feat(account): support API token operations

go.mod

@@ -4,7 +4,7 @@ go 1.22
 
 require (
 	github.com/UpCloudLtd/progress v1.0.2
-	github.com/UpCloudLtd/upcloud-go-api/v8 v8.14.0
+	github.com/UpCloudLtd/upcloud-go-api/v8 v8.14.1-0.20250130171841-f32ab8d1a73c
 	github.com/adrg/xdg v0.3.2
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
 	github.com/gemalto/flume v0.12.0

go.sum

@@ -17,8 +17,8 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/UpCloudLtd/progress v1.0.2 h1:CTr1bBuFuXop9TEhR1PakbUMPTlUVL7Bgae9JgqXwPg=
 github.com/UpCloudLtd/progress v1.0.2/go.mod h1:iGxOnb9HvHW0yrLGUjHr0lxHhn7TehgWwh7a8NqK6iQ=
-github.com/UpCloudLtd/upcloud-go-api/v8 v8.14.0 h1:bJozr/MtrSl4P3ynq4Nkr8kGPQfPAGpGJ7/S/iVI1cc=
-github.com/UpCloudLtd/upcloud-go-api/v8 v8.14.0/go.mod h1:bFnrOkfsDDmsb94nnBV5eSQjjsfDnwAzLnCt9+b4t/4=
+github.com/UpCloudLtd/upcloud-go-api/v8 v8.14.1-0.20250130171841-f32ab8d1a73c h1:X88TqqpSTbJno235xQ8lKyj+6nLeaHVLYw85nRXh/AM=
+github.com/UpCloudLtd/upcloud-go-api/v8 v8.14.1-0.20250130171841-f32ab8d1a73c/go.mod h1:bFnrOkfsDDmsb94nnBV5eSQjjsfDnwAzLnCt9+b4t/4=
 github.com/adrg/xdg v0.3.2 h1:GUSGQ5pHdev83AYhDSS1A/CX+0JIsxbiWtow2DSA+RU=
 github.com/adrg/xdg v0.3.2/go.mod h1:7I2hH/IT30IsupOpKZ5ue7/qNi3CoKzD6tL3HwpaRMQ=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=

internal/commands/all/all.go

@@ -28,6 +28,7 @@ import (
 	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/servergroup"
 	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/storage"
 	storagebackup "github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/storage/backup"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/tokens"
 	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands/zone"
 	"github.com/UpCloudLtd/upcloud-cli/v3/internal/config"
 
@@ -122,6 +123,13 @@ func BuildCommands(rootCmd *cobra.Command, conf *config.Config) {
 	permissionsCommand := commands.BuildCommand(permissions.BasePermissionsCommand(), accountCommand.Cobra(), conf)
 	commands.BuildCommand(permissions.ListCommand(), permissionsCommand.Cobra(), conf)
 
+	// Token
+	tokenCommand := commands.BuildCommand(tokens.BaseTokensCommand(), rootCmd, conf)
+	commands.BuildCommand(tokens.CreateCommand(), tokenCommand.Cobra(), conf)
+	commands.BuildCommand(tokens.ListCommand(), tokenCommand.Cobra(), conf)
+	commands.BuildCommand(tokens.ShowCommand(), tokenCommand.Cobra(), conf)
+	commands.BuildCommand(tokens.DeleteCommand(), tokenCommand.Cobra(), conf)
+
 	// Zone
 	zoneCommand := commands.BuildCommand(zone.BaseZoneCommand(), rootCmd, conf)
 	commands.BuildCommand(zone.ListCommand(), zoneCommand.Cobra(), conf)

internal/commands/executor.go

@@ -33,6 +33,7 @@ type Executor interface {
 	Firewall() service.Firewall
 	IPAddress() service.IPAddress
 	Account() service.Account
+	Token() service.Token
 	All() internal.AllServices
 	Debug(msg string, args ...interface{})
 	WithLogger(args ...interface{}) Executor
@@ -135,6 +136,10 @@ func (e executorImpl) Account() service.Account {
 	return e.service
 }
 
