Merge pull request #3323 from Infisical/feat/allowCustomHeadersOnCLI

Feat/allow custom headers on cli

Author: carlosmonastyrski

cli/go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/fatih/semgroup v1.2.0
 	github.com/gitleaks/go-gitdiff v0.8.0
 	github.com/h2non/filetype v1.1.3
-	github.com/infisical/go-sdk v0.4.8
+	github.com/infisical/go-sdk v0.5.1
 	github.com/infisical/infisical-kmip v0.3.5
 	github.com/mattn/go-isatty v0.0.20
 	github.com/muesli/ansi v0.0.0-20221106050444-61f0cd9a192a
@@ -34,6 +34,7 @@ require (
 	golang.org/x/sys v0.31.0
 	golang.org/x/term v0.30.0
 	gopkg.in/yaml.v2 v2.4.0
+	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
@@ -125,7 +126,6 @@ require (
 	google.golang.org/grpc v1.64.1 // indirect
 	google.golang.org/protobuf v1.36.1 // indirect
 	gopkg.in/ini.v1 v1.62.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
 require (

cli/go.sum

@@ -277,8 +277,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
 github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/infisical/go-sdk v0.4.8 h1:aphRnaauC5//PkP1ZbY9RSK2RiT1LjPS5o4CbX0x5OQ=
-github.com/infisical/go-sdk v0.4.8/go.mod h1:bMO9xSaBeXkDBhTIM4FkkREAfw2V8mv5Bm7lvo4+uDk=
+github.com/infisical/go-sdk v0.5.1 h1:bl0D4A6CmvfL8RwEQTcZh39nsxC6q3HSs76/4J8grWY=
+github.com/infisical/go-sdk v0.5.1/go.mod h1:ExjqFLRz7LSpZpGluqDLvFl6dFBLq5LKyLW7GBaMAIs=
 github.com/infisical/infisical-kmip v0.3.5 h1:QM3s0e18B+mYv3a9HQNjNAlbwZJBzXq5BAJM2scIeiE=
 github.com/infisical/infisical-kmip v0.3.5/go.mod h1:bO1M4YtKyutNg1bREPmlyZspC5duSR7hyQ3lPmLzrIs=
 github.com/jedib0t/go-pretty v4.3.0+incompatible h1:CGs8AVhEKg/n9YbUenWmNStRW2PHJzaeDodcfvRAbIo=
@@ -858,4 +858,4 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
+rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

cli/packages/cmd/agent.go

@@ -29,7 +29,6 @@ import (
 	"github.com/Infisical/infisical-merge/packages/config"
 	"github.com/Infisical/infisical-merge/packages/models"
 	"github.com/Infisical/infisical-merge/packages/util"
-	"github.com/go-resty/resty/v2"
 	"github.com/spf13/cobra"
 )
 
@@ -514,7 +513,10 @@ type NewAgentMangerOptions struct {
 }
 
 func NewAgentManager(options NewAgentMangerOptions) *AgentManager {
-
+	customHeaders, err := util.GetInfisicalCustomHeadersMap()
+	if err != nil {
+		util.HandleError(err, "Unable to get custom headers")
+	}
 	return &AgentManager{
 		filePaths: options.FileDeposits,
 		templates: options.Templates,
@@ -529,6 +531,7 @@ func NewAgentManager(options NewAgentMangerOptions) *AgentManager {
 			SiteUrl:          config.INFISICAL_URL,
 			UserAgent:        api.USER_AGENT, // ? Should we perhaps use a different user agent for the Agent for better analytics?
 			AutoTokenRefresh: false,
+			CustomHeaders:    customHeaders,
 		}),
 	}
 
@@ -716,7 +719,11 @@ func (tm *AgentManager) FetchNewAccessToken() error {
 
 // Refreshes the existing access token
 func (tm *AgentManager) RefreshAccessToken() error {
-	httpClient := resty.New()
+	httpClient, err := util.GetRestyClientWithCustomHeaders()
+	if err != nil {
+		return err
+	}
+
 	httpClient.SetRetryCount(10000).
 		SetRetryMaxWaitTime(20 * time.Second).
 		SetRetryWaitTime(5 * time.Second)

cli/packages/cmd/bootstrap.go

@@ -10,7 +10,6 @@ import (
 
 	"github.com/Infisical/infisical-merge/packages/api"
 	"github.com/Infisical/infisical-merge/packages/util"
-	"github.com/go-resty/resty/v2"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 )
@@ -70,8 +69,12 @@ var bootstrapCmd = &cobra.Command{
 			return
 		}
 
