Add Updatecli integration with Udash (updatecli#1344)

* Add updatecli login for authenticating on an API backend

Signed-off-by: Olblak <[email protected]>

* mitigate slowloris attack

handle error

Signed-off-by: Olblak <[email protected]>

* fix logrus error-wrapping directive

Signed-off-by: Olblak <[email protected]>

* Add checkspelling allow word

Signed-off-by: Olblak <[email protected]>

* Update url used to publish report

Signed-off-by: Olblak <[email protected]>

* refactor publish command

Signed-off-by: Olblak <[email protected]>

* Rename target result field OldInformation to information

Signed-off-by: Olblak <[email protected]>

* Remove missing line

Signed-off-by: Olblak <[email protected]>

* show url after publishing

Signed-off-by: Olblak <[email protected]>

* sanitize audience name by removing http scheme

Signed-off-by: Olblak <[email protected]>

* Refactor auth package

Signed-off-by: Olblak <[email protected]>

* Remove pointer in pipeline report

Signed-off-by: Olblak <[email protected]>

* refactor report

Signed-off-by: Olblak <[email protected]>

* Add ID for each result

Signed-off-by: Olblak <[email protected]>

* go mod tidy

Signed-off-by: Olblak <[email protected]>

* Add allow text to spellcheck

Signed-off-by: Olblak <[email protected]>

* fix cross site scripting error

Signed-off-by: Olblak <[email protected]>

* Only run updatecli in experimental mode

Signed-off-by: Olblak <[email protected]>

* Set scm ID

Add reportURL param

Signed-off-by: Olblak <[email protected]>

* Show report url in final report

Signed-off-by: Olblak <[email protected]>

* refactor auth package

Signed-off-by: Olblak <[email protected]>

* Improve report publishing UX

The purpose of this commit is to reduce the need to specify front and
back url by storing those two informations in the configuration file

Then a report API can either be specified using a environment variable
or relying on the default config

Signed-off-by: Olblak <[email protected]>

* handle error

Signed-off-by: Olblak <[email protected]>

* Specify correct return

Signed-off-by: Olblak <[email protected]>

* fix spelling warning

Signed-off-by: Olblak <[email protected]>

* Update pkg/core/result/target.go

Co-authored-by: Damien Duportal <[email protected]>

* Revert "Remove pointer in pipeline report"

This reverts commit fc32d7f.

* Show report url per pipeline

Signed-off-by: Olblak <[email protected]>

* Add dryRun information to target result

Signed-off-by: Olblak <[email protected]>

* Remove reports.Publish in favor of report.Publish

Signed-off-by: Olblak <[email protected]>

* rename OAUTH to Oauth

Signed-off-by: Olblak <[email protected]>

---------

Signed-off-by: Olblak <[email protected]>
Co-authored-by: Damien Duportal <[email protected]>

Author: olblak

.github/actions/spelling/allow.txt

@@ -10,4 +10,13 @@ minoronly
 majoronly
 nce
 WRONLY
+nirasan
+skratchdot
+pkce
+errmsg
+authdata
+APIURL
 oidc
+udash
+Udash
+CLIENTID

cmd/apply.go

@@ -37,6 +37,7 @@ var (
 
 func init() {
 	applyCmd.Flags().StringVarP(&cfgFile, "config", "c", "", "Sets config file or directory. By default, Updatecli looks for a file named 'updatecli.yaml' or a directory named 'updatecli.d'")
+	applyCmd.Flags().StringVar(&oAuthAudience, "reportAPI", "", "Set the report API URL where to publish pipeline reports")
 	applyCmd.Flags().StringArrayVarP(&valuesFiles, "values", "v", []string{}, "Sets values file uses for templating")
 	applyCmd.Flags().StringArrayVar(&secretsFiles, "secrets", []string{}, "Sets Sops secrets file uses for templating")
 

cmd/diff.go

@@ -35,6 +35,7 @@ var (
 
 func init() {
 	diffCmd.Flags().StringVarP(&cfgFile, "config", "c", "", "Sets config file or directory. By default, Updatecli looks for a file named 'updatecli.yaml' or a directory named 'updatecli.d'")
+	diffCmd.Flags().StringVar(&oAuthAudience, "reportAPI", "", "Set the report API URL where to publish pipeline reports")
 	diffCmd.Flags().StringArrayVarP(&valuesFiles, "values", "v", []string{}, "Sets values file uses for templating")
 	diffCmd.Flags().StringArrayVar(&secretsFiles, "secrets", []string{}, "Sets Sops secrets file uses for templating")
 	diffCmd.Flags().BoolVar(&diffClean, "clean", false, "Remove updatecli working directory like '--clean=true'")

