From 3480676adbdac34c5a2a0fe6297806a7f1bbec3f Mon Sep 17 00:00:00 2001
From: Bjørn Christian Seime <bjorncs@verizonmedia.com>
Date: Thu, 18 Nov 2021 16:04:27 +0100
Subject: Allow usage of both api-key and access-token

Use either api-key or access-token based on previous authentication.
Ensure previous users of api-key are not forced to use new
authentication mechanism.
---
 client/go/cmd/helpers.go | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

(limited to 'client/go/cmd/helpers.go')

diff --git a/client/go/cmd/helpers.go b/client/go/cmd/helpers.go
index 084148f9bdc..79ba1fcef26 100644
--- a/client/go/cmd/helpers.go
+++ b/client/go/cmd/helpers.go
@@ -182,8 +182,8 @@ func getTarget() vespa.Target {
 			return nil
 		}
 		var apiKey []byte = nil
+		apiKey, err = ioutil.ReadFile(cfg.APIKeyPath(deployment.Application.Tenant))
 		if !vespa.Auth0AccessTokenEnabled() {
-			apiKey, err = ioutil.ReadFile(cfg.APIKeyPath(deployment.Application.Tenant))
 			if err != nil {
 				fatalErrHint(err, "Deployment to cloud requires an API key. Try 'vespa api-key'")
 			}
@@ -202,6 +202,20 @@ func getTarget() vespa.Target {
 		if err != nil {
 			fatalErrHint(err, "Deployment to cloud requires a certificate. Try 'vespa cert'")
 		}
+		var cloudAuth string
+		if vespa.Auth0AccessTokenEnabled() {
+			cloudAuth, err = cfg.Get(cloudAuthFlag)
+			if err != nil {
+				if apiKey != nil {
+					cloudAuth = "api-key"
+				} else {
+					cloudAuth = "access-token"
+				}
+			}
+		} else {
+			cloudAuth = ""
+		}
+
 		return vespa.CloudTarget(getApiURL(), deployment, apiKey,
 			vespa.TLSOptions{
 				KeyPair:         kp,
@@ -213,7 +227,8 @@ func getTarget() vespa.Target {
 				Level:  vespa.LogLevel(logLevelArg),
 			},
 			cfg.AuthConfigPath(),
-			getSystemName())
+			getSystemName(),
+			cloudAuth)
 	}
 	fatalErrHint(fmt.Errorf("Invalid target: %s", targetType), "Valid targets are 'local', 'cloud' or an URL")
 	return nil
@@ -244,9 +259,9 @@ func getDeploymentOpts(cfg *Config, pkg vespa.ApplicationPackage, target vespa.T
 			fatalErrHint(fmt.Errorf("Missing certificate in application package"), "Applications in Vespa Cloud require a certificate", "Try 'vespa cert'")
 			return opts
 		}
+		var err error
+		opts.APIKey, err = cfg.ReadAPIKey(deployment.Application.Tenant)
 		if !vespa.Auth0AccessTokenEnabled() {
-			var err error
-			opts.APIKey, err = cfg.ReadAPIKey(deployment.Application.Tenant)
 			if err != nil {
 				fatalErrHint(err, "Deployment to cloud requires an API key. Try 'vespa api-key'")
 				return opts
-- 
cgit v1.2.3