From 565dafc71fbfce4551e30606c4e1d03f0de3ca9f Mon Sep 17 00:00:00 2001
From: Ben Ford <ben.ford@puppetlabs.com>
Date: Wed, 28 Jul 2021 10:48:38 -0700
Subject: [PATCH] (PF-2437) Allow r10k to authenticate to the Forge

In the near future, the Forge will be adding support for authenticated
module downloads. This extends support for token based authentication to
that use case.
---
 CHANGELOG.mkd                              | 1 +
 doc/dynamic-environments/configuration.mkd | 5 ++---
 lib/r10k/initializers.rb                   | 8 +-------
 spec/unit/action/runner_spec.rb            | 8 --------
 4 files changed, 4 insertions(+), 18 deletions(-)

diff --git a/CHANGELOG.mkd b/CHANGELOG.mkd
index 1df631a06..30f92902a 100644
--- a/CHANGELOG.mkd
+++ b/CHANGELOG.mkd
@@ -6,6 +6,7 @@ Unreleased
 
 - (CODEMGMT-1421) Add skeleton for deploy_spec option [#1189](https://github.com/puppetlabs/r10k/pull/1189)
 - (RK-369) Make module deploys run the postrun command if any environments were updated. [#1190](https://github.com/puppetlabs/r10k/pull/1190)
+- (PF-2437) Allow token authentication to be used with the Forge. [#1192](https://github.com/puppetlabs/r10k/pull/1192)
 
 3.10.0
 ------
diff --git a/doc/dynamic-environments/configuration.mkd b/doc/dynamic-environments/configuration.mkd
index baecdec84..0a6b4677c 100644
--- a/doc/dynamic-environments/configuration.mkd
+++ b/doc/dynamic-environments/configuration.mkd
@@ -167,9 +167,8 @@ This defaults to 'https://forgeapi.puppetlabs.com'
 
 #### authorization_token
 
-The 'authorization_token' setting allows you to provide a token for authenticating to a
-custom Forge server. When set, 'baseurl' must also be set.
-You will need to prepend your token with 'Bearer ' if using Artifactory as your Forge server.
+The 'authorization_token' setting allows you to provide a token for authenticating to a Forge server.
+You will need to prepend your token with 'Bearer ' to authenticate to the Forge or when using your own Artifactory server.
 
 ```yaml
 forge:
diff --git a/lib/r10k/initializers.rb b/lib/r10k/initializers.rb
index ec99d4ed8..837ea6fff 100644
--- a/lib/r10k/initializers.rb
+++ b/lib/r10k/initializers.rb
@@ -63,13 +63,7 @@ class ForgeInitializer < BaseInitializer
       def call
         with_setting(:baseurl) { |value| PuppetForge.host = value }
         with_setting(:proxy) { |value| PuppetForge::Connection.proxy = value }
-        with_setting(:authorization_token) { |value|
-          if @settings[:baseurl]
-            PuppetForge::Connection.authorization = value
-          else
-            raise R10K::Error, "Cannot specify a Forge authorization token without configuring a custom baseurl."
-          end
-        }
+        with_setting(:authorization_token) { |value| PuppetForge::Connection.authorization = value }
       end
     end
   end
diff --git a/spec/unit/action/runner_spec.rb b/spec/unit/action/runner_spec.rb
index f9761545b..5c3f18bbe 100644
--- a/spec/unit/action/runner_spec.rb
+++ b/spec/unit/action/runner_spec.rb
@@ -230,14 +230,6 @@ def call
         runner.setup_settings
         runner.setup_authorization
       end
-
-      it 'errors if no custom forge URL is set' do
-        options = { config: "spec/fixtures/unit/action/r10k_forge_auth_no_url.yaml" }
-        runner = described_class.new(options, %w[args yes], action_class)
-        expect(PuppetForge::Connection).not_to receive(:authorization=).with('faketoken')
-
-        expect { runner.setup_settings }.to raise_error(R10K::Error, /Cannot specify a Forge auth/)
-      end
     end
 
     context "license auth" do