cmd/login.go

@@ -0,0 +1,53 @@
+package cmd
+
+import (
+	"os"
+
+	"github.com/sirupsen/logrus"
+
+	"github.com/spf13/cobra"
+)
+
+var (
+	oAuthClientID string
+	oAuthIssuer   string
+	oAuthAudience string
+	endpointURL   string
+
+	loginCmd = &cobra.Command{
+		Use:     "login url",
+		Short:   "[Experimental] login authenticates with the Updatecli service.",
+		Example: "updatecli login app.updatecli.io",
+		Run: func(cmd *cobra.Command, args []string) {
+
+			// TODO: To be removed once not experimental anymore
+			if !experimental {
+				logrus.Warningf("The 'login' feature requires the flag experimental to work, such as:\n\t`updatecli login --experimental`")
+				os.Exit(1)
+			}
+
+			switch len(args) {
+			case 0:
+				logrus.Errorf("missing URL to login to")
+				os.Exit(1)
+			case 1:
+				endpointURL = args[0]
+			default:
+				logrus.Errorf("can only login to one URL at a time")
+				os.Exit(1)
+			}
+
+			err := run("login")
+			if err != nil {
+				logrus.Errorf("command failed")
+				os.Exit(1)
+			}
+		},
+	}
+)
+
+func init() {
+	loginCmd.Flags().StringVar(&oAuthClientID, "oauth-clientId", "", "oauth-clientId defines the Oauth client ID")
+	loginCmd.Flags().StringVar(&oAuthIssuer, "oauth-issuer", "", "oauth-issuer defines the Oauth authentication URL")
+	loginCmd.Flags().StringVar(&oAuthAudience, "oauth-audience", "", "oauth-audience defines the Oauth audience URL")
+}

cmd/root.go

@@ -4,6 +4,7 @@ import (
 	"os"
 
 	"github.com/sirupsen/logrus"
+	"github.com/updatecli/updatecli/pkg/core/auth"
 	"github.com/updatecli/updatecli/pkg/core/cmdoptions"
 	"github.com/updatecli/updatecli/pkg/core/log"
 
@@ -63,6 +64,7 @@ func init() {
 		diffCmd,
 		prepareCmd,
 		manifestCmd,
+		loginCmd,
 		showCmd,
 		versionCmd,
 		docsCmd,
@@ -74,6 +76,7 @@ func run(command string) error {
 
 	switch command {
 	case "apply":
+		auth.Audience = oAuthAudience
 		if applyClean {
 			defer func() {
 				if err := e.Clean(); err != nil {
@@ -94,6 +97,7 @@ func run(command string) error {
 			return err
 		}
 	case "diff":
+		auth.Audience = oAuthAudience
 		if diffClean {
 			defer func() {
 				if err := e.Clean(); err != nil {
@@ -134,6 +138,13 @@ func run(command string) error {
 			return err
 		}
 
+	case "login":
+		err := auth.Login(endpointURL, oAuthClientID, oAuthIssuer, oAuthAudience)
+		if err != nil {
+			logrus.Errorf("%s %s", result.FAILURE, err)
+			return err
+		}
+
 	// Show is deprecated
 	case "show", "manifest/show":
 		if showClean {

go.mod

@@ -43,6 +43,9 @@ require (
 	github.com/invopop/jsonschema v0.7.0
 	github.com/muesli/mango-cobra v1.2.0
 	github.com/muesli/roff v0.1.0
+	github.com/nirasan/go-oauth-pkce-code-verifier v0.0.0-20220510032225-4f9f17eaec4c
+	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
+	github.com/spf13/viper v1.15.0
 	github.com/tomwright/dasel v1.27.3
 	golang.org/x/text v0.10.0
 	golang.org/x/time v0.3.0
@@ -53,7 +56,13 @@ require (
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
+	github.com/spf13/afero v1.9.3 // indirect
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/subosito/gotenv v1.4.2 // indirect
 	github.com/vbatts/tar-split v0.11.3 // indirect
 	go.opentelemetry.io/otel v1.14.0 // indirect
 	go.opentelemetry.io/otel/trace v1.14.0 // indirect
@@ -80,7 +89,7 @@ require (
 	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
 	github.com/acomagu/bufpipe v1.0.4 // indirect
 	github.com/alecthomas/chroma v0.9.2 // indirect
-	github.com/armon/go-metrics v0.3.10 // indirect
+	github.com/armon/go-metrics v0.4.0 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect