planet-auth-python/src/planet_auth_utils/commands/cli/planet_legacy_auth_cmd.py at 8e76266e168e1b34685706c4d6e7d4c858a0b4d8 · planetlabs/planet-auth-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
# Copyright 2024-2025 Planet Labs PBC.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import click
import sys

from planet_auth import (
    AuthException,
    FileBackedPlanetLegacyApiKey,
    PlanetLegacyAuthClient,
    PlanetLegacyAuthClientConfig,
    StaticApiKeyAuthClient,
    StaticApiKeyAuthClientConfig,
)

from .options import opt_password, opt_sops, opt_username, opt_yes_no
from .util import recast_exceptions_to_click, post_login_cmd_helper


def _check_client_type_pllegacy(ctx):
    if not isinstance(ctx.obj["AUTH"].auth_client(), PlanetLegacyAuthClient):
        raise click.ClickException(
            f'"legacy" auth commands can only be used with "{PlanetLegacyAuthClientConfig.meta()["client_type"]}" type auth profiles.'
            f' The current profile "{ctx.obj["AUTH"].profile_name()}" is of type "{ctx.obj["AUTH"].auth_client()._auth_client_config.meta()["client_type"]}".'
        )


def _check_client_type_pllegacy_or_apikey(ctx):
    if not (
        isinstance(ctx.obj["AUTH"].auth_client(), PlanetLegacyAuthClient)
        or isinstance(ctx.obj["AUTH"].auth_client(), StaticApiKeyAuthClient)
    ):
        raise click.ClickException(
            "This command can only be used with "
            f'"{PlanetLegacyAuthClientConfig.meta()["client_type"]}" or "{StaticApiKeyAuthClientConfig.meta()["client_type"]}" '
            "type auth profiles. "
            f'The current profile "{ctx.obj["AUTH"].profile_name()}" is of type "{ctx.obj["AUTH"].auth_client()._auth_client_config.meta()["client_type"]}".'
        )


@click.group("legacy", invoke_without_command=True)
@click.pass_context
def cmd_pllegacy(ctx):
    """
    Planet legacy authentication commands.
    """
    if ctx.invoked_subcommand is None:
        click.echo(ctx.get_help())
        sys.exit(0)

    _check_client_type_pllegacy(ctx)


@cmd_pllegacy.command("login")
@opt_password(hidden=False)
@opt_username(hidden=False)
@opt_sops()
@opt_yes_no()
@click.pass_context
@recast_exceptions_to_click(AuthException, FileNotFoundError)
def cmd_pllegacy_login(ctx, username, password, sops, yes):
    """
    Perform an initial login using Planet's legacy authentication interfaces.
    """
    _check_client_type_pllegacy(ctx)
    current_auth_context = ctx.obj["AUTH"]
    current_auth_context.login(
        allow_tty_prompt=True,
        username=username,
        password=password,
    )
    print("Login succeeded.")  # Errors should throw.
    post_login_cmd_helper(override_auth_context=current_auth_context, use_sops_opt=sops, prompt_pre_selection=yes)


@cmd_pllegacy.command("print-api-key")
@click.pass_context
@recast_exceptions_to_click(AuthException, FileNotFoundError)
def cmd_pllegacy_print_api_key(ctx):
    """
    Show the current API Key.  This command only applies to auth profiles
    that use simple API keys.
    """
    # We also support StaticApiKeyAuthClient in some cases where the user
    # directly provides an API key.  Such clients can use the legacy API
    # key, but lack the ability to obtain one.  This helps in our transition
    # away from the legacy auth protocol.
    _check_client_type_pllegacy_or_apikey(ctx)

    # Since API keys are static, we support them in the client config
    # and not just in the token file.
    if isinstance(ctx.obj["AUTH"].auth_client(), PlanetLegacyAuthClient):
        api_key = ctx.obj["AUTH"].auth_client().config().legacy_api_key()
        if api_key:
            print(api_key)
            return
    if isinstance(ctx.obj["AUTH"].auth_client(), StaticApiKeyAuthClient):
        api_key = ctx.obj["AUTH"].auth_client().config().api_key()
        if api_key:
            print(api_key)
            return

    saved_token = FileBackedPlanetLegacyApiKey(api_key_file=ctx.obj["AUTH"].token_file_path())
    print(saved_token.legacy_api_key())


@cmd_pllegacy.command("print-access-token")
@click.pass_context
@recast_exceptions_to_click(AuthException, FileNotFoundError)
def cmd_pllegacy_print_access_token(ctx):
    """
    Show the current legacy JWT access token.
    """
    _check_client_type_pllegacy(ctx)
    saved_token = FileBackedPlanetLegacyApiKey(api_key_file=ctx.obj["AUTH"].token_file_path())
    print(saved_token.legacy_jwt())