merge cli commands login, api_token and token to login

lib/bundles/inspec-compliance/api.rb

@@ -9,8 +9,9 @@ module Compliance
   # API Implementation does not hold any state by itself,
   # everything will be stored in local Configuration store
   class API # rubocop:disable Metrics/ClassLength
-    # saves the api token supplied by the user
-    def self.api_token(url, refresh_token, verify, user, insecure)
+
+    # saves the a user refresh token supplied by the user
+    def self.refresh_token(url, refresh_token, verify, user, insecure)
       config = Compliance::Configuration.new
       config['server'] = url
       config['refresh_token'] = refresh_token
@@ -21,7 +22,7 @@ module Compliance
       if !verify
         config.store
         success = true
-        msg = 'token stored'
+        msg = 'refresh token stored'
       else
         url = "#{server}/login"
         success, msg, access_token = Compliance::API.post_refresh_token(url, refresh_token, insecure)
@@ -35,11 +36,13 @@ module Compliance
       [success, msg]
     end
 
-    def self.access_token(server, token, insecure, api_path)
+    # saves a user access token (limited time)
+    def self.access_token(url, token, insecure)
       config = Compliance::Configuration.new
-      config['server'] = server + api_path
+      config['server'] = url
       config['insecure'] = insecure
       config['token'] = token
+      config['version'] = version(url, insecure)
       config.store
 
       [true, 'access token stored']
@@ -60,9 +63,8 @@ module Compliance
       [success, msg]
     end
 
-    def self.legacy_login(server, username, password, insecure, apipath)
+    def self.legacy_login(server, username, password, insecure)
       config = Compliance::Configuration.new
-      config['server'] = "#{server}#{apipath}"
       url = "#{config['server']}/oauth/token"
 
       success, data = Compliance::API.legacy_login_post(url, username, password, insecure)
@@ -72,6 +74,7 @@ module Compliance
           config['user'] = username
           config['token'] = tokendata['access_token']
           config['insecure'] = insecure
+          config['version'] = version(url, insecure)
           config.store
           success = true
           msg = 'Successfully authenticated'

lib/bundles/inspec-compliance/cli.rb

@@ -9,44 +9,41 @@ module Compliance
   class ComplianceCLI < Inspec::BaseCLI # rubocop:disable Metrics/ClassLength
     namespace 'compliance'
 
-    desc 'api_token SERVER', '(Optionally) verify and save the API token for Chef Compliance SERVER'
-    option :token, type: :string, required: true,
-      desc: 'Chef Compliance API token'
-    option :user, type: :string, required: true,
-      desc: 'Chef Compliance user login'
-    option :verify, aliases: :v, type: :boolean,
-      desc: 'Verify token before storing it'
+    desc 'login SERVER', 'Log in to a Chef Compliance SERVER'
+    option :server, type: :string, desc: 'Chef Compliance Server URL'
     option :insecure, aliases: :k, type: :boolean,
       desc: 'Explicitly allows InSpec to perform "insecure" SSL connections and transfers'
+    option :user, type: :string, required: false,
+      desc: 'Chef Compliance Username (for legacy auth)'
+    option :password, type: :string, required: false,
+      desc: 'Chef Compliance Password (for legacy auth)'
     option :apipath, type: :string, default: '/api',
       desc: 'Set the path to the API, defaults to /api'
-    def api_token(server)
-      url = server + options['apipath']
-      _, msg = Compliance::API.api_token(url, options['token'], options['verify'], options['user'], options['insecure'])
-      puts msg
-    end
-
-    desc 'access_token SERVER', 'Save an access token for Chef Compliance SERVER'
-    option :token, type: :string, required: true,
+    option :token, type: :string, required: false,
       desc: 'Chef Compliance access token'
-    option :insecure, aliases: :k, type: :boolean,
-      desc: 'Explicitly allows InSpec to perform "insecure" SSL connections and transfers'
-    option :apipath, type: :string, default: '/api',
-      desc: 'Set the path to the API, defaults to /api'
-    def access_token(server)
-      _, msg = Compliance::API.access_token(server, options['token'], options['insecure'], options['apipath'])
-      puts msg
-    end
+    option :refresh_token, type: :string, required: false,
+      desc: 'Chef Compliance refresh token'
+    def login(server)
+      # if Compliance::Configuration.new.supported?(:oidc)
+      #   puts "Your server is support --token and --refresh_token"
+      # else
+      #   puts "Your server is outdated and supports only combination of --user and --password"
+      # end
+      options['server'] = server
+      url = options['server'] + options['apipath']
 
-    desc 'login', 'Log in to a Chef Compliance SERVER'
-    option :server, type: :string, desc: 'Chef Compliance Server URL (for legacy auth)'
-    option :insecure, aliases: :k, type: :boolean,
-      desc: 'Explicitly allows InSpec to perform "insecure" SSL connections and transfers'
-    def login
-      if Compliance::Configuration.new.supported?(:oidc)
-        success, msg = Compliance::API.login(options['insecure'])
+      if !options['user'].nil? && !options['password'].nil?
+        # username / password
+        success, msg = Compliance::API.legacy_login(url, options['user'], options['password'], options['insecure'])
+      elsif !options['token'].nil?
+        # access token
+        success, msg = Compliance::API.access_token(url, options['token'], options['insecure'])
+      elsif !options['refresh_token'].nil? && !options['user'].nil?
+        # refresh token
+        success, msg = Compliance::API.refresh_token(url, options['token'], true, options['user'], options['insecure'])
       else
-        success, msg = Compliance::API.legacy_login(config['server'], options['user'], options['password'], options['insecure'], options['apipath'])
+        # try stored refresh_token
+        success, msg = Compliance::API.login(options['insecure'])
       end
 
       if success