From 2b07993bd53c29e55344e8d967ef9ca921d75944 Mon Sep 17 00:00:00 2001
From: Joseph Schorr <josephschorr@users.noreply.github.com>
Date: Thu, 28 Apr 2022 16:59:18 -0400
Subject: [PATCH] Store insecure in the context and use automatically if
 present

Fixes #63
---
 cmd/zed/context.go          | 13 ++++++++++---
 cmd/zed/experiment.go       |  4 ++--
 cmd/zed/import.go           |  2 +-
 cmd/zed/main.go             |  8 ++++----
 cmd/zed/permission.go       |  6 +++---
 cmd/zed/relationship.go     |  6 +++---
 cmd/zed/schema.go           |  6 +++---
 internal/storage/config.go  |  1 +
 internal/storage/secrets.go | 15 +++++++++++++++
 9 files changed, 42 insertions(+), 19 deletions(-)

diff --git a/cmd/zed/context.go b/cmd/zed/context.go
index d918be75..bbb4991e 100644
--- a/cmd/zed/context.go
+++ b/cmd/zed/context.go
@@ -76,8 +76,12 @@ func contextListCmdFunc(cmd *cobra.Command, args []string) error {
 		}
 		secret := token.APIToken
 		if !cobrautil.MustGetBool(cmd, "reveal-tokens") {
-			prefix, _ := token.SplitAPIToken()
-			secret = stringz.Join("_", prefix, "<redacted>")
+			secret = token.Redacted()
+		}
+
+		insecureStr := ""
+		if token.IsInsecure() {
+			insecureStr = "   ✓    "
 		}
 
 		rows = append(rows, []string{
@@ -85,10 +89,11 @@ func contextListCmdFunc(cmd *cobra.Command, args []string) error {
 			token.Name,
 			token.Endpoint,
 			secret,
+			insecureStr,
 		})
 	}
 
-	printers.PrintTable(os.Stdout, []string{"current", "name", "endpoint", "token"}, rows)
+	printers.PrintTable(os.Stdout, []string{"current", "name", "endpoint", "token", "insecure"}, rows)
 
 	return nil
 }
@@ -100,11 +105,13 @@ func contextSetCmdFunc(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	insecure := cobrautil.MustGetBool(cmd, "insecure")
 	cfgStore, secretStore := defaultStorage()
 	err = storage.PutToken(storage.Token{
 		Name:     name,
 		Endpoint: stringz.DefaultEmpty(endpoint, "grpc.authzed.com:443"),
 		APIToken: apiToken,
+		Insecure: &insecure,
 	}, secretStore)
 	if err != nil {
 		return err
diff --git a/cmd/zed/experiment.go b/cmd/zed/experiment.go
index 8904e8a0..aedb182f 100644
--- a/cmd/zed/experiment.go
+++ b/cmd/zed/experiment.go
@@ -66,7 +66,7 @@ func NewImportPostgresCmd(ctx context.Context, streams streams.IO) *cobra.Comman
 			if err != nil {
 				return err
 			}
-			client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+			client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 			if err != nil {
 				return err
 			}
@@ -98,7 +98,7 @@ func opaPreRunCmdFunc(cmd *cobra.Command, args []string) error {
 	}
 	log.Trace().Interface("token", token).Send()
 
-	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/zed/import.go b/cmd/zed/import.go
index 45dbaf34..b0fd21a2 100644
--- a/cmd/zed/import.go
+++ b/cmd/zed/import.go
@@ -73,7 +73,7 @@ func importCmdFunc(cmd *cobra.Command, args []string) error {
 	}
 	log.Trace().Interface("token", token).Send()
 
-	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/zed/main.go b/cmd/zed/main.go
index 958b87cd..5ee3a3ea 100644
--- a/cmd/zed/main.go
+++ b/cmd/zed/main.go
@@ -36,7 +36,7 @@ func defaultStorage() (storage.ConfigStore, storage.SecretStore) {
 	return storage.JSONConfigStore{ConfigPath: home}, storage.KeychainSecretStore{ConfigPath: home}
 }
 
-func dialOptsFromFlags(cmd *cobra.Command, token string) []grpc.DialOption {
+func dialOptsFromFlags(cmd *cobra.Command, token storage.Token) []grpc.DialOption {
 	opts := []grpc.DialOption{
 		grpc.WithUnaryInterceptor(zgrpcutil.LogDispatchTrailers),
 	}
@@ -45,11 +45,11 @@ func dialOptsFromFlags(cmd *cobra.Command, token string) []grpc.DialOption {
 		opts = append(opts, grpc.WithUnaryInterceptor(zgrpcutil.CheckServerVersion))
 	}
 