+func (e executorImpl) Token() service.Token {
+	return e.service
+}
+
 func (e executorImpl) All() internal.AllServices {
 	return e.service
 }

internal/commands/tokens/create.go

@@ -0,0 +1,125 @@
+package tokens
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/output"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/ui"
+	"github.com/UpCloudLtd/upcloud-go-api/v8/upcloud/request"
+	"github.com/spf13/pflag"
+)
+
+// CreateCommand creates the "token create" command
+func CreateCommand() commands.Command {
+	return &createCommand{
+		BaseCommand: commands.New(
+			"create",
+			"Create an API token",
+			`upctl token create --name test --expires-in 1h`,
+			`upctl token create --name test --expires-in 1h --allowed-ip-ranges "0.0.0.0/0" --allowed-ip-ranges "::/0"`,
+		),
+	}
+}
+
+var defaultCreateParams = &createParams{
+	CreateTokenRequest: request.CreateTokenRequest{},
+	name:               "",
+	expiresIn:          0,
+	allowedIPRanges:    []string{}, // TODO: should we default to empty or "0.0.0.0/0", "::/0"?
+	canCreateTokens:    false,
+}
+
+func newCreateParams() createParams {
+	return createParams{
+		CreateTokenRequest: request.CreateTokenRequest{},
+	}
+}
+
+type createParams struct {
+	request.CreateTokenRequest
+	name            string
+	expiresIn       time.Duration
+	expiresAt       string
+	canCreateTokens bool
+	allowedIPRanges []string
+}
+
+func (s *createParams) processParams() error {
+	if s.expiresIn == 0 && s.expiresAt == "" {
+		return fmt.Errorf("either expires-in or expires-at must be set")
+	}
+	if s.expiresAt != "" {
+		var err error
+		s.ExpiresAt, err = time.Parse(time.RFC3339, s.expiresAt)
+		if err != nil {
+			return fmt.Errorf("invalid expires-at: %w", err)
+		}
+	} else {
+		s.ExpiresAt = time.Now().Add(s.expiresIn)
+	}
+	s.Name = s.name
+	s.CanCreateSubTokens = s.canCreateTokens
+	s.AllowedIPRanges = s.allowedIPRanges
+	return nil
+}
+
+type createCommand struct {
+	*commands.BaseCommand
+	params  createParams
+	flagSet *pflag.FlagSet
+}
+
+func applyCreateFlags(fs *pflag.FlagSet, dst, def *createParams) {
+	fs.StringVar(&dst.name, "name", def.name, "Name for the token.")
+	fs.StringVar(&dst.expiresAt, "expires-at", def.expiresAt, "Exact time when the token expires in RFC3339 format. e.g. 2025-01-01T00:00:00Z")
+	fs.DurationVar(&dst.expiresIn, "expires-in", def.expiresIn, "Duration until the token expires. e.g. 24h")
+	fs.BoolVar(&dst.canCreateTokens, "can-create-tokens", def.canCreateTokens, "Allow token to be used to create further tokens.")
+	fs.StringArrayVar(&dst.allowedIPRanges, "allowed-ip-ranges", def.allowedIPRanges, "Allowed IP ranges for the token.")
+
+	commands.Must(fs.SetAnnotation("name", commands.FlagAnnotationNoFileCompletions, nil))
+	commands.Must(fs.SetAnnotation("expires-at", commands.FlagAnnotationNoFileCompletions, nil))
+	commands.Must(fs.SetAnnotation("expires-in", commands.FlagAnnotationNoFileCompletions, nil))
+	commands.Must(fs.SetAnnotation("allowed-ip-ranges", commands.FlagAnnotationNoFileCompletions, nil))
+}
+
+// InitCommand implements Command.InitCommand
+func (s *createCommand) InitCommand() {
+	s.flagSet = &pflag.FlagSet{}
+	s.params = newCreateParams()
+	applyCreateFlags(s.flagSet, &s.params, defaultCreateParams)
+
+	s.AddFlags(s.flagSet)
+	commands.Must(s.Cobra().MarkFlagRequired("name"))
+}
+
+// ExecuteWithoutArguments implements commands.NoArgumentCommand
+func (s *createCommand) ExecuteWithoutArguments(exec commands.Executor) (output.Output, error) {
+	svc := exec.Token()
+
+	if err := s.params.processParams(); err != nil {
+		return nil, err
+	}
+
+	msg := fmt.Sprintf("Creating token %s", s.params.Name)
+	exec.PushProgressStarted(msg)
+
+	res, err := svc.CreateToken(exec.Context(), &s.params.CreateTokenRequest)
+	if err != nil {
+		return commands.HandleError(exec, msg, err)
+	}
+
+	exec.PushProgressSuccess(msg)
+
+	return output.MarshaledWithHumanDetails{Value: res, Details: []output.DetailRow{
+		{Title: "API Token", Value: res.APIToken, Colour: ui.DefaultNoteColours},
+		{Title: "Name", Value: res.Name},
+		{Title: "ID", Value: res.ID, Colour: ui.DefaultUUUIDColours},
+		{Title: "Type", Value: res.Type},
+		{Title: "Created At", Value: res.CreatedAt.Format(time.RFC3339)},
+		{Title: "Expires At", Value: res.ExpiresAt.Format(time.RFC3339)},
+		{Title: "Allowed IP Ranges", Value: res.AllowedIPRanges},
+		{Title: "Can Create Sub Tokens", Value: res.CanCreateSubTokens},
+	}}, nil
+}

