytes.NewBuffer(loginJson))
if err != nil {
return nil, err
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
body, err := io.ReadAll(resp.Body)
if err != nil {
return nil, fmt.Errorf("login failed with status code %d", resp.StatusCode)
}
return nil, fmt.Errorf("login failed (%d): %s", resp.StatusCode, string(body))
}
var creds map[string]string
err = json.NewDecoder(resp.Body).Decode(&creds)
if err != nil {
return nil, errors.New("failed to decode response from login request")
}
return creds, nil
}
func storeCredentials(creds map[string]string) error {
for k, v := range creds {
err := keyring.Set(opsSecretServiceName, k, v)
if err != nil {
return err
}
}
return nil
}