-	if cobrautil.MustGetBool(cmd, "insecure") {
+	if cobrautil.MustGetBool(cmd, "insecure") || (token.IsInsecure()) {
 		opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))
-		opts = append(opts, grpcutil.WithInsecureBearerToken(token))
+		opts = append(opts, grpcutil.WithInsecureBearerToken(token.APIToken))
 	} else {
-		opts = append(opts, grpcutil.WithBearerToken(token))
+		opts = append(opts, grpcutil.WithBearerToken(token.APIToken))
 		opts = append(opts, grpcutil.WithSystemCerts(cobrautil.MustGetBool(cmd, "no-verify-ca")))
 	}
 
diff --git a/cmd/zed/permission.go b/cmd/zed/permission.go
index 0262333b..6469c0b6 100644
--- a/cmd/zed/permission.go
+++ b/cmd/zed/permission.go
@@ -99,7 +99,7 @@ func checkCmdFunc(cmd *cobra.Command, args []string) error {
 	}
 	log.Trace().Interface("token", token).Send()
 
-	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 	if err != nil {
 		return err
 	}
@@ -164,7 +164,7 @@ func expandCmdFunc(cmd *cobra.Command, args []string) error {
 	}
 	log.Trace().Interface("token", token).Send()
 
-	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 	if err != nil {
 		return err
 	}
@@ -224,7 +224,7 @@ func lookupCmdFunc(cmd *cobra.Command, args []string) error {
 	}
 	log.Trace().Interface("token", token).Send()
 
-	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/zed/relationship.go b/cmd/zed/relationship.go
index 45628737..ce3825ad 100644
--- a/cmd/zed/relationship.go
+++ b/cmd/zed/relationship.go
@@ -109,7 +109,7 @@ func bulkDeleteRelationships(cmd *cobra.Command, args []string) error {
 	}
 	log.Trace().Interface("token", token).Send()
 
-	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 	if err != nil {
 		return err
 	}
@@ -262,7 +262,7 @@ func readRelationships(cmd *cobra.Command, args []string) error {
 	}
 	log.Trace().Interface("token", token).Send()
 
-	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 	if err != nil {
 		return err
 	}
@@ -327,7 +327,7 @@ func writeRelationshipCmdFunc(operation v1.RelationshipUpdate_Operation) func(cm
 		}
 		log.Trace().Interface("token", token).Send()
 
-		client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+		client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 		if err != nil {
 			return err
 		}
diff --git a/cmd/zed/schema.go b/cmd/zed/schema.go
index 7121b8aa..97783ae4 100644
--- a/cmd/zed/schema.go
+++ b/cmd/zed/schema.go
@@ -84,7 +84,7 @@ func schemaReadCmdFunc(cmd *cobra.Command, args []string) error {
 	}
 	log.Trace().Interface("token", token).Send()
 
-	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 	if err != nil {
 		return err
 	}
@@ -128,7 +128,7 @@ func schemaWriteCmdFunc(cmd *cobra.Command, args []string) error {
 	}
 	log.Trace().Interface("token", token).Send()
 
-	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 	if err != nil {
 		return err
 	}
@@ -215,7 +215,7 @@ func clientForContext(cmd *cobra.Command, contextName string, secretStore storag
 	}
 	log.Trace().Interface("token", token).Send()
 
-	return authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+	return authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 }
 
 func schemaCopyCmdFunc(cmd *cobra.Command, args []string) error {
diff --git a/internal/storage/config.go b/internal/storage/config.go
index a9df5300..c578d91c 100644
--- a/internal/storage/config.go
+++ b/internal/storage/config.go
@@ -53,6 +53,7 @@ func DefaultToken(overrideEndpoint, overrideAPIToken string, cs ConfigStore, ss
 		Name:     token.Name,
 		Endpoint: stringz.DefaultEmpty(overrideEndpoint, token.Endpoint),
 		APIToken: stringz.DefaultEmpty(overrideAPIToken, token.APIToken),
+		Insecure: token.Insecure,
 	}, nil
 }
 
diff --git a/internal/storage/secrets.go b/internal/storage/secrets.go
index 265bdba3..618cb90e 100644
--- a/internal/storage/secrets.go
+++ b/internal/storage/secrets.go
@@ -9,6 +9,7 @@ import (
 	"strings"
 
 	"github.com/99designs/keyring"
+	"github.com/jzelinskie/stringz"
 	"golang.org/x/term"
 )
 
@@ -19,6 +20,20 @@ type Token struct {
 	Name     string
 	Endpoint string
 	APIToken string
+	Insecure *bool
+}
+
+func (t Token) IsInsecure() bool {
+	return t.Insecure != nil && *t.Insecure
+}
+
+func (t Token) Redacted() string {
+	prefix, _ := t.SplitAPIToken()
+	if prefix == "" {
+		return "<redacted>"
+	}
+
+	return stringz.Join("_", prefix, "<redacted>")
 }
 
 func (t Token) SplitAPIToken() (prefix, secret string) {