Merge pull request #10 from cloudradar-monitoring/feature/DEV-2574-re…

…named-env-vars-and-api-token-support DEV-2574
realvnc-labs · Jul 5, 2022 · d962d48 · d962d48
2 parents 55db09d + c88cc7f
commit d962d48
Show file tree

Hide file tree

Showing 27 changed files with 961 additions and 160 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
 /.idea
+/.vscode
 /vendor
 /bin
diff --git a/.golangci.yml b/.golangci.yml
@@ -31,8 +31,6 @@ linters-settings:
     min-complexity: 15
   goimports:
     local-prefixes: github.com/golangci/golangci-lint
-  golint:
-    min-confidence: 0
   gomnd:
     settings:
       mnd:
@@ -48,8 +46,6 @@ linters-settings:
           - (github.com/golangci/golangci-lint/pkg/logutils.Log).Fatalf
   lll:
     line-length: 140
-  maligned:
-    suggest-new: true
   misspell:
     locale: US
   nolintlint:
@@ -75,21 +71,19 @@ linters:
     - gocyclo
     - gofmt
     - goimports
-    - golint
+    - revive
     - gomnd
     - goprintffuncname
     - gosec
     - gosimple
     - govet
     - ineffassign
-    - interfacer
-    - lll
     - misspell
     - nakedret
     - noctx
     - nolintlint
     - rowserrcheck
-    - scopelint
+    - exportloopref
     - staticcheck
     - structcheck
     - stylecheck
@@ -99,7 +93,7 @@ linters:
     - unused
     - varcheck
     - whitespace
-    - maligned
+    - lll
 issues:
   # Excluding configuration per-path, per-linter, per-text and per-source
   exclude-rules:
@@ -115,12 +109,30 @@ issues:
         - funlen
         - gocyclo
         - dupl
-        - lll
         - goconst
+        - lll
     - path: internal/pkg/models/client.go
       linters:
         - funlen
       text: "Function 'KeyValues' is too long" #large model with a lot of fields
+    - path: internal/pkg/utils/auth.go
+      linters:
+        - revive
+        - stylecheck
+        - lll
+      text: "error-strings:|ST1005:|line is"
+    - path: internal/pkg/config/load.go
+      linters:
+        - lll
+    - path: cmd/init.go
+      linters:
+        - lll
+    - path: internal/pkg/api/rport.go
+      linters:
+        - lll
+    - path: cmd/help.go
+      linters:
+        - lll
 
 run:
   skip-dirs: []

diff --git a/README.md b/README.md
@@ -1,4 +1,5 @@
 # Rport CLI (v1)
+
 Rport CLI is a tool to help you managing [rport API](https://github.com/cloudradar-monitoring/rport) directly from your terminal.
 
 ## Installation
@@ -7,48 +8,42 @@ Rport CLI is a tool to help you managing [rport API](https://github.com/cloudrad
 
 Jump to [our release page](https://github.com/cloudradar-monitoring/rportcli/releases/tag/v0.0.1pre1) and download a binary for your host OS. Don't forget to download a corresponding md5 file as well.
 
-
     # On MacOS
     wget https://github.com/cloudradar-monitoring/rportcli/releases/download/v0.0.1pre1/rportcli-v0.0.1pre1-darwin-amd64.tar.gz
-    
+
     # On linux
     wget https://github.com/cloudradar-monitoring/rportcli/releases/download/v0.0.1pre1/rportcli-v0.0.1pre1-linux-386.tar.gz
-    
+
     # On Windows
     Just download https://github.com/cloudradar-monitoring/rportcli/releases/download/v0.0.1pre1/rportcli-v0.0.1pre1-windows-amd64.zip
     Also download https://github.com/cloudradar-monitoring/rportcli/releases/download/v0.0.1pre1/rportcli-v0.0.1pre1-windows-amd64.zip.md5
-     
-     
+
 Verify the checksum:
 
-
     #On MacOS
     curl -Ls https://github.com/cloudradar-monitoring/rportcli/releases/download/v0.0.1pre1/rportcli-v0.0.1pre1-darwin-amd64.tar.gz.md5 | sed 's:$: rportcli-v0.0.1pre1-darwin-amd64.tar.gz:' | md5sum -c
-    
+
     #On linux
     curl -Ls https://github.com/cloudradar-monitoring/rportcli/releases/download/v0.0.1pre1/rportcli-v0.0.1pre1-linux-386.tar.gz.md5 | sed 's:$: rportcli-v0.0.1pre1-linux-386.tar.gz:' | md5sum -c
-     
+
     #On Windows assuming you're in the directory with the donwloaded file
     CertUtil -hashfile rportcli-v0.0.1pre1-windows-amd64.zip MD5
-    
+
     #The output will be :
     MD5 hash of tacoscript-0.0.4pre-windows-amd64.zip:
     7103fcda170a54fa39cf92fe816833d1
     CertUtil: -hashfile command completed successfully.
-    
+
     #Compare the command output to the contents of file rportcli-v0.0.1pre1-windows-amd64.zip.md5 they should match
-
 
