chore: use user token for attestation commands (#1900)

Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>

Author: jiparis

app/cli/cmd/attestation.go

@@ -17,14 +17,12 @@ package cmd
 
 import (
 	"fmt"
-	"os"
 	"strings"
 
 	"github.com/spf13/cobra"
 )
 
 var (
-	attAPIToken               string
 	useAttestationRemoteState bool
 	attestationLocalStatePath string
 	GracefulExit              bool
@@ -57,14 +55,6 @@ func newAttestationCmd() *cobra.Command {
 		},
 	}
 
-	cmd.PersistentFlags().StringVarP(&attAPIToken, "token", "t", "", fmt.Sprintf("auth token. NOTE: You can also use the env variable %s", tokenEnvVarName))
-	// We do not use viper in this case because we do not want this token to be saved in the config file
-	// Instead we load the env variable manually
-	if attAPIToken == "" {
-		// Check first the new env variable
-		attAPIToken = os.Getenv(tokenEnvVarName)
-	}
-
 	cmd.PersistentFlags().Bool("remote-state", false, "Store the attestation state remotely (preview feature)")
 	// We do not need this flag in all the attestation subcommands just in init, but we don't want to remove it to not to break current integrations
 	cobra.CheckErr(cmd.PersistentFlags().MarkHidden("remote-state"))

app/cli/cmd/root.go

@@ -48,9 +48,11 @@ var (
 	defaultCPAPI     = "api.cp.chainloop.dev:443"
 	defaultCASAPI    = "api.cas.chainloop.dev:443"
 	apiToken         string
+	flagYes          bool
 )
 
 const (
+	// preference to use an API token if available
 	useAPIToken = "withAPITokenAuth"
 	appName     = "chainloop"
 	//nolint:gosec
@@ -60,6 +62,8 @@ const (
 	apiTokenAudience = "api-token-auth.chainloop"
 	// Follow the convention stated on https://consoledonottrack.com/
 	doNotTrackEnv = "DO_NOT_TRACK"
+
+	trueString = "true"
 )
 
 var telemetryWg sync.WaitGroup
@@ -108,7 +112,7 @@ func NewRootCmd(l zerolog.Logger) *cobra.Command {
 				logger.Warn().Msg("API contacted in insecure mode")
 			}
 
-			apiToken, err := loadControlplaneAuthToken(cmd)
+			token, isUserToken, err := loadControlplaneAuthToken(cmd)
 			if err != nil {
 				return err
 			}
@@ -124,8 +128,9 @@ func NewRootCmd(l zerolog.Logger) *cobra.Command {
 			controlplaneURL := viper.GetString(confOptions.controlplaneAPI.viperKey)
 
 			// If no organization is set in local configuration, we load it from server and save it
-			if viper.GetString(confOptions.organization.viperKey) == "" {
-				conn, err := grpcconn.New(controlplaneURL, apiToken, opts...)
+			orgName := viper.GetString(confOptions.organization.viperKey)
+			if orgName == "" {
+				conn, err := grpcconn.New(controlplaneURL, token, opts...)
 				if err != nil {
 					return err
 				}
@@ -139,11 +144,19 @@ func NewRootCmd(l zerolog.Logger) *cobra.Command {
 			}
 
 			// reload the connection now that we have the org name
-			if orgName := viper.GetString(confOptions.organization.viperKey); orgName != "" {
+			orgName = viper.GetString(confOptions.organization.viperKey)
+			if orgName != "" {
 				opts = append(opts, grpcconn.WithOrgName(orgName))
 			}
 
-			conn, err := grpcconn.New(controlplaneURL, apiToken, opts...)
+			// Warn users when the session is interactive, and the operation is supposed to use an API token instead
+			if isAPITokenPreferred(cmd) && isUserToken && !flagYes {
+				if !confirmationPrompt(fmt.Sprintf("This command is will run against the organization %q", orgName)) {
+					return errors.New("command canceled by user")
+				}
+			}
+
+			conn, err := grpcconn.New(controlplaneURL, token, opts...)
 			if err != nil {
 				return err
 			}
@@ -165,7 +178,7 @@ func NewRootCmd(l zerolog.Logger) *cobra.Command {
 					go func() {
 						// For telemetry reasons we parse the token to know the type of token is being used when executing the CLI
 						// Once we have the token type we can send it to the telemetry service by injecting it on the context
-						token, err := parseToken(apiToken)
+						token, err := parseToken(token)
 						if err != nil {
 							logger.Debug().Err(err).Msg("parsing token for telemetry")
 							return
@@ -229,6 +242,9 @@ func NewRootCmd(l zerolog.Logger) *cobra.Command {
 	rootCmd.PersistentFlags().StringP(confOptions.organization.flagName, "n", "", "organization name")
 	cobra.CheckErr(viper.BindPFlag(confOptions.organization.viperKey, rootCmd.PersistentFlags().Lookup(confOptions.organization.flagName)))
 
+	// Do not ask for confirmation
+	rootCmd.PersistentFlags().BoolVarP(&flagYes, "yes", "y", false, "Skip confirmation")
+
 	rootCmd.AddCommand(newWorkflowCmd(), newAuthCmd(), NewVersionCmd(),
 		newAttestationCmd(), newArtifactCmd(), newConfigCmd(),
 		newIntegrationCmd(), newOrganizationCmd(), newCASBackendCmd(),
@@ -261,7 +277,7 @@ func init() {
 
 // isTelemetryDisabled checks if the telemetry is disabled by the user or if we are running a development version
 func isTelemetryDisabled() bool {
-	return os.Getenv(doNotTrackEnv) == "1" || os.Getenv(doNotTrackEnv) == "true" || Version == devVersion
+	return os.Getenv(doNotTrackEnv) == "1" || os.Getenv(doNotTrackEnv) == trueString || Version == devVersion
 }
 
 func initLogger(logger zerolog.Logger) (zerolog.Logger, error) {
@@ -334,36 +350,38 @@ func cleanup(conn *grpc.ClientConn) error {
 // 2.2 Load the token from the environment variable and from the auth login config file
 // 2.3 if they both exist, we default to the user token
 // 2.4 otherwise to the one that's set
-func loadControlplaneAuthToken(cmd *cobra.Command) (string, error) {
-	// If the CMD uses a robot account instead of the regular auth token we override it
-	if _, ok := cmd.Annotations[useAPIToken]; ok {
-		if attAPIToken == "" {
-			return "", newGracefulError(ErrAttestationTokenRequired)
-		}
+func loadControlplaneAuthToken(cmd *cobra.Command) (string, bool, error) {
+	// Load the APIToken from the env variable
+	apiTokenFromVar := os.Getenv(tokenEnvVarName)
 
-		return attAPIToken, nil
+	// Load the user token from the config file
+	userToken := viper.GetString(confOptions.authToken.viperKey)
+
+	apiTokenFromFlagOrVar := apiToken
+	if apiTokenFromFlagOrVar == "" {
+		apiTokenFromFlagOrVar = apiTokenFromVar
+	}
+
+	// Prefer to use the API token if the command can use it, and it's provided (i.e. attestations)
+	if isAPITokenPreferred(cmd) && apiTokenFromFlagOrVar != "" {
+		return apiTokenFromFlagOrVar, false, nil
 	}
 
 	// Now we check explicitly provided API token via the flag
 	if apiToken != "" {
 		logger.Info().Msg("API token provided to the command line")
-		return apiToken, nil
+		return apiToken, false, nil
 	}
 
-	// Load the user token from the config file
-	userToken := viper.GetString(confOptions.authToken.viperKey)
-	// Load the APIToken from the env variable
-	// Instead we load the env variable manually
-	apiTokenFromVar := os.Getenv(tokenEnvVarName)
-	// If both the user authentication and the API token are set, we default to user authentication
+	// If both the user authentication and the API token en var are set, we default to user authentication
 	if userToken != "" && apiTokenFromVar != "" {
 		logger.Warn().Msgf("Both user credentials and $%s set. Ignoring $%s.", tokenEnvVarName, tokenEnvVarName)
-		return userToken, nil
+		return userToken, true, nil
 	} else if apiTokenFromVar != "" {
-		return apiTokenFromVar, nil
+		return apiTokenFromVar, false, nil
 	}
 
-	return userToken, nil
+	return userToken, true, nil
 }
 
 // parseToken the token and return the type of token. At the moment in Chainloop we have 3 types of tokens:
@@ -499,3 +517,7 @@ func setLocalOrganization(orgName string) error {
 	viper.Set(confOptions.organization.viperKey, orgName)
 	return viper.WriteConfig()
 }
+
+func isAPITokenPreferred(cmd *cobra.Command) bool {
+	return cmd.Annotations[useAPIToken] == trueString
+}