CLI ignores OAuth client flags when a local API key is configured(AST-127635)

internal/commands/root_test.go

@@ -160,6 +160,7 @@ func TestCreateCommand_WithInvalidFlag_ShouldReturnExitCode1(t *testing.T) {
 
 func executeTestCommand(cmd *cobra.Command, args ...string) error {
 	fmt.Println("Executing command with args ", args)
+	defer viper.Reset()
 	cmd.SetArgs(args)
 	cmd.SilenceUsage = true
 	return cmd.Execute()

internal/wrappers/client.go

@@ -599,31 +599,50 @@ func configureClientCredentialsAndGetNewToken() (string, error) {
 	accessKeyID := viper.GetString(commonParams.AccessKeyIDConfigKey)
 	accessKeySecret := viper.GetString(commonParams.AccessKeySecretConfigKey)
 	astAPIKey := viper.GetString(commonParams.AstAPIKey)
+
 	var accessToken string
 
-	if accessKeyID == "" && astAPIKey == "" {
-		return "", errors.Errorf(FailedToAuth, "access key ID")
-	} else if accessKeySecret == "" && astAPIKey == "" {
-		return "", errors.Errorf(FailedToAuth, "access key secret")
+	if accessKeyID == "" && accessKeySecret == "" && astAPIKey == "" {
+		return "", errors.Errorf(FailedToAuth, "provide credentials")
 	}
 
-	authURI, err := GetAuthURI()
-	if err != nil {
-		return "", err
-	}
+	// Prefer client credentials over API key
+	if accessKeyID != "" && accessKeySecret != "" {
+		if accessKeyID == "" {
+			return "", errors.Errorf(FailedToAuth, "access key ID")
+		}
+		if accessKeySecret == "" {
+			return "", errors.Errorf(FailedToAuth, "access key secret")
+		}
+
+		authURI, err := GetAuthURI()
+		if err != nil {
+			return "", err
+		}
 
-	if astAPIKey != "" {
-		accessToken, err = getNewToken(getAPIKeyPayload(astAPIKey), authURI)
-	} else {
 		accessToken, err = getNewToken(getCredentialsPayload(accessKeyID, accessKeySecret), authURI)
-	}
+		if err != nil {
+			return "", errors.Errorf("%s", err)
+		}
+	} else if astAPIKey != "" {
+		authURI, err := GetAuthURI()
+		if err != nil {
+			return "", err
+		}
 
-	if err != nil {
-		return "", errors.Errorf("%s", err)
+		accessToken, err = getNewToken(getAPIKeyPayload(astAPIKey), authURI)
+		if err != nil {
+			return "", errors.Errorf("%s", err)
+		}
+	} else if accessKeyID != "" || accessKeySecret != "" {
+		// One is provided but not both
+		if accessKeyID == "" {
+			return "", errors.Errorf(FailedToAuth, "access key ID")
+		}
+		return "", errors.Errorf(FailedToAuth, "access key secret")
 	}
 
 	writeCredentialsToCache(accessToken)
-
 	return accessToken, nil
 }