zilliz 1.4.3

TUI and CLI tool for managing Zilliz Cloud clusters and Milvus operations
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303

//! Auth0 device-code helpers usable from non-blocking contexts (TUI, tests).
//!
//! These mirror the inner state machine of `src/cli/auth.rs::login_with_browser`,
//! but expose it as pure async functions without `println!` side effects.

use std::sync::atomic::{AtomicBool, Ordering};
use std::sync::Arc;
use std::time::Duration;

use anyhow::{bail, Context, Result};
use serde::Deserialize;

use crate::config::manager::ConfigManager;
use crate::model::types::AuthConfig;

#[derive(Debug, Clone, Deserialize)]
pub struct DeviceCodeResponse {
    pub device_code: String,
    pub user_code: String,
    pub verification_uri_complete: String,
    pub expires_in: u64,
    #[serde(default = "default_interval")]
    pub interval: u64,
}

fn default_interval() -> u64 {
    5
}

/// Auth0's device-flow default poll interval. Used as a floor so a bogus
/// `interval: 0` from the token endpoint can't spin the poll loop.
const MIN_POLL_INTERVAL_SECS: u64 = 5;

/// Request/connect timeouts for the Auth0 + login HTTP calls. Mirrors
/// `ApiClient` so a stalled network/TLS connection can't hang the background
/// sign-in task indefinitely (cancellation is only observed once `send()`
/// returns).
const HTTP_REQUEST_TIMEOUT: Duration = Duration::from_secs(60);
const HTTP_CONNECT_TIMEOUT: Duration = Duration::from_secs(30);

/// Build a reqwest client with bounded timeouts shared by all device-code
/// HTTP calls.
fn http_client() -> Result<reqwest::Client> {
    reqwest::Client::builder()
        .user_agent(format!("zilliz-cli/{}", env!("CARGO_PKG_VERSION")))
        .timeout(HTTP_REQUEST_TIMEOUT)
        .connect_timeout(HTTP_CONNECT_TIMEOUT)
        .build()
        .context("Failed to build HTTP client")
}

#[derive(Debug, Clone, Deserialize)]
pub struct TokenResponse {
    pub access_token: String,
}

#[derive(Debug, Deserialize)]
struct TokenErrorResponse {
    error: String,
    #[serde(default)]
    #[allow(dead_code)]
    error_description: String,
}

/// Cooperative cancellation token shared between the TUI handler and the
/// background polling task. Hand-rolled (rather than pulling in `tokio_util`)
/// because we only need a single atomic flag.
#[derive(Debug, Clone, Default)]
pub struct CancellationToken {
    flag: Arc<AtomicBool>,
}

impl CancellationToken {
    pub fn new() -> Self {
        Self::default()
    }

    pub fn cancel(&self) {
        self.flag.store(true, Ordering::SeqCst);
    }

    pub fn is_cancelled(&self) -> bool {
        self.flag.load(Ordering::SeqCst)
    }
}

/// Request a device code from Auth0. Pure async, no side effects.
pub async fn request_device_code(auth_config: &AuthConfig) -> Result<DeviceCodeResponse> {
    let client = http_client()?;

    let resp: DeviceCodeResponse = client
        .post(format!("{}/oauth/device/code", auth_config.auth0_domain))
        .form(&[
            ("client_id", auth_config.client_id.as_str()),
            ("scope", "openid email profile"),
        ])
        .send()
        .await
        .context("Failed to request device code")?
        .json()
        .await
        .context("Invalid device code response")?;
    Ok(resp)
}

/// Poll the Auth0 token endpoint until success, failure, or the supplied
/// cancellation token fires.
pub async fn poll_for_token(
    auth_config: &AuthConfig,
    device_code: &str,
    interval_secs: u64,
    timeout_secs: u64,
    cancel: CancellationToken,
) -> Result<TokenResponse> {
    let client = http_client()?;
    let url = format!("{}/oauth/token", auth_config.auth0_domain);
    let start = std::time::Instant::now();
    let timeout = Duration::from_secs(timeout_secs);
    // Clamp to a sane floor: Auth0 occasionally returns `interval: 0`, which
    // would otherwise make `target` zero and spin the poll loop.
    let mut interval = interval_secs.max(MIN_POLL_INTERVAL_SECS);

    loop {
        if cancel.is_cancelled() {
            bail!("Cancelled by user");
        }
        if start.elapsed() > timeout {
            bail!("Authentication timed out. Please try again.");
        }

