overmindtech · DavidS-ovm · Aug 9, 2023 · Aug 7, 2023 · Aug 7, 2023 · Aug 9, 2023
diff --git a/cmd/createbookmark.go b/cmd/createbookmark.go
@@ -66,7 +66,7 @@ func CreateBookmark(signals chan os.Signal, ready chan bool) int {
 	))
 	defer span.End()
 
-	ctx, err = ensureToken(ctx, signals)
+	ctx, err = ensureToken(ctx, []string{"changes:write"}, signals)
 	if err != nil {
 		log.WithContext(ctx).WithError(err).WithFields(log.Fields{
 			"url": viper.GetString("url"),

diff --git a/cmd/datamaps/awssource.go b/cmd/datamaps/awssource.go
diff --git a/cmd/endchange.go b/cmd/endchange.go
@@ -52,7 +52,7 @@ func EndChange(signals chan os.Signal, ready chan bool) int {
 	))
 	defer span.End()
 
-	ctx, err = ensureToken(ctx, signals)
+	ctx, err = ensureToken(ctx, []string{"changes:write"}, signals)
 	if err != nil {
 		log.WithContext(ctx).WithFields(log.Fields{
 			"url": viper.GetString("url"),

diff --git a/cmd/getaffectedbookmarks.go b/cmd/getaffectedbookmarks.go
@@ -70,7 +70,7 @@ func GetAffectedBookmarks(signals chan os.Signal, ready chan bool) int {
 	))
 	defer span.End()
 
-	ctx, err = ensureToken(ctx, signals)
+	ctx, err = ensureToken(ctx, []string{"changes:read"}, signals)
 	if err != nil {
 		log.WithContext(ctx).WithError(err).WithFields(log.Fields{
 			"url": viper.GetString("url"),

diff --git a/cmd/getbookmark.go b/cmd/getbookmark.go
@@ -60,7 +60,7 @@ func GetBookmark(signals chan os.Signal, ready chan bool) int {
 	))
 	defer span.End()
 
-	ctx, err = ensureToken(ctx, signals)
+	ctx, err = ensureToken(ctx, []string{"changes:read"}, signals)
 	if err != nil {
 		log.WithContext(ctx).WithError(err).WithFields(log.Fields{
 			"url": viper.GetString("url"),

diff --git a/cmd/getchange.go b/cmd/getchange.go
@@ -54,7 +54,7 @@ func GetChange(signals chan os.Signal, ready chan bool) int {
 	))
 	defer span.End()
 
-	ctx, err = ensureToken(ctx, signals)
+	ctx, err = ensureToken(ctx, []string{"changes:read"}, signals)
 	if err != nil {
 		log.WithContext(ctx).WithFields(log.Fields{
 			"url": viper.GetString("url"),
@@ -90,6 +90,7 @@ func GetChange(signals chan os.Signal, ready chan bool) int {
 	log.WithContext(ctx).WithFields(log.Fields{
 		"change-uuid":        uuid.UUID(response.Msg.Change.Metadata.UUID),
 		"change-created":     response.Msg.Change.Metadata.CreatedAt.AsTime(),
+		"change-status":      response.Msg.Change.Metadata.Status.String(),
 		"change-name":        response.Msg.Change.Properties.Title,
 		"change-description": response.Msg.Change.Properties.Description,
 	}).Info("found change")

diff --git a/cmd/getsnapshot.go b/cmd/getsnapshot.go
@@ -59,7 +59,7 @@ func GetSnapshot(signals chan os.Signal, ready chan bool) int {
 	))
 	defer span.End()
 
-	ctx, err = ensureToken(ctx, signals)
+	ctx, err = ensureToken(ctx, []string{"changes:read"}, signals)
 	if err != nil {
 		log.WithContext(ctx).WithError(err).WithFields(log.Fields{
 			"url": viper.GetString("url"),

diff --git a/cmd/request.go b/cmd/request.go
@@ -74,7 +74,7 @@ func Request(signals chan os.Signal, ready chan bool) int {
 
 	lf := log.Fields{}
 
-	ctx, err = ensureToken(ctx, signals)
+	ctx, err = ensureToken(ctx, []string{"explore:read"}, signals)
 	if err != nil {
 		log.WithContext(ctx).WithFields(lf).WithField("api-key-url", viper.GetString("api-key-url")).WithError(err).Error("failed to authenticate")
 		return 1

diff --git a/cmd/root.go b/cmd/root.go
@@ -57,7 +57,7 @@ func Execute() {
 }
 
 // ensureToken
-func ensureToken(ctx context.Context, signals chan os.Signal) (context.Context, error) {
+func ensureToken(ctx context.Context, requiredScopes []string, signals chan os.Signal) (context.Context, error) {
 	// get a token from the api key if present
 	if viper.GetString("api-key") != "" {
 		log.WithContext(ctx).Debug("using provided token for authentication")
@@ -97,7 +97,7 @@ func ensureToken(ctx context.Context, signals chan os.Signal) (context.Context,
 		// Authenticate using the oauth resource owner password flow
 		config := oauth2.Config{
 			ClientID: viper.GetString("auth0-client-id"),
-			Scopes:   []string{"openid", "profile", "email", "gateway:stream", "request:send", "reverselink:request", "account:read", "source:read", "source:write", "api:read", "api:write", "gateway:objects"},
+			Scopes:   requiredScopes,
 			Endpoint: oauth2.Endpoint{
 				AuthURL:  fmt.Sprintf("https://%v/authorize", viper.GetString("auth0-domain")),
 				TokenURL: fmt.Sprintf("https://%v/oauth/token", viper.GetString("auth0-domain")),

diff --git a/cmd/startchange.go b/cmd/startchange.go
@@ -52,7 +52,7 @@ func StartChange(signals chan os.Signal, ready chan bool) int {
 	))
 	defer span.End()
 
-	ctx, err = ensureToken(ctx, signals)
+	ctx, err = ensureToken(ctx, []string{"changes:write"},signals)
 	if err != nil {
 		log.WithContext(ctx).WithFields(log.Fields{
 			"url": viper.GetString("url"),

diff --git a/cmd/submitplan.go b/cmd/submitplan.go
@@ -206,7 +206,7 @@ func SubmitPlan(signals chan os.Signal, ready chan bool) int {
 
 	lf := log.Fields{}
 
-	ctx, err = ensureToken(ctx, signals)
+	ctx, err = ensureToken(ctx, []string{"changes:write"}, signals)
 	if err != nil {
 		log.WithContext(ctx).WithFields(lf).WithField("api-key-url", viper.GetString("api-key-url")).WithError(err).Error("failed to authenticate")
 		return 1
@@ -459,11 +459,6 @@ func SubmitPlan(signals chan os.Signal, ready chan bool) int {
 	last_log := time.Now()
 	first_log := true
 	for resultStream.Receive() {
-		if resultStream.Err() != nil {
-			log.WithContext(ctx).WithFields(lf).WithError(err).Error("error streaming results")
-			return 1
-		}
-
 		msg := resultStream.Msg()
 
 		// log the first message and at most every 250ms during discovery
@@ -475,6 +470,10 @@ func SubmitPlan(signals chan os.Signal, ready chan bool) int {
 			first_log = false
 		}
 	}
+	if resultStream.Err() != nil {
+		log.WithContext(ctx).WithFields(lf).WithError(err).Error("error streaming results")
+		return 1
+	}
 
 	changeUrl := fmt.Sprintf("%v/changes/%v", viper.GetString("frontend"), changeUuid)
 	log.WithContext(ctx).WithFields(lf).WithField("change-url", changeUrl).Info("change ready")