fix(core): Output auth config params before calling Authenticate()

Signed-off-by: spbsoluble <[email protected]>

Author: spbsoluble

cmd/login.go

@@ -235,14 +235,32 @@ WARNING: This will write the environmental credentials to disk and will be store
 		}
 
 		if authType == "oauth" {
-			log.Debug().Msg("attempting to authenticate via OAuth")
+			log.Debug().
+				Str("profile", profile).
+				Str("configFile", configFile).
+				Str("host", outputServer.Host).
+				Str("authType", authType).
+				Str("accessToken", hashSecretValue(kfcOAuth.AccessToken)).
+				Str("clientID", kfcOAuth.ClientID).
+				Str("clientSecret", hashSecretValue(kfcOAuth.ClientSecret)).
+				Str("apiPath", kfcOAuth.CommandAPIPath).
+				Msg("attempting to authenticate via OAuth")
 			aErr := kfcOAuth.Authenticate()
 			if aErr != nil {
 				log.Error().Err(aErr)
 				return aErr
 			}
 		} else if authType == "basic" {
-			log.Debug().Msg("attempting to authenticate via Basic Auth")
+			log.Debug().
+				Str("profile", profile).
+				Str("configFile", configFile).
+				Str("host", outputServer.Host).
+				Str("authType", authType).
+				Str("username", kfcBasicAuth.Username).
+				Str("domain", kfcBasicAuth.Domain).
+				Str("password", hashSecretValue(kfcBasicAuth.Password)).
+				Str("apiPath", kfcBasicAuth.CommandAPIPath).
+				Msg("attempting to authenticate via Basic Auth")
 			aErr := kfcBasicAuth.Authenticate()
 			if aErr != nil {
 				log.Error().Err(aErr)

cmd/root.go

@@ -134,6 +134,13 @@ func getServerConfigFromEnv() (*auth_providers.Server, error) {
 	apiPath, aOk := os.LookupEnv(auth_providers.EnvKeyfactorAPIPath)
 	clientId, cOk := os.LookupEnv(auth_providers.EnvKeyfactorClientID)
 	clientSecret, csOk := os.LookupEnv(auth_providers.EnvKeyfactorClientSecret)
+	audience, _ := os.LookupEnv(auth_providers.EnvKeyfactorAuthAudience)
+	scopesCSV, _ := os.LookupEnv(auth_providers.EnvKeyfactorAuthScopes)
+	var scopes []string
+	if scopesCSV != "" {
+		scopes = strings.Split(scopesCSV, ",")
+	}
+
 	tokenUrl, tOk := os.LookupEnv(auth_providers.EnvKeyfactorAuthTokenURL)
 	skipVerify, svOk := os.LookupEnv(auth_providers.EnvKeyfactorSkipVerify)
 	var skipVerifyBool bool
@@ -160,24 +167,44 @@ func getServerConfigFromEnv() (*auth_providers.Server, error) {
 	}
 
 	if isBasicAuth {
-		log.Debug().
-			Str("username", username).
-			Str("password", hashSecretValue(password)).
-			Str("domain", domain).
-			Str("hostname", hostname).
+
+		log.Debug().Str("hostname", hostname).
 			Str("apiPath", apiPath).
 			Bool("skipVerify", skipVerifyBool).
-			Msg("call: basicAuthNoParamsConfig.Authenticate()")
+			Msg("setting up basic auth client base configuration")
 		basicAuthNoParamsConfig.WithCommandHostName(hostname).
 			WithCommandAPIPath(apiPath).
 			WithSkipVerify(skipVerifyBool)
 
