#29 Perform OAuth2 Implicit Grant Flow to get access token

- removed unnecessary user/password flags

piu/cli.py

@@ -137,7 +137,7 @@ def tunnel_validation(ctx, param, value):
 
 
 def _request_access(even_url, cacert, username, hostname, reason, remote_host,
-                    lifetime, user, password, clip, connect, tunnel):
+                    lifetime, clip, connect, tunnel):
     data = {'username': username, 'hostname': hostname, 'reason': reason}
     host_via = hostname
     if remote_host:
@@ -198,9 +198,6 @@ def cli(ctx, config_file):
 @click.argument('host', metavar='[USER]@HOST', required=False)
 @click.argument('reason', required=False)
 @click.argument('reason_cont', nargs=-1, metavar='[..]', required=False)
-@click.option('-U', '--user', help='Username to use for OAuth2 authentication', envvar='PIU_USER', metavar='NAME')
-@click.option('-p', '--password', help='Password to use for OAuth2 authentication',
-              envvar='PIU_PASSWORD', metavar='PWD')
 @click.option('-E', '--even-url', help='Even SSH Access Granting Service URL', envvar='EVEN_URL', metavar='URI')
 @click.option('-O', '--odd-host', help='Odd SSH bastion hostname', envvar='ODD_HOST', metavar='HOSTNAME')
 @click.option('-t', '--lifetime', help='Lifetime of the SSH access request in minutes (default: 60)',
@@ -212,7 +209,7 @@ def cli(ctx, config_file):
 @click.option('--tunnel', help='Tunnel to the host', envvar='PIU_TUNNEL',
               callback=tunnel_validation, metavar='LOCALPORT:REMOTEPORT')
 @click.pass_obj
-def request_access(obj, host, reason, reason_cont, user, password, even_url, odd_host, lifetime, interactive,
+def request_access(obj, host, reason, reason_cont, even_url, odd_host, lifetime, interactive,
                    insecure, clip, connect, tunnel):
     '''Request SSH access to a single host'''
 
@@ -226,13 +223,11 @@ def request_access(obj, host, reason, reason_cont, user, password, even_url, odd
     if connect and tunnel:
         raise click.UsageError('Cannot specify both "connect" and "tunnel"')
 
-    user = user or zign.api.get_config().get('user') or os.getenv('USER')
-
     parts = host.split('@')
     if len(parts) > 1:
         username = parts[0]
     else:
-        username = user
+        username = zign.api.get_config().get('user') or os.getenv('USER')
 
     hostname = parts[-1]
 
@@ -293,7 +288,7 @@ def request_access(obj, host, reason, reason_cont, user, password, even_url, odd
         remote_host = None
 
     return_code = _request_access(even_url, cacert, username, first_host, reason, remote_host, lifetime,
-                                  user, password, clip, connect, tunnel)
+                                  clip, connect, tunnel)
 
     if return_code != 200:
         sys.exit(return_code)

tests/test_cli.py

@@ -18,7 +18,6 @@ def test_success(monkeypatch):
     response = MagicMock(status_code=200, text='**MAGIC-SUCCESS**')
     monkeypatch.setattr('zign.api.get_token', MagicMock(return_value='123'))
     monkeypatch.setattr('requests.post', MagicMock(return_value=response))
-    monkeypatch.setattr('keyring.set_password', MagicMock())
     runner = CliRunner()
 
     with runner.isolated_filesystem():
@@ -27,7 +26,6 @@ def test_success(monkeypatch):
                                 '--lifetime=15',
                                 '--even-url=https://localhost/',
                                 '--odd-host=odd.example.org',
-                                '--password=foobar',
                                 'my reason'],
                                catch_exceptions=False)
 
@@ -38,15 +36,13 @@ def test_bad_request(monkeypatch):
     response = MagicMock(status_code=400, text='**MAGIC-BAD-REQUEST**')
     monkeypatch.setattr('zign.api.get_token', MagicMock(return_value='123'))
     monkeypatch.setattr('requests.post', MagicMock(return_value=response))
-    monkeypatch.setattr('keyring.set_password', MagicMock())
     runner = CliRunner()
 
     with runner.isolated_filesystem():
         result = runner.invoke(cli,
                                ['req',
                                 '--lifetime=15',
                                 '--even-url=https://localhost/',
-                                '--password=foobar',
                                 'myuser@odd-host',
                                 'my reason'],
                                catch_exceptions=False)
@@ -59,14 +55,12 @@ def test_auth_failure(monkeypatch):
     response = MagicMock(status_code=403, text='**MAGIC-AUTH-FAILED**')
     monkeypatch.setattr('zign.api.get_token', MagicMock(return_value='123'))
     monkeypatch.setattr('requests.post', MagicMock(return_value=response))
-    monkeypatch.setattr('keyring.set_password', MagicMock())
     runner = CliRunner()
 
     with runner.isolated_filesystem():
         result = runner.invoke(cli,
                                ['r',
                                 '--even-url=https://localhost/',
-                                '--password=invalid',
                                 'myuser@odd-host',
                                 'my reason'],
                                catch_exceptions=False)
@@ -81,8 +75,6 @@ def test_dialog(monkeypatch):
     monkeypatch.setattr('requests.post', MagicMock(return_value=response))
     monkeypatch.setattr('requests.get', MagicMock(return_value=response))
     monkeypatch.setattr('socket.getaddrinfo', MagicMock())
-    monkeypatch.setattr('keyring.set_password', MagicMock())
-    monkeypatch.setattr('keyring.get_password', MagicMock(return_value=None))
     runner = CliRunner()
 
     with runner.isolated_filesystem():
@@ -99,8 +91,6 @@ def test_oauth_failure(monkeypatch):
     monkeypatch.setattr('requests.post', MagicMock(return_value=response))
     monkeypatch.setattr('requests.get', MagicMock(return_value=response))
     monkeypatch.setattr('socket.getaddrinfo', MagicMock())
-    monkeypatch.setattr('keyring.set_password', MagicMock())
-    monkeypatch.setattr('keyring.get_password', MagicMock(return_value=None))
     runner = CliRunner()
 
     with runner.isolated_filesystem():