review

Author: patelspratik

pkg/auth/auth.go

@@ -103,37 +103,38 @@ type Auth struct {
 
 const BrevAPIKeyPrefix = "bak-"
 
-type TokenProvider interface {
-	GetAccessToken() (string, error)
-}
+const MissingAPIKeyOrgIDMessage = "api key auth requires an org id; run brev login --api-key <api-key> --org-id <org-id>"
 
-type APIKeyOrgProvider interface {
+type APIKeyAuthStore interface {
 	GetAuthTokens() (*entity.AuthTokens, error)
 }
 
 func IsBrevAPIKey(token string) bool {
 	return strings.HasPrefix(strings.TrimSpace(token), BrevAPIKeyPrefix)
 }
 
-func IsAPIKeyAuthStore(tokenProvider TokenProvider) bool {
-	token, err := tokenProvider.GetAccessToken()
+func IsAPIKeyAuthStore(authTokensProvider APIKeyAuthStore) bool {
+	tokens, err := authTokensProvider.GetAuthTokens()
 	if err != nil {
 		return false
 	}
-	return IsBrevAPIKey(token)
+	if tokens == nil {
+		return false
+	}
+	return IsBrevAPIKey(tokens.APIKey)
 }
 
-func GetAPIKeyOrgID(authTokensProvider APIKeyOrgProvider) (string, error) {
+func GetAPIKeyOrgID(authTokensProvider APIKeyAuthStore) (string, error) {
 	tokens, err := authTokensProvider.GetAuthTokens()
 	if err != nil {
 		return "", breverrors.WrapAndTrace(err)
 	}
 	if tokens == nil {
-		return "", breverrors.NewValidationError("api key auth requires an org id; run brev login --api-key <api-key> --org-id <org-id>")
+		return "", breverrors.NewValidationError(MissingAPIKeyOrgIDMessage)
 	}
 	orgID := strings.TrimSpace(tokens.APIKeyOrgID)
 	if orgID == "" {
-		return "", breverrors.NewValidationError("api key auth requires an org id; run brev login --api-key <api-key> --org-id <org-id>")
+		return "", breverrors.NewValidationError(MissingAPIKeyOrgIDMessage)
 	}
 	return orgID, nil
 }
@@ -183,11 +184,8 @@ func (t Auth) GetFreshAccessTokenOrNil() (string, error) {
 		return "", nil
 	}
 
-	if tokens.APIKey != "" {
-		apiKey := strings.TrimSpace(tokens.APIKey)
-		if apiKey == "" {
-			return "", breverrors.NewValidationError("api key is empty")
-		}
+	apiKey := strings.TrimSpace(tokens.APIKey)
+	if apiKey != "" {
 		return apiKey, nil
 	}
 
@@ -277,7 +275,7 @@ func (t Auth) LoginWithAPIKey(apiKey string, orgID string) error {
 	}
 	orgID = strings.TrimSpace(orgID)
 	if orgID == "" {
-		return breverrors.NewValidationError("org-id is required with api-key")
+		return breverrors.NewValidationError(MissingAPIKeyOrgIDMessage)
 	}
 
 	tokens, err := t.getSavedTokensOrNil()

pkg/auth/auth_test.go

@@ -8,6 +8,7 @@ import (
 	"github.com/brevdev/brev-cli/pkg/entity"
 	breverrors "github.com/brevdev/brev-cli/pkg/errors"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	"github.com/stretchr/testify/suite"
 )
 
@@ -94,6 +95,41 @@ func TestIsBrevAPIKey(t *testing.T) {
 	assert.False(t, IsBrevAPIKey(""))
 }
 
+type sideEffectingTokenStore struct {
+	tokens               *entity.AuthTokens
+	getAccessTokenCalled bool
+}
+
+func (s *sideEffectingTokenStore) GetAuthTokens() (*entity.AuthTokens, error) {
+	return s.tokens, nil
+}
+
+func (s *sideEffectingTokenStore) GetAccessToken() (string, error) {
+	s.getAccessTokenCalled = true
+	return testAPIKey, nil
+}
+
+func TestIsAPIKeyAuthStore_ReadsSavedTokensWithoutAccessTokenSideEffects(t *testing.T) {
+	s := &sideEffectingTokenStore{
+		tokens: &entity.AuthTokens{APIKey: testAPIKey},
+	}
+
+	assert.True(t, IsAPIKeyAuthStore(s))
+	assert.False(t, s.getAccessTokenCalled)
+}
+
+func TestIsAPIKeyAuthStore_LegacyCredentialsAreNotAPIKeyAuth(t *testing.T) {
+	s := &sideEffectingTokenStore{
+		tokens: &entity.AuthTokens{
+			AccessToken:  validToken,
+			RefreshToken: "refresh",
+		},
+	}
+
+	assert.False(t, IsAPIKeyAuthStore(s))
+	assert.False(t, s.getAccessTokenCalled)
+}
+
 func TestGetFreshAccessTokenOrNil_APIKeySkipsJWTValidationAndRefresh(t *testing.T) {
 	s := MockAuthStore{authTokens: &entity.AuthTokens{
 		AccessToken:  "expired-jwt",
@@ -202,8 +238,11 @@ func TestLoginWithAPIKey_EmptyOrgIDReturnsError(t *testing.T) {
 
 func TestStandardLogin_APIKeyCredentialDoesNotProbeOAuthProviders(t *testing.T) {
 	oldStdout := os.Stdout
+	t.Cleanup(func() {
+		os.Stdout = oldStdout
+	})
 	readPipe, writePipe, err := os.Pipe()
-	assert.NoError(t, err)
+	require.NoError(t, err)
 	os.Stdout = writePipe
 
 	_ = StandardLogin("", "", &entity.AuthTokens{

pkg/cmd/completions/completions.go

@@ -9,6 +9,7 @@ import (
 )
 
 type CompletionStore interface {
+	auth.APIKeyAuthStore
 	GetWorkspaces(organizationID string, options *store.GetWorkspacesOptions) ([]entity.Workspace, error)
 	GetActiveOrganizationOrDefault() (*entity.Organization, error)
 	GetCurrentUser() (*entity.User, error)
@@ -29,7 +30,7 @@ func GetAllWorkspaceNameCompletionHandler(completionStore CompletionStore, t *te
 		}
 
 		var options *store.GetWorkspacesOptions
-		if tokenProvider, ok := completionStore.(auth.TokenProvider); !ok || !auth.IsAPIKeyAuthStore(tokenProvider) {
+		if !auth.IsAPIKeyAuthStore(completionStore) {
 			user, err := completionStore.GetCurrentUser()
 			if err != nil {
 				t.Errprint(err, "")
@@ -55,7 +56,7 @@ func GetAllWorkspaceNameCompletionHandler(completionStore CompletionStore, t *te
 
 func GetOrgsNameCompletionHandler(completionStore CompletionStore, t *terminal.Terminal) CompletionHandler {
 	return func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		if tokenProvider, ok := completionStore.(auth.TokenProvider); ok && auth.IsAPIKeyAuthStore(tokenProvider) {
+		if auth.IsAPIKeyAuthStore(completionStore) {
 			return []string{}, cobra.ShellCompDirectiveNoFileComp
 		}
 

pkg/cmd/delete/delete.go

@@ -100,7 +100,7 @@ func deleteWorkspace(workspaceName string, t *terminal.Terminal, deleteStore Del
 
 func handleAdminUser(err error, deleteStore DeleteStore, piped bool) error {
 	if strings.Contains(err.Error(), "not found") {
-		if tokenProvider, ok := deleteStore.(auth.TokenProvider); ok && auth.IsAPIKeyAuthStore(tokenProvider) {
+		if auth.IsAPIKeyAuthStore(deleteStore) {
 			return breverrors.WrapAndTrace(err)
 		}
 		user, err1 := deleteStore.GetCurrentUser()

pkg/cmd/gpucreate/gpucreate.go

@@ -98,7 +98,7 @@ type GPUCreateStore interface {
 	util.GetWorkspaceByNameOrIDErrStore
 	gpusearch.GPUSearchStore
 	GetActiveOrganizationOrDefault() (*entity.Organization, error)
-	GetAccessToken() (string, error)
+	GetAuthTokens() (*entity.AuthTokens, error)
 	GetCurrentUser() (*entity.User, error)
 	GetWorkspace(workspaceID string) (*entity.Workspace, error)
 	CreateWorkspace(organizationID string, options *store.CreateWorkspacesOptions) (*entity.Workspace, error)

pkg/cmd/gpucreate/gpucreate_test.go

@@ -45,8 +45,8 @@ func (m *MockGPUCreateStore) GetCurrentUser() (*entity.User, error) {
 	return m.User, nil
 }
 
