CLOUDP-330675: Reworks atlas auth login flow (#4038)

Author: cveticm

docs/command/atlas-auth-login.txt

@@ -53,7 +53,7 @@ Options
    * - --noBrowser
      - 
      - false
-     - Don't try to open a browser session.
+     - Don't automatically open a browser session.
 
 Inherited Options
 -----------------

internal/cli/auth/login.go

@@ -27,14 +27,16 @@ import (
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/flag"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/log"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/prerun"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/prompt"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/telemetry"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/usage"
 	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/validate"
 	"github.com/pkg/browser"
 	"github.com/spf13/cobra"
 	"go.mongodb.org/atlas/auth"
 )
 
-//go:generate go tool go.uber.org/mock/mockgen -typed -destination=login_mock_test.go -package=auth . LoginConfig
+//go:generate go tool go.uber.org/mock/mockgen -typed -destination=login_mock_test.go -package=auth . LoginConfig,TrackAsker
 
 type SetSaver interface {
 	Set(string, any)
@@ -49,20 +51,119 @@ type LoginConfig interface {
 	ProjectID() string
 }
 
+type TrackAsker interface {
+	TrackAsk([]*survey.Question, any, ...survey.AskOpt) error
+	TrackAskOne(survey.Prompt, any, ...survey.AskOpt) error
+}
+
+const (
+	userAccountAuth = "UserAccount"
+	apiKeysAuth     = "APIKeys"
+	atlasName       = "atlas"
+)
+
 var (
 	ErrProjectIDNotFound = errors.New("project is inaccessible. You either don't have access to this project or the project doesn't exist")
 	ErrOrgIDNotFound     = errors.New("organization is inaccessible. You don't have access to this organization or the organization doesn't exist")
+	authTypeOptions      = []string{userAccountAuth, apiKeysAuth}
+	authTypeDescription  = map[string]string{
+		userAccountAuth: "(best for getting started)",
+		apiKeysAuth:     "(for existing automations)",
+	}
 )
 
 type LoginOpts struct {
 	cli.DefaultSetterOpts
 	cli.RefresherOpts
+	cli.DigestConfigOpts
 	AccessToken  string
 	RefreshToken string
 	IsGov        bool
 	NoBrowser    bool
+	authType     string
+	force        bool
 	SkipConfig   bool
 	config       LoginConfig
+	Asker        TrackAsker
+}
+
+func (opts *LoginOpts) promptAuthType() error {
+	if opts.force {
+		opts.authType = userAccountAuth
+		return nil
+	}
+	authTypePrompt := &survey.Select{
+		Message: "Select authentication type:",
+		Options: authTypeOptions,
+		Default: userAccountAuth,
+		Description: func(value string, _ int) string {
+			return authTypeDescription[value]
+		},
+	}
+	return opts.Asker.TrackAskOne(authTypePrompt, &opts.authType)
+}
+
+func (opts *LoginOpts) SetUpAccess() {
+	switch {
+	case opts.IsGov:
+		opts.Service = config.CloudGovService
+	default:
+		opts.Service = config.CloudService
+	}
+
+	opts.SetUpServiceAndKeys()
+}
+
+func (opts *LoginOpts) runAPIKeysLogin(ctx context.Context) error {
+	_, _ = fmt.Fprintf(opts.OutWriter, `You are configuring a profile for %s.
+
+All values are optional and you can use environment variables (MONGODB_ATLAS_*) instead.
+
+Enter [?] on any option to get help.
+
+`, atlasName)
+
+	q := prompt.AccessQuestions()
+	if err := opts.Asker.TrackAsk(q, opts); err != nil {
+		return err
+	}
+	opts.SetUpAccess()
+
+	if err := opts.InitStore(ctx); err != nil {
+		return err
+	}
+
+	if config.IsAccessSet() {
+		if err := opts.AskOrg(); err != nil {
+			return err
+		}
+		if err := opts.AskProject(); err != nil {
+			return err
+		}
+	} else {
+		q := prompt.TenantQuestions()
+		if err := opts.Asker.TrackAsk(q, opts); err != nil {
+			return err
+		}
+	}
+	opts.SetUpProject()
+	opts.SetUpOrg()
+
+	if err := opts.Asker.TrackAsk(opts.DefaultQuestions(), opts); err != nil {
+		return err
+	}
+	opts.SetUpOutput()
+
+	if err := opts.config.Save(); err != nil {
+		return err
+	}
+
+	_, _ = fmt.Fprintf(opts.OutWriter, "\nYour profile is now configured.\n")
+	if config.Name() != config.DefaultProfile {
+		_, _ = fmt.Fprintf(opts.OutWriter, "To use this profile, you must set the flag [-%s %s] for every command.\n", flag.ProfileShort, config.Name())
+	}
+	_, _ = fmt.Fprintf(opts.OutWriter, "You can use [%s config set] to change these settings at a later time.\n", atlasName)
+	return nil
 }
 
