RSDK-9424 - CLI profile support (viamrobotics#4631)

Author: stuqdog

cli/app.go

@@ -1,6 +1,7 @@
 package cli
 
 import (
+	"errors"
 	"fmt"
 	"io"
 	"reflect"
@@ -16,11 +17,14 @@ const (
 	configFlag  = "config"
 	debugFlag   = "debug"
 	// TODO(RSDK-9287) - replace with `org-id` and `location-id` flags.
-	organizationFlag = "organization"
-	locationFlag     = "location"
-	machineFlag      = "machine"
-	aliasRobotFlag   = "robot"
-	partFlag         = "part"
+	organizationFlag    = "organization"
+	locationFlag        = "location"
+	machineFlag         = "machine"
+	aliasRobotFlag      = "robot"
+	partFlag            = "part"
+	profileFlag         = "profile"
+	disableProfilesFlag = "disable-profiles"
+	profileFlagName     = "profile-name"
 
 	// TODO: RSDK-6683.
 	quietFlag = "quiet"
@@ -246,10 +250,12 @@ var dataTagByFilterFlags = append([]cli.Flag{
 type emptyArgs struct{}
 
 type globalArgs struct {
-	BaseURL string
-	Config  string
-	Debug   bool
-	Quiet   bool
+	BaseURL         string
+	Config          string
+	Debug           bool
+	Quiet           bool
+	Profile         string
+	DisableProfiles bool
 }
 
 func getValFromContext(name string, ctx *cli.Context) any {
@@ -269,7 +275,7 @@ func getValFromContext(name string, ctx *cli.Context) any {
 	return ctx.Value(camelFormattedName)
 }
 
-// TODO(RSDK-9447) - We don't support pointers in this. The problem is that when getting a value
+// (erodkin) We don't support pointers in structs here. The problem is that when getting a value
 // from a context for a supported flag, the context will default to populating with the zero value.
 // When getting a value from the context, though, we currently have no way of know if that's going
 // to a concrete value, going to a pointer and should be a nil value, or going to a pointer but should
@@ -317,6 +323,18 @@ func parseStructFromCtx[T any](ctx *cli.Context) T {
 	return t
 }
 
+func getGlobalArgs(ctx *cli.Context) (*globalArgs, error) {
+	gArgs := parseStructFromCtx[globalArgs](ctx)
+	// TODO(RSDK-9361) - currently nothing prevents a developer from creating globalArgs directly
+	// and thereby bypassing this check. We should find a way to prevent direct creation and thereby
+	// programmatically enforce compliance here.
+	if gArgs.DisableProfiles && gArgs.Profile != "" {
+		return nil, errors.New("profile specified with disable-profiles flag set")
+	}
+
+	return &gArgs, nil
+}
+
 func createCommandWithT[T any](f func(*cli.Context, T) error) func(*cli.Context) error {
 	return func(ctx *cli.Context) error {
 		t := parseStructFromCtx[T](ctx)
@@ -367,6 +385,15 @@ var app = &cli.App{
 			Aliases: []string{"q"},
 			Usage:   "suppress warnings",
 		},
+		&cli.StringFlag{
+			Name:  profileFlag,
+			Usage: "specify a particular profile for the current command",
+		},
+		&cli.BoolFlag{
+			Name:    disableProfilesFlag,
+			Aliases: []string{"disable-profile"}, // for ease of use; not backwards compatibility related
+			Usage:   "disable usage of profiles, falling back to default behavior",
+		},
 	},
 	Commands: []*cli.Command{
 		{
@@ -634,6 +661,73 @@ var app = &cli.App{
 				},
 			},
 		},
+		{
+			Name:  "profiles",
+			Usage: "work with CLI profiles",
+			Subcommands: []*cli.Command{
+				{
+					Name:  "update",
+					Usage: "update an existing profile for authentication, or add it if it doesn't exist",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:     profileFlagName,
+							Required: true,
+							Usage:    "name of the profile to update",
+						},
+						&cli.StringFlag{
+							Name:     loginFlagKeyID,
+							Required: true,
+							Usage:    "id of the profile's API key",
+						},
+						&cli.StringFlag{
+							Name:     loginFlagKey,
+							Required: true,
+							Usage:    "the profile's API key",
+						},
+					},
+					Action: createCommandWithT[addOrUpdateProfileArgs](UpdateProfileAction),
+				},
+				{
+					Name:  "add",
+					Usage: "add a new profile for authentication (errors if the profile already exists)",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:     profileFlagName,
+							Required: true,
+							Usage:    "name of the profile to add",
+						},
+						&cli.StringFlag{
+							Name:     loginFlagKeyID,
+							Required: true,
+							Usage:    "id of the profile's API key",
+						},
+						&cli.StringFlag{
+							Name:     loginFlagKey,
+							Required: true,
+							Usage:    "the profile's API key",
+						},
+					},
+					Action: createCommandWithT[addOrUpdateProfileArgs](AddProfileAction),
+				},
+				{
+					Name:   "list",
+					Usage:  "list all existing profiles by name",
+					Action: createCommandWithT[emptyArgs](ListProfilesAction),
+				},
+				{
+					Name:  "remove",
+					Usage: "remove an authentication profile",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:     profileFlagName,
+							Required: true,
+							Usage:    "name of the profile to remove",
+						},
+					},
+					Action: createCommandWithT[removeProfileArgs](RemoveProfileAction),
+				},
+			},
+		},
 		{
 			Name:            "data",
 			Usage:           "work with data",

cli/auth.go

@@ -17,6 +17,7 @@ import (
 	"github.com/golang-jwt/jwt/v4"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
+	"go.uber.org/multierr"
 	buildpb "go.viam.com/api/app/build/v1"
 	datapb "go.viam.com/api/app/data/v1"
 	datasetpb "go.viam.com/api/app/dataset/v1"
@@ -157,7 +158,10 @@ func (c *viamClient) loginAction(cCtx *cli.Context) error {
 
 	var t *token
 	var err error
-	globalArgs := parseStructFromCtx[globalArgs](c.c)
+	globalArgs, err := getGlobalArgs(c.c)
+	if err != nil {
+		return err
+	}
 	if currentToken != nil && currentToken.canRefresh() {
 		t, err = c.authFlow.refreshToken(c.c.Context, currentToken)
 		if err != nil {
@@ -240,7 +244,7 @@ func (c *viamClient) printAccessTokenAction(cCtx *cli.Context) error {
 // LogoutAction is the corresponding Action for 'logout'.
 func LogoutAction(cCtx *cli.Context, args emptyArgs) error {
 	// Create basic viam client; no need to check base URL.
-	conf, err := ConfigFromCache()
+	conf, err := ConfigFromCache(cCtx)
 	if err != nil {
 		if !os.IsNotExist(err) {
 			return err
@@ -485,7 +489,7 @@ func (c *viamClient) robotAPIKeyCreateAction(cCtx *cli.Context, args robotAPIKey
 	return nil
 }
 
-func (c *viamClient) ensureLoggedIn() error {
+func (c *viamClient) ensureLoggedInInner() error {
 	if c.client != nil {
 		return nil
 	}
@@ -504,7 +508,10 @@ func (c *viamClient) ensureLoggedIn() error {
 		// expired.
 		newToken, err := c.authFlow.refreshToken(c.c.Context, authToken)
 		if err != nil {
-			globalArgs := parseStructFromCtx[globalArgs](c.c)
+			globalArgs, err := getGlobalArgs(c.c)
+			if err != nil {
+				return err
+			}
 			debugf(c.c.App.Writer, globalArgs.Debug, "Token refresh error: %v", err)
 			utils.UncheckedError(c.logout()) // clear cache if failed to refresh
 			return errors.New("error while refreshing token, logging out. Please log in again")
@@ -543,6 +550,39 @@ func (c *viamClient) ensureLoggedIn() error {
 	return nil
 }
 
+func (c *viamClient) ensureLoggedIn() error {
+	firstPassErr := c.ensureLoggedInInner()
+	// if err is nil we're good, if we have no profile set then trying to login with a profile is meaningless
+	if firstPassErr == nil || c.conf.profile == "" {
+		return firstPassErr
+	}
+
+	// at this point we know that we're using a profile and are not logged in, so let's try logging in
+	warningf(c.c.App.ErrWriter, "Currently logged out with profile %s, attempting to log back in...", c.conf.profile)
+
+	profiles, err := getProfiles()
+	if err != nil {
+		return multierr.Combine(firstPassErr, err)
+	}
+	profile, ok := profiles[c.conf.profile]
+	if !ok {
+		return errors.Errorf("Unable to login: profile %s not found", c.conf.profile)
+	}
+
+	args := loginWithAPIKeyArgs{
+		Key:   profile.APIKey.KeyCrypto,
+		KeyID: profile.APIKey.KeyID,
+	}
+
+	// login using the API key associated with the profile
+	if err = c.loginWithAPIKeyAction(c.c, args); err != nil {
+		return multierr.Combine(firstPassErr, err)
+	}
+
+	// ensure logged in and set clients
+	return c.ensureLoggedInInner()
+}
+
 // logout logs out the client and clears the config.
 func (c *viamClient) logout() error {
 	if err := removeConfigFromCache(); err != nil && !os.IsNotExist(err) {

cli/client.go

@@ -822,7 +822,10 @@ func RobotsPartRunAction(c *cli.Context, args robotsPartRunArgs) error {
 
 	// Create logger based on presence of debugFlag.
 	logger := logging.FromZapCompatible(zap.NewNop().Sugar())
-	globalArgs := parseStructFromCtx[globalArgs](c)
+	globalArgs, err := getGlobalArgs(c)
+	if err != nil {
+		return err
+	}
 	if globalArgs.Debug {
 		logger = logging.NewDebugLogger("cli")
 	}
@@ -858,7 +861,10 @@ func RobotsPartShellAction(c *cli.Context, args robotsPartShellArgs) error {
 
 	// Create logger based on presence of debugFlag.
 	logger := logging.FromZapCompatible(zap.NewNop().Sugar())
-	globalArgs := parseStructFromCtx[globalArgs](c)
+	globalArgs, err := getGlobalArgs(c)
+	if err != nil {
+		return err
+	}
 	if globalArgs.Debug {
 		logger = logging.NewDebugLogger("cli")
 	}
@@ -917,7 +923,10 @@ func machinesPartCopyFilesAction(c *cli.Context, client *viamClient, flagArgs ma
 
 	// Create logger based on presence of debugFlag.
 	logger := logging.FromZapCompatible(zap.NewNop().Sugar())
-	globalArgs := parseStructFromCtx[globalArgs](c)
+	globalArgs, err := getGlobalArgs(c)
+	if err != nil {
+		return err
+	}
 	if globalArgs.Debug {
 		logger = logging.NewDebugLogger("cli")
 	}
@@ -1038,7 +1047,10 @@ func getLatestReleaseVersion() (string, error) {
 
 // CheckUpdateAction is the corresponding Action for 'check-update'.
 func CheckUpdateAction(c *cli.Context, args emptyArgs) error {
-	globalArgs := parseStructFromCtx[globalArgs](c)
+	globalArgs, err := getGlobalArgs(c)
+	if err != nil {
+		return err
+	}
 	if globalArgs.Quiet {
 		return nil
 	}
@@ -1061,7 +1073,7 @@ func CheckUpdateAction(c *cli.Context, args emptyArgs) error {
 		return nil
 	}
 
-	conf, err := ConfigFromCache()
+	conf, err := ConfigFromCache(c)
 	if err != nil {
 		if !os.IsNotExist(err) {
 			utils.UncheckedError(err)
@@ -1134,7 +1146,10 @@ func VersionAction(c *cli.Context, args emptyArgs) error {
 	if !ok {
 		return errors.New("error reading build info")
 	}
-	globalArgs := parseStructFromCtx[globalArgs](c)
+	globalArgs, err := getGlobalArgs(c)
+	if err != nil {
+		return err
+	}
 	if globalArgs.Debug {
 		printf(c.App.Writer, "%s", info.String())
 	}
@@ -1221,19 +1236,25 @@ func isProdBaseURL(baseURL *url.URL) bool {
 }
 
 func newViamClientInner(c *cli.Context, disableBrowserOpen bool) (*viamClient, error) {
-	conf, err := ConfigFromCache()
+	globalArgs, err := getGlobalArgs(c)
+	if err != nil {
+		return nil, err
+	}
+	conf, err := ConfigFromCache(c)
 	if err != nil {
 		if !os.IsNotExist(err) {
-			globalArgs := parseStructFromCtx[globalArgs](c)
 			debugf(c.App.Writer, globalArgs.Debug, "Cached config parse error: %v", err)
 			return nil, errors.New("failed to parse cached config. Please log in again")
 		}
 		conf = &Config{}
+		whichProfile, _ := whichProfile(globalArgs)
+		if !globalArgs.DisableProfiles && whichProfile != nil {
+			conf.profile = *whichProfile
+		}
 	}
 
 	// If base URL was not specified, assume cached base URL. If no base URL is
 	// cached, assume default base URL.
-	globalArgs := parseStructFromCtx[globalArgs](c)
 	baseURLArg := globalArgs.BaseURL
 	switch {
 	case conf.BaseURL == "" && baseURLArg == "":