feat: check for api key expiration date (#3049)

Author: Codelax

internal/core/bootstrap.go

@@ -216,9 +216,10 @@ func Bootstrap(config *BootstrapConfig) (exitCode int, result interface{}, err e
 		}
 	}
 
-	// Check CLI new version when exiting the bootstrap
+	// Run checks after command has been executed
 	defer func() { // if we plan to remove defer, do not forget logger is not set until cobra pre init func
-		config.BuildInfo.checkVersion(ctx)
+		// Check CLI new version and api key expiration date
+		runAfterCommandChecks(ctx, config.BuildInfo.checkVersion, checkAPIKey)
 	}()
 
 	if !config.DisableAliases {

internal/core/build_info.go

@@ -6,8 +6,6 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	"os"
-	"path/filepath"
 	"strings"
 	"time"
 
@@ -35,11 +33,10 @@ func (b *BuildInfo) MarshalJSON() ([]byte, error) {
 }
 
 const (
-	scwDisableCheckVersionEnv        = "SCW_DISABLE_CHECK_VERSION"
-	latestGithubReleaseURL           = "https://api.github.com/repos/scaleway/scaleway-cli/releases/latest"
-	latestVersionUpdateFileLocalName = "latest-cli-version"
-	latestVersionRequestTimeout      = 1 * time.Second
-	userAgentPrefix                  = "scaleway-cli"
+	scwDisableCheckVersionEnv   = "SCW_DISABLE_CHECK_VERSION"
+	latestGithubReleaseURL      = "https://api.github.com/repos/scaleway/scaleway-cli/releases/latest"
+	latestVersionRequestTimeout = 1 * time.Second
+	userAgentPrefix             = "scaleway-cli"
 )
 
 // IsRelease returns true when the version of the CLI is an official release:
@@ -57,28 +54,11 @@ func (b *BuildInfo) GetUserAgent() string {
 }
 
 func (b *BuildInfo) checkVersion(ctx context.Context) {
-	cmd := extractMeta(ctx).command
-	cmdDisableCheckVersion := cmd != nil && cmd.DisableVersionCheck
-	if !b.IsRelease() || ExtractEnv(ctx, scwDisableCheckVersionEnv) == "true" || cmdDisableCheckVersion {
+	if !b.IsRelease() || ExtractEnv(ctx, scwDisableCheckVersionEnv) == "true" {
 		ExtractLogger(ctx).Debug("skipping check version")
 		return
 	}
 
-	latestVersionUpdateFilePath := getLatestVersionUpdateFilePath(ExtractCacheDir(ctx))
-
-	// do nothing if last refresh at during the last 24h
-	if wasFileModifiedLast24h(latestVersionUpdateFilePath) {
-		ExtractLogger(ctx).Debug("version was already checked during past 24 hours")
-		return
-	}
-
-	// do nothing if we cannot create the file
-	err := createAndCloseFile(latestVersionUpdateFilePath)
-	if err != nil {
-		ExtractLogger(ctx).Debug(err.Error())
-		return
-	}
-
 	// pull latest version
 	latestVersion, err := getLatestVersion(ExtractHTTPClient(ctx))
 	if err != nil {
@@ -87,16 +67,12 @@ func (b *BuildInfo) checkVersion(ctx context.Context) {
 	}
 
 	if b.Version.LessThan(latestVersion) {
-		ExtractLogger(ctx).Warningf("a new version of scw is available (%s), beware that you are currently running %s\n", latestVersion, b.Version)
+		ExtractLogger(ctx).Warningf("A new version of scw is available (%s), beware that you are currently running %s\n", latestVersion, b.Version)
 	} else {
 		ExtractLogger(ctx).Debugf("version is up to date (%s)\n", b.Version)
 	}
 }
 
-func getLatestVersionUpdateFilePath(cacheDir string) string {
-	return filepath.Join(cacheDir, latestVersionUpdateFileLocalName)
-}
-
 // getLatestVersion attempt to read the latest version of the remote file at latestVersionFileURL.
 func getLatestVersion(client *http.Client) (*version.Version, error) {
 	ctx, cancelTimeout := context.WithTimeout(context.Background(), latestVersionRequestTimeout)
@@ -129,29 +105,3 @@ func getLatestVersion(client *http.Client) (*version.Version, error) {
 