 // SyncWithOAuthAccessProfile returns a function that is synchronizing the oauth settings
@@ -102,7 +203,7 @@ func (opts *LoginOpts) SyncWithOAuthAccessProfile(c LoginConfig) func() error {
 	}
 }
 
-func (opts *LoginOpts) LoginRun(ctx context.Context) error {
+func (opts *LoginOpts) runUserAccountLogin(ctx context.Context) error {
 	if err := opts.oauthFlow(ctx); err != nil {
 		return err
 	}
@@ -141,6 +242,18 @@ func (opts *LoginOpts) LoginRun(ctx context.Context) error {
 	return nil
 }
 
+func (opts *LoginOpts) LoginRun(ctx context.Context) error {
+	if err := opts.promptAuthType(); err != nil {
+		return fmt.Errorf("failed to select authentication type: %w", err)
+	}
+
+	if opts.authType == apiKeysAuth {
+		return opts.runAPIKeysLogin(ctx)
+	}
+
+	return opts.runUserAccountLogin(ctx)
+}
+
 func (opts *LoginOpts) checkProfile(ctx context.Context) error {
 	if err := opts.InitStore(ctx); err != nil {
 		return err
@@ -223,6 +336,10 @@ func (opts *LoginOpts) handleBrowser(uri string) {
 		return
 	}
 
+	if !opts.force {
+		_, _ = fmt.Fprintf(opts.OutWriter, "\nPress Enter to open the browser to complete authentication...")
+		_, _ = fmt.Scanln()
+	}
 	if errBrowser := browser.OpenURL(uri); errBrowser != nil {
 		_, _ = log.Warningln("There was an issue opening your browser")
 	}
@@ -243,7 +360,7 @@ func (opts *LoginOpts) oauthFlow(ctx context.Context) error {
 		}
 
 		accessToken, _, err := opts.PollToken(ctx, code)
-		if retry, errRetry := shouldRetryAuthenticate(err, newRegenerationPrompt()); errRetry != nil {
+		if retry, errRetry := opts.shouldRetryAuthenticate(err, newRegenerationPrompt()); errRetry != nil {
 			return errRetry
 		} else if retry {
 			continue
@@ -258,11 +375,11 @@ func (opts *LoginOpts) oauthFlow(ctx context.Context) error {
 	}
 }
 
-func shouldRetryAuthenticate(err error, p survey.Prompt) (retry bool, errSurvey error) {
+func (opts *LoginOpts) shouldRetryAuthenticate(err error, p survey.Prompt) (retry bool, errSurvey error) {
 	if err == nil || !auth.IsTimeoutErr(err) {
 		return false, nil
 	}
-	err = telemetry.TrackAskOne(p, &retry)
+	err = opts.Asker.TrackAskOne(p, &retry)
 	return retry, err
 }
 
@@ -290,7 +407,9 @@ func (opts *LoginOpts) LoginPreRun(ctx context.Context) func() error {
 }
 
 func LoginBuilder() *cobra.Command {
-	opts := &LoginOpts{}
+	opts := &LoginOpts{
+		Asker: &telemetry.Ask{},
+	}
 
 	cmd := &cobra.Command{
 		Use:   "login",
@@ -316,8 +435,10 @@ func LoginBuilder() *cobra.Command {
 	}
 
 	cmd.Flags().BoolVar(&opts.IsGov, "gov", false, "Log in to Atlas for Government.")
-	cmd.Flags().BoolVar(&opts.NoBrowser, "noBrowser", false, "Don't try to open a browser session.")
+	cmd.Flags().BoolVar(&opts.NoBrowser, "noBrowser", false, "Don't automatically open a browser session.")
 	cmd.Flags().BoolVar(&opts.SkipConfig, "skipConfig", false, "Skip profile configuration.")
 	_ = cmd.Flags().MarkDeprecated("skipConfig", "if you configured a profile, the command skips the config step by default.")
+	cmd.Flags().BoolVar(&opts.force, flag.Force, false, usage.Force)
+	_ = cmd.Flags().MarkHidden(flag.Force)
 	return cmd
 }