feat: allow fetching token from shell command#1405
Conversation
| if runtime.GOOS == "windows" { | ||
| cmd = exec.Command("cmd", "/C", cmdStr) | ||
| } else { | ||
| cmd = exec.Command("sh", "-c", cmdStr) | ||
| } |
There was a problem hiding this comment.
A few questions:
- How can one define this config globally and pick the right context? See point below.
- Why not pass down more details about the current context? E.g. as environment variables?
- Why use a shell at all? I'd leave this for the users to pick a shell if needed
- Could we store the command as list of strings, instead of a string? This makes passing down the arguments cleaner. Or we implement a similar approach like the docker CMD: If we have a list of string, no shell, if we have a string command, wrap it inside a shell?
There was a problem hiding this comment.
How can one define this config globally and pick the right context? See point below.
Why not pass down more details about the current context? E.g. as environment variables?
Good point, env variables would fix this
Why use a shell at all? I'd leave this for the users to pick a shell if needed
A shell offers more features like pipes, input/output file redirects etc. Also it allows passing the command as one string instead of a string slice, see below.
Could we store the command as list of strings, instead of a string? This makes passing down the arguments cleaner. Or we implement a similar approach like the docker CMD: If we have a list of string, no shell, if we have a string command, wrap it inside a shell?
List of strings would be fine, except the only problem would be how to configure it using the hcloud context create command. Passing it as a slice would mean passing --token-command multiple times which would be very cumbersome or to separate the parts with commas which would mean you couldn't use a comma in your token command. Accepting both a string and a string slice would be fine but I don't know if that would play well with config parsing.
| out, err := cmd.Output() | ||
| if err != nil { | ||
| return "", fmt.Errorf("could not retrieve token: %w", err) | ||
| } |
There was a problem hiding this comment.
Should we forward the command stderr to the cli stderr?
2 participants
This PR allows the CLI to run a shell command to fetch the HCLOUD_TOKEN for each run, making it possible to use a keyring or password manager to securely store the token.
Fixes #808