Class: Pvectl::Commands::Config::SetCredentials

Inherits:
Object
  • Object
show all
Defined in:
lib/pvectl/commands/config/set_credentials.rb

Overview

Handler for the ‘pvectl config set-credentials` command.

Creates a new user or modifies existing credentials in the configuration. Supports two authentication methods:

  • API Token: –token-id and –token-secret

  • Password: –username and –password

Examples:

Usage with token authentication

pvectl config set-credentials admin --token-id=root@pam!automation --token-secret=xxx-xxx

Usage with password authentication

pvectl config set-credentials dev-user --username=root@pam --password=secret

Class Method Summary collapse

Class Method Details

.execute(user_name, options, global_options) ⇒ Integer

Executes the set-credentials command.

Parameters:

  • user_name (String)

    name of the user to create or modify

  • options (Hash)

    command options (:token_id, :token_secret, :username, :password)

  • global_options (Hash)

    global CLI options (includes :config)

Returns:

  • (Integer)

    exit code (0 for success)



73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
 
# File 'lib/pvectl/commands/config/set_credentials.rb', line 73

def self.execute(user_name, options, global_options)
  config_path = global_options[:config]
  service = Pvectl::Config::Service.new
  service.load(config: config_path)

  existing_user = service.user(user_name)
  action = existing_user ? "modified" : "created"

  # Use existing values if not provided
  token_id = options[:"token-id"] || options[:token_id] || existing_user&.token_id
  token_secret = options[:"token-secret"] || options[:token_secret] || existing_user&.token_secret
  username = options[:username] || existing_user&.username
  password = options[:password] || existing_user&.password

  # Validate credentials for new users
  if existing_user.nil?
    validation_error = validate_new_user_credentials(token_id, token_secret, username, password)
    return validation_error if validation_error
  else
    # For existing users, validate that partial updates are complete
    validation_error = validate_partial_update(options, existing_user)
    return validation_error if validation_error
  end

  service.set_credentials(
    name: user_name,
    token_id: token_id,
    token_secret: token_secret,
    username: username,
    password: password
  )

  puts "User \"#{user_name}\" #{action}."
  0
end

.register_subcommand(parent) ⇒ void

This method returns an undefined value.

Registers the set-credentials subcommand.

Parameters:

  • parent (GLI::Command)

    parent config command



24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
# File 'lib/pvectl/commands/config/set_credentials.rb', line 24

def self.register_subcommand(parent)
  parent.desc "Create or modify user credentials"
  parent.long_desc <<~HELP
    Create or modify user credentials. Supports API token (recommended)
    and username/password authentication.

    EXAMPLES
      Set API token credentials:
        $ pvectl config set-credentials admin --token-id=root@pam!pvectl --token-secret=xxx

      Set username/password credentials:
        $ pvectl config set-credentials admin --username=root@pam --password=secret

    NOTES
      API tokens are recommended over passwords — they are more secure
      and don't expire with password changes.
  HELP
  parent.command :"set-credentials" do |set_creds|
    set_creds.arg_name "USER_NAME"

    set_creds.desc "API token ID (e.g., root@pam!tokenname)"
    set_creds.flag [:"token-id"]

    set_creds.desc "API token secret"
    set_creds.flag [:"token-secret"]

    set_creds.desc "Username for password authentication"
    set_creds.flag [:username]

    set_creds.desc "Password for password authentication"
    set_creds.flag [:password]

    set_creds.action do |global_options, options, args|
      if args.empty?
        $stderr.puts "Error: user name is required"
        exit ExitCodes::USAGE_ERROR
      end
      exit_code = execute(args[0], options, global_options)
      exit exit_code if exit_code != 0
    end
  end
end

.validate_new_user_credentials(token_id, token_secret, username, password) ⇒ Integer?

Validates credentials for a new user.

Parameters:

  • token_id (String, nil)

    API token ID

  • token_secret (String, nil)

    API token secret

  • username (String, nil)

    username

  • password (String, nil)

    password

Returns:

  • (Integer, nil)

    exit code if validation fails, nil otherwise



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
 
# File 'lib/pvectl/commands/config/set_credentials.rb', line 116

def self.validate_new_user_credentials(token_id, token_secret, username, password)
  has_token_auth = token_id && token_secret
  has_password_auth = username && password

  if !has_token_auth && !has_password_auth
    if token_id && !token_secret
      $stderr.puts "Error: --token-secret is required when using --token-id"
      return ExitCodes::USAGE_ERROR
    elsif token_secret && !token_id
      $stderr.puts "Error: --token-id is required when using --token-secret"
      return ExitCodes::USAGE_ERROR
    elsif username && !password
      $stderr.puts "Error: --password is required when using --username"
      return ExitCodes::USAGE_ERROR
    elsif password && !username
      $stderr.puts "Error: --username is required when using --password"
      return ExitCodes::USAGE_ERROR
    else
      $stderr.puts "Error: credentials required (--token-id/--token-secret or --username/--password)"
      return ExitCodes::USAGE_ERROR
    end
  end

  nil
end

.validate_partial_update(options, existing_user) ⇒ Integer?

Validates partial update for existing user.

Parameters:

  • options (Hash)

    command options

  • existing_user (Models::User)

    existing user model

Returns:

  • (Integer, nil)

    exit code if validation fails, nil otherwise



147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
 
# File 'lib/pvectl/commands/config/set_credentials.rb', line 147

def self.validate_partial_update(options, existing_user)
  # Check if user is trying to set incomplete token auth
  token_id_provided = options[:"token-id"] || options[:token_id]
  token_secret_provided = options[:"token-secret"] || options[:token_secret]

  if token_id_provided && !token_secret_provided && existing_user.token_secret.nil?
    $stderr.puts "Error: --token-secret is required when using --token-id"
    return ExitCodes::USAGE_ERROR
  end

  if token_secret_provided && !token_id_provided && existing_user.token_id.nil?
    $stderr.puts "Error: --token-id is required when using --token-secret"
    return ExitCodes::USAGE_ERROR
  end

  # Check if user is trying to set incomplete password auth
  username_provided = options[:username]
  password_provided = options[:password]

  if username_provided && !password_provided && existing_user.password.nil?
    $stderr.puts "Error: --password is required when using --username"
    return ExitCodes::USAGE_ERROR
  end

  if password_provided && !username_provided && existing_user.username.nil?
    $stderr.puts "Error: --username is required when using --password"
    return ExitCodes::USAGE_ERROR
  end

  nil
end