From 165b90ed2843cb27428bdfe93281c4ef9c69df68 Mon Sep 17 00:00:00 2001 From: Renan Campos Date: Wed, 20 Dec 2023 15:03:46 -0500 Subject: [PATCH 1/3] OCM-4783 | feat: display warnings after cluster creation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Demo: ``` [rcampos@rcampos-thinkpadt14sgen2i ocm-cli]$ ./ocm create cluster -i ? cluster name rc-test ? Subscription type: standard (Annual: Fixed capacity subscription from Red Hat) ? Cloud provider: gcp ? CCS: Yes ? Service account file: REDACTED ? Multiple AZ: No ? Secure boot support for Shielded VMs: No ? Region: us-east4 ? OpenShift version: 4.14.6 ? Compute machine type: custom-4-16384 ? Enable autoscaling: No ? Compute nodes: 2 ? Install into an existing VPC (optional): No ? Machine CIDR: 10.0.0.0/16 ? Service CIDR: 172.30.0.0/16 ? Pod CIDR: 10.128.0.0/14 ? Host prefix: 23 ? Private cluster (optional): No ID: REDACTED External ID: Name: rc-test Display Name: rc-test State: validating API URL: API Listening: external Console URL: Control Plane: Replicas: 3 Infra: Replicas: 2 Compute: Replicas: 2 Product: osd Subscription type: standard Provider: gcp Version: Region: us-east4 Multi-az: false CCS: true HCP: false Subnet IDs: [] PrivateLink: false STS: false Existing VPC: unsupported Channel Group: stable Cluster Admin: true Organization: REDACTED Creator: REDACTED Email: rcampos@redhat.com AccountNumber: REDACTED Created: 2023-12-20T19:58:20Z Shard: REDACTED ⚠️ WARNING: Please enable the Org Policy API for the GCP project 'REDACTED' Without the GCP Org Policy API enabled, OCM is unable to determine whether the GCP project contains any policies that would affect the in stallation ``` --- cmd/ocm/create/cluster/cmd.go | 4 ++++ pkg/cluster/describe.go | 15 +++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/cmd/ocm/create/cluster/cmd.go b/cmd/ocm/create/cluster/cmd.go index 0ce0fbcb..1633b64e 100644 --- a/cmd/ocm/create/cluster/cmd.go +++ b/cmd/ocm/create/cluster/cmd.go @@ -750,6 +750,10 @@ func run(cmd *cobra.Command, argv []string) error { if err != nil { return err } + err = c.PrintClusterWarnings(connection, cluster) + if err != nil { + return err + } } return nil diff --git a/pkg/cluster/describe.go b/pkg/cluster/describe.go index 28a8b339..0d29f691 100644 --- a/pkg/cluster/describe.go +++ b/pkg/cluster/describe.go @@ -25,6 +25,7 @@ import ( sdk "github.com/openshift-online/ocm-sdk-go" amv1 "github.com/openshift-online/ocm-sdk-go/accountsmgmt/v1" cmv1 "github.com/openshift-online/ocm-sdk-go/clustersmgmt/v1" + slv1 "github.com/openshift-online/ocm-sdk-go/servicelogs/v1" ) const ( @@ -345,3 +346,17 @@ func findHyperShiftMgmtSvcClusters(conn *sdk.Connection, cluster *cmv1.Cluster) // Shouldn't normally happen as every management cluster should have a service cluster return mgmtClusterName, "" } + +func PrintClusterWarnings(connection *sdk.Connection, cluster *cmv1.Cluster) error { + serviceLogs, err := connection.ServiceLogs().V1().Clusters().ClusterLogs().List().ClusterID(cluster.ID()).Send() + if err != nil { + return err + } + serviceLogs.Items().Each(func(entry *slv1.LogEntry) bool { + if entry.Severity() == slv1.SeverityWarning { + fmt.Printf("⚠️ WARNING:\n%s\n%s\n", entry.Summary(), entry.Description()) + } + return true + }) + return nil +} From ea1c98849e81a02c6472fcc489d7d726311f37b7 Mon Sep 17 00:00:00 2001 From: tirthct Date: Thu, 25 Jan 2024 12:32:05 -0800 Subject: [PATCH 2/3] OCM-4962 | Feat | Add OAuth login using PKCE (#590) --- cmd/ocm/login/cmd.go | 27 ++++++++++++++++++++++++--- go.mod | 17 ++++++++++------- go.sum | 36 +++++++++++++++++++++--------------- 3 files changed, 55 insertions(+), 25 deletions(-) diff --git a/cmd/ocm/login/cmd.go