-		bErr := basicAuthNoParamsConfig.
+		log.Debug().
+			Str("username", username).
+			Str("password", hashSecretValue(password)).
+			Str("domain", domain).
+			Msg("setting up basic auth configuration")
+		_ = basicAuthNoParamsConfig.
 			WithUsername(username).
 			WithPassword(password).
-			WithDomain(domain).
-			Authenticate()
-		log.Debug().Msg("complete: basicAuthNoParamsConfig.Authenticate()")
+			WithDomain(domain)
+
+		log.Debug().
+			Str("username", basicAuthNoParamsConfig.Username).
+			Str("password", hashSecretValue(password)).
+			Str("domain", basicAuthNoParamsConfig.Domain).
+			Str("hostname", basicAuthNoParamsConfig.CommandHostName).
+			Str("apiPath", basicAuthNoParamsConfig.CommandAPIPath).
+			Bool("skipVerify", basicAuthNoParamsConfig.CommandAuthConfig.SkipVerify).
+			Msg(fmt.Sprintf("%s basicAuthNoParamsConfig.Authenticate()", DebugFuncCall))
+
+		bErr := basicAuthNoParamsConfig.Authenticate()
+		log.Debug().
+			Str("username", basicAuthNoParamsConfig.Username).
+			Str("password", hashSecretValue(password)).
+			Str("domain", basicAuthNoParamsConfig.Domain).
+			Str("hostname", basicAuthNoParamsConfig.CommandHostName).
+			Str("apiPath", basicAuthNoParamsConfig.CommandAPIPath).
+			Bool("skipVerify", basicAuthNoParamsConfig.CommandAuthConfig.SkipVerify).
+			Msg("complete: basicAuthNoParamsConfig.Authenticate()")
+
 		if bErr != nil {
 			log.Error().Err(bErr).Msg("unable to authenticate with provided credentials")
 			return nil, bErr
@@ -186,16 +213,36 @@ func getServerConfigFromEnv() (*auth_providers.Server, error) {
 		return basicAuthNoParamsConfig.GetServerConfig(), nil
 	} else if isOAuth {
 		log.Debug().
-			Str("clientId", clientId).
-			Str("clientSecret", hashSecretValue(clientSecret)).
-			Str("tokenUrl", tokenUrl).
 			Str("hostname", hostname).
 			Str("apiPath", apiPath).
 			Bool("skipVerify", skipVerifyBool).
-			Msg("call: oAuthNoParamsConfig.Authenticate()")
+			Msg("setting up oAuth client base configuration")
 		_ = oAuthNoParamsConfig.CommandAuthConfig.WithCommandHostName(hostname).
 			WithCommandAPIPath(apiPath).
 			WithSkipVerify(skipVerifyBool)
+
+		log.Debug().
+			Str("clientId", clientId).
+			Str("clientSecret", hashSecretValue(clientSecret)).
+			Str("tokenUrl", tokenUrl).
+			Str("audience", audience).
+			Strs("scopes", scopes).
+			Msg("setting up oAuth configuration")
+		_ = oAuthNoParamsConfig.WithClientId(clientId).
+			WithClientSecret(clientSecret).
+			WithTokenUrl(tokenUrl).
+			WithAudience(audience).
+			WithScopes(scopes)
+
+		log.Debug().
+			Str("clientId", oAuthNoParamsConfig.ClientID).
+			Str("clientSecret", hashSecretValue(oAuthNoParamsConfig.ClientSecret)).
+			Str("tokenUrl", oAuthNoParamsConfig.TokenURL).
+			Str("hostname", oAuthNoParamsConfig.CommandHostName).
+			Str("apiPath", oAuthNoParamsConfig.CommandAPIPath).
+			Bool("skipVerify", oAuthNoParamsConfig.SkipVerify).
+			Str("caCert", oAuthNoParamsConfig.CommandCACert).
+			Msg(fmt.Sprintf("%s oAuthNoParamsConfig.Authenticate()", DebugFuncCall))
 		oErr := oAuthNoParamsConfig.Authenticate()
 		log.Debug().Msg("complete: oAuthNoParamsConfig.Authenticate()")
 		if oErr != nil {

cmd/rot.go

@@ -20,8 +20,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
-	stdlog "log"
 	"os"
 	"strconv"
 	"strings"

cmd/storeTypes.go

@@ -26,8 +26,6 @@ import (
 	"strings"
 	"time"
 
-	stdlog "log"
-
 	"github.com/AlecAivazis/survey/v2"
 	"github.com/Keyfactor/keyfactor-go-client/v3/api"
 	"github.com/rs/zerolog/log"

go.mod

@@ -9,7 +9,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.9.0
 	github.com/Jeffail/gabs v1.4.0
-	github.com/Keyfactor/keyfactor-auth-client-go v1.2.1-rc.1
+	github.com/Keyfactor/keyfactor-auth-client-go v1.2.1-rc.2
 	github.com/Keyfactor/keyfactor-go-client-sdk/v2 v2.0.0
 	github.com/Keyfactor/keyfactor-go-client/v3 v3.1.0
 	github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2

go.sum

@@ -18,8 +18,8 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 h1:oygO0locgZJ
 github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/Jeffail/gabs v1.4.0 h1://5fYRRTq1edjfIrQGvdkcd22pkYUrHZ5YC/H2GJVAo=
 github.com/Jeffail/gabs v1.4.0/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc=
-github.com/Keyfactor/keyfactor-auth-client-go v1.2.1-rc.1 h1:9g6ltxTHfMC65i5VOfVERaATkTHAlF2hfRHztiriQAg=
-github.com/Keyfactor/keyfactor-auth-client-go v1.2.1-rc.1/go.mod h1:7htRcBIWn+X4fI5jaYBALSYwP84H/djN7d8y3n0ZDQ0=
+github.com/Keyfactor/keyfactor-auth-client-go v1.2.1-rc.2 h1:iYl9uaj/YB/5AE/WFl4FP5FP3Cu5I01r+jXNES018vw=
+github.com/Keyfactor/keyfactor-auth-client-go v1.2.1-rc.2/go.mod h1:7htRcBIWn+X4fI5jaYBALSYwP84H/djN7d8y3n0ZDQ0=
 github.com/Keyfactor/keyfactor-go-client-sdk/v2 v2.0.0 h1:ehk5crxEGVBwkC8yXsoQXcyITTDlgbxMEkANrl1dA2Q=
 github.com/Keyfactor/keyfactor-go-client-sdk/v2 v2.0.0/go.mod h1:11WXGG9VVKSV0EPku1IswjHbGGpzHDKqD4pe2vD7vas=
 github.com/Keyfactor/keyfactor-go-client/v3 v3.1.0 h1:DQgb93m3xHZZ0FxWGFS90XI8prwS5fmIGrXNxP2IfHM=