APP-7007: implement DisableAuthService CLI command (#4686)

viamrobotics · Jan 9, 2025 · 38c8eb0 · 38c8eb0
1 parent e361281
commit 38c8eb0
Show file tree

Hide file tree

Showing 4 changed files with 110 additions and 8 deletions.
diff --git a/cli/app.go b/cli/app.go
@@ -481,7 +481,7 @@ var app = &cli.App{
 						{
 							Name:      "enable",
 							Usage:     "enable auth-service for OAuth applications",
-							UsageText: createUsageText("enable", []string{generalFlagOrgID}, true),
+							UsageText: createUsageText("enable", []string{generalFlagOrgID}, false),
 							Flags: []cli.Flag{
 								&cli.StringFlag{
 									Name:     generalFlagOrgID,
@@ -491,12 +491,20 @@ var app = &cli.App{
 							},
 							Action: createCommandWithT[enableAuthServiceArgs](EnableAuthServiceAction),
 						},
-					},
-				},
-				{
-					Name:  "auth-service",
-					Usage: "manage auth-service",
-					Subcommands: []*cli.Command{
+						{
+							Name:      "disable",
+							Usage:     "disable auth-service for OAuth applications",
+							UsageText: createUsageText("disable", []string{generalFlagOrgID}, false),
+							Flags: []cli.Flag{
+								&cli.StringFlag{
+									Name:     generalFlagOrgID,
+									Required: true,
+									Usage:    "organization ID tied to OAuth applications",
+								},
+							},
+							Before: createCommandWithT[disableAuthServiceArgs](DisableAuthServiceConfirmation),
+							Action: createCommandWithT[disableAuthServiceArgs](DisableAuthServiceAction),
+						},
 						{
 							Name:  "oauth-app",
 							Usage: "manage the OAuth applications for an organization",

diff --git a/cli/client.go b/cli/client.go
@@ -59,6 +59,8 @@ const (
 	maxNumLogs = 10000
 	// logoMaxSize is the maximum size of a logo in bytes.
 	logoMaxSize = 1024 * 200 // 200 KB
+	// yellow is the format string used to output warnings in yellow color.
+	yellow = "\033[1;33m%s\033[0m"
 )
 
 var errNoShellService = errors.New("shell service is not enabled on this machine part")
@@ -190,6 +192,64 @@ func (c *viamClient) organizationsSupportEmailGetAction(cCtx *cli.Context, orgID
 	return nil
 }
 
+type disableAuthServiceArgs struct {
+	OrgID string
+}
+
+// DisableAuthServiceConfirmation is the Before action for 'organizations auth-service disable'.
+// It asks for the user to confirm that they want to disable the auth service.
+func DisableAuthServiceConfirmation(c *cli.Context, args disableAuthServiceArgs) error {
+	if args.OrgID == "" {
+		return errors.New("cannot disable auth service without an organization ID")
+	}
+
+	printf(c.App.Writer, yellow, "WARNING!!\n")
+	printf(c.App.Writer, yellow, fmt.Sprintf("You are trying to disable the auth service for organization ID %s. "+
+		"Once disabled, all custom auth views and emails will be removed from your organization's (%s) "+
+		"OAuth applications and permanently deleted.\n", args.OrgID, args.OrgID))
+	printf(c.App.Writer, yellow, "If you wish to continue, please type \"disable\":")
+	if err := c.Err(); err != nil {
+		return err
+	}
+
+	rawInput, err := bufio.NewReader(c.App.Reader).ReadString('\n')
+	if err != nil {
+		return err
+	}
+
+	if input := strings.ToUpper(strings.TrimSpace(rawInput)); input != "DISABLE" {
+		return errors.New("aborted")
+	}
+	return nil
+}
+
+// DisableAuthServiceAction corresponds to 'organizations auth-service disable'.
+func DisableAuthServiceAction(cCtx *cli.Context, args disableAuthServiceArgs) error {
+	c, err := newViamClient(cCtx)
+	if err != nil {
+		return err
+	}
+
+	return c.disableAuthServiceAction(cCtx, args.OrgID)
+}
+
+func (c *viamClient) disableAuthServiceAction(cCtx *cli.Context, orgID string) error {
+	if orgID == "" {
+		return errors.New("cannot disable auth service without an organization ID")
+	}
+
+	if err := c.ensureLoggedIn(); err != nil {
+		return err
+	}
+
+	if _, err := c.client.DisableAuthService(cCtx.Context, &apppb.DisableAuthServiceRequest{OrgId: orgID}); err != nil {
+		return err
+	}
+
+	printf(cCtx.App.Writer, "disabled auth service for organization %q:\n", orgID)
+	return nil
+}
+
 type enableAuthServiceArgs struct {
 	OrgID string
 }
@@ -2363,7 +2423,6 @@ func DeleteOAuthAppConfirmation(c *cli.Context, args deleteOAuthAppArgs) error {
 		return errors.New("cannot delete oauth app without a client ID")
 	}
 
