diff options
author | Arnstein Ressem <aressem@gmail.com> | 2022-04-20 00:11:50 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-04-20 00:11:50 +0200 |
commit | 178d188787c0fe89a6ba30497d1757f0a6e8283f (patch) | |
tree | 7beb5dc6975987e362ce305f6b03df0d91a09de0 /client/go/cmd/config.go | |
parent | ddd16fd9efba8428e0d62430550e8741dcf696b8 (diff) |
Revert "Allow reading API key from default path when Auth0 is not configured"
Diffstat (limited to 'client/go/cmd/config.go')
-rw-r--r-- | client/go/cmd/config.go | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/client/go/cmd/config.go b/client/go/cmd/config.go index 02477aecf28..726676ce476 100644 --- a/client/go/cmd/config.go +++ b/client/go/cmd/config.go @@ -20,6 +20,7 @@ import ( "github.com/spf13/pflag" "github.com/vespa-engine/vespa/client/go/auth/auth0" "github.com/vespa-engine/vespa/client/go/config" + "github.com/vespa-engine/vespa/client/go/util" "github.com/vespa-engine/vespa/client/go/vespa" ) @@ -432,21 +433,30 @@ func (c *Config) authConfigPath() string { return filepath.Join(c.homeDir, "auth.json") } -func (c *Config) readAPIKey(cli *CLI, system vespa.System, tenantName string) ([]byte, error) { +func (c *Config) readAPIKey(tenantName string) ([]byte, error) { if override, ok := c.apiKeyFromEnv(); ok { return override, nil } - if path, ok := c.apiKeyFileFromEnv(); ok { - return os.ReadFile(path) + return os.ReadFile(c.apiKeyPath(tenantName)) +} + +// useAPIKey returns true if an API key should be used when authenticating with system. +func (c *Config) useAPIKey(cli *CLI, system vespa.System, tenantName string) bool { + if _, ok := c.apiKeyFromEnv(); ok { + return true + } + if _, ok := c.apiKeyFileFromEnv(); ok { + return true } if !cli.isCI() { + // Fall back to API key, if present and Auth0 has not been configured client, err := auth0.New(c.authConfigPath(), system.Name, system.URL) - if err == nil && client.HasCredentials() { - return nil, nil // use Auth0 + if err != nil || !client.HasCredentials() { + cli.printWarning("Regular authentication is preferred over API key in a non-CI context", "Authenticate with 'vespa auth login'") + return util.PathExists(c.apiKeyPath(tenantName)) } - cli.printWarning("Authenticating with API key. This is discouraged in non-CI environments", "Authenticate with 'vespa auth login'") } - return os.ReadFile(c.apiKeyPath(tenantName)) + return false } func (c *Config) readSessionID(app vespa.ApplicationID) (int64, error) { |