-		httpClient := resty.New().
-			SetHeader("Accept", "application/json")
+		httpClient, err := util.GetRestyClientWithCustomHeaders()
+		if err != nil {
+			log.Error().Msgf("Failed to get resty client with custom headers: %v", err)
+			return
+		}
+		httpClient.SetHeader("Accept", "application/json")
 
 		bootstrapResponse, err := api.CallBootstrapInstance(httpClient, api.BootstrapInstanceRequest{
 			Domain:       util.AppendAPIEndpoint(domain),

cli/packages/cmd/dynamic_secrets.go

@@ -14,7 +14,6 @@ import (
 	// "github.com/Infisical/infisical-merge/packages/models"
 	"github.com/Infisical/infisical-merge/packages/util"
 	// "github.com/Infisical/infisical-merge/packages/visualize"
-	"github.com/go-resty/resty/v2"
 	"github.com/posthog/posthog-go"
 	"github.com/spf13/cobra"
 
@@ -56,7 +55,10 @@ func getDynamicSecretList(cmd *cobra.Command, args []string) {
 	}
 
 	var infisicalToken string
-	httpClient := resty.New()
+	httpClient, err := util.GetRestyClientWithCustomHeaders()
+	if err != nil {
+		util.HandleError(err, "Unable to get resty client with custom headers")
+	}
 
 	if projectId == "" {
 		workspaceFile, err := util.GetWorkSpaceFromFile()
@@ -85,10 +87,16 @@ func getDynamicSecretList(cmd *cobra.Command, args []string) {
 
 	httpClient.SetAuthToken(infisicalToken)
 
+	customHeaders, err := util.GetInfisicalCustomHeadersMap()
+	if err != nil {
+		util.HandleError(err, "Unable to get custom headers")
+	}
+
 	infisicalClient := infisicalSdk.NewInfisicalClient(context.Background(), infisicalSdk.Config{
 		SiteUrl:          config.INFISICAL_URL,
 		UserAgent:        api.USER_AGENT,
 		AutoTokenRefresh: false,
+		CustomHeaders:    customHeaders,
 	})
 	infisicalClient.Auth().SetAccessToken(infisicalToken)
 
@@ -164,7 +172,10 @@ func createDynamicSecretLeaseByName(cmd *cobra.Command, args []string) {
 	}
 
 	var infisicalToken string
-	httpClient := resty.New()
+	httpClient, err := util.GetRestyClientWithCustomHeaders()
+	if err != nil {
+		util.HandleError(err, "Unable to get resty client with custom headers")
+	}
 
 	if projectId == "" {
 		workspaceFile, err := util.GetWorkSpaceFromFile()
@@ -193,10 +204,16 @@ func createDynamicSecretLeaseByName(cmd *cobra.Command, args []string) {
 
 	httpClient.SetAuthToken(infisicalToken)
 
+	customHeaders, err := util.GetInfisicalCustomHeadersMap()
+	if err != nil {
+		util.HandleError(err, "Unable to get custom headers")
+	}
+
 	infisicalClient := infisicalSdk.NewInfisicalClient(context.Background(), infisicalSdk.Config{
 		SiteUrl:          config.INFISICAL_URL,
 		UserAgent:        api.USER_AGENT,
 		AutoTokenRefresh: false,
+		CustomHeaders:    customHeaders,
 	})
 	infisicalClient.Auth().SetAccessToken(infisicalToken)
 
@@ -286,7 +303,10 @@ func renewDynamicSecretLeaseByName(cmd *cobra.Command, args []string) {
 	}
 
 	var infisicalToken string
-	httpClient := resty.New()
+	httpClient, err := util.GetRestyClientWithCustomHeaders()
+	if err != nil {
+		util.HandleError(err, "Unable to get resty client with custom headers")
+	}
 
 	if projectId == "" {
 		workspaceFile, err := util.GetWorkSpaceFromFile()
@@ -315,10 +335,16 @@ func renewDynamicSecretLeaseByName(cmd *cobra.Command, args []string) {
 
 	httpClient.SetAuthToken(infisicalToken)
 