-	yellow := "\033[1;33m%s\033[0m"
 	printf(c.App.Writer, yellow, "WARNING!!\n")
 	printf(c.App.Writer, yellow, fmt.Sprintf("You are trying to delete an OAuth application with client ID %s. "+
 		"Once deleted, any existing apps that rely on this OAuth application will no longer be able to authenticate users.\n", args.ClientID))

diff --git a/cli/client_test.go b/cli/client_test.go
@@ -371,6 +371,29 @@ func TestEnableAuthServiceAction(t *testing.T) {
 	test.That(t, out.messages[0], test.ShouldContainSubstring, "enabled auth")
 }
 
+func TestDisableAuthServiceAction(t *testing.T) {
+	disableAuthServiceFunc := func(ctx context.Context, in *apppb.DisableAuthServiceRequest, opts ...grpc.CallOption) (
+		*apppb.DisableAuthServiceResponse, error,
+	) {
+		return &apppb.DisableAuthServiceResponse{}, nil
+	}
+
+	asc := &inject.AppServiceClient{
+		DisableAuthServiceFunc: disableAuthServiceFunc,
+	}
+
+	cCtx, ac, out, errOut := setup(asc, nil, nil, nil, nil, "token")
+
+	test.That(t, ac.disableAuthServiceAction(cCtx, "test-org"), test.ShouldBeNil)
+	test.That(t, len(errOut.messages), test.ShouldEqual, 0)
+	test.That(t, len(out.messages), test.ShouldEqual, 1)
+	test.That(t, out.messages[0], test.ShouldContainSubstring, "disabled auth")
+
+	err := ac.disableAuthServiceAction(cCtx, "")
+	test.That(t, err, test.ShouldNotBeNil)
+	test.That(t, err.Error(), test.ShouldContainSubstring, "cannot disable")
+}
+
 func TestListOAuthAppsAction(t *testing.T) {
 	listOAuthAppFunc := func(ctx context.Context, in *apppb.ListOAuthAppsRequest, opts ...grpc.CallOption) (
 		*apppb.ListOAuthAppsResponse, error,

diff --git a/testutils/inject/app_service_client.go b/testutils/inject/app_service_client.go
@@ -64,6 +64,8 @@ type AppServiceClient struct {
 		opts ...grpc.CallOption) (*apppb.UpdateOAuthAppResponse, error)
 	EnableAuthServiceFunc func(ctx context.Context, in *apppb.EnableAuthServiceRequest,
 		opts ...grpc.CallOption) (*apppb.EnableAuthServiceResponse, error)
+	DisableAuthServiceFunc func(ctx context.Context, in *apppb.DisableAuthServiceRequest,
+		opts ...grpc.CallOption) (*apppb.DisableAuthServiceResponse, error)
 	ListOAuthAppsFunc func(ctx context.Context, in *apppb.ListOAuthAppsRequest,
 		opts ...grpc.CallOption) (*apppb.ListOAuthAppsResponse, error)
 	DeleteOAuthAppFunc func(ctx context.Context, in *apppb.DeleteOAuthAppRequest,
@@ -435,6 +437,16 @@ func (asc *AppServiceClient) EnableAuthService(
 	return asc.EnableAuthServiceFunc(ctx, in, opts...)
 }
 
+// DisableAuthService calls the injected DisableeAuthServiceFunc or the real version.
+func (asc *AppServiceClient) DisableAuthService(
+	ctx context.Context, in *apppb.DisableAuthServiceRequest, opts ...grpc.CallOption,
+) (*apppb.DisableAuthServiceResponse, error) {
+	if asc.DisableAuthServiceFunc == nil {
+		return asc.AppServiceClient.DisableAuthService(ctx, in, opts...)
+	}
+	return asc.DisableAuthServiceFunc(ctx, in, opts...)
+}
+
 // CreateOAuthApp calls the injected CreateOAuthAppFunc or the real version.
 func (asc *AppServiceClient) CreateOAuthApp(
 	ctx context.Context, in *apppb.CreateOAuthAppRequest, opts ...grpc.CallOption,