 	return version.NewSemver(strings.TrimPrefix(jsonBody.TagName, "v"))
 }
-
-// wasFileModifiedLast24h checks whether the file has been updated during last 24 hours.
-func wasFileModifiedLast24h(path string) bool {
-	stat, err := os.Stat(path)
-	if err != nil {
-		return false
-	}
-
-	yesterday := time.Now().AddDate(0, 0, -1)
-	lastUpdate := stat.ModTime()
-	return lastUpdate.After(yesterday)
-}
-
-// createAndCloseFile creates a file and closes it. It returns true on succeed, false on failure.
-func createAndCloseFile(path string) error {
-	err := os.MkdirAll(filepath.Dir(path), 0700)
-	if err != nil {
-		return fmt.Errorf("failed creating path %s: %s", path, err)
-	}
-	newFile, err := os.OpenFile(path, os.O_CREATE|os.O_TRUNC|os.O_RDWR, 0600)
-	if err != nil {
-		return fmt.Errorf("failed creating file %s: %s", path, err)
-	}
-
-	return newFile.Close()
-}

internal/core/build_info_test.go

@@ -33,7 +33,7 @@ func Test_CheckVersion(t *testing.T) {
 		Cmd: "scw plop",
 		Check: TestCheckCombine(
 			func(t *testing.T, ctx *CheckFuncCtx) {
-				assert.Equal(t, "a new version of scw is available (2.5.4), beware that you are currently running 1.20.0\n", ctx.LogBuffer)
+				assert.Equal(t, "A new version of scw is available (2.5.4), beware that you are currently running 1.20.0\n", ctx.LogBuffer)
 			},
 		),
 		TmpHomeDir: true,
@@ -85,7 +85,7 @@ func Test_CheckVersion(t *testing.T) {
 		Cmd: "scw plop",
 		Check: TestCheckCombine(
 			func(t *testing.T, ctx *CheckFuncCtx) {
-				assert.Contains(t, ctx.LogBuffer, "a new version of scw is available (2.5.4), beware that you are currently running 1.0.0\n")
+				assert.Contains(t, ctx.LogBuffer, "A new version of scw is available (2.5.4), beware that you are currently running 1.0.0\n")
 			},
 		),
 		TmpHomeDir: true,

internal/core/checks.go

@@ -0,0 +1,103 @@
+package core
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+	"time"
+
+	iam "github.com/scaleway/scaleway-sdk-go/api/iam/v1alpha1"
+)
+
+var (
+	apiKeyExpireTime        = 24 * time.Hour
+	lastChecksFileLocalName = "last-cli-checks"
+)
+
+type AfterCommandCheckFunc func(ctx context.Context)
+
+// wasFileModifiedLast24h checks whether the file has been updated during last 24 hours.
+func wasFileModifiedLast24h(path string) bool {
+	stat, err := os.Stat(path)
+	if err != nil {
+		return false
+	}
+
+	yesterday := time.Now().AddDate(0, 0, -1)
+	lastUpdate := stat.ModTime()
+	return lastUpdate.After(yesterday)
+}
+
+func getLatestVersionUpdateFilePath(cacheDir string) string {
+	return filepath.Join(cacheDir, lastChecksFileLocalName)
+}
+
+// createAndCloseFile creates a file and closes it. It returns true on succeed, false on failure.
+func createAndCloseFile(path string) error {
+	err := os.MkdirAll(filepath.Dir(path), 0700)
+	if err != nil {
+		return fmt.Errorf("failed creating path %s: %s", path, err)
+	}
+	newFile, err := os.OpenFile(path, os.O_CREATE|os.O_TRUNC|os.O_RDWR, 0600)
+	if err != nil {
+		return fmt.Errorf("failed creating file %s: %s", path, err)
+	}
+
+	return newFile.Close()
+}
+
+// runAfterCommandChecks execute checks after a command has been executed
+// skipped if command has disabled checks or was executed in the last 24 hours
+func runAfterCommandChecks(ctx context.Context, checkFuncs ...AfterCommandCheckFunc) {
+	cmd := extractMeta(ctx).command
+	cmdDisableCheck := cmd != nil && cmd.DisableAfterChecks
+	if cmdDisableCheck {
+		ExtractLogger(ctx).Debug("skipping after command checks")
+		return
+	}
+
+	lastChecksFilePath := getLatestVersionUpdateFilePath(ExtractCacheDir(ctx))
+
+	// do nothing if last refresh at during the last 24h
+	if wasFileModifiedLast24h(lastChecksFilePath) {
+		ExtractLogger(ctx).Debug("version was already checked during past 24 hours")
+		return
+	}
+
+	// do nothing if we cannot create the file
+	err := createAndCloseFile(lastChecksFilePath)
+	if err != nil {
+		ExtractLogger(ctx).Debug(err.Error())
+		return
+	}
+
+	for _, checkFunc := range checkFuncs {
+		checkFunc(ctx)
+	}
+}
+
+// Check if API Key is about to expire
+func checkAPIKey(ctx context.Context) {
+	client := ExtractClient(ctx)
+	if client == nil {
+		return
+	}
+	accessKey, exists := client.GetAccessKey()
+	if !exists {
+		return
+	}
+
+	api := iam.NewAPI(client)
+	apiKey, err := api.GetAPIKey(&iam.GetAPIKeyRequest{
+		AccessKey: accessKey,
+	})
+	if err != nil || apiKey.ExpiresAt == nil {
+		return
+	}
+	now := time.Now()
+	if apiKey.ExpiresAt.Before(now.Add(apiKeyExpireTime)) {
+		expiresIn := apiKey.ExpiresAt.Sub(now).Truncate(time.Second).String()
+		ExtractLogger(ctx).Warningf("Current api key expires in %s\n", expiresIn)
+	}
+}