+	customHeaders, err := util.GetInfisicalCustomHeadersMap()
+	if err != nil {
+		util.HandleError(err, "Unable to get custom headers")
+	}
+
 	infisicalClient := infisicalSdk.NewInfisicalClient(context.Background(), infisicalSdk.Config{
 		SiteUrl:          config.INFISICAL_URL,
 		UserAgent:        api.USER_AGENT,
 		AutoTokenRefresh: false,
+		CustomHeaders:    customHeaders,
 	})
 	infisicalClient.Auth().SetAccessToken(infisicalToken)
 
@@ -384,7 +410,10 @@ func revokeDynamicSecretLeaseByName(cmd *cobra.Command, args []string) {
 	}
 
 	var infisicalToken string
-	httpClient := resty.New()
+	httpClient, err := util.GetRestyClientWithCustomHeaders()
+	if err != nil {
+		util.HandleError(err, "Unable to get resty client with custom headers")
+	}
 
 	if projectId == "" {
 		workspaceFile, err := util.GetWorkSpaceFromFile()
@@ -413,10 +442,16 @@ func revokeDynamicSecretLeaseByName(cmd *cobra.Command, args []string) {
 
 	httpClient.SetAuthToken(infisicalToken)
 
+	customHeaders, err := util.GetInfisicalCustomHeadersMap()
+	if err != nil {
+		util.HandleError(err, "Unable to get custom headers")
+	}
+
 	infisicalClient := infisicalSdk.NewInfisicalClient(context.Background(), infisicalSdk.Config{
 		SiteUrl:          config.INFISICAL_URL,
 		UserAgent:        api.USER_AGENT,
 		AutoTokenRefresh: false,
+		CustomHeaders:    customHeaders,
 	})
 	infisicalClient.Auth().SetAccessToken(infisicalToken)
 
@@ -481,7 +516,10 @@ func listDynamicSecretLeaseByName(cmd *cobra.Command, args []string) {
 	}
 
 	var infisicalToken string
-	httpClient := resty.New()
+	httpClient, err := util.GetRestyClientWithCustomHeaders()
+	if err != nil {
+		util.HandleError(err, "Unable to get resty client with custom headers")
+	}
 
 	if projectId == "" {
 		workspaceFile, err := util.GetWorkSpaceFromFile()
@@ -510,10 +548,16 @@ func listDynamicSecretLeaseByName(cmd *cobra.Command, args []string) {
 
 	httpClient.SetAuthToken(infisicalToken)
 
+	customHeaders, err := util.GetInfisicalCustomHeadersMap()
+	if err != nil {
+		util.HandleError(err, "Unable to get custom headers")
+	}
+
 	infisicalClient := infisicalSdk.NewInfisicalClient(context.Background(), infisicalSdk.Config{
 		SiteUrl:          config.INFISICAL_URL,
 		UserAgent:        api.USER_AGENT,
 		AutoTokenRefresh: false,
+		CustomHeaders:    customHeaders,
 	})
 	infisicalClient.Auth().SetAccessToken(infisicalToken)
 

cli/packages/cmd/init.go

@@ -10,7 +10,6 @@ import (
 	"github.com/Infisical/infisical-merge/packages/api"
 	"github.com/Infisical/infisical-merge/packages/models"
 	"github.com/Infisical/infisical-merge/packages/util"
-	"github.com/go-resty/resty/v2"
 	"github.com/manifoldco/promptui"
 	"github.com/posthog/posthog-go"
 	"github.com/rs/zerolog/log"
@@ -50,7 +49,10 @@ var initCmd = &cobra.Command{
 			util.PrintErrorMessageAndExit("Your login session has expired, please run [infisical login] and try again")
 		}
 
-		httpClient := resty.New()
+		httpClient, err := util.GetRestyClientWithCustomHeaders()
+		if err != nil {
+			util.HandleError(err, "Unable to get resty client with custom headers")
+		}
 		httpClient.SetAuthToken(userCreds.UserCredentials.JTWToken)
 
 		organizationResponse, err := api.CallGetAllOrganizations(httpClient)
@@ -81,7 +83,10 @@ var initCmd = &cobra.Command{
 			for i < 6 {
 				mfaVerifyCode := askForMFACode(tokenResponse.MfaMethod)
 
