Merge pull request #257 from IBM-Cloud/dev

Promote dev to master

.pre-commit-config.yaml

@@ -0,0 +1,21 @@
+# This is an example configuration to enable detect-secrets in the pre-commit hook.
+# Add this file to the root folder of your repository.
+#
+# Read pre-commit hook framework https://pre-commit.com/ for more details about the structure of config yaml file and how git pre-commit would invoke each hook.
+#
+# This line indicates we will use the hook from ibm/detect-secrets to run scan during committing phase.
+# Whitewater/whitewater-detect-secrets would sync code to ibm/detect-secrets upon merge.
+- repo: https://github.com/ibm/detect-secrets
+  # If you desire to use a specific version of detect-secrets, you can replace `master` with other git revisions such as branch, tag or commit sha.
+  # You are encouraged to use static refs such as tags, instead of branch name
+  #
+  # Running "pre-commit autoupdate" would automatically updates rev to latest tag
+  rev: master
+  hooks:
+    - id: detect-secrets # pragma: whitelist secret
+      # Add options for detect-secrets-hook binary. You can run `detect-secrets-hook --help` to list out all possible options.
+      # You may also run `pre-commit run detect-secrets` to preview the scan result.
+      # when "--baseline" without "--use-all-plugins", pre-commit scan with just plugins in baseline file
+      # when "--baseline" with "--use-all-plugins", pre-commit scan with all available plugins
+      # add "--fail-on-non-audited" to fail pre-commit for unaudited potential secrets
+      args: [--baseline, .secrets.baseline, --use-all-plugins, --fail-on-non-audited]

.secrets.baseline

@@ -3,14 +3,17 @@
     "files": "^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2021-04-16T18:38:00Z",
+  "generated_at": "2021-09-15T17:17:42Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
     },
     {
       "name": "ArtifactoryDetector"
     },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
     {
       "base64_limit": 4.5,
       "name": "Base64HighEntropyString"
@@ -25,6 +28,7 @@
       "name": "CloudantDetector"
     },
     {
+      "ghe_instance": "github.ibm.com",
       "name": "GheDetector"
     },
     {
@@ -47,6 +51,9 @@
     {
       "name": "MailchimpDetector"
     },
+    {
+      "name": "NpmDetector"
+    },
     {
       "name": "PrivateKeyDetector"
     },
@@ -56,6 +63,9 @@
     {
       "name": "SoftlayerDetector"
     },
+    {
+      "name": "SquareOAuthDetector"
+    },
     {
       "name": "StripeDetector"
     },
@@ -77,59 +87,77 @@
         "hashed_secret": "c2df5d3d760ff42f33fb38e2534d4c1b7ddde3ab",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 26,
+        "line_number": 29,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "c287d1da815abde11f19d14ab6f9dba01f57698e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 27,
+        "line_number": 30,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "41aaaaa69550b140807e70dcc170a497dbeadf0d",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 30,
+        "line_number": 33,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "ca51a3e5092ede254e7121c4fc9fb07a0a55f2a0",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 31,
+        "line_number": 34,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "d327b16674fb457f595a2bc5cdbd98f8143632be",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 32,
+        "line_number": 35,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "3c81615afb40d1889fc2e1fff551a8b59b4e80ce",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 36,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "3438d9111af8058916e075b463bd7a6583cbf012",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 212,
+        "line_number": 233,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "53213c46677ac6f5576c44a4cbbdbe186d67cb00",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 214,
+        "line_number": 235,
         "type": "Secret Keyword",
         "verified_result": null
       }
     ],
+    "bluemix/authentication/iam/iam_test.go": [
+      {
+        "hashed_secret": "c8f0df25bade89c1873f5f01b85bcfb921443ac6",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 19,
+        "type": "JSON Web Token",
+        "verified_result": null
+      }
+    ],
     "bluemix/authentication/uaa/uaa.go": [
       {
         "hashed_secret": "3438d9111af8058916e075b463bd7a6583cbf012",
@@ -140,6 +168,16 @@
         "verified_result": null
       }
     ],
+    "bluemix/configuration/core_config/bx_config_test.go": [
+      {
+        "hashed_secret": "9507a758af9127f99a700b500657fd558b705dc9",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 274,
+        "type": "JSON Web Token",
+        "verified_result": null
+      }
+    ],
     "bluemix/configuration/core_config/cf_config.go": [
       {
         "hashed_secret": "e85f6eac7402c010fcea6b6d024a1875ac213f99",
@@ -167,19 +205,27 @@
         "type": "JSON Web Token",
         "verified_result": null
       },
+      {
+        "hashed_secret": "42be9b0e85dc9f0fcb42c69058b133fd23dfde2b",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 21,
+        "type": "JSON Web Token",
+        "verified_result": null
+      },
       {
         "hashed_secret": "73f596843cdc77ecc6a0a4cdc5b5d89071ad1b79",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 19,
+        "line_number": 25,
         "type": "JSON Web Token",
         "verified_result": null
       },
       {
         "hashed_secret": "63a47776714d85556701c61dd731a302ed132385",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 27,
+        "line_number": 33,
         "type": "Hex High Entropy String",
         "verified_result": null
       }
@@ -537,7 +583,7 @@
       }
     ]
   },
-  "version": "0.13.1+ibm.34.dss",
+  "version": "0.13.1+ibm.45.dss",
   "word_list": {
     "file": null,
     "hash": null

