Auto-discover and ask to update the defaultOrg and enforcedOrgs config keys

pvdz · pvdz · commit b6ac3d06b4bf · 2025-03-25T13:33:11.000+01:00
diff --git a/src/commands/config/cmd-config-get.test.ts b/src/commands/config/cmd-config-get.test.ts
@@ -29,8 +29,8 @@ describe('socket config get', async () => {
         Keys:
 
          - apiBaseUrl -- Base URL of the API endpoint
-         - apiToken -- The API token required to access most API endpoints
          - apiProxy -- A proxy through which to access the API
+         - apiToken -- The API token required to access most API endpoints
          - defaultOrg -- The default org slug to use when appropriate; usually the org your API token has access to. When set, all orgSlug arguments are implied to be this value.
          - enforcedOrgs -- Orgs in this list have their security policies enforced on this machine
 
diff --git a/src/commands/config/cmd-config-list.test.ts b/src/commands/config/cmd-config-list.test.ts
@@ -30,8 +30,8 @@ describe('socket config get', async () => {
         Keys:
 
          - apiBaseUrl -- Base URL of the API endpoint
-         - apiToken -- The API token required to access most API endpoints
          - apiProxy -- A proxy through which to access the API
+         - apiToken -- The API token required to access most API endpoints
          - defaultOrg -- The default org slug to use when appropriate; usually the org your API token has access to. When set, all orgSlug arguments are implied to be this value.
          - enforcedOrgs -- Orgs in this list have their security policies enforced on this machine
 
diff --git a/src/commands/config/cmd-config-set.test.ts b/src/commands/config/cmd-config-set.test.ts
@@ -34,8 +34,8 @@ describe('socket config get', async () => {
         Keys:
 
          - apiBaseUrl -- Base URL of the API endpoint
-         - apiToken -- The API token required to access most API endpoints
          - apiProxy -- A proxy through which to access the API
+         - apiToken -- The API token required to access most API endpoints
          - defaultOrg -- The default org slug to use when appropriate; usually the org your API token has access to. When set, all orgSlug arguments are implied to be this value.
          - enforcedOrgs -- Orgs in this list have their security policies enforced on this machine
 
diff --git a/src/commands/config/cmd-config-unset.test.ts b/src/commands/config/cmd-config-unset.test.ts
@@ -29,8 +29,8 @@ describe('socket config unset', async () => {
         Keys:
 
          - apiBaseUrl -- Base URL of the API endpoint
-         - apiToken -- The API token required to access most API endpoints
          - apiProxy -- A proxy through which to access the API
+         - apiToken -- The API token required to access most API endpoints
          - defaultOrg -- The default org slug to use when appropriate; usually the org your API token has access to. When set, all orgSlug arguments are implied to be this value.
          - enforcedOrgs -- Orgs in this list have their security policies enforced on this machine
 
