access: prevent login with username-password when command-line credentials given (#174)

Fixes #168

Signed-off-by: Abhishek Kumar <[email protected]>

Author: shwstppr

cli/completer.go

@@ -443,7 +443,7 @@ func (t *autoCompleter) Do(line []rune, pos int) (options [][]rune, offset int)
 				}
 
 				spinner := t.Config.StartSpinner("fetching options, please wait...")
-				request := cmd.NewRequest(nil, completer.Config, nil)
+				request := cmd.NewRequest(nil, completer.Config, nil, false)
 				response, _ := cmd.NewAPIRequest(request, autocompleteAPI.Name, autocompleteAPIArgs, false)
 				t.Config.StopSpinner(spinner)
 

cli/exec.go

@@ -48,21 +48,22 @@ func ExecLine(line string) error {
 		}
 	}
 
-	return ExecCmd(args)
+	return ExecCmd(args, false)
 }
 
 // ExecCmd executes a single provided command
-func ExecCmd(args []string) error {
+func ExecCmd(args []string, credentialsSupplied bool) error {
 	config.Debug("ExecCmd args: ", strings.Join(args, ", "))
 	if len(args) < 1 {
 		return nil
 	}
 
 	command := cmd.FindCommand(args[0])
 	if command != nil && !(args[0] == "sync" && len(args) > 1) {
-		return command.Handle(cmd.NewRequest(command, cfg, args[1:]))
+		r := cmd.NewRequest(command, cfg, args[1:], credentialsSupplied)
+		return command.Handle(r)
 	}
 
 	catchAllHandler := cmd.GetAPIHandler()
-	return catchAllHandler.Handle(cmd.NewRequest(catchAllHandler, cfg, args))
+	return catchAllHandler.Handle(cmd.NewRequest(catchAllHandler, cfg, args, credentialsSupplied))
 }

cmd/network.go

@@ -341,7 +341,6 @@ func NewAPIRequest(r *Request, api string, args []string, isAsync bool) (map[str
 			encodedParams = encodedParams + fmt.Sprintf("&signature=%s", url.QueryEscape(signature))
 			params = nil
 		}
-
 	} else if len(r.Config.ActiveProfile.Username) > 0 && len(r.Config.ActiveProfile.Password) > 0 {
 		sessionKey, err := Login(r)
 		if err != nil {
@@ -364,7 +363,11 @@ func NewAPIRequest(r *Request, api string, args []string, isAsync bool) (map[str
 	}
 	config.Debug("NewAPIRequest response status code:", response.StatusCode)
 
-	if response.StatusCode == http.StatusUnauthorized {
+	if r.CredentialsSupplied {
+		config.Debug("Credentials supplied on command-line, not falling back to login")
+	}
+
+	if response.StatusCode == http.StatusUnauthorized && !r.CredentialsSupplied {
 		r.Client().Jar, _ = cookiejar.New(nil)
 		sessionKey, err := Login(r)
 		if err != nil {

cmd/request.go

@@ -18,15 +18,17 @@
 package cmd
 
 import (
-	"github.com/apache/cloudstack-cloudmonkey/config"
 	"net/http"
+
+	"github.com/apache/cloudstack-cloudmonkey/config"
 )
 
 // Request describes a command request
 type Request struct {
-	Command *Command
-	Config  *config.Config
-	Args    []string
+	Command             *Command
+	Config              *config.Config
+	Args                []string
+	CredentialsSupplied bool
 }
 
 // Client method returns the http Client for the current server profile
@@ -35,10 +37,11 @@ func (r *Request) Client() *http.Client {
 }
 
 // NewRequest creates a new request from a command
-func NewRequest(cmd *Command, cfg *config.Config, args []string) *Request {
+func NewRequest(cmd *Command, cfg *config.Config, args []string, credentialsSupplied bool) *Request {
 	return &Request{
-		Command: cmd,
-		Config:  cfg,
-		Args:    args,
+		Command:             cmd,
+		Config:              cfg,
+		Args:                args,
+		CredentialsSupplied: credentialsSupplied,
 	}
 }

cmk.go

@@ -92,7 +92,7 @@ func main() {
 
 	config.Debug("cmdline args:", strings.Join(os.Args, ", "))
 	if len(args) > 0 {
-		if err := cli.ExecCmd(args); err != nil {
+		if err := cli.ExecCmd(args, (*apiKey != "" || *secretKey != "")); err != nil {
 			fmt.Println("🙈 Error:", err)
 			os.Exit(1)
 		}