Skip to content

fix/add-remote-ini-file #231

Description

@bwalsh

7) remote add gen3: INI key persistence review

This section documents how git drs remote add gen3 persists credentials into ~/.gen3/gen3_client_config.ini and where current behavior is incorrect.

7.1 Current implementation path

  • Command path: cmd/remote/add/gen3.go (Gen3Cmd -> gen3Init(...)).
  • Credentials are persisted via configure.Save(cred) where configure is github.com/calypr/syfon/client/config manager.
  • INI keys used by syfon config manager are:
    • key_id
    • api_key
    • access_token
    • api_endpoint

7.2 What gets written for each auth mode

A) --cred <json> mode

gen3Init(...) imports a credentials file and sets:

  • cred.APIKey -> saved as api_key
  • cred.KeyID -> saved as key_id
  • cred.AccessToken -> saved as access_token

This is generally correct for durable profile auth and token refresh behavior.

B) --token <token> mode

gen3Init(...) sets only:

  • AccessToken (saved as access_token)
  • APIKey is empty
  • KeyID is empty

Expected intent: profile should behave as token-only (no stale api_key/key_id).

7.3 Confirmed bug: stale INI keys are not cleared

syfon/client/config.Manager.Save(...) only writes keys when non-empty and does not clear existing keys when a field is empty.

Result:

  • If a profile previously had api_key/key_id (from --cred) and is later updated with --token, old api_key/key_id remain in the INI section.
  • This can leave the profile in a mixed state (new access_token, stale api_key/key_id).

Impact:

  • Behavior may be confusing and can trigger unintended refresh attempts/validation paths that consider stale api_key.
  • Operators may think they switched to token-only auth, but persisted profile still carries old key material.

7.4 Secondary add remote bug (related)

  • --url is declared for git drs remote add gen3 (cmd/remote/add/init.go) but is not used in gen3Init(...).
  • gen3Init(...) always derives api_endpoint from token/profile data.

This is not an INI key-name bug, but it is an add remote correctness bug that affects what endpoint is saved to INI.

7.5 Potential fixes

Fix option 1 (preferred): make Save clear absent keys

In syfon/client/config.Manager.Save(...):

  • If APIKey == "", delete api_key from section.
  • If KeyID == "", delete key_id from section.
  • If AccessToken == "", delete access_token from section.

This makes INI persistence reflect the caller's credential intent and prevents stale key carry-over.

Fix option 2: explicit cleanup in gen3Init(...)

Before configure.Save(cred) in token-mode:

  • Load existing profile
  • explicitly blank/remove api_key and key_id
  • then save

This localizes fix to git-drs but duplicates config semantics that are better handled in syfon manager.

Fix option 3: wire --url and endpoint precedence

Update gen3Init(...) signature and call site to accept endpoint flag and use precedence:

  1. explicit --url (if provided)
  2. parse from provided auth token/cred
  3. existing profile fallback

This resolves endpoint persistence drift and matches CLI expectation.

7.6 Suggested regression tests

  • Start with profile containing api_key + key_id + access_token.
  • Run git drs remote add gen3 ... --token ....
  • Assert INI section no longer contains stale api_key/key_id (or contains explicit empty values by chosen policy).
  • Assert api_endpoint honors --url when provided.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions