stackitcloud
diff --git a/‎docs/stackit_config_set.md‎
Lines changed: 21 additions & 20 deletions b/‎docs/stackit_config_set.md‎
Lines changed: 21 additions & 20 deletions
diff --git a/‎docs/stackit_config_unset.md‎
Lines changed: 25 additions & 24 deletions b/‎docs/stackit_config_unset.md‎
Lines changed: 25 additions & 24 deletions
diff --git a/‎internal/cmd/config/set/set.go‎
Lines changed: 9 additions & 3 deletions b/‎internal/cmd/config/set/set.go‎
Lines changed: 9 additions & 3 deletions
diff --git a/‎internal/cmd/config/unset/unset.go‎
Lines changed: 25 additions & 14 deletions b/‎internal/cmd/config/unset/unset.go‎
Lines changed: 25 additions & 14 deletions
diff --git a/‎internal/cmd/config/unset/unset_test.go‎
Lines changed: 27 additions & 11 deletions b/‎internal/cmd/config/unset/unset_test.go‎
Lines changed: 27 additions & 11 deletions
diff --git a/‎internal/cmd/curl/curl.go‎
Lines changed: 2 additions & 17 deletions b/‎internal/cmd/curl/curl.go‎
Lines changed: 2 additions & 17 deletions
@@ -29,26 +29,27 @@ stackit config set [flags]
 ### Options
 
 ```
-      --argus-custom-endpoint string              Argus API base URL, used in calls to this API
-      --authorization-custom-endpoint string      Authorization API base URL, used in calls to this API
-      --dns-custom-endpoint string                DNS API base URL, used in calls to this API
-  -h, --help                                      Help for "stackit config set"
-      --load-balancer-custom-endpoint string      Load Balancer API base URL, used in calls to this API
-      --logme-custom-endpoint string              LogMe API base URL, used in calls to this API
-      --mariadb-custom-endpoint string            MariaDB API base URL, used in calls to this API
-      --mongodbflex-custom-endpoint string        MongoDB Flex API base URL, used in calls to this API
-      --object-storage-custom-endpoint string     Object Storage API base URL, used in calls to this API
-      --opensearch-custom-endpoint string         OpenSearch API base URL, used in calls to this API
-      --postgresflex-custom-endpoint string       PostgreSQL Flex API base URL, used in calls to this API
-      --rabbitmq-custom-endpoint string           RabbitMQ API base URL, used in calls to this API
-      --redis-custom-endpoint string              Redis API base URL, used in calls to this API
-      --resource-manager-custom-endpoint string   Resource Manager API base URL, used in calls to this API
-      --secrets-manager-custom-endpoint string    Secrets Manager API base URL, used in calls to this API
-      --serverbackup-custom-endpoint string       Server Backup API base URL, used in calls to this API
-      --service-account-custom-endpoint string    Service Account API base URL, used in calls to this API
-      --session-time-limit string                 Maximum time before authentication is required again. After this time, you will be prompted to login again to execute commands that require authentication. Can't be larger than 24h. Requires authentication after being set to take effect. Examples: 3h, 5h30m40s (BETA: currently values greater than 2h have no effect)
-      --ske-custom-endpoint string                SKE API base URL, used in calls to this API
-      --sqlserverflex-custom-endpoint string      SQLServer Flex API base URL, used in calls to this API
+      --argus-custom-endpoint string               Argus API base URL, used in calls to this API
+      --authorization-custom-endpoint string       Authorization API base URL, used in calls to this API
+      --dns-custom-endpoint string                 DNS API base URL, used in calls to this API
+  -h, --help                                       Help for "stackit config set"
+      --identity-provider-custom-endpoint string   Identity Provider base URL, used for user authentication
+      --load-balancer-custom-endpoint string       Load Balancer API base URL, used in calls to this API
+      --logme-custom-endpoint string               LogMe API base URL, used in calls to this API
+      --mariadb-custom-endpoint string             MariaDB API base URL, used in calls to this API
+      --mongodbflex-custom-endpoint string         MongoDB Flex API base URL, used in calls to this API
+      --object-storage-custom-endpoint string      Object Storage API base URL, used in calls to this API
+      --opensearch-custom-endpoint string          OpenSearch API base URL, used in calls to this API
+      --postgresflex-custom-endpoint string        PostgreSQL Flex API base URL, used in calls to this API
+      --rabbitmq-custom-endpoint string            RabbitMQ API base URL, used in calls to this API
+      --redis-custom-endpoint string               Redis API base URL, used in calls to this API
+      --resource-manager-custom-endpoint string    Resource Manager API base URL, used in calls to this API
+      --secrets-manager-custom-endpoint string     Secrets Manager API base URL, used in calls to this API
+      --serverbackup-custom-endpoint string        Server Backup API base URL, used in calls to this API
+      --service-account-custom-endpoint string     Service Account API base URL, used in calls to this API
+      --session-time-limit string                  Maximum time before authentication is required again. After this time, you will be prompted to login again to execute commands that require authentication. Can't be larger than 24h. Requires authentication after being set to take effect. Examples: 3h, 5h30m40s (BETA: currently values greater than 2h have no effect)
+      --ske-custom-endpoint string                 SKE API base URL, used in calls to this API
+      --sqlserverflex-custom-endpoint string       SQLServer Flex API base URL, used in calls to this API
 ```
 