-				httpClient := resty.New()
+				httpClient, err := util.GetRestyClientWithCustomHeaders()
+				if err != nil {
+					util.HandleError(err, "Unable to get resty client with custom headers")
+				}
 				httpClient.SetAuthToken(tokenResponse.Token)
 				verifyMFAresponse, mfaErrorResponse, requestError := api.CallVerifyMfaToken(httpClient, api.VerifyMfaTokenRequest{
 					Email:     userCreds.UserCredentials.Email,

cli/packages/cmd/login.go

@@ -27,7 +27,6 @@ import (
 	"github.com/Infisical/infisical-merge/packages/srp"
 	"github.com/Infisical/infisical-merge/packages/util"
 	"github.com/fatih/color"
-	"github.com/go-resty/resty/v2"
 	"github.com/manifoldco/promptui"
 	"github.com/posthog/posthog-go"
 	"github.com/rs/cors"
@@ -178,10 +177,16 @@ var loginCmd = &cobra.Command{
 			return
 		}
 
+		customHeaders, err := util.GetInfisicalCustomHeadersMap()
+		if err != nil {
+			util.HandleError(err, "Unable to get custom headers")
+		}
+
 		infisicalClient := infisicalSdk.NewInfisicalClient(context.Background(), infisicalSdk.Config{
 			SiteUrl:          config.INFISICAL_URL,
 			UserAgent:        api.USER_AGENT,
 			AutoTokenRefresh: false,
+			CustomHeaders:    customHeaders,
 		})
 
 		loginMethod, err := cmd.Flags().GetString("method")
@@ -359,7 +364,10 @@ func cliDefaultLogin(userCredentialsToBeStored *models.UserCredentials) {
 		for i < 6 {
 			mfaVerifyCode := askForMFACode("email")
 
-			httpClient := resty.New()
+			httpClient, err := util.GetRestyClientWithCustomHeaders()
+			if err != nil {
+				util.HandleError(err, "Unable to get resty client with custom headers")
+			}
 			httpClient.SetAuthToken(loginTwoResponse.Token)
 			verifyMFAresponse, mfaErrorResponse, requestError := api.CallVerifyMfaToken(httpClient, api.VerifyMfaTokenRequest{
 				Email:    email,
@@ -726,7 +734,10 @@ func askForLoginCredentials() (email string, password string, err error) {
 
 func getFreshUserCredentials(email string, password string) (*api.GetLoginOneV2Response, *api.GetLoginTwoV2Response, error) {
 	log.Debug().Msg(fmt.Sprint("getFreshUserCredentials: ", "email", email, "password: ", password))
-	httpClient := resty.New()
+	httpClient, err := util.GetRestyClientWithCustomHeaders()
+	if err != nil {
+		return nil, nil, err
+	}
 	httpClient.SetRetryCount(5)
 
 	params := srp.GetParams(4096)
@@ -776,7 +787,10 @@ func getFreshUserCredentials(email string, password string) (*api.GetLoginOneV2R
 func GetJwtTokenWithOrganizationId(oldJwtToken string, email string) string {
 	log.Debug().Msg(fmt.Sprint("GetJwtTokenWithOrganizationId: ", "oldJwtToken", oldJwtToken))
 
-	httpClient := resty.New()
+	httpClient, err := util.GetRestyClientWithCustomHeaders()
+	if err != nil {
+		util.HandleError(err, "Unable to get resty client with custom headers")
+	}
 	httpClient.SetAuthToken(oldJwtToken)
 
 	organizationResponse, err := api.CallGetAllOrganizations(httpClient)
@@ -811,7 +825,10 @@ func GetJwtTokenWithOrganizationId(oldJwtToken string, email string) string {
 		for i < 6 {
 			mfaVerifyCode := askForMFACode(selectedOrgRes.MfaMethod)
 
-			httpClient := resty.New()
+			httpClient, err := util.GetRestyClientWithCustomHeaders()
+			if err != nil {
+				util.HandleError(err, "Unable to get resty client with custom headers")
+			}
 			httpClient.SetAuthToken(selectedOrgRes.Token)
 			verifyMFAresponse, mfaErrorResponse, requestError := api.CallVerifyMfaToken(httpClient, api.VerifyMfaTokenRequest{
 				Email:     email,
@@ -913,7 +930,14 @@ func askToPasteJwtToken(success chan models.UserCredentials, failure chan error)
 	}
 
 	// verify JTW
-	httpClient := resty.New().
+	httpClient, err := util.GetRestyClientWithCustomHeaders()
+	if err != nil {
+		failure <- err
+		fmt.Println("Error getting resty client with custom headers", err)
+		os.Exit(1)
+	}
+
+	httpClient.
 		SetAuthToken(userCredentials.JTWToken).
 		SetHeader("Accept", "application/json")