internal/commands/tokens/create_test.go

@@ -0,0 +1,115 @@
+package tokens
+
+import (
+	"testing"
+	"time"
+
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/config"
+	smock "github.com/UpCloudLtd/upcloud-cli/v3/internal/mock"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/mockexecute"
+
+	"github.com/UpCloudLtd/upcloud-go-api/v8/upcloud"
+	"github.com/UpCloudLtd/upcloud-go-api/v8/upcloud/request"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
+)
+
+func TestCreateToken(t *testing.T) {
+	created := time.Now()
+
+	for _, test := range []struct {
+		name  string
+		resp  *upcloud.Token
+		args  []string
+		req   request.CreateTokenRequest
+		errFn assert.ErrorAssertionFunc
+	}{
+		{
+			name: "defaults",
+			args: []string{
+				"--name", "test",
+				"--expires-in", "1h",
+			},
+			req: request.CreateTokenRequest{
+				Name:               "test",
+				ExpiresAt:          created.Add(1 * time.Hour),
+				CanCreateSubTokens: false,
+				AllowedIPRanges:    nil,
+			},
+			resp: &upcloud.Token{
+				APIToken:           "ucat_01JH5D3ZZJVZS6JC713FA11CB8",
+				ID:                 "0cd8eab4-ecb7-445b-a457-6019b0a00496",
+				Name:               "test",
+				Type:               "workspace",
+				CreatedAt:          created,
+				ExpiresAt:          created.Add(1 * time.Hour),
+				LastUsed:           nil,
+				CanCreateSubTokens: false,
+				AllowedIPRanges:    []string{"0.0.0.0/0", "::/0"},
+			},
+			errFn: assert.NoError,
+		},
+		{
+			name: "missing name",
+			args: []string{
+				"--expires-in", "1h",
+			},
+			errFn: func(t assert.TestingT, err error, _ ...interface{}) bool {
+				return assert.ErrorContains(t, err, `required flag(s) "name" not set`)
+			},
+		},
+		{
+			name: "invalid expires-in",
+			args: []string{
+				"--name", "test",
+				"--expires-in", "seppo",
+			},
+			errFn: func(t assert.TestingT, err error, _ ...interface{}) bool {
+				return assert.ErrorContains(t, err, `invalid argument "seppo" for "--expires-in"`)
+			},
+		},
+		{
+			name: "invalid expires-at",
+			args: []string{
+				"--name", "test",
+				"--expires-at", "seppo",
+			},
+			errFn: func(t assert.TestingT, err error, _ ...interface{}) bool {
+				return assert.ErrorContains(t, err, `invalid expires-at: `)
+			},
+		},
+		{
+			name: "missing expiry",
+			args: []string{
+				"--name", "test",
+			},
+			errFn: func(t assert.TestingT, err error, _ ...interface{}) bool {
+				return assert.ErrorContains(t, err, `either expires-in or expires-at must be set`)
+			},
+		},
+	} {
+		t.Run(test.name, func(t *testing.T) {
+			conf := config.New()
+			testCmd := CreateCommand()
+			mService := new(smock.Service)
+
+			if test.resp != nil {
+				mService.On("CreateToken", mock.MatchedBy(func(req *request.CreateTokenRequest) bool {
+					// service uses time.Now() with "expires-in" added to it to set ExpiresAt, so we can't set a mock to any
+					// static value. Instead, we'll just check that the request has the correct name and that the ExpiresAt
+					// is within 1 second of "now".
+					return assert.Equal(t, test.req.Name, req.Name) && assert.InDelta(t, test.req.ExpiresAt.UnixMilli(), req.ExpiresAt.UnixMilli(), 1000)
+				})).Once().Return(test.resp, nil)
+			}
+
+			c := commands.BuildCommand(testCmd, nil, conf)
+			c.Cobra().SetArgs(test.args)
+			_, err := mockexecute.MockExecute(c, mService, conf)
+
+			if test.errFn(t, err) {
+				mService.AssertExpectations(t)
+			}
+		})
+	}
+}

