feat: add profile support for cli (#289)

Co-authored-by: Jake Van Vorhis <[email protected]>

cmd/auth-clearCachedCredentials.go

@@ -1,39 +1,11 @@
 package cmd
 
 import (
-	"fmt"
-
-	"github.com/opentdf/otdfctl/pkg/cli"
-	"github.com/opentdf/otdfctl/pkg/handlers"
 	"github.com/opentdf/otdfctl/pkg/man"
-	"github.com/spf13/cobra"
-)
-
-var auth_clearClientCredentialsCmd = man.Docs.GetCommand("auth/clear-client-credentials",
-	man.WithRun(auth_clearCreds),
-	man.WithHiddenFlags("with-client-creds", "with-client-creds-file"),
 )
 
-func auth_clearCreds(cmd *cobra.Command, args []string) {
-	flagHelper := cli.NewFlagHelper(cmd)
-	host := flagHelper.GetRequiredString("host")
-
-	p := cli.NewPrinter(true)
-
-	p.Printf("Clearing cached client credentials for %s... ", host)
-	if err := handlers.NewKeyring(host).DeleteClientCredentials(); err != nil {
-		fmt.Println("failed")
-		cli.ExitWithError("Failed to clear cached client credentials", err)
-	}
-	p.Println("ok")
-}
+var auth_clearClientCredentialsCmd = man.Docs.GetCommand("auth/clear-client-credentials")
 
 func init() {
-	auth_clearClientCredentialsCmd.Flags().String(
-		auth_clearClientCredentialsCmd.GetDocFlag("all").Name,
-		auth_clearClientCredentialsCmd.GetDocFlag("all").Description,
-		auth_clearClientCredentialsCmd.GetDocFlag("all").Default,
-	)
-
 	authCmd.AddCommand(&auth_clearClientCredentialsCmd.Command)
 }

cmd/auth-clientCredentials.go

@@ -3,9 +3,10 @@ package cmd
 import (
 	"fmt"
 
+	"github.com/opentdf/otdfctl/pkg/auth"
 	"github.com/opentdf/otdfctl/pkg/cli"
-	"github.com/opentdf/otdfctl/pkg/handlers"
 	"github.com/opentdf/otdfctl/pkg/man"
+	"github.com/opentdf/otdfctl/pkg/profiles"
 	"github.com/spf13/cobra"
 )
 
@@ -15,39 +16,47 @@ var clientCredentialsCmd = man.Docs.GetCommand("auth/client-credentials",
 )
 
 func auth_clientCredentials(cmd *cobra.Command, args []string) {
-	var c handlers.ClientCredentials
-
-	flagHelper := cli.NewFlagHelper(cmd)
-	host := flagHelper.GetRequiredString("host")
-	tlsNoVerify := flagHelper.GetOptionalBool("tls-no-verify")
+	cp := InitProfile(cmd, false)
 
 	p := cli.NewPrinter(true)
 
+	var clientId string
+	var clientSecret string
+
 	if len(args) > 0 {
-		c.ClientId = args[0]
+		clientId = args[0]
 	}
 	if len(args) > 1 {
-		c.ClientSecret = args[1]
+		clientSecret = args[1]
 	}
 
-	if c.ClientId == "" {
-		c.ClientId = cli.AskForInput("Enter client id: ")
+	if clientId == "" {
+		clientId = cli.AskForInput("Enter client id: ")
 	}
-	if c.ClientSecret == "" {
-		c.ClientSecret = cli.AskForSecret("Enter client secret: ")
+	if clientSecret == "" {
+		clientSecret = cli.AskForSecret("Enter client secret: ")
 	}
 
-	p.Printf("Logging in with client ID and secret for %s... ", host)
-	if _, err := handlers.GetTokenWithClientCreds(cmd.Context(), host, c, tlsNoVerify); err != nil {
+	// Set the client credentials
+	cp.SetAuthCredentials(profiles.AuthCredentials{
+		AuthType:     profiles.PROFILE_AUTH_TYPE_CLIENT_CREDENTIALS,
+		ClientId:     clientId,
+		ClientSecret: clientSecret,
+	})
+
+	// Validate the client credentials
+	p.Printf("Validating client credentials for %s... ", cp.GetEndpoint())
+	if err := auth.ValidateProfileAuthCredentials(cmd.Context(), cp); err != nil {
 		fmt.Println("failed")
 		cli.ExitWithError("An error occurred during login. Please check your credentials and try again", err)
 	}
 	p.Println("ok")
 
+	// Save the client credentials
 	p.Print("Storing client ID and secret in keyring... ")
-	if err := handlers.NewKeyring(host).SetClientCredentials(c); err != nil {
+	if err := cp.Save(); err != nil {
 		fmt.Println("failed")
-		cli.ExitWithError("Failed to cache client credentials", err)
+		cli.ExitWithError("An error occurred while storing client credentials", err)
 	}
 	p.Println("ok")
 }

cmd/auth-code.go

@@ -3,8 +3,8 @@ package cmd
 import (
 	"fmt"
 
+	"github.com/opentdf/otdfctl/pkg/auth"
 	"github.com/opentdf/otdfctl/pkg/cli"
-	"github.com/opentdf/otdfctl/pkg/handlers"
 	"github.com/opentdf/otdfctl/pkg/man"
 	"github.com/spf13/cobra"
 )
@@ -19,14 +19,14 @@ func auth_codeLogin(cmd *cobra.Command, args []string) {
 
 	printer := cli.NewPrinter(!noCacheCreds)
 
-	tok, err := handlers.LoginWithPKCE(host, clientID, tlsNoVerify, noCacheCreds)
+	tok, err := auth.LoginWithPKCE(host, clientID, tlsNoVerify)
 	if err != nil {
 		cli.ExitWithError("could not authenticate", err)
 	}
 	if noCacheCreds {
 		fmt.Print(tok.AccessToken)
 	}
-	// TODO: set to the keyring/profile here
+
 	printer.Println(cli.SuccessMessage("Successfully logged in with auth code PKCE flow. Credentials cached on native OS."))
 }
 

cmd/auth-printAccessToken.go

@@ -1,46 +1,42 @@
 package cmd
 
 import (
-	"context"
 	"encoding/json"
 	"fmt"
 
+	"github.com/opentdf/otdfctl/pkg/auth"
 	"github.com/opentdf/otdfctl/pkg/cli"
-	"github.com/opentdf/otdfctl/pkg/handlers"
 	"github.com/opentdf/otdfctl/pkg/man"
+	"github.com/opentdf/otdfctl/pkg/profiles"
 	"github.com/spf13/cobra"
+	"golang.org/x/oauth2"
 )
 
 var auth_printAccessTokenCmd = man.Docs.GetCommand("auth/print-access-token",
-	man.WithRun(auth_printAccessToken),
-)
+	man.WithRun(auth_printAccessToken))
 
 func auth_printAccessToken(cmd *cobra.Command, args []string) {
 	flagHelper := cli.NewFlagHelper(cmd)
-	host := flagHelper.GetRequiredString("host")
 	jsonOut := flagHelper.GetOptionalBool("json")
 
+	cp := InitProfile(cmd, false)
+
 	printEnabled := !jsonOut
 	p := cli.NewPrinter(printEnabled)
 
-	p.Printf("Getting stored client credentials for %s... ", host)
-	clientCredentials, err := handlers.NewKeyring(host).GetClientCredentials()
-	if err != nil {
-		p.Println("failed")
-		cli.ExitWithError("Client credentials not found. Please use `auth client-credentials` to set them", err)
-	}
-	p.Println("ok")
-
-	p.Printf("Getting access token for %s... ", clientCredentials.ClientId)
-	tok, err := handlers.GetTokenWithClientCreds(
-		context.Background(),
-		host,
-		clientCredentials,
-		flagHelper.GetOptionalBool("tls-no-verify"),
-	)
-	if err != nil {
-		p.Println("failed")
-		cli.ExitWithError("Failed to get token", err)
+	var tok *oauth2.Token
+	ac := cp.GetAuthCredentials()
+	switch ac.AuthType {
+	case profiles.PROFILE_AUTH_TYPE_CLIENT_CREDENTIALS:
+		var err error
+		p.Printf("Getting access token for %s... ", ac.ClientId)
+		tok, err = auth.GetTokenWithProfile(cmd.Context(), cp)
+		if err != nil {
+			p.Println("failed")
+			cli.ExitWithError("Failed to get token", err)
+		}
+	default:
+		cli.ExitWithError("Invalid auth type", nil)
 	}
 	p.Println("ok")
 	p.Printf("Access Token: %s\n", tok.AccessToken)

cmd/dev.go

@@ -2,7 +2,6 @@ package cmd
 
 import (
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io"
 	"os"
@@ -11,7 +10,6 @@ import (
 	"github.com/evertras/bubble-table/table"
 	"github.com/opentdf/otdfctl/pkg/cli"
 	"github.com/opentdf/otdfctl/pkg/config"
-	"github.com/opentdf/otdfctl/pkg/handlers"
 	"github.com/opentdf/otdfctl/pkg/man"
 	"github.com/opentdf/platform/protocol/go/common"
 	"github.com/spf13/cobra"
@@ -159,30 +157,6 @@ func readBytesFromFile(filePath string) []byte {
 	return bytes
 }
 
-// instantiates a new handler with authentication via client credentials
-func NewHandler(cmd *cobra.Command) handlers.Handler {
-	flag := cli.NewFlagHelper(cmd)
-	host := flag.GetRequiredString("host")
-	tlsNoVerify := flag.GetOptionalBool("tls-no-verify")
-	clientCredsFile := flag.GetOptionalString("with-client-creds-file")
-	clientCredsJSON := flag.GetOptionalString("with-client-creds")
-
-	// Get any credentials we can from the cache or flags
-	creds, err := handlers.GetClientCreds(host, clientCredsFile, []byte(clientCredsJSON))
-	if err != nil {
-		cli.ExitWithError("Failed to get client credentials", err)
-	}
-
-	h, err := handlers.NewWithCredentials(host, creds.ClientId, creds.ClientSecret, tlsNoVerify)
-	if err != nil {
-		if errors.Is(err, handlers.ErrUnauthenticated) {
-			cli.ExitWithError(fmt.Sprintf("Not logged in. Please authenticate via CLI auth flow(s) before using command (%s %s)", cmd.Parent().Use, cmd.Use), err)
-		}
-		cli.ExitWithError("Failed to connect to server", err)
-	}
-	return h
-}
-
 func init() {
 	designCmd := man.Docs.GetCommand("dev/design-system",
 		man.WithRun(dev_designSystem),