 ### Options inherited from parent commands
 
@@ -26,30 +26,31 @@ stackit config unset [flags]
 ### Options
 
 ```
-      --argus-custom-endpoint              Argus API base URL. If unset, uses the default base URL
-      --async                              Configuration option to run commands asynchronously
-      --authorization-custom-endpoint      Authorization API base URL. If unset, uses the default base URL
-      --dns-custom-endpoint                DNS API base URL. If unset, uses the default base URL
-  -h, --help                               Help for "stackit config unset"
-      --load-balancer-custom-endpoint      Load Balancer API base URL. If unset, uses the default base URL
-      --logme-custom-endpoint              LogMe API base URL. If unset, uses the default base URL
-      --mariadb-custom-endpoint            MariaDB API base URL. If unset, uses the default base URL
-      --mongodbflex-custom-endpoint        MongoDB Flex API base URL. If unset, uses the default base URL
-      --object-storage-custom-endpoint     Object Storage API base URL. If unset, uses the default base URL
-      --opensearch-custom-endpoint         OpenSearch API base URL. If unset, uses the default base URL
-      --output-format                      Output format
-      --postgresflex-custom-endpoint       PostgreSQL Flex API base URL. If unset, uses the default base URL
-      --project-id                         Project ID
-      --rabbitmq-custom-endpoint           RabbitMQ API base URL. If unset, uses the default base URL
-      --redis-custom-endpoint              Redis API base URL. If unset, uses the default base URL
-      --resource-manager-custom-endpoint   Resource Manager API base URL. If unset, uses the default base URL
-      --secrets-manager-custom-endpoint    Secrets Manager API base URL. If unset, uses the default base URL
-      --serverbackup-custom-endpoint       Server Backup base URL. If unset, uses the default base URL
-      --service-account-custom-endpoint    SKE API base URL. If unset, uses the default base URL
-      --session-time-limit                 Maximum time before authentication is required again. If unset, defaults to 2h
-      --ske-custom-endpoint                SKE API base URL. If unset, uses the default base URL
-      --sqlserverflex-custom-endpoint      SQLServer Flex API base URL. If unset, uses the default base URL
-      --verbosity                          Verbosity of the CLI
+      --argus-custom-endpoint               Argus API base URL. If unset, uses the default base URL
+      --async                               Configuration option to run commands asynchronously
+      --authorization-custom-endpoint       Authorization API base URL. If unset, uses the default base URL
+      --dns-custom-endpoint                 DNS API base URL. If unset, uses the default base URL
+  -h, --help                                Help for "stackit config unset"
+      --identity-provider-custom-endpoint   Identity Provider base URL. If unset, uses the default base URL
+      --load-balancer-custom-endpoint       Load Balancer API base URL. If unset, uses the default base URL
+      --logme-custom-endpoint               LogMe API base URL. If unset, uses the default base URL
+      --mariadb-custom-endpoint             MariaDB API base URL. If unset, uses the default base URL
+      --mongodbflex-custom-endpoint         MongoDB Flex API base URL. If unset, uses the default base URL
+      --object-storage-custom-endpoint      Object Storage API base URL. If unset, uses the default base URL
+      --opensearch-custom-endpoint          OpenSearch API base URL. If unset, uses the default base URL
+      --output-format                       Output format
+      --postgresflex-custom-endpoint        PostgreSQL Flex API base URL. If unset, uses the default base URL
+      --project-id                          Project ID
+      --rabbitmq-custom-endpoint            RabbitMQ API base URL. If unset, uses the default base URL
+      --redis-custom-endpoint               Redis API base URL. If unset, uses the default base URL
+      --resource-manager-custom-endpoint    Resource Manager API base URL. If unset, uses the default base URL
+      --secrets-manager-custom-endpoint     Secrets Manager API base URL. If unset, uses the default base URL
+      --serverbackup-custom-endpoint        Server Backup base URL. If unset, uses the default base URL
+      --service-account-custom-endpoint     SKE API base URL. If unset, uses the default base URL
+      --session-time-limit                  Maximum time before authentication is required again. If unset, defaults to 2h
+      --ske-custom-endpoint                 SKE API base URL. If unset, uses the default base URL
+      --sqlserverflex-custom-endpoint       SQLServer Flex API base URL. If unset, uses the default base URL
+      --verbosity                           Verbosity of the CLI
 ```
 
