CLOUDP-329197: Added --skipSignatureVerification flag to plugin install/update (#4025)

Author: jeroenvervaeke

docs/command/atlas-plugin-install.txt

@@ -68,6 +68,10 @@ Options
      - 
      - false
      - help for install
+   * - --skipSignatureVerification
+     - 
+     - false
+     - Skip signature verification.
 
 Inherited Options
 -----------------

docs/command/atlas-plugin-update.txt

@@ -69,6 +69,10 @@ Options
      - 
      - false
      - help for update
+   * - --skipSignatureVerification
+     - 
+     - false
+     - Skip signature verification.
 
 Inherited Options
 -----------------

internal/cli/plugin/install.go

@@ -22,7 +22,9 @@ import (
 	"github.com/google/go-github/v61/github"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/cli"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/cli/require"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/flag"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/plugin"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/usage"
 	"github.com/spf13/cobra"
 )
 
@@ -31,8 +33,9 @@ type InstallOpts struct {
 	cli.PreRunOpts
 	cli.OutputOpts
 	Opts
-	ghClient    *github.Client
-	githubAsset *GithubAsset
+	ghClient                  *github.Client
+	githubAsset               *GithubAsset
+	skipSignatureVerification bool
 }
 
 func (opts *InstallOpts) checkForDuplicatePlugins() error {
@@ -87,6 +90,12 @@ func (opts *InstallOpts) Run(ctx context.Context) error {
 		return err
 	}
 
+	// When signatureID and pubKeyID are 0, the signature check is skipped.
+	if opts.skipSignatureVerification {
+		signatureID = 0
+		pubKeyID = 0
+	}
+
 	// download plugin asset archive file and save it as ReadCloser
 	rc, err := opts.githubAsset.getPluginAssetsAsReadCloser(opts.ghClient, assetID, signatureID, pubKeyID)
 	if err != nil {
@@ -161,5 +170,7 @@ MongoDB provides an example plugin: https://github.com/mongodb/atlas-cli-plugin-
 		},
 	}
 
+	cmd.Flags().BoolVar(&opts.skipSignatureVerification, flag.SkipSignatureVerification, false, usage.SkipSignatureVerification)
+
 	return cmd
 }

internal/cli/plugin/update.go

@@ -45,10 +45,11 @@ var (
 type UpdateOpts struct {
 	cli.OutputOpts
 	Opts
-	UpdateAll           bool
-	pluginSpecifier     string
-	pluginUpdateVersion *semver.Version
-	ghClient            *github.Client
+	UpdateAll                 bool
+	pluginSpecifier           string
+	pluginUpdateVersion       *semver.Version
+	ghClient                  *github.Client
+	skipSignatureVerification bool
 }
 
 func printPluginUpdateWarning(p *plugin.Plugin, err error) {
@@ -144,6 +145,12 @@ func (opts *UpdateOpts) updatePlugin(ctx context.Context, githubAssetRelease *Gi
 		return err
 	}
 
+	// When signatureID and pubKeyID are 0, the signature check is skipped.
+	if opts.skipSignatureVerification {
+		signatureID = 0
+		pubKeyID = 0
+	}
+
 	// download plugin asset archive file and save it as ReadCloser
 	rc, err := githubAssetRelease.getPluginAssetsAsReadCloser(opts.ghClient, assetID, signatureID, pubKeyID)
 	if err != nil {
@@ -308,6 +315,7 @@ Additionally, you can use the "--all" flag to update all plugins.
 	}
 
 	cmd.Flags().BoolVar(&opts.UpdateAll, flag.All, false, usage.UpdateAllPlugins)
+	cmd.Flags().BoolVar(&opts.skipSignatureVerification, flag.SkipSignatureVerification, false, usage.SkipSignatureVerification)
 
 	return cmd
 }

internal/flag/flags.go

@@ -303,6 +303,7 @@ const (
 	FrequencyType                                 = "frequencyType"                                 // FrequencyType flag
 	FrequencyInterval                             = "frequencyInterval"                             // FrequencyInterval flag
 	All                                           = "all"                                           // All flag
+	SkipSignatureVerification                     = "skipSignatureVerification"                     // SkipSignatureVerification flag
 	RetentionUnit                                 = "retentionUnit"                                 // RetentionUnit flag
 	RetentionValue                                = "retentionValue"                                // RetentionValue flag
 	FederationSettingsID                          = "federationSettingsId"                          // FederationSettingsId flag

internal/usage/usage.go

@@ -231,6 +231,7 @@ dbName and collection are required only for built-in roles.`
 	ContainerRegion                               = "Cloud provider region where the VPC that you peered with the Atlas VPC resides."
 	ContainerRegions                              = "List of Atlas regions where the container resides."
 	UpdateAllPlugins                              = "update all plugins"
+	SkipSignatureVerification                     = "Skip signature verification."
 	ProjectOwnerID                                = "Unique 24-digit string that identifies the Atlas user to be granted the Project Owner role on the specified project. If unspecified, this value defaults to the user ID of the oldest Organization Owner."
 	OrgOwnerID                                    = "Unique 24-digit string that identifies the Atlas user to be granted the Org Owner role on the specified organization. Required if using API keys."
 	GovCloudRegionsOnly                           = "Flag that designates that the project uses only the AWS GovCloud region. Use this option only for Atlas for Government projects. If unspecified, the project uses only the AWS Standard region for AWS deployments. You can't deploy clusters across AWS GovCloud and AWS Standard regions in the same project."