internal/commands/tokens/delete.go

@@ -0,0 +1,47 @@
+package tokens
+
+import (
+	"fmt"
+
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/completion"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/resolver"
+
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/output"
+	"github.com/UpCloudLtd/upcloud-go-api/v8/upcloud/request"
+)
+
+// DeleteCommand creates the "token delete" command
+func DeleteCommand() commands.Command {
+	return &deleteCommand{
+		BaseCommand: commands.New(
+			"delete",
+			"Delete an API token",
+			"upctl token delete 0c0e2abf-cd89-490b-abdb-d06db6e8d816",
+		),
+	}
+}
+
+type deleteCommand struct {
+	*commands.BaseCommand
+	resolver.CachingToken
+	completion.Token
+}
+
+// Execute implements commands.MultipleArgumentCommand
+func (c *deleteCommand) Execute(exec commands.Executor, arg string) (output.Output, error) {
+	svc := exec.Token()
+	msg := fmt.Sprintf("Deleting API token %v", arg)
+	exec.PushProgressStarted(msg)
+
+	err := svc.DeleteToken(exec.Context(), &request.DeleteTokenRequest{
+		ID: arg,
+	})
+	if err != nil {
+		return commands.HandleError(exec, msg, err)
+	}
+
+	exec.PushProgressSuccess(msg)
+
+	return output.None{}, nil
+}

internal/commands/tokens/delete_test.go

@@ -0,0 +1,26 @@
+package tokens
+
+import (
+	"testing"
+
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/commands"
+	"github.com/UpCloudLtd/upcloud-cli/v3/internal/config"
+	smock "github.com/UpCloudLtd/upcloud-cli/v3/internal/mock"
+	"github.com/UpCloudLtd/upcloud-go-api/v8/upcloud/request"
+	"github.com/gemalto/flume"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDeleteCommand(t *testing.T) {
+	svc := &smock.Service{}
+	conf := config.New()
+	dr := &request.DeleteTokenRequest{ID: "0cdabbf9-090b-4fc5-a6ae-3f76801ed171"}
+
+	svc.On("DeleteToken", dr).Once().Return(nil)
+
+	command := commands.BuildCommand(DeleteCommand(), nil, conf)
+	_, err := command.(commands.MultipleArgumentCommand).Execute(commands.NewExecutor(conf, svc, flume.New("test")), dr.ID)
+	assert.NoError(t, err)
+
+	svc.AssertExpectations(t)
+}