diff --git a/src/commands/config/discover-config-value.ts b/src/commands/config/discover-config-value.ts
@@ -0,0 +1,174 @@
+import { handleApiCall } from '../../utils/api'
+import { supportedConfigKeys } from '../../utils/config'
+import { getDefaultToken, setupSdk } from '../../utils/sdk'
+
+import type { LocalConfig } from '../../utils/config'
+
+export async function discoverConfigValue(
+  key: string
+): Promise<{ success: boolean; value: unknown; message: string }> {
+  // This will have to be a specific implementation per key because certain
+  // keys should request information from particular API endpoints while
+  // others should simply return their default value, like endpoint URL.
+
+  if (!supportedConfigKeys.has(key as keyof LocalConfig)) {
+    return {
+      success: false,
+      value: undefined,
+      message: 'Requested key is not a valid config key.'
+    }
+  }
+
+  if (key === 'apiBaseUrl') {
+    // Return the default value
+    return {
+      success: false,
+      value: undefined,
+      message:
+        "If you're unsure about the base endpoint URL then simply unset it."
+    }
+  }
+
+  if (key === 'apiProxy') {
+    // I don't think we can auto-discover this with any order of reliability..?
+    return {
+      success: false,
+      value: undefined,
+      message:
+        'When uncertain, unset this key. Otherwise ask your network administrator.'
+    }
+  }
+
+  if (key === 'apiToken') {
+    return {
+      success: false,
+      value: undefined,
+      message:
+        'You can find/create your API token in your Socket dashboard > settings > API tokens.\nYou should then use `socket login` to login instead of this command.'
+    }
+  }
+
+  if (key === 'defaultOrg') {
+    const apiToken = getDefaultToken()
+    if (!apiToken) {
+      return {
+        success: false,
+        value: undefined,
+        message:
+          'No API token set, must have a token to resolve its default org.'
+      }
+    }
+
+    const org = await getDefaultOrgFromToken()
+    if (!org?.length) {
+      return {
+        success: false,
+        value: undefined,
+        message:
+          'Was unable to determine default org for the current API token.'
+      }
+    }
+
+    if (Array.isArray(org)) {
+      return {
+        success: true,
+        value: org,
+        message: 'These are the orgs that the current API token can access.'
+      }
+    }
+
+    return {
+      success: true,
+      value: org,
+      message: 'This is the org that belongs to the current API token.'
+    }
+  }
+
+  if (key === 'enforcedOrgs') {
+    const apiToken = getDefaultToken()
+    if (!apiToken) {
+      return {
+        success: false,
+        value: undefined,
+        message:
+          'No API token set, must have a token to resolve orgs to enforce.'
+      }
+    }
+
+    const orgs = await getEnforceableOrgsFromToken()
+    if (!orgs?.length) {
+      return {
+        success: false,
+        value: undefined,
+        message:
+          'Was unable to determine any orgs to enforce for the current API token.'
+      }
+    }
+
+    return {
+      success: true,
+      value: orgs,
+      message: 'These are the orgs whose security policy you can enforce.'
+    }
+  }
+
+  if (key === 'test') {
+    return {
+      success: false,
+      value: undefined,
+      message: ''
+    }
+  }
+
+  // Mostly to please TS, because we're not telling it `key` is keyof LocalConfig
+  return {
+    success: false,
+    value: undefined,
+    message: 'unreachable?'
+  }
+}
+
+async function getDefaultOrgFromToken(): Promise<
+  string[] | string | undefined
+> {
+  const sockSdk = await setupSdk()
+  const result = await handleApiCall(
+    sockSdk.getOrganizations(),
+    'looking up organizations'
+  )
+
+  if (result.success) {
+    const arr = Array.from(Object.values(result.data.organizations)).map(
+      ({ slug }) => slug
+    )
+    if (arr.length === 0) {
+      return undefined
+    }
+    if (arr.length === 1) {
+      return arr[0]
+    }
+    return arr
+  }
+
+  return undefined
+}
+
+async function getEnforceableOrgsFromToken(): Promise<string[] | undefined> {
+  const sockSdk = await setupSdk()
+  const result = await handleApiCall(
+    sockSdk.getOrganizations(),
+    'looking up organizations'
+  )
+
+  if (result.success) {
+    const arr = Array.from(Object.values(result.data.organizations)).map(
+      ({ slug }) => slug
+    )
+    if (arr.length === 0) {
+      return undefined
+    }
+    return arr
+  }
+
+  return undefined
+}
diff --git a/src/commands/config/handle-config-auto.ts b/src/commands/config/handle-config-auto.ts
@@ -1,5 +1,5 @@
-import { outputConfigGet } from './output-config-get'
-import { getConfigValue } from '../../utils/config'
+import { discoverConfigValue } from './discover-config-value'
+import { outputConfigAuto } from './output-config-auto'
 
 import type { LocalConfig } from '../../utils/config'
 
@@ -10,7 +10,7 @@ export async function handleConfigAuto({
   key: keyof LocalConfig
   outputKind: 'json' | 'markdown' | 'text'
 }) {
-  const value = getConfigValue(key)
+  const result = await discoverConfigValue(key)
 
-  await outputConfigGet(key, value, outputKind)
+  await outputConfigAuto(key, result, outputKind)
 }
diff --git a/src/commands/config/output-config-auto.ts b/src/commands/config/output-config-auto.ts
@@ -1,12 +1,19 @@
 import { logger } from '@socketsecurity/registry/lib/logger'
+import { select } from '@socketsecurity/registry/lib/prompts'
 
-import { LocalConfig } from '../../utils/config'
+import { LocalConfig, updateConfigValue } from '../../utils/config'
 