b/cmd/ocm/login/cmd.go index 111a2f4d..2c27ab4f 100644 --- a/cmd/ocm/login/cmd.go +++ b/cmd/ocm/login/cmd.go @@ -20,17 +20,18 @@ import ( "fmt" "os" - sdk "github.com/openshift-online/ocm-sdk-go" - "github.com/spf13/cobra" - "github.com/openshift-online/ocm-cli/pkg/config" "github.com/openshift-online/ocm-cli/pkg/urls" + sdk "github.com/openshift-online/ocm-sdk-go" + "github.com/openshift-online/ocm-sdk-go/authentication" + "github.com/spf13/cobra" ) const ( productionURL = "https://api.openshift.com" stagingURL = "https://api.stage.openshift.com" integrationURL = "https://api.integration.openshift.com" + oauthClientID = "ocm-cli" ) // When the value of the `--url` option is one of the keys of this map it will be replaced by the @@ -57,6 +58,7 @@ var args struct { password string insecure bool persistent bool + useAuthCode bool } var Cmd = &cobra.Command{ @@ -143,6 +145,15 @@ func init() { "this option is provided then the user name and password will be stored "+ "persistently, in clear text, which is potentially unsafe.", ) + flags.BoolVar( + &args.useAuthCode, + "use-auth-code", + false, + "Enables OAuth Authorization Code login using PKCE. If this option is provided, "+ + "the user will be taken to Red Hat SSO for authentication. In order to use a different account, "+ + "log out from sso.redhat.com after using the 'ocm logout' command.", + ) + flags.MarkHidden("use-auth-code") } func run(cmd *cobra.Command, argv []string) error { @@ -153,6 +164,16 @@ func run(cmd *cobra.Command, argv []string) error { return fmt.Errorf("Option '--url' is mandatory") } + if args.useAuthCode { + fmt.Println("You will now be redirected to Red Hat SSO login") + token, err := authentication.VerifyLogin(oauthClientID) + if err != nil { + return fmt.Errorf("An error occurred while retrieving the token : %v", err) + } + args.token = token + fmt.Println("Token received successfully") + } + // Check that we have some kind of credentials: havePassword := args.user != "" && args.password != "" haveSecret := args.clientID != "" && args.clientSecret != "" diff --git a/go.mod b/go.mod index c352b42f..13175f82 100644 --- a/go.mod +++ b/go.mod @@ -12,14 +12,14 @@ require ( github.com/nwidger/jsoncolor v0.3.2 github.com/onsi/ginkgo/v2 v2.11.0 github.com/onsi/gomega v1.27.8 - github.com/openshift-online/ocm-sdk-go v0.1.388 + github.com/openshift-online/ocm-sdk-go v0.1.393 github.com/openshift/rosa v1.2.24 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 github.com/spf13/cobra v1.7.0 github.com/spf13/pflag v1.0.5 gitlab.com/c0b/go-ordered-json v0.0.0-20201030195603-febf46534d5a - golang.org/x/term v0.10.0 - golang.org/x/text v0.11.0 + golang.org/x/term v0.15.0 + golang.org/x/text v0.14.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/apimachinery v0.27.3 ) @@ -70,11 +70,14 @@ require ( github.com/robfig/cron/v3 v3.0.1 // indirect github.com/rogpeppe/go-internal v1.10.0 // indirect github.com/sirupsen/logrus v1.9.0 // indirect + github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect github.com/zgalor/weberr v0.7.0 // indirect - golang.org/x/crypto v0.1.0 // indirect - golang.org/x/net v0.10.0 // indirect - golang.org/x/sys v0.10.0 // indirect + golang.org/x/crypto v0.17.0 // indirect + golang.org/x/net v0.19.0 // indirect + golang.org/x/oauth2 v0.15.0 // indirect + golang.org/x/sys v0.15.0 // indirect golang.org/x/tools v0.9.3 // indirect - google.golang.org/protobuf v1.28.1 // indirect + google.golang.org/appengine v1.6.7 // indirect + google.golang.org/protobuf v1.31.