 ### Options inherited from parent commands
 
@@ -17,7 +17,8 @@ import (
 )
 
 const (
-	sessionTimeLimitFlag = "session-time-limit"
+	sessionTimeLimitFlag               = "session-time-limit"
+	identityProviderCustomEndpointFlag = "identity-provider-custom-endpoint"
 
 	argusCustomEndpointFlag           = "argus-custom-endpoint"
 	authorizationCustomEndpointFlag   = "authorization-custom-endpoint"
@@ -124,7 +125,7 @@ Use "{{.CommandPath}} [command] --help" for more information about a command.{{e
 
 func configureFlags(cmd *cobra.Command) {
 	cmd.Flags().String(sessionTimeLimitFlag, "", "Maximum time before authentication is required again. After this time, you will be prompted to login again to execute commands that require authentication. Can't be larger than 24h. Requires authentication after being set to take effect. Examples: 3h, 5h30m40s (BETA: currently values greater than 2h have no effect)")
-
+	cmd.Flags().String(identityProviderCustomEndpointFlag, "", "Identity Provider base URL, used for user authentication")
 	cmd.Flags().String(argusCustomEndpointFlag, "", "Argus API base URL, used in calls to this API")
 	cmd.Flags().String(authorizationCustomEndpointFlag, "", "Authorization API base URL, used in calls to this API")
 	cmd.Flags().String(dnsCustomEndpointFlag, "", "DNS API base URL, used in calls to this API")
@@ -144,7 +145,12 @@ func configureFlags(cmd *cobra.Command) {
 	cmd.Flags().String(skeCustomEndpointFlag, "", "SKE API base URL, used in calls to this API")
 	cmd.Flags().String(sqlServerFlexCustomEndpointFlag, "", "SQLServer Flex API base URL, used in calls to this API")
 
-	err := viper.BindPFlag(config.ArgusCustomEndpointKey, cmd.Flags().Lookup(argusCustomEndpointFlag))
+	err := viper.BindPFlag(config.SessionTimeLimitKey, cmd.Flags().Lookup(sessionTimeLimitFlag))
+	cobra.CheckErr(err)
+	err = viper.BindPFlag(config.IdentityProviderCustomEndpointKey, cmd.Flags().Lookup(identityProviderCustomEndpointFlag))
+	cobra.CheckErr(err)
+
+	err = viper.BindPFlag(config.ArgusCustomEndpointKey, cmd.Flags().Lookup(argusCustomEndpointFlag))
 	cobra.CheckErr(err)
 	err = viper.BindPFlag(config.AuthorizationCustomEndpointKey, cmd.Flags().Lookup(authorizationCustomEndpointFlag))
 	cobra.CheckErr(err)
 
@@ -20,7 +20,8 @@ const (
 	projectIdFlag    = globalflags.ProjectIdFlag
 	verbosityFlag    = globalflags.VerbosityFlag
 
-	sessionTimeLimitFlag = "session-time-limit"
+	sessionTimeLimitFlag               = "session-time-limit"
+	identityProviderCustomEndpointFlag = "identity-provider-custom-endpoint"
 
 	argusCustomEndpointFlag           = "argus-custom-endpoint"
 	authorizationCustomEndpointFlag   = "authorization-custom-endpoint"
@@ -43,11 +44,13 @@ const (
 )
 
 type inputModel struct {
-	Async            bool
-	OutputFormat     bool
-	ProjectId        bool
-	SessionTimeLimit bool
-	Verbosity        bool
+	Async        bool
+	OutputFormat bool
+	ProjectId    bool
+	Verbosity    bool
+
+	SessionTimeLimit               bool
+	IdentityProviderCustomEndpoint bool
 