CONTRIBUTING.md

@@ -1,4 +1,4 @@
-# Contributing to Atom
+# Contributing to IBM Cloud CLI SDK
 
 :+1:First of all, thanks for your time to contribute!:tada:
 
@@ -16,6 +16,9 @@ We follow the offical [CodeReviewComments](https://github.com/golang/go/wiki/Cod
 
 Make sure you have good unit test. Run `go test -cover $(go list ./...)`, and ensure coverage is above 80% for major packages (aka packages other than i18n, fakes, docs...).
 
+#### Secret Detection
+This project uses the IBM Detect Secrets Module. Install the module, by following these [instructions](https://github.com/ibm/detect-secrets#installupgrade-module). Once installed, enable the pre-commit secret detection hook by following these [instructions](https://github.com/ibm/detect-secrets#installupgrade-module) to ensure no secrets are committed to this repo.
+
 
 #### Commit Message
 

bluemix/authentication/auth.go

@@ -37,6 +37,10 @@ func (r *TokenRequest) ResponseTypes() []ResponseType {
 	return r.responseTypes
 }
 
+func (r *TokenRequest) GetTokenParam(key string) string {
+	return r.params.Get(key)
+}
+
 func (r *TokenRequest) SetResponseType(responseTypes ...ResponseType) {
 	r.responseTypes = responseTypes
 }

bluemix/authentication/auth_test.go

@@ -0,0 +1,19 @@
+package authentication_test
+
+import (
+	"testing"
+
+	"github.com/IBM-Cloud/ibm-cloud-cli-sdk/bluemix/authentication"
+	"github.com/IBM-Cloud/ibm-cloud-cli-sdk/bluemix/authentication/iam"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetTokenParam(t *testing.T) {
+	req := authentication.NewTokenRequest(iam.GrantTypeCRToken)
+	profileParam := "myProfile"
+	req.SetTokenParam("profile", profileParam)
+
+	parsedParam := req.GetTokenParam("profile")
+
+	assert.Equal(t, profileParam, parsedParam)
+}

bluemix/authentication/iam/iam.go

@@ -18,6 +18,9 @@ const (
 	defaultClientSecret    = "bx"
 	defaultUAAClientID     = "cf"
 	defaultUAAClientSecret = ""
+	crTokenParam           = "cr_token"
+	profileIDParam         = "profile_id"
+	profileNameParam       = "profile_name"
 )
 
 // Grant types
@@ -30,6 +33,7 @@ const (
 	GrantTypeDelegatedRefreshToken authentication.GrantType = "urn:ibm:params:oauth:grant-type:delegated-refresh-token" // #nosec G101
 	GrantTypeIdentityCookie        authentication.GrantType = "urn:ibm:params:oauth:grant-type:identity-cookie"
 	GrantTypeDerive                authentication.GrantType = "urn:ibm:params:oauth:grant-type:derive"
+	GrantTypeCRToken               authentication.GrantType = "urn:ibm:params:oauth:grant-type:cr-token"
 )
 
 // Response types
@@ -81,6 +85,23 @@ func APIKeyTokenRequest(apikey string, opts ...authentication.TokenOption) *auth
 	return r
 }
 
+func CRTokenRequest(crToken string, profileID string, profileName string, opts ...authentication.TokenOption) *authentication.TokenRequest {
+	r := authentication.NewTokenRequest(GrantTypeCRToken)
+	r.SetTokenParam(crTokenParam, crToken)
+
+	if profileID != "" {
+		r.SetTokenParam(profileIDParam, profileID)
+	}
+	if profileName != "" {
+		r.SetTokenParam(profileNameParam, profileName)
+	}
+
+	for _, o := range opts {
+		r.WithOption(o)
+	}
+	return r
+}
+
 func RefreshTokenRequest(refreshToken string, opts ...authentication.TokenOption) *authentication.TokenRequest {
 	r := authentication.NewTokenRequest(GrantTypeRefreshToken)
 	r.SetTokenParam("refresh_token", refreshToken)