 export async function outputConfigAuto(
   key: keyof LocalConfig,
-  success: boolean,
-  value: unknown,
-  message: string,
+  {
+    message,
+    success,
+    value
+  }: {
+    success: boolean
+    value: unknown
+    message: string
+  },
   outputKind: 'json' | 'markdown' | 'text'
 ) {
   if (outputKind === 'json') {
@@ -20,11 +27,70 @@ export async function outputConfigAuto(
     logger.log('')
     if (success) {
       logger.log(`The discovered value is: "${value}"`)
+      if (message) {
+        logger.log('')
+        logger.log(message)
+      }
     } else {
       logger.log(`The discovery failed: ${message}`)
     }
     logger.log('')
   } else {
-    logger.log(`${key}: ${value}`)
+    if (message) {
+      logger.log(message)
+      logger.log('')
+    }
+    logger.log(`- ${key}: ${value}`)
+    logger.log('')
+
+    if (success) {
+      if (key === 'defaultOrg') {
+        const proceed = await select<string>({
+          message:
+            'Would you like to update the default org in local config to this value?',
+          choices: (Array.isArray(value) ? value : [value])
+            .map(slug => ({
+              name: 'Yes [' + slug + ']',
+              value: slug,
+              description: `Use "${slug}" as the default organization`
+            }))
+            .concat({
+              name: 'No',
+              value: '',
+              description: 'Do not use any of these organizations'
+            })
+        })
+        if (proceed) {
+          logger.log(
+            `OK. Setting defaultOrg to "${proceed}".\nYou should no longer need to add the org to commands that normally require it.`
+          )
+          updateConfigValue('defaultOrg', proceed)
+        } else {
+          logger.log('OK. No changes made.')
+        }
+      } else if (key === 'enforcedOrgs') {
+        const proceed = await select<string>({
+          message:
+            'Would you like to update the enforced orgs in local config to this value?',
+          choices: (Array.isArray(value) ? value : [value])
+            .map(slug => ({
+              name: 'Yes [' + slug + ']',
+              value: slug,
+              description: `Enforce the security policy of "${slug}" on this machine`
+            }))
+            .concat({
+              name: 'No',
+              value: '',
+              description: 'Do not use any of these organizations'
+            })
+        })
+        if (proceed) {
+          logger.log(`OK. Setting enforcedOrgs key to "${proceed}".`)
+          updateConfigValue('defaultOrg', proceed)
+        } else {
+          logger.log('OK. No changes made.')
+        }
+      }
+    }
   }
 }
diff --git a/src/commands/organization/cmd-organization-policy-security.test.ts b/src/commands/organization/cmd-organization-policy-security.test.ts
@@ -60,17 +60,17 @@ describe('socket organization list', async () => {
       const { code, stderr, stdout } = await invokeNpm(entryPath, cmd)
       expect(stdout).toMatchInlineSnapshot(`""`)
       expect(`\n   ${stderr}`).toMatchInlineSnapshot(`
-      "
-         _____         _       _        /---------------
-        |   __|___ ___| |_ ___| |_      | Socket.dev CLI ver <redacted>
-        |__   | . |  _| '_| -_|  _|     | Node: <redacted>, API token set: <redacted>
-        |_____|___|___|_,_|___|_|.dev   | Command: \`socket organization policy security\`, cwd: <redacted>
+        "
+           _____         _       _        /---------------
+          |   __|___ ___| |_ ___| |_      | Socket.dev CLI ver <redacted>
+          |__   | . |  _| '_| -_|  _|     | Node: <redacted>, API token set: <redacted>
+          |_____|___|___|_,_|___|_|.dev   | Command: \`socket organization policy security\`, cwd: <redacted>
 
-      \\x1b[31m\\xd7\\x1b[39m \\x1b[41m\\x1b[37mInput error\\x1b[39m\\x1b[49m: Please provide the required fields:
+        \\x1b[31m\\xd7\\x1b[39m \\x1b[41m\\x1b[37mInput error\\x1b[39m\\x1b[49m: Please provide the required fields:
 
-      - Org name as the first argument \\x1b[31m(missing!)\\x1b[39m
-      - The json and markdown flags cannot be both set \\x1b[32m(ok)\\x1b[39m"
-    `)
+        - Org name as the first argument \\x1b[31m(missing!)\\x1b[39m
+        - The json and markdown flags cannot be both set \\x1b[32m(ok)\\x1b[39m"
+      `)
 
       expect(code, 'dry-run should exit with code 2 if input bad').toBe(2)
     }
diff --git a/src/utils/config.ts b/src/utils/config.ts
@@ -22,16 +22,16 @@ export interface LocalConfig {
   test?: unknown
 }
 
-// Dugefault app data folder env var on Win
+// Default app data folder env var on Win
 const LOCALAPPDATA = 'LOCALAPPDATA'
 // Default app data folder env var on Mac/Linux
 const XDG_DATA_HOME = 'XDG_DATA_HOME'
 const SOCKET_APP_DIR = 'socket/settings' // It used to be settings...
 
 export const supportedConfigKeys: Map<keyof LocalConfig, string> = new Map([
   ['apiBaseUrl', 'Base URL of the API endpoint'],
-  ['apiToken', 'The API token required to access most API endpoints'],
   ['apiProxy', 'A proxy through which to access the API'],
+  ['apiToken', 'The API token required to access most API endpoints'],
   [
     'defaultOrg',
     'The default org slug to use when appropriate; usually the org your API token has access to. When set, all orgSlug arguments are implied to be this value.'