 	ArgusCustomEndpoint           bool
 	AuthorizationCustomEndpoint   bool
@@ -98,11 +101,15 @@ func NewCmd(p *print.Printer) *cobra.Command {
 			if model.ProjectId {
 				viper.Set(config.ProjectIdKey, "")
 			}
+			if model.Verbosity {
+				viper.Set(config.VerbosityKey, globalflags.VerbosityDefault)
+			}
+
 			if model.SessionTimeLimit {
 				viper.Set(config.SessionTimeLimitKey, config.SessionTimeLimitDefault)
 			}
-			if model.Verbosity {
-				viper.Set(config.VerbosityKey, globalflags.VerbosityDefault)
+			if model.IdentityProviderCustomEndpoint {
+				viper.Set(config.IdentityProviderCustomEndpointKey, "")
 			}
 
 			if model.ArgusCustomEndpoint {
@@ -175,9 +182,11 @@ func configureFlags(cmd *cobra.Command) {
 	cmd.Flags().Bool(asyncFlag, false, "Configuration option to run commands asynchronously")
 	cmd.Flags().Bool(projectIdFlag, false, "Project ID")
 	cmd.Flags().Bool(outputFormatFlag, false, "Output format")
-	cmd.Flags().Bool(sessionTimeLimitFlag, false, fmt.Sprintf("Maximum time before authentication is required again. If unset, defaults to %s", config.SessionTimeLimitDefault))
 	cmd.Flags().Bool(verbosityFlag, false, "Verbosity of the CLI")
 
+	cmd.Flags().Bool(sessionTimeLimitFlag, false, fmt.Sprintf("Maximum time before authentication is required again. If unset, defaults to %s", config.SessionTimeLimitDefault))
+	cmd.Flags().Bool(identityProviderCustomEndpointFlag, false, "Identity Provider base URL. If unset, uses the default base URL")
+
 	cmd.Flags().Bool(argusCustomEndpointFlag, false, "Argus API base URL. If unset, uses the default base URL")
 	cmd.Flags().Bool(authorizationCustomEndpointFlag, false, "Authorization API base URL. If unset, uses the default base URL")
 	cmd.Flags().Bool(dnsCustomEndpointFlag, false, "DNS API base URL. If unset, uses the default base URL")
@@ -200,11 +209,13 @@ func configureFlags(cmd *cobra.Command) {
 
 func parseInput(p *print.Printer, cmd *cobra.Command) *inputModel {
 	model := inputModel{
-		Async:            flags.FlagToBoolValue(p, cmd, asyncFlag),
-		OutputFormat:     flags.FlagToBoolValue(p, cmd, outputFormatFlag),
-		ProjectId:        flags.FlagToBoolValue(p, cmd, projectIdFlag),
-		SessionTimeLimit: flags.FlagToBoolValue(p, cmd, sessionTimeLimitFlag),
-		Verbosity:        flags.FlagToBoolValue(p, cmd, verbosityFlag),
+		Async:        flags.FlagToBoolValue(p, cmd, asyncFlag),
+		OutputFormat: flags.FlagToBoolValue(p, cmd, outputFormatFlag),
+		ProjectId:    flags.FlagToBoolValue(p, cmd, projectIdFlag),
+		Verbosity:    flags.FlagToBoolValue(p, cmd, verbosityFlag),
+
+		SessionTimeLimit:               flags.FlagToBoolValue(p, cmd, sessionTimeLimitFlag),
+		IdentityProviderCustomEndpoint: flags.FlagToBoolValue(p, cmd, identityProviderCustomEndpointFlag),
 
 		ArgusCustomEndpoint:           flags.FlagToBoolValue(p, cmd, argusCustomEndpointFlag),
 		AuthorizationCustomEndpoint:   flags.FlagToBoolValue(p, cmd, authorizationCustomEndpointFlag),
 
