Skip to content

datumctl inside cloud-portal window#156

Draft
mattdjenkinson wants to merge 4 commits intomainfrom
cloud-portal/ambient-token
Draft

datumctl inside cloud-portal window#156
mattdjenkinson wants to merge 4 commits intomainfrom
cloud-portal/ambient-token

Conversation

@mattdjenkinson
Copy link
Copy Markdown

No description provided.

Introduce DATUMCTL_TOKEN / DATUM_API_HOSTNAME / DATUMCTL_USER_EMAIL /
DATUMCTL_USER_SUBJECT environment variables that let a trusted host
(e.g. the cloud-portal embedded terminal) hand datumctl a pre-obtained
bearer token and endpoint, bypassing the keyring-based OAuth flow.

When DATUMCTL_TOKEN is set:
- All credential lookups synthesize an in-memory identity and static
  token source; the OS keyring is never read or written.
- Commands that mutate authentication or context state (login, logout,
  auth switch, auth update-kubeconfig, ctx use) are rejected with a
  clear error, so the host can guarantee pinned identity + context for
  the lifetime of the process.
- Existing DATUM_PROJECT / DATUM_ORGANIZATION env vars continue to pin
  the scope via the factory's resolveScope path.

Local branch only; not intended for upstream yet.

Made-with: Cursor
Short-circuit whoami when DATUMCTL_TOKEN is set so it prints the
ambient identity (email / subject / endpoint) and the active
DATUM_PROJECT/DATUM_ORGANIZATION override instead of erroring with
ErrNoActiveUser because there's no local keyring session.

Keeps the embedded terminal's UX consistent: whoami works alongside
get/describe once the host has supplied an ambient token.

Made-with: Cursor
The endpoint (API hostname) is an internal deployment detail users
don't need to see — they're targeting "Datum Cloud" conceptually, not
a particular server. Remove it from both the keyring-backed and
ambient-token paths.

Made-with: Cursor
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant