Merge pull request #115 from josephschorr/insecure

Store insecure in the context and use automatically if present

cmd/zed/context.go

@@ -76,19 +76,24 @@ func contextListCmdFunc(cmd *cobra.Command, args []string) error {
 		}
 		secret := token.APIToken
 		if !cobrautil.MustGetBool(cmd, "reveal-tokens") {
-			prefix, _ := token.SplitAPIToken()
-			secret = stringz.Join("_", prefix, "<redacted>")
+			secret = token.Redacted()
+		}
+
+		insecureStr := ""
+		if token.IsInsecure() {
+			insecureStr = "   ✓    "
 		}
 
 		rows = append(rows, []string{
 			current,
 			token.Name,
 			token.Endpoint,
 			secret,
+			insecureStr,
 		})
 	}
 
-	printers.PrintTable(os.Stdout, []string{"current", "name", "endpoint", "token"}, rows)
+	printers.PrintTable(os.Stdout, []string{"current", "name", "endpoint", "token", "insecure"}, rows)
 
 	return nil
 }
@@ -100,11 +105,13 @@ func contextSetCmdFunc(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
+	insecure := cobrautil.MustGetBool(cmd, "insecure")
 	cfgStore, secretStore := defaultStorage()
 	err = storage.PutToken(storage.Token{
 		Name:     name,
 		Endpoint: stringz.DefaultEmpty(endpoint, "grpc.authzed.com:443"),
 		APIToken: apiToken,
+		Insecure: &insecure,
 	}, secretStore)
 	if err != nil {
 		return err

cmd/zed/experiment.go

@@ -66,7 +66,7 @@ func NewImportPostgresCmd(ctx context.Context, streams streams.IO) *cobra.Comman
 			if err != nil {
 				return err
 			}
-			client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+			client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 			if err != nil {
 				return err
 			}
@@ -98,7 +98,7 @@ func opaPreRunCmdFunc(cmd *cobra.Command, args []string) error {
 	}
 	log.Trace().Interface("token", token).Send()
 
-	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 	if err != nil {
 		return err
 	}

cmd/zed/import.go

@@ -73,7 +73,7 @@ func importCmdFunc(cmd *cobra.Command, args []string) error {
 	}
 	log.Trace().Interface("token", token).Send()
 
-	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 	if err != nil {
 		return err
 	}

cmd/zed/main.go

@@ -36,7 +36,7 @@ func defaultStorage() (storage.ConfigStore, storage.SecretStore) {
 	return storage.JSONConfigStore{ConfigPath: home}, storage.KeychainSecretStore{ConfigPath: home}
 }
 
-func dialOptsFromFlags(cmd *cobra.Command, token string) []grpc.DialOption {
+func dialOptsFromFlags(cmd *cobra.Command, token storage.Token) []grpc.DialOption {
 	opts := []grpc.DialOption{
 		grpc.WithUnaryInterceptor(zgrpcutil.LogDispatchTrailers),
 	}
@@ -45,11 +45,11 @@ func dialOptsFromFlags(cmd *cobra.Command, token string) []grpc.DialOption {
 		opts = append(opts, grpc.WithUnaryInterceptor(zgrpcutil.CheckServerVersion))
 	}
 
-	if cobrautil.MustGetBool(cmd, "insecure") {
+	if cobrautil.MustGetBool(cmd, "insecure") || (token.IsInsecure()) {
 		opts = append(opts, grpc.WithTransportCredentials(insecure.NewCredentials()))
-		opts = append(opts, grpcutil.WithInsecureBearerToken(token))
+		opts = append(opts, grpcutil.WithInsecureBearerToken(token.APIToken))
 	} else {
-		opts = append(opts, grpcutil.WithBearerToken(token))
+		opts = append(opts, grpcutil.WithBearerToken(token.APIToken))
 		opts = append(opts, grpcutil.WithSystemCerts(cobrautil.MustGetBool(cmd, "no-verify-ca")))
 	}
 

cmd/zed/permission.go

@@ -99,7 +99,7 @@ func checkCmdFunc(cmd *cobra.Command, args []string) error {
 	}
 	log.Trace().Interface("token", token).Send()
 
-	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 	if err != nil {
 		return err
 	}
@@ -164,7 +164,7 @@ func expandCmdFunc(cmd *cobra.Command, args []string) error {
 	}
 	log.Trace().Interface("token", token).Send()
 
-	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 	if err != nil {
 		return err
 	}
@@ -224,7 +224,7 @@ func lookupCmdFunc(cmd *cobra.Command, args []string) error {
 	}
 	log.Trace().Interface("token", token).Send()
 
-	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 	if err != nil {
 		return err
 	}

cmd/zed/relationship.go

@@ -109,7 +109,7 @@ func bulkDeleteRelationships(cmd *cobra.Command, args []string) error {
 	}
 	log.Trace().Interface("token", token).Send()
 
-	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 	if err != nil {
 		return err
 	}
@@ -262,7 +262,7 @@ func readRelationships(cmd *cobra.Command, args []string) error {
 	}
 	log.Trace().Interface("token", token).Send()
 
-	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 	if err != nil {
 		return err
 	}
@@ -327,7 +327,7 @@ func writeRelationshipCmdFunc(operation v1.RelationshipUpdate_Operation) func(cm
 		}
 		log.Trace().Interface("token", token).Send()
 
-		client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+		client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 		if err != nil {
 			return err
 		}

cmd/zed/schema.go

@@ -84,7 +84,7 @@ func schemaReadCmdFunc(cmd *cobra.Command, args []string) error {
 	}
 	log.Trace().Interface("token", token).Send()
 
-	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 	if err != nil {
 		return err
 	}
@@ -128,7 +128,7 @@ func schemaWriteCmdFunc(cmd *cobra.Command, args []string) error {
 	}
 	log.Trace().Interface("token", token).Send()
 
-	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+	client, err := authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 	if err != nil {
 		return err
 	}
@@ -215,7 +215,7 @@ func clientForContext(cmd *cobra.Command, contextName string, secretStore storag
 	}
 	log.Trace().Interface("token", token).Send()
 
-	return authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token.APIToken)...)
+	return authzed.NewClient(token.Endpoint, dialOptsFromFlags(cmd, token)...)
 }
 
 func schemaCopyCmdFunc(cmd *cobra.Command, args []string) error {

internal/storage/config.go

@@ -53,6 +53,7 @@ func DefaultToken(overrideEndpoint, overrideAPIToken string, cs ConfigStore, ss
 		Name:     token.Name,
 		Endpoint: stringz.DefaultEmpty(overrideEndpoint, token.Endpoint),
 		APIToken: stringz.DefaultEmpty(overrideAPIToken, token.APIToken),
+		Insecure: token.Insecure,
 	}, nil
 }
 

internal/storage/secrets.go

@@ -9,6 +9,7 @@ import (
 	"strings"
 
 	"github.com/99designs/keyring"
+	"github.com/jzelinskie/stringz"
 	"golang.org/x/term"
 )
 
@@ -19,6 +20,20 @@ type Token struct {
 	Name     string
 	Endpoint string
 	APIToken string
+	Insecure *bool
+}
+
+func (t Token) IsInsecure() bool {
+	return t.Insecure != nil && *t.Insecure
+}
+
+func (t Token) Redacted() string {
+	prefix, _ := t.SplitAPIToken()
+	if prefix == "" {
+		return "<redacted>"
+	}
+
+	return stringz.Join("_", prefix, "<redacted>")
 }
 
 func (t Token) SplitAPIToken() (prefix, secret string) {