Draft
Conversation
Introduce DATUMCTL_TOKEN / DATUM_API_HOSTNAME / DATUMCTL_USER_EMAIL / DATUMCTL_USER_SUBJECT environment variables that let a trusted host (e.g. the cloud-portal embedded terminal) hand datumctl a pre-obtained bearer token and endpoint, bypassing the keyring-based OAuth flow. When DATUMCTL_TOKEN is set: - All credential lookups synthesize an in-memory identity and static token source; the OS keyring is never read or written. - Commands that mutate authentication or context state (login, logout, auth switch, auth update-kubeconfig, ctx use) are rejected with a clear error, so the host can guarantee pinned identity + context for the lifetime of the process. - Existing DATUM_PROJECT / DATUM_ORGANIZATION env vars continue to pin the scope via the factory's resolveScope path. Local branch only; not intended for upstream yet. Made-with: Cursor
Short-circuit whoami when DATUMCTL_TOKEN is set so it prints the ambient identity (email / subject / endpoint) and the active DATUM_PROJECT/DATUM_ORGANIZATION override instead of erroring with ErrNoActiveUser because there's no local keyring session. Keeps the embedded terminal's UX consistent: whoami works alongside get/describe once the host has supplied an ambient token. Made-with: Cursor
The endpoint (API hostname) is an internal deployment detail users don't need to see — they're targeting "Datum Cloud" conceptually, not a particular server. Remove it from both the keyring-backed and ambient-token paths. Made-with: Cursor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.