reduce scope for logout cmd to only remove the OAuth token

This commit is contained in:
Richard Nordström 2024-10-06 23:37:05 +02:00
parent 41999fbe87
commit 865964e029
No known key found for this signature in database
GPG Key ID: ACCB352EC60AF27C
2 changed files with 4 additions and 69 deletions

View File

@ -9,7 +9,6 @@ import (
"github.com/databricks/cli/libs/auth" "github.com/databricks/cli/libs/auth"
"github.com/databricks/cli/libs/auth/cache" "github.com/databricks/cli/libs/auth/cache"
"github.com/databricks/cli/libs/cmdio" "github.com/databricks/cli/libs/cmdio"
"github.com/databricks/cli/libs/databrickscfg"
"github.com/databricks/cli/libs/databrickscfg/profile" "github.com/databricks/cli/libs/databrickscfg/profile"
"github.com/databricks/databricks-sdk-go/config" "github.com/databricks/databricks-sdk-go/config"
"github.com/spf13/cobra" "github.com/spf13/cobra"
@ -63,34 +62,11 @@ func (l *logoutSession) clearTokenCache(ctx context.Context) error {
return l.persistentAuth.ClearToken(ctx) return l.persistentAuth.ClearToken(ctx)
} }
// Overrewrite profile to .databrickscfg without fields marked as sensitive
// Other attributes are preserved.
func (l *logoutSession) clearConfigFile(ctx context.Context, sectionMap map[string]string) error {
return databrickscfg.SaveToProfile(ctx, &config.Config{
ConfigFile: l.file.Path(),
Profile: l.profile,
Host: sectionMap["host"],
ClusterID: sectionMap["cluster_id"],
WarehouseID: sectionMap["warehouse_id"],
ServerlessComputeID: sectionMap["serverless_compute_id"],
AccountID: sectionMap["account_id"],
Username: sectionMap["username"],
GoogleServiceAccount: sectionMap["google_service_account"],
AzureResourceID: sectionMap["azure_workspace_resource_id"],
AzureClientID: sectionMap["azure_client_id"],
AzureTenantID: sectionMap["azure_tenant_id"],
AzureEnvironment: sectionMap["azure_environment"],
AzureLoginAppID: sectionMap["azure_login_app_id"],
ClientID: sectionMap["client_id"],
AuthType: sectionMap["auth_type"],
})
}
func newLogoutCommand(persistentAuth *auth.PersistentAuth) *cobra.Command { func newLogoutCommand(persistentAuth *auth.PersistentAuth) *cobra.Command {
cmd := &cobra.Command{ cmd := &cobra.Command{
Use: "logout [PROFILE]", Use: "logout [PROFILE]",
Short: "Logout from specified profile", Short: "Logout from specified profile",
Long: "Clears OAuth token from token-cache and any sensitive value in the config file, if they exist.", Long: "Removes the OAuth token from the token-cache",
} }
cmd.RunE = func(cmd *cobra.Command, args []string) error { cmd.RunE = func(cmd *cobra.Command, args []string) error {
@ -115,24 +91,19 @@ func newLogoutCommand(persistentAuth *auth.PersistentAuth) *cobra.Command {
} }
defer persistentAuth.Close() defer persistentAuth.Close()
logoutSession := &logoutSession{} logoutSession := &logoutSession{}
logoutSession.load(ctx, profileName, persistentAuth) err := logoutSession.load(ctx, profileName, persistentAuth)
configSectionMap, err := logoutSession.getConfigSectionMap()
if err != nil { if err != nil {
return err return err
} }
err = logoutSession.clearTokenCache(ctx) err = logoutSession.clearTokenCache(ctx)
if err != nil { if err != nil {
if errors.Is(err, cache.ErrNotConfigured) { if errors.Is(err, cache.ErrNotConfigured) {
// It is OK to not have OAuth configured. Move on and remove // It is OK to not have OAuth configured
// sensitive values from config file (Example PAT)
} else { } else {
return err return err
} }
} }
if err := logoutSession.clearConfigFile(ctx, configSectionMap); err != nil { cmdio.LogString(ctx, fmt.Sprintf("Profile %s is logged out", profileName))
return err
}
cmdio.LogString(ctx, fmt.Sprintf("Profile %s was successfully logged out", profileName))
return nil return nil
} }
return cmd return cmd

View File

@ -13,42 +13,6 @@ import (
"github.com/databricks/databricks-sdk-go/config" "github.com/databricks/databricks-sdk-go/config"
) )
func TestLogout_ClearConfigFile(t *testing.T) {
ctx := context.Background()
path := filepath.Join(t.TempDir(), "databrickscfg")
err := databrickscfg.SaveToProfile(ctx, &config.Config{
ConfigFile: path,
Profile: "abc",
Host: "https://foo",
Token: "xyz",
})
require.NoError(t, err)
iniFile, err := config.LoadFile(path)
require.NoError(t, err)
logout := &logoutSession{
profile: "abc",
file: *iniFile,
}
section, err := logout.file.GetSection("abc")
assert.NoError(t, err)
sectionMap := section.KeysHash()
err = logout.clearConfigFile(ctx, sectionMap)
assert.NoError(t, err)
iniFile, err = config.LoadFile(path)
require.NoError(t, err)
assert.Len(t, iniFile.Sections(), 2)
assert.True(t, iniFile.HasSection("DEFAULT"))
assert.True(t, iniFile.HasSection("abc"))
abc, err := iniFile.GetSection("abc")
assert.NoError(t, err)
raw := abc.KeysHash()
assert.Len(t, raw, 1)
assert.Equal(t, "https://foo", raw["host"])
}
func TestLogout_setHostAndAccountIdFromProfile(t *testing.T) { func TestLogout_setHostAndAccountIdFromProfile(t *testing.T) {
ctx := context.Background() ctx := context.Background()
path := filepath.Join(t.TempDir(), "databrickscfg") path := filepath.Join(t.TempDir(), "databrickscfg")