New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(cli): Add ID option to 'proj role create-token' (#4632) #4636
Conversation
bb9e73c
to
27abe28
Compare
27abe28
to
a06689d
Compare
f8a1d3e
to
129fc5a
Compare
Also add some more informative output to the same command Signed-off-by: Tim Etchells <tetchell@redhat.com>
129fc5a
to
dd6c991
Compare
Codecov Report
@@ Coverage Diff @@
## master #4636 +/- ##
==========================================
- Coverage 41.31% 41.23% -0.09%
==========================================
Files 124 124
Lines 16976 17013 +37
==========================================
+ Hits 7014 7015 +1
- Misses 8950 8987 +37
+ Partials 1012 1011 -1
Continue to review full report at Codecov.
|
server/project/project.proto
Outdated
int64 expiresAt = 2; | ||
string id = 3; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tetchel FYI, ID and expiresAt are already encoded in the token JWT. Do you think it's too inconvenient to decode it from the token or do you feel like it needs to be surfaced in the response?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would you like me to make that change?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The expiry time is only encoded if explicitly set - i.e. a token created with --expires-in
option.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that make sense, a null expiry means it never expires.
OK, doing the decode on the client-side makes sense then.
Just a thought about changing the output of the command - I believe that project token creation could be used in some automation scripts, and this change would break those scripts. While I like that it prints detailed information about the created token, I'm a little unsure whether we should go ahead and change the output by default or if it's better to "hide" it behind a |
Flagging it is a good idea, you're right about breaking backwards compatibility for scripts. I think the new output is better as the default behaviour, but I agree that it will cause pain for some users. So either:
Let me know which option you prefer. |
This is a rather tough one :) Usability vs. backwards-compatibility. I know that some people actually are using means like curl or wget to the argocd-server to get its version of the CLI, and then use it with their scripts. So they expect a fair amount of backwards compatibility, and they might not be the same people that are responsible for the life-cycle of the Argo CD installation, just plain consumers. They might have not read the release notes. BUT. There's a big BUT. I think this is not good practice to auto-update CLI version for scripting, and I also think this is a very small edge case with a very quick fix (i.e. adapt script to use CLI with new cmdline parameter), instead of re-writing logic (i.e. parse new output). So I'd be fine going with option 2) and having a new switch Other voices on this? |
67fb47c
to
3d996b7
Compare
updated:
|
3d996b7
to
4e0d8d0
Compare
Signed-off-by: Tim Etchells <tetchell@redhat.com>
4e0d8d0
to
ffb42bc
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
I marked this PR as low-impact possibly breaking change, so that we can catch up in the release notes.
@jessesuen / @alexmt FYI |
Also add some more informative output to the same command
Signed-off-by: Tim Etchells tetchell@redhat.com
Checklist:
Fixes #4632
New help:
New output:
If the server does not provide ID in the response (the behaviour before this PR), then just Project, Role, and the token are output; this is intended to allow compatibility with older versions of the argoCD server.