-func (m *MockGPUCreateStore) GetAccessToken() (string, error) {
-	return "", nil
+func (m *MockGPUCreateStore) GetAuthTokens() (*entity.AuthTokens, error) {
+	return nil, nil
 }
 
 func (m *MockGPUCreateStore) GetActiveOrganizationOrDefault() (*entity.Organization, error) {

pkg/cmd/invite/invite.go

@@ -17,12 +17,9 @@ import (
 )
 
 type InviteStore interface {
-	GetWorkspaces(organizationID string, options *store.GetWorkspacesOptions) ([]entity.Workspace, error)
-	GetActiveOrganizationOrDefault() (*entity.Organization, error)
-	GetCurrentUser() (*entity.User, error)
+	completions.CompletionStore
 	GetUsers(queryParams map[string]string) ([]entity.User, error)
 	GetWorkspace(workspaceID string) (*entity.Workspace, error)
-	GetOrganizations(options *store.GetOrganizationsOptions) ([]entity.Organization, error)
 	CreateInviteLink(organizationID string) (string, error)
 }
 

pkg/cmd/login/login.go

@@ -64,7 +64,6 @@ func NewCmdLogin(t *terminal.Terminal, loginStore LoginStore, auth Auth) *cobra.
 	var skipBrowser bool
 	var emailFlag string
 	var authProviderFlag string
-	apiKeyLogin := false
 
 	cmd := &cobra.Command{
 		Annotations:           map[string]string{"configuration": ""},
@@ -75,7 +74,7 @@ func NewCmdLogin(t *terminal.Terminal, loginStore LoginStore, auth Auth) *cobra.
 		Example:               "brev login",
 		Args:                  cmderrors.TransformToValidationError(cobra.NoArgs),
 		RunE: func(cmd *cobra.Command, args []string) error {
-			apiKeyLogin = strings.TrimSpace(apiKey) != ""
+			apiKeyLogin := strings.TrimSpace(apiKey) != ""
 			err := opts.RunLogin(t, loginToken, apiKey, apiKeyOrgID, skipBrowser, emailFlag, authProviderFlag)
 			if err != nil {
 				// if err is ImportIDEConfigError, log err with sentry but continue
@@ -216,7 +215,7 @@ func (o LoginOptions) doApiKeyLogin(t *terminal.Terminal, loginToken string, api
 	apiKey = strings.TrimSpace(apiKey)
 	orgID := strings.TrimSpace(apiKeyOrgID)
 	if orgID == "" {
-		return breverrors.NewValidationError("org-id is required with api-key")
+		return breverrors.NewValidationError(auth.MissingAPIKeyOrgIDMessage)
 	}
 	if err := o.Auth.LoginWithAPIKey(apiKey, orgID); err != nil {
 		return breverrors.WrapAndTrace(err)

pkg/cmd/ls/ls.go

@@ -38,12 +38,11 @@ import (
 type LsStore interface {
 	GetWorkspaces(organizationID string, options *store.GetWorkspacesOptions) ([]entity.Workspace, error)
 	GetActiveOrganizationOrDefault() (*entity.Organization, error)
-	GetCachedActiveOrganizationOrNil() (*entity.Organization, error)
 	GetCurrentUser() (*entity.User, error)
 	GetUsers(queryParams map[string]string) ([]entity.User, error)
 	GetWorkspace(workspaceID string) (*entity.Workspace, error)
 	GetOrganizations(options *store.GetOrganizationsOptions) ([]entity.Organization, error)
-	GetAccessToken() (string, error)
+	externalnode.TokenProvider
 	GetAuthTokens() (*entity.AuthTokens, error)
 	GetInstanceTypes(includeCPU bool) (*gpusearch.InstanceTypesResponse, error)
 	hello.HelloStore
@@ -139,11 +138,14 @@ func getOrgForRunLs(lsStore LsStore, orgflag string, apiKeyAuth bool) (*entity.O
 		if orgflag != "" {
 			return nil, breverrors.NewValidationError("api key auth is scoped to the org saved during login; --org is not supported")
 		}
-		orgID, err := auth.GetAPIKeyOrgID(lsStore)
+		org, err := lsStore.GetActiveOrganizationOrDefault()
 		if err != nil {
 			return nil, breverrors.WrapAndTrace(err)
 		}
-		return &entity.Organization{ID: orgID, Name: orgID}, nil
+		if org == nil {
+			return nil, breverrors.NewValidationError("no orgs exist")
+		}
+		return org, nil
 	}
 
