feat: Support Oauth2.0 via credential script - phase1

cmd/tools/rest/client.go

@@ -41,6 +41,7 @@ type Client struct {
 	Logger   *logging.Logger
 	baseURL  string
 	cluster  Cluster
+	token    string
 	Timeout  time.Duration
 	logRest  bool // used to log Rest request/response
 	auth     *auth.Credentials
@@ -133,9 +134,13 @@ func (c *Client) GetRest(request string) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	if pollerAuth.Username != "" {
+	if pollerAuth.AuthToken != "" {
+		c.request.Header.Set("Authorization", "Bearer "+pollerAuth.AuthToken)
+		c.Logger.Debug().Msg("Using authToken from credential script")
+	} else if pollerAuth.Username != "" {
 		c.request.SetBasicAuth(pollerAuth.Username, pollerAuth.Password)
 	}
+
 	// ensure that we can change body dynamically
 	c.request.GetBody = func() (io.ReadCloser, error) {
 		r := bytes.NewReader(c.buffer.Bytes())
@@ -253,6 +258,13 @@ func (c *Client) invokeWithAuthRetry() ([]byte, error) {
 					if err2 != nil {
 						return nil, err2
 					}
+					// If the credential script returns an authToken, use it without re-fetching
+					if pollerAuth.AuthToken != "" {
+						c.token = pollerAuth.AuthToken
+						c.request.Header.Set("Authorization", "Bearer "+c.token)
+						c.Logger.Debug().Msg("Using authToken from credential script")
+						return doInvoke()
+					}
 					c.request.SetBasicAuth(pollerAuth2.Username, pollerAuth2.Password)
 					return doInvoke()
 				}

pkg/auth/auth.go

@@ -451,15 +451,16 @@ func (c *Credentials) Transport(request *http.Request) (*http.Transport, error)
 			},
 		}
 	} else {
-		password := pollerAuth.Password
-		if pollerAuth.Username == "" {
-			return nil, errs.New(errs.ErrMissingParam, "username")
-		} else if password == "" {
-			return nil, errs.New(errs.ErrMissingParam, "password")
+		if !pollerAuth.HasCredentialScript {
+			if pollerAuth.Username == "" {
+				return nil, errs.New(errs.ErrMissingParam, "username")
+			} else if pollerAuth.Password == "" {
+				return nil, errs.New(errs.ErrMissingParam, "password")
+			}
 		}
 
 		if request != nil {
-			request.SetBasicAuth(pollerAuth.Username, password)
+			request.SetBasicAuth(pollerAuth.Username, pollerAuth.Password)
 		}
 		transport = &http.Transport{
 			Proxy: http.ProxyFromEnvironment,