blob: c22907b41e7a54edcc73c41313f78fb365da4e8a [file] [log] [blame]
package main
import (
"context"
"path/filepath"
"github.com/spf13/cobra"
"go.skia.org/infra/go/fileutil"
"go.skia.org/infra/gold-client/go/auth"
)
const (
// Define the flag names to be consistent.
fstrServiceAccount = "service-account"
fstrLUCI = "luci"
)
// authEnv provides the environment for the auth command.
type authEnv struct {
flagServiceAccount string
flagUseLUCIContext bool
flagUseNoAuthentication bool
flagWorkDir string
}
// getAuthCmd returns the definition of the auth command.
func getAuthCmd() *cobra.Command {
env := &authEnv{}
cmd := &cobra.Command{
Use: "auth",
Short: "Authenticate against GCP and Gold instances",
Long: `
Authenticate against GCP and the Gold instance.
`,
Run: env.runAuthCmd,
}
// add the service-account flag.
cmd.Flags().StringVar(&env.flagServiceAccount, fstrServiceAccount, "", "Service account file to be used to authenticate against GCP and Gold")
// add the luci flag to use the LUCI_CONTEXT for authentication.
cmd.Flags().BoolVar(&env.flagUseLUCIContext, fstrLUCI, false, "Use the LUCI context to retrieve an oauth token.")
// skbug.com/14142
cmd.Flags().BoolVar(&env.flagUseNoAuthentication, "no-auth", false, "Use an HTTP client with no authentication.")
// add the workdir flag and make it required
cmd.Flags().StringVar(&env.flagWorkDir, fstrWorkDir, "", "Work directory for intermediate results")
must(cmd.MarkFlagRequired(fstrWorkDir))
return cmd
}
func (a *authEnv) runAuthCmd(cmd *cobra.Command, _ []string) {
ctx := cmd.Context()
a.Auth(ctx)
}
// Auth executes the logic for the auth command. It
// sets up the work directory to support future calls (e.g. imgtest)
func (a *authEnv) Auth(ctx context.Context) {
_, err := fileutil.EnsureDirExists(a.flagWorkDir)
if err != nil {
logErrfAndExit(ctx, "Could not make work dir: %s", err)
}
if a.flagUseLUCIContext {
err = auth.InitLUCIAuth(a.flagWorkDir)
} else if a.flagServiceAccount != "" {
err = auth.InitServiceAccountAuth(a.flagServiceAccount, a.flagWorkDir)
} else if a.flagUseNoAuthentication {
err = auth.InitNoAuth(a.flagWorkDir)
} else {
logInfo(ctx, "Falling back to gsutil implementation\n")
logInfo(ctx, "This should not be used in production.\n")
err = auth.InitGSUtil(a.flagWorkDir)
}
ifErrLogExit(ctx, err)
abs, err := filepath.Abs(a.flagWorkDir)
ifErrLogExit(ctx, err)
logInfof(ctx, "Authentication set up in directory %s\n", abs)
// Open up the auth we configured and see if we can get an authenticated HTTPClient.
// This helps catch auth errors early.
authDir, err := auth.LoadAuthOpt(a.flagWorkDir)
ifErrLogExit(ctx, err)
err = authDir.Validate()
ifErrLogExit(ctx, err)
_, err = authDir.GetHTTPClient()
ifErrLogExit(ctx, err)
logInfo(ctx, "self test passed\n")
exitProcess(ctx, 0)
}