internal/core/checks_test.go

@@ -0,0 +1,84 @@
+package core
+
+import (
+	"context"
+	"fmt"
+	"path/filepath"
+	"reflect"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/alecthomas/assert"
+	iam "github.com/scaleway/scaleway-sdk-go/api/iam/v1alpha1"
+	"github.com/scaleway/scaleway-sdk-go/scw"
+)
+
+func TestCheckAPIKey(t *testing.T) {
+	testCommands := NewCommands(
+		&Command{
+			Namespace: "test",
+			ArgSpecs:  ArgSpecs{},
+			ArgsType:  reflect.TypeOf(testType{}),
+			Run: func(ctx context.Context, argsI interface{}) (i interface{}, e error) {
+				// Test command reload the client so the profile used is the edited one
+				return "", ReloadClient(ctx)
+			},
+		})
+	metadataKey := "ApiKey"
+
+	t.Run("basic", Test(&TestConfig{
+		Commands:   testCommands,
+		TmpHomeDir: true,
+		BeforeFunc: func(ctx *BeforeFuncCtx) error {
+			api := iam.NewAPI(ctx.Client)
+			accessKey, exists := ctx.Client.GetAccessKey()
+			if !exists {
+				return fmt.Errorf("missing access-key")
+			}
+
+			apiKey, err := api.GetAPIKey(&iam.GetAPIKeyRequest{
+				AccessKey: accessKey,
+			})
+			if err != nil {
+				return err
+			}
+			expiresAt := time.Now().Add(time.Hour)
+			apiKey, err = api.CreateAPIKey(&iam.CreateAPIKeyRequest{
+				ApplicationID: apiKey.ApplicationID,
+				UserID:        apiKey.UserID,
+				ExpiresAt:     &expiresAt,
+				Description:   "test-cli-TestCheckAPIKey",
+			})
+			if err != nil {
+				return err
+			}
+			if !*UpdateCassettes {
+				apiKey.AccessKey = "SCWXXXXXXXXXXXXXXXXX"
+			}
+
+			ctx.Meta[metadataKey] = apiKey
+			cfg := &scw.Config{
+				Profile: scw.Profile{
+					AccessKey: &apiKey.AccessKey,
+					SecretKey: apiKey.SecretKey,
+				},
+			}
+			configPath := filepath.Join(ctx.OverrideEnv["HOME"], ".config", "scw", "config.yaml")
+
+			return cfg.SaveTo(configPath)
+		},
+		Cmd: "scw test",
+		Check: TestCheckCombine(
+			TestCheckExitCode(0),
+			func(t *testing.T, ctx *CheckFuncCtx) {
+				assert.True(t, strings.HasPrefix(ctx.LogBuffer, "Current api key expires in"))
+			},
+		),
+		AfterFunc: func(ctx *AfterFuncCtx) error {
+			return iam.NewAPI(ctx.Client).DeleteAPIKey(&iam.DeleteAPIKeyRequest{
+				AccessKey: ctx.Meta[metadataKey].(*iam.APIKey).AccessKey,
+			})
+		},
+	}))
+}

internal/core/command.go

@@ -35,8 +35,8 @@ type Command struct {
 	// DisableTelemetry disable telemetry for the command.
 	DisableTelemetry bool
 
-	// DisableVersionCheck disable the version check to avoid superfluous message
-	DisableVersionCheck bool
+	// DisableAfterChecks disable checks that run after the command to avoid superfluous message
+	DisableAfterChecks bool
 
 	// Hidden hides the command form usage and auto-complete.
 	Hidden bool

internal/core/context.go

@@ -191,11 +191,6 @@ func ExtractCliConfigPath(ctx context.Context) string {
 func ReloadClient(ctx context.Context) error {
 	var err error
 	meta := extractMeta(ctx)
-	// if client is from bootstrap we are probably running test
-	// if we reload the client we loose the cassette recorder
-	if meta.isClientFromBootstrapConfig {
-		return nil
-	}
 	meta.Client, err = createClient(ctx, meta.httpClient, meta.BuildInfo, ExtractProfileName(ctx))
 	return err
 }