fix: Tenant domain handling in cloud commands

2025-12-10 00:22:08 -06:00 · 2024-10-11 10:07:01 +05:30 · 2024-10-11 10:07:01 +05:30 · 69e32d99cc
commit 69e32d99cc
parent ad6340e60d
4 changed files with 33 additions and 22 deletions
--- a/cmd/cloud/login.go
+++ b/cmd/cloud/login.go
@ -12,10 +12,6 @@ import (
 	"github.com/spf13/cobra"
 )

-var (
-	loginTenantDomain string
-)
-
 func newCloudLoginCommand() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "login",
@ -30,9 +26,6 @@ func newCloudLoginCommand() *cobra.Command {
 		},
 	}

-	cmd.Flags().StringVar(&loginTenantDomain, "tenant", "",
-		"Domain of the tenant to login to for existing users")
-
 	return cmd
 }

@ -59,5 +52,6 @@ func executeDeviceAuthFlow() error {
 		return fmt.Errorf("failed to authenticate: %w", err)
 	}

-	return auth.PersistCloudTokens(token.Token, token.RefreshToken, loginTenantDomain)
+	return auth.PersistCloudTokens(token.Token,
+		token.RefreshToken, tenantDomain)
 }
--- a/cmd/cloud/main.go
+++ b/cmd/cloud/main.go
@ -1,6 +1,11 @@
 package cloud

-import "github.com/spf13/cobra"
+import (
+	"github.com/safedep/vet/internal/auth"
+	"github.com/spf13/cobra"
+)
+
+var tenantDomain string

 func NewCloudCommand() *cobra.Command {
 	cmd := &cobra.Command{
@ -11,6 +16,9 @@ func NewCloudCommand() *cobra.Command {
 		},
 	}

+	cmd.PersistentFlags().StringVar(&tenantDomain, "tenant", "",
+		"Tenant domain to use for the command")
+
 	cmd.AddCommand(newCloudLoginCommand())
 	cmd.AddCommand(newRegisterCommand())
 	cmd.AddCommand(newQueryCommand())
@ -18,5 +26,11 @@ func NewCloudCommand() *cobra.Command {
 	cmd.AddCommand(newWhoamiCommand())
 	cmd.AddCommand(newKeyCommand())

+	cmd.PersistentPreRun = func(cmd *cobra.Command, args []string) {
+		if tenantDomain != "" {
+			auth.SetRuntimeCloudTenant(tenantDomain)
+		}
+	}
+
 	return cmd
 }
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@ -11,10 +11,11 @@ import (
 )

 const (
-	apiUrlEnvKey          = "VET_INSIGHTS_API_URL"
-	apiKeyEnvKey          = "VET_INSIGHTS_API_KEY"
-	apiKeyAlternateEnvKey = "VET_API_KEY"
-	communityModeEnvKey   = "VET_COMMUNITY_MODE"
+	apiUrlEnvKey             = "VET_INSIGHTS_API_URL"
+	apiKeyEnvKey             = "VET_INSIGHTS_API_KEY"
+	apiKeyAlternateEnvKey    = "VET_API_KEY"
+	communityModeEnvKey      = "VET_COMMUNITY_MODE"
+	controlTowerTenantEnvKey = "VET_CONTROL_TOWER_TENANT_ID"

 	defaultApiUrl          = "https://api.safedep.io/insights/v1"
 	defaultCommunityApiUrl = "https://api.safedep.io/insights-community/v1"
@ -168,6 +169,11 @@ func ControlTowerUrl() string {
 }

 func TenantDomain() string {
+	tenantFromEnv := os.Getenv(controlTowerTenantEnvKey)
+	if tenantFromEnv != "" {
+		return tenantFromEnv
+	}
+
 	if globalConfig != nil {
 		return globalConfig.TenantDomain
 	}
@ -226,6 +232,10 @@ func SetRuntimeCommunityMode() {
 	os.Setenv(communityModeEnvKey, "true")
 }

+func SetRuntimeCloudTenant(domain string) {
+	os.Setenv(controlTowerTenantEnvKey, domain)
+}
+
 func loadConfiguration() error {
 	path, err := os.UserHomeDir()
 	if err != nil {
--- a/internal/auth/grpc.go
+++ b/internal/auth/grpc.go
@ -35,17 +35,10 @@ func cloudClientConnection(name, loc, tok string) (*grpc.ClientConn, error) {

 	logger.Debugf("ControlTower host: %s, port: %s", host, port)

-	vetTenantId := TenantDomain()
-	tenantIdOverride := os.Getenv("VET_CONTROL_TOWER_TENANT_ID")
-
-	if tenantIdOverride != "" {
-		vetTenantId = tenantIdOverride
-	}
-
 	headers := http.Header{}
-	headers.Set("x-tenant-id", vetTenantId)
+	headers.Set("x-tenant-id", TenantDomain())

-	vetTenantMockUser := os.Getenv("VET_CONTROL_TOWER_MOCK_USER")
+	vetTenantMockUser := os.Getenv(controlTowerTenantEnvKey)
 	if vetTenantMockUser != "" {
 		headers.Set("x-mock-user", vetTenantMockUser)
 	}