 _Note: if the checksums didn't match please skip the installation!_
 
 Unpack and install the rportcli binary on your host machine
 
-
     #On linux/MacOS
-    tar -xzvf rportcli-v0.0.1pre1-darwin-amd64.tar.gz 
+    tar -xzvf rportcli-v0.0.1pre1-darwin-amd64.tar.gz
     mv rportcli /usr/local/bin/rportcli
     chmod +x /usr/local/bin/rportcli
-
 
 For Windows
 
@@ -64,27 +59,80 @@ For Windows
 
     go get github.com/cloudradar-monitoring/rportcli
 
-## Config
+## Server Authentication
+
+The rportcli requires authentication with the rportd server. The most straightforward
+method is to use environment variables with an API token.
+
+Alternatively a username and password can be specified again via environment variables.
+However, if 2fa is enabled then this approach will not work, and it will be necessary to
+use the config.json file and a authentication token (see below).
+
+Finally, a username and password can be provided to the init command which then authorises
+with the rportd server and saves a authentication token locally (to a config file). The authentication token
+is valid for 30 days and will automatically be used by rportcli without further authentication.
+The init command will need to be run again after the 30 days expires to reauthorise the user
+and download a new authentication token.
 
-Rportcli looks for a config file at $HOME/.config/rportcli/config.json (for Linux and MacOS) or C:\Users\<CurrentUserName>\.config\rportcli\config.json (for Windows).
+_Note_
+
+_RPORT_API_USER, RPORT_API_PASSWORD and RPORT_API_URL replace the previous RPORT_USER,
+RPORT_PASSWORD and RPORT_SERVER_URL environment variables. Please update any scripts
+accordingly. Support for RPORT_USER, RPORT_PASSWORD and RPORT_SERVER_URL will be removed
+in a future release._
+
+### Using RPORT_API_TOKEN
+
+The easiest and most flexible way to authenticate with the rportd server is to use an API
+token. Using RPORT_API_TOKEN will bypass 2 factor authentication, allowing the rport cli to
+be used in automated scenarios.
+
+Also, if using RPORT_API_TOKEN then the config file will be ignored completed, so the
+RPORT_API_URL must be used.
+
+For example
+
+    export RPORT_API_URL=http://localhost:3000
+    export RPORT_API_USER=admin
+    export RPORT_API_TOKEN=xxxxxxxx
+    #now you can run any rportcli command without config or 2fa
+    rportcli client list
+
+_Note that it is not possible to use the init commmand (see below) when using an api token._
+
+### Using RPORT_API_PASSWORD
+
+For example
+
+    export RPORT_API_URL=http://localhost:3000
+    export RPORT_API_USER=admin
+    export RPORT_API_PASSWORD=foobaz
+    #now you can run any rportcli command without config
+    rportcli client list
+
+The cli will complain if both the api token and the password are set. Please use one or the other.
+
+### Using config.json and a cached Authentication Token
+
+This method for authentication is useful when not using an API token but 2fa is enabled. The `init` command
+will download an authentication token that will be cached in the config.json until expires. With a valid token
+the user does not need to reauthenticate each use of the cli.
+
+Rportcli looks for the config file at \$HOME/.config/rportcli/config.json (for Linux and MacOS) or C:\Users\<CurrentUserName>\.config\rportcli\config.json (for Windows).
 If current user has no home folder, RportCli will look for a config file next to the current binary location.
 
 You can override config path by providing env variable CONFIG_PATH, e.g.
 
-
     CONFIG_PATH=/tmp/config.json rportcli init
-
-
-You can generate config by running:
 
+You can generate config by running:
 
     rportcli init
 
-
 Rportcli will interactively ask for config options and validate the result:
 You'll get request for following parameters:
 
-**server address** 
+**server address**
 
 address of rport server, e.g. `http://localhost:3000`
 
@@ -98,32 +146,17 @@ basic auth password to access rport server, e.g. `foobaz`
 
 You can skip the interactive wizard by providing parameters as cli options , e.g.
 
-
      rportcli init -s http://localhost:3000 -l admin -p foobaz
 
-
-If you prefer to use environment variables instead you can do the following: 
-
-
-    export RPORT_USER=admin
-    export RPORT_PASSWORD=foobaz
-    export RPORT_SERVER_URL=http://localhost:3000
-    #now you can run any rportcli command without config
-    rportcli client list
-
-
 You can also use a hybrid variant, where e.g. user and server url are provided as config options and password as an environment variable.
 
-
      rportcli init -s http://localhost:3000 -l admin
-     export RPORT_SERVER_URL=http://localhost:3000
+     export RPORT_API_PASSWORD=foobaz
      rportcli client list
-
 
-After the config initialisation, Rportcli will check the provided options by calling the rport [status API](https://petstore.swagger.io/?url=https://raw.githubusercontent.com/cloudradar-monitoring/rport/master/api-doc.yml#/default/get_status).
+After the authentication token expires, it will be necessary to run `init` again to reauthorise and update the token.
 
-
-## Cli
+## Using the Cli
 
 Trigger this command to see all available commands and their options:
 
@@ -156,26 +189,32 @@ You can also display help for a certain command:
     </tr>
     <tr>
     <td>SESSION_VALIDITY_SECONDS</td>
-    <td>initial lifetime of an interactive command session in seconds. Max value is 90 days</td>
+    <td>Initial lifetime of an interactive command session in seconds. Max value is 90 days</td>
     <td>10(minutes) * 60</td>
     <td>SESSION_VALIDITY_SECONDS=1800 rportcli command -i</td>
     </tr>
     <tr>
-    <td>RPORT_USER</td>
-    <td>basic auth login to access rport server</td>
+    <td>RPORT_API_USER</td>
+    <td>Basic auth login to access rport server</td>
     <td></td>
-    <td>RPORT_USER=admin rportcli client list</td>
+    <td>RPORT_API_USER=admin rportcli client list</td>
     </tr>
     <tr>
-    <td>RPORT_PASSWORD</td>
-    <td>basic auth password to access rport server</td>
+    <td>RPORT_API_PASSWORD</td>
+    <td>Basic auth password to access rport server</td>
     <td></td>
-    <td>RPORT_PASSWORD=foobaz rportcli client list</td>
+    <td>RPORT_API_PASSWORD=foobaz rportcli client list</td>
     </tr>
     <tr>
-    <td>RPORT_SERVER_URL</td>
-    <td>address of rport server</td>
-    <td>http://localhost:3000</td>
-    <td>RPORT_SERVER_URL=http://localhost:3000 rportcli client list</td>
+    <td>RPORT_API_URL</td>
+    <td>Address of rport server</td>
+    <td></td>
+    <td>RPORT_API_URL=http://localhost:3000 rportcli client list</td>
+    </tr>
+    <tr>
+    <td>RPORT_API_TOKEN</td>
+    <td>Api token for accessing the rport server. Must be specified with RPORT_API_USER and RPORT_API_URL.</td>
+    <td></td>
+    <td>RPORT_API_TOKEN=xxxxxxxx rportcli client list</td>
     </tr>
 </table>
diff --git a/cmd/client.go b/cmd/client.go
@@ -24,6 +24,9 @@ func init() {
 	clientCmd.Flags().BoolP("all", "a", false, "Show client info with additional details")
 	clientsCmd.AddCommand(clientCmd)
 	rootCmd.AddCommand(clientsCmd)
+
+	// see help.go
+	clientsCmd.SetUsageTemplate(usageTemplate + serverAuthenticationRefer)
 }
 
 var clientsCmd = &cobra.Command{
@@ -37,7 +40,10 @@ var clientsListCmd = &cobra.Command{
 	Short: "list all connected and disconnected rport clients",
 	Args:  cobra.NoArgs,
 	RunE: func(cmd *cobra.Command, args []string) error {
-		params := config.LoadParamsFromFileAndEnv(cmd.Flags())
+		params, err := config.LoadParamsFromFileAndEnv(cmd.Flags())
+		if err != nil {
+			return err
+		}
 
 		rportAPI := buildRport(params)
 		cr := &output.ClientRenderer{
@@ -75,7 +81,10 @@ var clientCmd = &cobra.Command{
 			clientID = args[0]
 		}
 
-		params := config.LoadParamsFromFileAndEnv(cmd.Flags())
+		params, err := config.LoadParamsFromFileAndEnv(cmd.Flags())
+		if err != nil {
+			return err
+		}
 		rportAPI := buildRport(params)
 
 		cr := &output.ClientRenderer{
@@ -96,6 +105,7 @@ var clientCmd = &cobra.Command{
 }
 
 func addClientsPaginationFlags(cmd *cobra.Command) {
+	// TODO: why isn't this getting picked up
 	cmd.Flags().IntP(api.PaginationLimit, "", api.ClientsLimitDefault, "Number of clients to fetch")
 	cmd.Flags().IntP(api.PaginationOffset, "", 0, "Offset for clients fetch")
 }