Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add interactive(browser) login support for 'tanzu' context creation #627

Merged
merged 1 commit into from
Jan 2, 2024
Merged

Add interactive(browser) login support for 'tanzu' context creation #627

merged 1 commit into from
Jan 2, 2024

Conversation

prkalle
Copy link
Contributor

@prkalle prkalle commented Dec 22, 2023
edited

What this PR does / why we need it

This PR adds interactive(browser) login support for 'tanzu' context creation.

Changes summary:

  • Added interactive login support for 'tanzu' context creation. This will serve as the default login experience for users creating a 'tanzu' context. The existing API Token-based context creation will continue to function, supporting automated login flows where user interaction is not required. However, the CLI will no longer prompt for an API Token. Instead, it will check if the TANZU_API_TOKEN environment variable is set and use it if available. If the API Token is not set, the CLI will default to an interactive (browser-based) login flow.

  • The interactive login flow logs into the default organization, which is either set by the user in the CSP portal or is the first organization in the user's organization list. Users can override this default by setting the environment variable "TANZU_CLI_CSP_LOGIN_ORG_ID" "TANZU_CLI_CLOUD_SERVICES_ORGANIZATION_ID"to the organization ID they choose for login.

Which issue(s) this PR fixes

Fixes #

Describe testing done for PR

  • Created the "tanzu" context using interactive login. The browser was successfully opened and I was able to authenticate successfully. The context was created successfully. It also prints the organization name user logged in (default organization user set in CSP portal).
❯ ./bin/tanzu context create ucp-one-tanzu-intg-ctx --type tanzu --endpoint https://api.tanzu-dev.cloud.vmware.com --staging
[i] Opening the browser window to complete the login

[i] Successfully logged into 'One Tanzu Integration' organization
[ok] successfully created a tanzu context
[i] Checking for required plugins for context 'ucp-one-tanzu-intg-ctx'...
[i] All required plugins are already installed and up-to-date

#the new context can be seen in the context list
❯ ./bin/tanzu context list
  NAME                    ISACTIVE  TYPE             ENDPOINT                                                                         KUBECONFIGPATH                           KUBECONTEXT                       PROJECT  SPACE
  tt-test-selfmg          false     mission-control  tmc-sm-main.local-dev.7infra.com:443                                             n/a                                      n/a                               n/a      n/a
  tkg-mgmt-vc             false     kubernetes                                                                                        /Users/pkalle/temp/tkgCluster_admin.kfg  tkg-mgmt-vc-admin@tkg-mgmt-vc     n/a      n/a
  ucp-one-tanzu-intg-ctx  true      tanzu            https://api.tanzu-dev.cloud.vmware.com/org/b1d48027-bb69-4a56-a5b8-e941ef29fa4b  /Users/pkalle/.kube/config               tanzu-cli-ucp-one-tanzu-intg-ctx
  
# tanzu project plugin can list the projects successfully  
 ❯ tanzu project list
Listing projects from b1d48027-bb69-4a56-a5b8-e941ef29fa4b org
NAME                              ACTIVE   AGE
abhisheks-project                 false    2d8h
...
vivekgoyal-project                false    16d
vsameer-project                   false    14d
wj-test                           false    9d
yaow-project                      false    8d
yogesh-project                    false    10d

🔎 To set your active project use 'tanzu project use NAME'


#kubectl to list projects also works( which confirms the "tanzu context get-token" works)
❯ kubectl get projects
NAME
abhisheks-project
...
vivekgoyal-project
vsameer-project
wj-test
yaow-project
yogesh-project
  • Refresh Token scenario: Tried the "tanzu project list" after the current access-token is expired. The refresh token was success and the project list was successful
❯ ./bin/tanzu project list
Listing projects from b1d48027-bb69-4a56-a5b8-e941ef29fa4b org
NAME                              ACTIVE   AGE
abhisheks-project                 false    2d8h
....
vivekgoyal-project                false    16d
vsameer-project                   false    14d
wj-test                           false    9d
yaow-project                      false    8d
yogesh-project                    false    10d

🔎 To set your active project use 'tanzu project use NAME'
  • Refresh token expiration scenario: modified the refresh token in the CLI config file to make it invalid, so as to verify CLI would trigger an interactive login once the refresh token flow errors out. The scenario was verified successfully.
# you can see the CLI would print the log stating the opeing the browser window to complete the login to notify user
❯ ./bin/tanzu project list
[i] Opening the browser window to complete the login
Listing projects from b1d48027-bb69-4a56-a5b8-e941ef29fa4b org
NAME                              ACTIVE   AGE
abhisheks-project                 false    2d8h
...
vivekgoyal-project                false    16d
vsameer-project                   false    14d
wj-test                           false    9d
yaow-project                      false    8d
yogesh-project                    false    10d

🔎 To set your active project use 'tanzu project use NAME'
  • Interactive login to non-default CSP OrgID: exported the environment variable TANZU_CLI_CSP_LOGIN_ORG_ID to One Tanzu Demo organization and then created a tanzu context.
❯ export TANZU_CLI_CSP_LOGIN_ORG_ID=80e7606e-9d2d-45a9-9d2f-b172beceacaf

❯ ./bin/tanzu context create ucp-one-tanzu-intg-ctx-non-default-org --type tanzu --endpoint https://api.tanzu-dev.cloud.vmware.com --staging
[i] Opening the browser window to complete the login

[i] Successfully logged into 'One Tanzu Demo' organization
[ok] successfully created a tanzu context
[i] Checking for required plugins for context 'ucp-one-tanzu-intg-ctx-non-default-org'...
[i] All required plugins are already installed and up-to-date
  • Context creation using API Token still works:
❯ export TANZU_API_TOKEN=<REDACTED>
❯ ./bin/tanzu context create ucp-one-tanzu-intg-api-token-ctx --type tanzu --endpoint https://api.tanzu-dev.cloud.vmware.com --staging
[i] API token env var is set

[i] Successfully logged into 'One Tanzu Integration' organization
[ok] successfully created a tanzu context
[i] Checking for required plugins for context 'ucp-one-tanzu-intg-api-token-ctx'...
[i] All required plugins are already installed and up-to-date
❯ ./bin/tanzu project list
Listing projects from b1d48027-bb69-4a56-a5b8-e941ef29fa4b org
NAME                              ACTIVE   AGE
abhisheks-project                 false    2d8h
...
vivekgoyal-project                false    16d
vsameer-project                   false    14d
wj-test                           false    9d
yaow-project                      false    8d
yogesh-project                    false    10d

🔎 To set your active project use 'tanzu project use NAME'
  • Tested the prompt based "tanzu" context creation: It was successful.
❯ ./bin/tanzu context create --staging

Note: The "tanzu" context type is being released to provide advance support for the development
and release of new services (and CLI plugins) which extend and combine features provided by
individual tanzu components.

? Select context creation type Tanzu
? Enter control plane endpoint https://api.tanzu-dev.cloud.vmware.com
? Give the context a name my-test-tanzu
[i] Opening the browser window to complete the login

[i] Successfully logged into 'One Tanzu Demo' organization
[ok] successfully created a tanzu context
[i] Checking for required plugins for context 'my-test-tanzu'...
[i] All required plugins are already installed and up-to-date
  • Tested the prompt based TMC context creation: It was successful (it asks for API token)
❯ ./bin/tanzu context create --staging

Note: The "tanzu" context type is being released to provide advance support for the development
and release of new services (and CLI plugins) which extend and combine features provided by
individual tanzu components.

? Select context creation type Mission Control
? Enter control plane endpoint unstable.tmc-dev.cloud.vmware.com
? Give the context a name my-test-tmc-1

[i] The API key can be provided by setting the TANZU_API_TOKEN environment variable

[i] If you don't have an API token, visit the VMware Cloud Services console, select your organization, and create an API token with the TMC service roles:
  https://console-stg.cloud.vmware.com/csp/gateway/portal/#/user/tokens

? API Token ****************************************************************

[ok] successfully created a TMC context
[i] Checking for required plugins for context 'my-test-tmc-1'...
[i] The following plugins will be installed for context 'my-test-tmc-1' of contextType 'mission-control':
  NAME                  TARGET           VERSION
  inspection            mission-control  v0.1.15
  cluster               mission-control  v0.2.10
  data-protection       mission-control  v0.1.15
  provider-eks-cluster  mission-control  v0.1.15
  clustergroup          mission-control  v0.1.15
  integration           mission-control  v0.1.15
  policy                mission-control  v0.1.15
  secret                mission-control  v0.1.17
  context               mission-control  v0.1.10
  events                mission-control  v0.1.15
  iam                   mission-control  v0.1.15
  tanzupackage          mission-control  v0.4.0
  audit                 mission-control  v0.1.15
  helm                  mission-control  v0.1.16
  account               mission-control  v0.1.18
  apply                 mission-control  v0.3.12
  continuousdelivery    mission-control  v0.1.15
  setting               mission-control  v0.2.13
  aks-cluster           mission-control  v0.3.0
  provider-aks-cluster  mission-control  v0.1.16
  ekscluster            mission-control  v0.2.0
  management-cluster    mission-control  v0.2.16
  workspace             mission-control  v0.1.17
  agentartifacts        mission-control  v0.1.15
[i] Installing plugin 'inspection:v0.1.15' with target 'mission-control' (from cache)
[i] Installing plugin 'cluster:v0.2.10' with target 'mission-control' (from cache)
[i] Installing plugin 'data-protection:v0.1.15' with target 'mission-control' (from cache)
[i] Installing plugin 'provider-eks-cluster:v0.1.15' with target 'mission-control' (from cache)
[i] Installing plugin 'clustergroup:v0.1.15' with target 'mission-control' (from cache)
[i] Installing plugin 'integration:v0.1.15' with target 'mission-control' (from cache)
[i] Installing plugin 'policy:v0.1.15' with target 'mission-control' (from cache)
[i] Installing plugin 'secret:v0.1.17' with target 'mission-control' (from cache)
[i] Installing plugin 'context:v0.1.10' with target 'mission-control' (from cache)
[i] Installing plugin 'events:v0.1.15' with target 'mission-control' (from cache)
[i] Installing plugin 'iam:v0.1.15' with target 'mission-control' (from cache)
[i] Installing plugin 'tanzupackage:v0.4.0' with target 'mission-control' (from cache)
[i] Installing plugin 'audit:v0.1.15' with target 'mission-control' (from cache)
[i] Installing plugin 'helm:v0.1.16' with target 'mission-control' (from cache)
[i] Installing plugin 'account:v0.1.18' with target 'mission-control' (from cache)
[i] Installing plugin 'apply:v0.3.12' with target 'mission-control' (from cache)
[i] Installing plugin 'continuousdelivery:v0.1.15' with target 'mission-control' (from cache)
[i] Installing plugin 'setting:v0.2.13' with target 'mission-control' (from cache)
[i] Installing plugin 'aks-cluster:v0.3.0' with target 'mission-control' (from cache)
[i] Installing plugin 'provider-aks-cluster:v0.1.16' with target 'mission-control' (from cache)
[i] Installing plugin 'ekscluster:v0.2.0' with target 'mission-control' (from cache)
[i] Installing plugin 'management-cluster:v0.2.16' with target 'mission-control' (from cache)
[i] Installing plugin 'workspace:v0.1.17' with target 'mission-control' (from cache)
[i] Installing plugin 'agentartifacts:v0.1.15' with target 'mission-control' (from cache)
[i] Successfully installed all required plugins

Release note

Add interactive(browser) login support for 'tanzu' context creation

Additional information

Special notes for your reviewer

@prkalle prkalle requested a review from a team as a code owner December 22, 2023 23:26
@prkalle prkalle force-pushed the feature/interactive_tanzu_login branch from 7fecf24 to c31bf8f Compare December 23, 2023 00:14
@prkalle prkalle added the documentation Improvements or additions to documentation label Dec 26, 2023
vuil
vuil reviewed Dec 27, 2023
View reviewed changes
Copy link
Contributor

@vuil vuil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice set of changes!
Mostly nits on comments/outputs.

pkg/auth/csp/tanzu.go Outdated Show resolved Hide resolved
pkg/auth/csp/tanzu.go Outdated Show resolved Hide resolved
pkg/command/context.go Outdated Show resolved Hide resolved
pkg/auth/csp/tanzu.go Show resolved Hide resolved
pkg/auth/csp/tanzu.go Outdated Show resolved Hide resolved
@prkalle prkalle force-pushed the feature/interactive_tanzu_login branch from 8d834fd to 72be34a Compare December 28, 2023 00:56
vuil
vuil approved these changes Jan 2, 2024
View reviewed changes
Copy link
Contributor

@vuil vuil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the refactoring and other updates.
I gave a suggestion on the envvar name.

@prkalle prkalle force-pushed the feature/interactive_tanzu_login branch from 72be34a to e270cc2 Compare January 2, 2024 21:28
@prkalle
Add interactive(browser) login support for 'tanzu' context creation
ccb79b7 
- Added interactive login support for 'tanzu' context creation. This will serve as the default login experience for users creating a 'tanzu' context. The existing API Token-based context creation will continue to function, supporting automated login flows where user interaction is not required. However, the CLI will no longer prompt for an API Token. Instead, it will check if the TANZU_API_TOKEN environment variable is set and use it if available. If the API Token is not set, the CLI will default to an interactive (browser-based) login flow.

- The interactive login flow logs into the default organization, which is either set by the user in the CSP portal or is the first organization in the user's organization list. Users can override this default by setting the environment variable "TANZU_CLI_CLOUD_SERVICES_ORGANIZATION_ID" to the organization ID they choose for login.

Signed-off-by: Prem Kumar Kalle <pkalle@vmware.com>
@prkalle prkalle force-pushed the feature/interactive_tanzu_login branch from e270cc2 to ccb79b7 Compare January 2, 2024 21:56
@prkalle prkalle merged commit 46084d1 into vmware-tanzu:main Jan 2, 2024
7 checks passed
@anujc25 anujc25 added this to the v1.2.0 milestone Jan 3, 2024
@anujc25 anujc25 added kind/feature Categorizes issue or PR as related to a new feature docs-impact issues with documentation impact labels Jan 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vuil vuil vuil approved these changes

Assignees
No one assigned
Labels
cla-not-required docs-impact issues with documentation impact documentation Improvements or additions to documentation kind/feature Categorizes issue or PR as related to a new feature
Projects
None yet
Milestone
v1.2.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@prkalle @vuil @anujc25 @vmwclabot