@@ -11,11 +11,13 @@ import (
 
 func fixtureFlagValues(mods ...func(flagValues map[string]bool)) map[string]bool {
 	flagValues := map[string]bool{
-		asyncFlag:            true,
-		outputFormatFlag:     true,
-		projectIdFlag:        true,
-		sessionTimeLimitFlag: true,
-		verbosityFlag:        true,
+		asyncFlag:        true,
+		outputFormatFlag: true,
+		projectIdFlag:    true,
+		verbosityFlag:    true,
+
+		sessionTimeLimitFlag:               true,
+		identityProviderCustomEndpointFlag: true,
 
 		argusCustomEndpointFlag:           true,
 		authorizationCustomEndpointFlag:   true,
@@ -42,11 +44,13 @@ func fixtureFlagValues(mods ...func(flagValues map[string]bool)) map[string]bool
 
 func fixtureInputModel(mods ...func(model *inputModel)) *inputModel {
 	model := &inputModel{
-		Async:            true,
-		OutputFormat:     true,
-		ProjectId:        true,
-		SessionTimeLimit: true,
-		Verbosity:        true,
+		Async:        true,
+		OutputFormat: true,
+		ProjectId:    true,
+		Verbosity:    true,
+
+		SessionTimeLimit:               true,
+		IdentityProviderCustomEndpoint: true,
 
 		ArgusCustomEndpoint:           true,
 		AuthorizationCustomEndpoint:   true,
@@ -92,9 +96,11 @@ func TestParseInput(t *testing.T) {
 				model.Async = false
 				model.OutputFormat = false
 				model.ProjectId = false
-				model.SessionTimeLimit = false
 				model.Verbosity = false
 
+				model.SessionTimeLimit = false
+				model.IdentityProviderCustomEndpoint = false
+
 				model.ArgusCustomEndpoint = false
 				model.AuthorizationCustomEndpoint = false
 				model.DNSCustomEndpoint = false
@@ -133,6 +139,16 @@ func TestParseInput(t *testing.T) {
 				model.OutputFormat = false
 			}),
 		},
+		{
+			description: "identity provider custom endpoint empty",
+			flagValues: fixtureFlagValues(func(flagValues map[string]bool) {
+				flagValues[identityProviderCustomEndpointFlag] = false
+			}),
+			isValid: true,
+			expectedModel: fixtureInputModel(func(model *inputModel) {
+				model.IdentityProviderCustomEndpoint = false
+			}),
+		},
 		{
 			description: "argus custom endpoint empty",
 			flagValues: fixtureFlagValues(func(flagValues map[string]bool) {
 
@@ -6,7 +6,6 @@ import (
 	"io"
 	"net/http"
 	"net/http/httputil"
-	"net/url"
 	"os"
 	"strings"
 	"time"
@@ -17,6 +16,7 @@ import (
 	"github.com/stackitcloud/stackit-cli/internal/pkg/examples"
 	"github.com/stackitcloud/stackit-cli/internal/pkg/flags"
 	"github.com/stackitcloud/stackit-cli/internal/pkg/print"
+	"github.com/stackitcloud/stackit-cli/internal/pkg/utils"
 
 	"github.com/spf13/cobra"
 )
@@ -67,7 +67,7 @@ func NewCmd(p *print.Printer) *cobra.Command {
 				`$ stackit curl https://dns.api.stackit.cloud/v1/projects/xxx/zones -X POST -H "Authorization: Bearer yyy" --fail`,
 			),
 		),
-		Args: args.SingleArg(urlArg, validateURL),
+		Args: args.SingleArg(urlArg, utils.ValidateSTACKITURL),
 		RunE: func(cmd *cobra.Command, args []string) (err error) {
 			model, err := parseInput(p, cmd, args)
 			if err != nil {
@@ -113,21 +113,6 @@ func NewCmd(p *print.Printer) *cobra.Command {
 	return cmd
 }
 
-func validateURL(value string) error {
-	urlStruct, err := url.Parse(value)
-	if err != nil {
-		return fmt.Errorf("parse URL: %w", err)
-	}
-	urlHost := urlStruct.Hostname()
-	if urlHost == "" {
-		return fmt.Errorf("bad url")
-	}
-	if !strings.HasSuffix(urlHost, "stackit.cloud") {
-		return fmt.Errorf("only urls belonging to STACKIT are permitted, hostname must end in stackit.cloud")
-	}
-	return nil
-}
-
 func configureFlags(cmd *cobra.Command) {
 	requestMethodOptions := []string{
 		http.MethodGet,