add password required flag

pkg/app/run_test.go

@@ -277,9 +277,11 @@ COMMANDS
         --subnet=SUBNET          Number of bits for the subnet mask applied to
                                  the IP address
 
-  auth-token create [<flags>]
+  auth-token create --password=PASSWORD [<flags>]
     Create an API token
 
+    --password=PASSWORD      User password corresponding with --token or
+                             $FASTLY_API_TOKEN
     --expires=EXPIRES        Time-stamp (UTC) of when the token will expire
     --name=NAME              Name of the token
     --scope=SCOPE ...        A comma-separated list of authorization scope

pkg/commands/authtoken/authtoken_test.go

@@ -16,8 +16,13 @@ func TestCreate(t *testing.T) {
 	args := testutil.Args
 	scenarios := []testutil.TestScenario{
 		{
-			Name:      "validate missing --token flag",
+			Name:      "validate missing --password flag",
 			Args:      args("auth-token create"),
+			WantError: "error parsing arguments: required flag --password not provided",
+		},
+		{
+			Name:      "validate missing --token flag",
+			Args:      args("auth-token create --password secure"),
 			WantError: errors.ErrNoToken.Inner.Error(),
 		},
 		{
@@ -27,7 +32,7 @@ func TestCreate(t *testing.T) {
 					return nil, testutil.Err
 				},
 			},
-			Args:      args("auth-token create --token 123"),
+			Args:      args("auth-token create --password secure --token 123"),
 			WantError: testutil.Err.Error(),
 		},
 		{
@@ -42,7 +47,7 @@ func TestCreate(t *testing.T) {
 					}, nil
 				},
 			},
-			Args:       args("auth-token create --token 123"),
+			Args:       args("auth-token create --password secure --token 123"),
 			WantOutput: "Created token 'Example' (id: 123, scope: foobar, expires: 2021-06-15 23:00:00 +0000 UTC)",
 		},
 		{
@@ -57,7 +62,7 @@ func TestCreate(t *testing.T) {
 					}, nil
 				},
 			},
-			Args:       args("auth-token create --expires 2021-09-15T23:00:00Z --name Testing --scope purge_all,global:read --services a,b,c --token 123"),
+			Args:       args("auth-token create --expires 2021-09-15T23:00:00Z --name Testing --password secure --scope purge_all,global:read --services a,b,c --token 123"),
 			WantOutput: "Created token 'Testing' (id: 123, scope: purge_all global:read, expires: 2021-09-15 23:00:00 +0000 UTC)",
 		},
 	}
@@ -373,7 +378,7 @@ Expires at: 2021-06-15 23:00:00 +0000 UTC`
 }
 
 func listTokenOutputSummary() string {
-	return `TOKEN ID  USER ID  SCOPE                  SERVICES
-123       456      purge_all global:read  [a b]
-456       789      global                 [a b]`
+	return `TOKEN ID  NAME  USER ID  SCOPE                  SERVICES
+123       Foo   456      purge_all global:read  [a b]
+456       Bar   789      global                 [a b]`
 }

pkg/commands/authtoken/create.go

@@ -22,17 +22,23 @@ func NewCreateCommand(parent cmd.Registerer, globals *config.Data) *CreateComman
 	c.manifest.File.SetOutput(c.Globals.Output)
 	c.manifest.File.Read(manifest.Filename)
 
-	// NOTE: The go-fastly package allows providing a username/password as
-	// authentication, but as the CLI already expects an API token to be present
-	// we will use that instead of a username/password (the API supports both
-	// forms of authentication).
-	c.CmdClause.Flag("expires", "Time-stamp (UTC) of when the token will expire").HintOptions("2016-07-28T19:24:50+00:00").TimeVar(time.RFC3339, &c.expires)
-	c.CmdClause.Flag("name", "Name of the token").StringVar(&c.name)
+	// Required flags
+	//
+	// NOTE: The go-fastly client internally calls `/sudo` before `/tokens` and
+	// the sudo endpoint requires a password to be provided alongside an API
+	// token. The password must be for the user account that created the token
+	// being passed as authentication to the API endpoint.
+	c.CmdClause.Flag("password", "User password corresponding with --token or $FASTLY_API_TOKEN").Required().StringVar(&c.password)
+
+	// Optional flags
+	//
 	// NOTE: The API describes 'scope' as being space-delimited but we've opted
 	// for comma-separated as it means users don't have to worry about how best
 	// to handle issues with passing a flag value with whitespace. When
 	// constructing the input for the API call we convert from a comma-separated
 	// value to a space-delimited value.
+	c.CmdClause.Flag("expires", "Time-stamp (UTC) of when the token will expire").HintOptions("2016-07-28T19:24:50+00:00").TimeVar(time.RFC3339, &c.expires)
+	c.CmdClause.Flag("name", "Name of the token").StringVar(&c.name)
 	c.CmdClause.Flag("scope", "A comma-separated list of authorization scope").HintOptions("global", "purge_select", "purge_all", "global:read").StringsVar(&c.scope, kingpin.Separator(","))
 	c.CmdClause.Flag("services", "A comma-separated list of alphanumeric strings identifying services (default: access to all services)").StringsVar(&c.services, kingpin.Separator(","))
 	return &c
@@ -45,6 +51,7 @@ type CreateCommand struct {
 	expires  time.Time
 	manifest manifest.Data
 	name     string
+	password string
 	scope    []string
 	services []string
 }
@@ -73,6 +80,8 @@ func (c *CreateCommand) Exec(in io.Reader, out io.Writer) error {
 func (c *CreateCommand) constructInput() *fastly.CreateTokenInput {
 	var input fastly.CreateTokenInput
 
+	input.Password = c.password
+
 	if !c.expires.IsZero() {
 		input.ExpiresAt = &c.expires
 	}

pkg/commands/authtoken/list.go

@@ -107,9 +107,9 @@ func (c *ListCommand) printVerbose(out io.Writer, rs []*fastly.Token) {
 // format.
 func (c *ListCommand) printSummary(out io.Writer, rs []*fastly.Token) {
 	t := text.NewTable(out)
-	t.AddHeader("TOKEN ID", "USER ID", "SCOPE", "SERVICES")
+	t.AddHeader("TOKEN ID", "NAME", "USER ID", "SCOPE", "SERVICES")
 	for _, r := range rs {
-		t.AddLine(r.ID, r.UserID, r.Scope, r.Services)
+		t.AddLine(r.ID, r.Name, r.UserID, r.Scope, r.Services)
 	}
 	t.Print()
 }