        // Sleep in short slices so cancellation responds quickly.
        let slice = Duration::from_millis(250);
        let mut slept = Duration::ZERO;
        let target = Duration::from_secs(interval);
        while slept < target {
            if cancel.is_cancelled() {
                bail!("Cancelled by user");
            }
            tokio::time::sleep(slice).await;
            slept += slice;
        }

        let resp = client
            .post(&url)
            .form(&[
                ("grant_type", "urn:ietf:params:oauth:grant-type:device_code"),
                ("device_code", device_code),
                ("client_id", auth_config.client_id.as_str()),
            ])
            .send()
            .await
            .context("Token poll request failed")?;

        if resp.status().is_success() {
            return resp
                .json::<TokenResponse>()
                .await
                .context("Invalid token response");
        }

        let error_resp: TokenErrorResponse = resp.json().await.unwrap_or(TokenErrorResponse {
            error: "unknown".to_string(),
            error_description: "Unknown error".to_string(),
        });

        match error_resp.error.as_str() {
            "authorization_pending" => continue,
            "slow_down" => {
                interval = (interval + 5).min(60);
                continue;
            }
            "expired_token" => bail!("Authentication timed out. Please try again."),
            "access_denied" => bail!("Authentication was denied."),
            other => bail!("Authentication failed: {}", other),
        }
    }
}

/// Persist an API key into `~/.zilliz/credentials`. Thin wrapper that exists
/// only so callers don't import `ConfigManager` just to call one method.
pub fn save_api_key(config_mgr: &ConfigManager, api_key: &str) -> Result<()> {
    config_mgr.save_api_key_only(api_key)
}

/// Result of exchanging an Auth0 access token for CLI credentials via the
/// `/account/v1/cli/login` endpoint. Mirrors the JSON returned by the API.
#[derive(Clone)]
pub struct LoginPayload {
    pub user_id: String,
    pub email: String,
    pub name: String,
    /// Raw org objects from the API. Passed through to
    /// `ConfigManager::save_login_data` which knows how to extract api keys.
    pub orgs: Vec<serde_json::Value>,
}

// Manual, redacted `Debug` so `{:?}` on a `LoginPayload` (or the `WizardMsg`
// that wraps it) can never leak the API keys carried inside `orgs`.
impl std::fmt::Debug for LoginPayload {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.debug_struct("LoginPayload")
            .field("user_id", &self.user_id)
            .field("email", &self.email)
            .field("name", &self.name)
            .field(
                "orgs",
                &format_args!("<{} org(s) redacted>", self.orgs.len()),
            )
            .finish()
    }
}

/// Exchange an Auth0 access token for CLI credentials. Pure async, no
/// `println!` / no `ConfigManager` access — callers persist the result via
/// `ConfigManager::save_login_data`.
pub async fn exchange_token(auth_config: &AuthConfig, access_token: &str) -> Result<LoginPayload> {
    let client = http_client()?;

    let url = format!("{}/account/v1/cli/login", auth_config.login_api);
    let resp = client
        .post(&url)
        .header("Authorization", format!("Bearer {}", access_token))
        .send()
        .await
        .context("Failed to exchange token")?;

    let status = resp.status();
    let body_text = resp.text().await.context("Failed to read login response")?;
    // Do not embed the raw response body in the error: a login endpoint could
    // include credentials/API keys in an error-shaped payload, and TUI/CLI
    // error paths surface this to stderr.
    let body: serde_json::Value = serde_json::from_str(&body_text)
        .with_context(|| format!("Invalid login response (HTTP {})", status.as_u16()))?;

    let code = body
        .get("code")
        .or_else(|| body.get("Code"))
        .and_then(|v| v.as_i64())
        .unwrap_or(-1);

    if !status.is_success() || (code != 0 && code != 200) {
        let msg = body
            .get("msg")
            .or_else(|| body.get("Message"))
            .and_then(|v| v.as_str())
            .unwrap_or("Login failed");
        bail!("Login failed ({}): {}", status.as_u16(), msg);
    }

    let data = body
        .get("data")
        .or_else(|| body.get("Data"))
        .cloned()
        .unwrap_or_default();
    let user = data.get("user").cloned().unwrap_or_default();
    let orgs = data
        .get("orgs")
        .and_then(|v| v.as_array())
        .cloned()
        .unwrap_or_default();

    Ok(LoginPayload {
        user_id: user
            .get("userId")
            .and_then(|v| v.as_str())
            .unwrap_or("")
            .to_string(),
        email: user
            .get("email")
            .and_then(|v| v.as_str())
            .unwrap_or("")
            .to_string(),
        name: user
            .get("name")
            .and_then(|v| v.as_str())
            .unwrap_or("")
            .to_string(),
        orgs,
    })
}

/// Best-effort browser opener. Errors are intentionally swallowed by callers;
/// the TUI surfaces a hint to copy the URL manually instead.
pub fn open_browser(url: &str) -> std::io::Result<()> {
    #[cfg(target_os = "macos")]
    {
        std::process::Command::new("open").arg(url).spawn()?;
    }
    #[cfg(target_os = "linux")]
    {
        std::process::Command::new("xdg-open").arg(url).spawn()?;
    }
    #[cfg(target_os = "windows")]
    {
        // Use the OS URL handler directly rather than `cmd /c start <url>`,
        // which would route a device-code URL through the Windows shell where
        // metacharacters could be interpreted.
        std::process::Command::new("explorer.exe")
            .arg(url)
            .spawn()?;
    }
    Ok(())
}