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect ) diff --git a/go.sum b/go.sum index 31804922..0b24a3e9 100644 --- a/go.sum +++ b/go.sum @@ -309,8 +309,8 @@ github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM= github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc= github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ= -github.com/openshift-online/ocm-sdk-go v0.1.388 h1:c8yPCUQwJm3QhcVmnyMPFpeDtxPBaPeYh5hLv1vg9YQ= -github.com/openshift-online/ocm-sdk-go v0.1.388/go.mod h1:/+VFIw1iW2H0jEkFH4GnbL/liWareyzsL0w7mDIudB4= +github.com/openshift-online/ocm-sdk-go v0.1.393 h1:GjjgK70yTV5hBOgdH4x+2PoXn4W+5x+o7xCwm7fOGHw= +github.com/openshift-online/ocm-sdk-go v0.1.393/go.mod h1:tke8vKcE7eHKyRbkJv6qo4ljo919zhx04uyQTcgF5cQ= github.com/openshift/rosa v1.2.24 h1:vv0yYnWHx6CCPEAau/0rS54P2ksaf+uWXb1TQPWxiYE= github.com/openshift/rosa v1.2.24/go.mod h1:MVXB27O3PF8WoOic23I03mmq6/9kVxpFx6FKyLMCyrQ= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU= @@ -365,6 +365,8 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA= +github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -381,7 +383,7 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -420,8 +422,8 @@ golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= -golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -489,8 +491,8 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= -golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= +golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -498,6 +500,8 @@ golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ= +golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -557,13 +561,13 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c= -golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= +golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -573,8 +577,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -654,6 +658,8 @@ google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= @@ -707,8 +713,8 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= -google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 98944f741dfed18adbb4c25294970353714e280e Mon Sep 17 00:00:00 2001 From: Tyler Creller Date: Mon, 29 Jan 2024 15:29:24 -0500 Subject: [PATCH 3/3] OCM-5759 | feat: Add Device Code Flow (#591) --- cmd/ocm/login/cmd.go | 82 +++++++++++++++++++++++++++++++++++--------- go.mod | 2 +- go.sum | 4 +-- 3 files changed, 68 insertions(+), 20 deletions(-) diff --git a/cmd/ocm/login/cmd.go b/cmd/ocm/login/cmd.go index 2c27ab4f..2f9f6b5c 100644 --- a/cmd/ocm/login/cmd.go +++ b/cmd/ocm/login/cmd.go @@ -17,8 +17,11 @@ limitations under the License. package login import ( + "context" "fmt" + "net/url" "os" + "time" "github.com/openshift-online/ocm-cli/pkg/config" "github.com/openshift-online/ocm-cli/pkg/urls" @@ -48,17 +51,18 @@ var urlAliases = map[string]string{ } var args struct { - tokenURL string - clientID string - clientSecret string - scopes []string - url string - token string - user string - password string - insecure bool - persistent bool - useAuthCode bool + tokenURL string + clientID string + clientSecret string + scopes []string + url string + token string + user string + password string + insecure bool + persistent bool + useAuthCode bool + useDeviceCode bool } var Cmd = &cobra.Command{ @@ -149,14 +153,24 @@ func init() { &args.useAuthCode, "use-auth-code", false, - "Enables OAuth Authorization Code login using PKCE. If this option is provided, "+ - "the user will be taken to Red Hat SSO for authentication. In order to use a different account, "+ - "log out from sso.redhat.com after using the 'ocm logout' command.", + "Login using OAuth Authorization Code. This should be used for most cases where a "+ + "browser is available.", ) flags.MarkHidden("use-auth-code") + flags.BoolVar( + &args.useDeviceCode, + "use-device-code", + false, + "Login using OAuth Device Code. "+ + "This should only be used for remote hosts and containers where browsers are "+ + "not available. Use auth code for all other scenarios.", + ) + flags.MarkHidden("use-device-code") } func run(cmd *cobra.Command, argv []string) error { + ctx := context.Background() + var err error // Check mandatory options: @@ -166,12 +180,34 @@ func run(cmd *cobra.Command, argv []string) error { if args.useAuthCode { fmt.Println("You will now be redirected to Red Hat SSO login") - token, err := authentication.VerifyLogin(oauthClientID) + // Short wait for a less jarring experience + time.Sleep(2 * time.Second) + token, err := authentication.InitiateAuthCode(oauthClientID) + if err != nil { + return fmt.Errorf("an error occurred while retrieving the token : %v", err) + } + args.token = token + args.clientID = oauthClientID + } + + if args.useDeviceCode { + deviceAuthConfig := &authentication.DeviceAuthConfig{ + ClientID: oauthClientID, + } + _, err = deviceAuthConfig.InitiateDeviceAuth(ctx) + if err != nil || deviceAuthConfig == nil { + return fmt.Errorf("an error occurred while initiating device auth: %v", err) + } + deviceAuthResp := deviceAuthConfig.DeviceAuthResponse + fmt.Printf("To login, navigate to %v on another device and enter code %v\n", + deviceAuthResp.VerificationURI, deviceAuthResp.UserCode) + fmt.Printf("Checking status every %v seconds...\n", deviceAuthResp.Interval) + token, err := deviceAuthConfig.PollForTokenExchange(ctx) if err != nil { - return fmt.Errorf("An error occurred while retrieving the token : %v", err) + return fmt.Errorf("an error occurred while polling for token exchange: %v", err) } args.token = token - fmt.Println("Token received successfully") + args.clientID = oauthClientID } // Check that we have some kind of credentials: @@ -291,5 +327,17 @@ func run(cmd *cobra.Command, argv []string) error { return fmt.Errorf("Can't save config file: %v", err) } + if args.useAuthCode || args.useDeviceCode { + ssoURL, err := url.Parse(cfg.TokenURL) + if err != nil { + return fmt.Errorf("can't parse token url '%s': %v", args.tokenURL, err) + } + ssoHost := ssoURL.Scheme + "://" + ssoURL.Hostname() + + fmt.Println("Login successful") + fmt.Printf("To switch accounts, logout from %s and run `ocm logout` "+ + "before attempting to login again", ssoHost) + } + return nil } diff --git a/go.mod b/go.mod index 13175f82..2e60a6d3 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/nwidger/jsoncolor v0.3.2 github.com/onsi/ginkgo/v2 v2.11.0 github.com/onsi/gomega v1.27.8 - github.com/openshift-online/ocm-sdk-go v0.1.393 + github.com/openshift-online/ocm-sdk-go v0.1.395 github.com/openshift/rosa v1.2.24 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 github.com/spf13/cobra v1.7.0 diff --git a/go.sum b/go.sum index 0b24a3e9..1e584dd1 100644 --- a/go.sum +++ b/go.sum @@ -309,8 +309,8 @@ github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM= github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc= github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ= -github.com/openshift-online/ocm-sdk-go v0.1.393 h1:GjjgK70yTV5hBOgdH4x+2PoXn4W+5x+o7xCwm7fOGHw= -github.com/openshift-online/ocm-sdk-go v0.1.393/go.mod h1:tke8vKcE7eHKyRbkJv6qo4ljo919zhx04uyQTcgF5cQ= +github.com/openshift-online/ocm-sdk-go v0.1.395 h1:Lt4IJLHy+ArpCprZQqh2G8ifQr3wOP1l7yziU/5l7+Q= +github.com/openshift-online/ocm-sdk-go v0.1.395/go.mod h1:tke8vKcE7eHKyRbkJv6qo4ljo919zhx04uyQTcgF5cQ= github.com/openshift/rosa v1.2.24 h1:vv0yYnWHx6CCPEAau/0rS54P2ksaf+uWXb1TQPWxiYE= github.com/openshift/rosa v1.2.24/go.mod h1:MVXB27O3PF8WoOic23I03mmq6/9kVxpFx6FKyLMCyrQ= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=