 	if orgflag != "" {

pkg/cmd/ls/ls_test.go

@@ -24,7 +24,6 @@ type mockLsStore struct {
 	org                  *entity.Organization
 	orgs                 []entity.Organization
 	workspaces           []entity.Workspace
-	accessToken          string
 	authTokens           *entity.AuthTokens
 	workspaceOrgID       string
 	currentUserCalls     int
@@ -36,26 +35,26 @@ func (m *mockLsStore) GetCurrentUser() (*entity.User, error) {
 	return m.user, nil
 }
 
-func (m *mockLsStore) GetAccessToken() (string, error) {
-	if m.accessToken != "" {
-		return m.accessToken, nil
-	}
-	return "tok", nil
-}
-
 func (m *mockLsStore) GetAuthTokens() (*entity.AuthTokens, error) {
 	return m.authTokens, nil
 }
 
+func (m *mockLsStore) GetAccessToken() (string, error) {
+	return "tok", nil
+}
+
 func (m *mockLsStore) GetWorkspace(_ string) (*entity.Workspace, error) {
 	return nil, nil
 }
 
 func (m *mockLsStore) GetActiveOrganizationOrDefault() (*entity.Organization, error) {
-	return m.org, nil
-}
-
-func (m *mockLsStore) GetCachedActiveOrganizationOrNil() (*entity.Organization, error) {
+	if m.authTokens != nil && authpkg.IsBrevAPIKey(m.authTokens.APIKey) {
+		orgID, err := authpkg.GetAPIKeyOrgID(m)
+		if err != nil {
+			return nil, err
+		}
+		return &entity.Organization{ID: orgID, Name: m.org.Name}, nil
+	}
 	return m.org, nil
 }
 
@@ -99,7 +98,6 @@ func newTestStore() *mockLsStore {
 
 func TestRunLs_APIKeyJSONSkipsUserAndOrgList(t *testing.T) {
 	s := newTestStore()
-	s.accessToken = testAPIKey
 	s.authTokens = &entity.AuthTokens{APIKey: testAPIKey, APIKeyOrgID: "org1"}
 	s.workspaces = []entity.Workspace{
 		{
@@ -143,7 +141,6 @@ func TestRunLs_APIKeyJSONSkipsUserAndOrgList(t *testing.T) {
 
 func TestRunLs_APIKeyUsesCredentialOrgNotCachedActiveOrg(t *testing.T) {
 	s := newTestStore()
-	s.accessToken = testAPIKey
 	s.authTokens = &entity.AuthTokens{APIKey: testAPIKey, APIKeyOrgID: "org-login"}
 	s.org = &entity.Organization{ID: "org-set", Name: "set-org"}
 	s.workspaces = []entity.Workspace{
@@ -171,9 +168,25 @@ func TestRunLs_APIKeyUsesCredentialOrgNotCachedActiveOrg(t *testing.T) {
 	}
 }
 
+func TestGetOrgForRunLs_APIKeyUsesActiveOrgDisplayName(t *testing.T) {
+	s := newTestStore()
+	s.authTokens = &entity.AuthTokens{APIKey: testAPIKey, APIKeyOrgID: "org-login"}
+	s.org = &entity.Organization{ID: "org-login", Name: "friendly-org"}
+
+	org, err := getOrgForRunLs(s, "", true)
+	if err != nil {
+		t.Fatalf("getOrgForRunLs returned error: %v", err)
+	}
+	if org.ID != "org-login" {
+		t.Fatalf("expected org-login, got %s", org.ID)
+	}
+	if org.Name != "friendly-org" {
+		t.Fatalf("expected friendly org name, got %s", org.Name)
+	}
+}
+
 func TestRunLs_APIKeyRequiresCredentialOrg(t *testing.T) {
 	s := newTestStore()
-	s.accessToken = testAPIKey
 	s.authTokens = &entity.AuthTokens{APIKey: testAPIKey}
 	term := terminal.New()