Token Management Add/Remove/List/Update

[aliotta]

Description

Adds the ability to Add/Remove/List/Update the following

• org api tokens in workspaces
• org api tokens in deployments
• workspace api tokens in deployments

🎟 Issue(s)

Related #19973

🧪 Functional Testing

• tested all 12 new commands to verify they were working as expected against dev using various combinations of optional flags passed in. Including passing in a name param instead of an id, passing in an id, not passsing in an id and having the user select the token from a list. Passing and not passing in a role flag. tested the checks preventing a user from modifying the wrong type of token with a given cmd e.g. you cannot pass in a deployment api token id to an update org token cmd.

📸 Screenshots

📋 Checklist

• Rebased from the main (or release if patching) branch (before testing)
• Ran make test before taking out of draft
• Ran make lint before taking out of draft
• Added/updated applicable tests
• Tested against Astro-API (if necessary).
• Tested against Houston-API and Astronomer (if necessary).
• Communicated to/tagged owners of respective clients potentially impacted by these changes.
• Updated any related documentation

[codecov]

Codecov Report

Attention: Patch coverage is 89.25400% with 121 lines in your changes are missing coverage. Please review.

Project coverage is 86.77%. Comparing base (a9f4c7c) to head (124c82a).
Report is 9 commits behind head on main.

Files	Patch %	Lines
cloud/workspace-token/workspace_token.go	82.90%	44 Missing and 29 partials ⚠️
cloud/deployment/deployment_token.go	90.11%	13 Missing and 13 partials ⚠️
cmd/cloud/deployment.go	91.30%	8 Missing and 8 partials ⚠️
cloud/organization/organization_token.go	94.18%	3 Missing and 2 partials ⚠️
cloud/team/team.go	97.22%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1611      +/-   ##
==========================================
+ Coverage   86.59%   86.77%   +0.18%     
==========================================
  Files         114      114              
  Lines       16080    16661     +581     
==========================================
+ Hits        13924    14458     +534     
- Misses       1293     1315      +22     
- Partials      863      888      +25     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[aliotta]

I had to move this into a seperate file to prevent a cyclic import (caused by our auth package importing workspace and the new workspace token code importing organization)

[frank-ye]

Should we add a request header for the API version as well? We do want to get to v1 so tracking API versions in the client could help with this effort. @vandyliu @fredzhy what do you think?

[vandyliu]

API version is already handled on core API side so we don't need that info from the clients

[kushalmalani]

Suggested change

	astrocoreiam "github.com/astronomer/astro-cli/astro-client-iam-core"
	astroiamcore "github.com/astronomer/astro-cli/astro-client-iam-core"

Just so we stay consistent

[aliotta]

done for all files

[kushalmalani]

Can we rename this? workspace2 sounds confusing

[aliotta]

done for all files

[kushalmalani]

Suggested change

	if tokenTypes != nil { // verify the user has passed in an id that matches the operations expected token type
	if len(*tokenTypes) > 0 {
	if tokenTypes != nil && len(*tokenTypes) > 0 { // verify the user has passed in an id that matches the operations expected token type

[aliotta]

done for all files

[kushalmalani]

Suggested change

	func UpdateToken(id, name, newName, description, role, deployment string, out io.Writer, client astrocore.CoreClient, iamClient astrocoreiam.CoreClient) error {
	func UpdateToken(id, name, newName, description, role, deploymentID string, out io.Writer, client astrocore.CoreClient, iamClient astrocoreiam.CoreClient) error {

[kushalmalani]

Same for all other functions too

[aliotta]

done for all files

[kushalmalani]

Suggested change

	func UpsertWorkspaceTokenDeploymentRole(id, name, role, workspace, deployment, operation string, out io.Writer, client astrocore.CoreClient, iamClient astrocoreiam.CoreClient) error {
	func UpsertWorkspaceTokenDeploymentRole(id, name, role, workspaceID, deploymentID, operation string, out io.Writer, client astrocore.CoreClient, iamClient astrocoreiam.CoreClient) error {

[aliotta]

done for all files

[kushalmalani]

This is not needed.

[aliotta]

The continue is needed as line 614 would assign the old deployment role to the token instead of the role the user is assigning.

[kushalmalani]

Suggested change

	if roles[i].EntityId == deployment {
	if roles[i].Role == role {
	if roles[i].EntityId == deployment && roles[i].Role == role {

[aliotta]

The continue is needed

[kushalmalani]

Same comments as above function

[aliotta]

The continue is needed

[kushalmalani]

Suggested change

	Long: "Update a Deployment API token that has a role in an Astro Deployment\n$astro workspace token update [TOKEN_ID] --name [new token name] --role [Possible values are DEPLOYMENT_ADMIN or a custom role name].",
	Long: "Update a Deployment API token that has a role in an Astro Deployment\n$astro deployment token update [TOKEN_ID] --name [new token name] --role [Possible values are DEPLOYMENT_ADMIN or a custom role name].",

[aliotta]

good eyes

[kushalmalani]

A bunch of the comments are applicable in other files too, so if you addressing them, please scan through all the files in this PR for similar changes.

Since this PR is adding a lot of new commands, it would be helpful if you can post screenshots of them working against dev for more confidence

[kushalmalani]

Thanks for addressing comments. Looks good