Skip to content

CLOUDP-330675: Reworks atlas auth login flow #4038

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jul 16, 2025
Merged

CLOUDP-330675: Reworks atlas auth login flow #4038

merged 5 commits into from
Jul 16, 2025

Conversation

cveticm
Copy link
Collaborator

@cveticm cveticm commented Jul 14, 2025
edited
Loading

Proposed changes

  1. Adds prompt flow to ask user which form of authentication they would like to log in with.
atlas auth login
? Select authentication type:  [Use arrows to move, type to filter]
> UserAccount - (best for getting started)
  APIKeys - (for existing automations)

APIKeys logic is taken directly from atlas config init. This duplicated code will be removed as a part of CLOUDP-329797

  1. Adds hidden flag --force. When used, browser flow (User Account) is taken and user will not be prompted on authentication method.

Jira ticket: CLOUDP-330675

Checklist

  • I have signed the MongoDB CLA
  • I have added tests that prove my fix is effective or that my feature works
  • I have added any necessary documentation in document requirements section listed in CONTRIBUTING.md (if appropriate)
  • I have addressed the @mongodb/docs-cloud-team comments (if appropriate)
  • I have updated test/README.md (if an e2e test has been added)
  • I have run make fmt and formatted my code

@cveticm cveticm changed the base branch from master to SA_refactor_feature_branch July 14, 2025 13:34
@github-actions github-actions bot removed the atlascli label Jul 14, 2025
@cveticm cveticm force-pushed the CLOUDP-330675_atlas_auth_login_flow branch from deea26c to 6cbf561 Compare July 14, 2025 13:43
@cveticm cveticm force-pushed the CLOUDP-330675_atlas_auth_login_flow branch from 6cbf561 to eeb7bc4 Compare July 14, 2025 13:51
@cveticm cveticm marked this pull request as ready for review July 14, 2025 14:12
@cveticm cveticm requested review from a team as code owners July 14, 2025 14:12
@github-actions github-actions bot added the need-doc-review Improvements or additions to documentation, will be reviewed by the docs team label Jul 14, 2025
@github-actions GitHub Actions
Copy link
Contributor

APIx Bot :bowtie:: a message has been sent to Docs Slack channel 🚀.

jwilliams-mongo
jwilliams-mongo reviewed Jul 14, 2025
View reviewed changes
internal/cli/auth/login.go Outdated
@@ -316,8 +421,10 @@ func LoginBuilder() *cobra.Command {
}

cmd.Flags().BoolVar(&opts.IsGov, "gov", false, "Log in to Atlas for Government.")
cmd.Flags().BoolVar(&opts.NoBrowser, "noBrowser", false, "Don't try to open a browser session.")
cmd.Flags().BoolVar(&opts.NoBrowser, "noBrowser", false, "Don't try to open a browser session to authenticate your User Account.")
Copy link
Contributor

@jwilliams-mongo jwilliams-mongo Jul 14, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if this is true, will the CLI use only config files / env variables for auth? Or perhaps a session that is already authenticated? Wondering if we need to be clear about that behavior here.

I think we can remove the word "try" as it isn't clear to me if this is true if it just doesn't open a browser window or if it opens it if specific conditions are met or not met.

Suggested change
cmd.Flags().BoolVar(&opts.NoBrowser, "noBrowser", false, "Don't try to open a browser session to authenticate your User Account.")
cmd.Flags().BoolVar(&opts.NoBrowser, "noBrowser", false, "Don't open a browser session to authenticate your User Account.")

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When --noBrowser=false, a browser session is opened for users to authenticate through.

When it is true, the behaviour is that a browser session will not be opened automatically and users will have to access the link manually.

Would this make that behaviour more clear?

Suggested change
cmd.Flags().BoolVar(&opts.NoBrowser, "noBrowser", false, "Don't try to open a browser session to authenticate your User Account.")
cmd.Flags().BoolVar(&opts.NoBrowser, "noBrowser", false, "Don't automatically open a browser session.")

fmenezes
fmenezes reviewed Jul 14, 2025
View reviewed changes
internal/cli/auth/login.go Outdated
@@ -238,6 +344,9 @@ func (opts *LoginOpts) oauthFlow(ctx context.Context) error {

opts.printAuthInstructions(code)
if !askedToOpenBrowser {
fmt.Printf("\nBrowser will be automatically opened in %d seconds...", browserWait)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

make sure to run by Jonny, he designed these changes

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noted, will check

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

modified this logic to more closely follow what was outlined in Scope (prompt user to press a key to open browser) and checked w Jonny, he gives his thumbs up on new implementation

@github-actions GitHub Actions
Copy link
Contributor

Coverage Report 📈

Branch Commit Coverage
SA_refactor_feature_branch e82d6b3 25.7%
CLOUDP-330675_atlas_auth_login_flow 626e423 25.8%
Difference .1%

fmenezes
fmenezes reviewed Jul 15, 2025
View reviewed changes
internal/cli/auth/login.go
@@ -49,20 +51,119 @@ type LoginConfig interface {
ProjectID() string
}

type TrackAsker interface {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

while I think this is fine, why have you added this? don't we just disable telemetry on our tests?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried and was unable to get this to work for testing runApiKeysLogin.
I believe the limitation is that, even if telemetry is disabled, the prompts are still asked and wait for input, resulting in the test failing with err EOF.

This structure also allows us to mock prompt responses (as seen for Test_shouldRetryAuthenticate here) which would allow us to cover more specific cases in future if needed.

@cveticm cveticm merged commit 5fbb105 into SA_refactor_feature_branch Jul 16, 2025
34 of 35 checks passed
@cveticm cveticm deleted the CLOUDP-330675_atlas_auth_login_flow branch July 16, 2025 08:32
cveticm added a commit that referenced this pull request Aug 5, 2025
@cveticm
CLOUDP-330675: Reworks atlas auth login flow (#4038)
224eacb
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fmenezes fmenezes fmenezes approved these changes

@jeroenvervaeke jeroenvervaeke Awaiting requested review from jeroenvervaeke

@jwilliams-mongo jwilliams-mongo Awaiting requested review from jwilliams-mongo

Assignees
No one assigned
Labels
need-doc-review Improvements or additions to documentation, will be reviewed by the docs team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@cveticm @fmenezes @jeroenvervaeke @jwilliams-mongo