Skip to content

fix(gateway): --domain flag not working for non-enroll method #252

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
x032205 merged 2 commits into from
Jun 3, 2026
+26 −80
Merged

fix(gateway): --domain flag not working for non-enroll method #252

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2f90966
fix(gateway): --domain flag not working for non-enroll method
x032205 Jun 2, 2026
a6a28e8
remove unnecessary enrollmentMethod check
x032205 Jun 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 14 additions & 42 deletions packages/cmd/gateway.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,6 +230,14 @@ var gatewayStartCmd = &cobra.Command{
util.HandleError(errors.New("gateway name is required (provide as positional argument)"))
}

if flagDomain, _ := cmd.Flags().GetString("domain"); flagDomain != "" {
config.INFISICAL_URL = util.AppendAPIEndpoint(flagDomain)
} else if storedDomain, _ := gatewayv2.LoadStoredDomain(gatewayName); storedDomain != "" {
config.INFISICAL_URL = util.AppendAPIEndpoint(storedDomain)
} else if configFile, cfgErr := util.GetConfigFile(); cfgErr == nil && configFile.LoggedInUserDomain != "" {
config.INFISICAL_URL = util.AppendAPIEndpoint(configFile.LoggedInUserDomain)
}
Comment thread
x032205 marked this conversation as resolved.

// --- AWS Auth path ---
if enrollMethod == gatewayv2.EnrollMethodAws {
gatewayID, _ := cmd.Flags().GetString("gateway-id")
Expand All @@ -244,13 +252,6 @@ var gatewayStartCmd = &cobra.Command{
util.HandleError(errors.New("--gateway-id is required when --enroll-method=aws"))
}

domain, _ := cmd.Flags().GetString("domain")
if domain != "" {
config.INFISICAL_URL = util.AppendAPIEndpoint(domain)
} else if storedDomain, _ := gatewayv2.LoadStoredDomain(gatewayName); storedDomain != "" {
config.INFISICAL_URL = util.AppendAPIEndpoint(storedDomain)
}

httpClient, err := util.GetRestyClientWithCustomHeaders()
if err != nil {
util.HandleError(err, "unable to create HTTP client")
Expand All @@ -272,14 +273,8 @@ var gatewayStartCmd = &cobra.Command{
util.HandleError(err, "failed to save gateway id to config")
}

effectiveDomain := domain
if effectiveDomain == "" {
effectiveDomain = config.INFISICAL_URL
}
if effectiveDomain != "" {
if err := gatewayv2.SaveDomain(gatewayName, effectiveDomain); err != nil {
util.HandleError(err, "failed to save domain to config")
}
if err := gatewayv2.SaveDomain(gatewayName, config.INFISICAL_URL); err != nil {
util.HandleError(err, "failed to save domain to config")
}

log.Info().Msgf("Gateway authenticated via AWS Auth. State saved to %s", gatewayv2.GetConfPathDisplay(gatewayName))
Expand All @@ -301,11 +296,6 @@ var gatewayStartCmd = &cobra.Command{
if alreadyEnrolled {
log.Info().Msg("Enrollment token matches stored token. Skipping enrollment.")
} else {
domain, _ := cmd.Flags().GetString("domain")
if domain != "" {
config.INFISICAL_URL = util.AppendAPIEndpoint(domain)
}

httpClient, err := util.GetRestyClientWithCustomHeaders()
if err != nil {
util.HandleError(err, "unable to create HTTP client")
Expand All @@ -328,15 +318,8 @@ var gatewayStartCmd = &cobra.Command{
util.HandleError(err, "failed to save enrollment token to config")
}

// Always persist the effective domain so restarts use the same backend
effectiveDomain := domain
if effectiveDomain == "" {
effectiveDomain = config.INFISICAL_URL
}
if effectiveDomain != "" {
if err := gatewayv2.SaveDomain(gatewayName, effectiveDomain); err != nil {
util.HandleError(err, "failed to save domain to config")
}
if err := gatewayv2.SaveDomain(gatewayName, config.INFISICAL_URL); err != nil {
util.HandleError(err, "failed to save domain to config")
}

log.Info().Msgf("Gateway enrolled successfully. Access token saved to %s", gatewayv2.GetConfPathDisplay(gatewayName))
Expand All @@ -345,18 +328,7 @@ var gatewayStartCmd = &cobra.Command{
log.Info().Msg("Starting gateway...")
}

// --- Stored token / post-enrollment path ---
// --domain flag takes priority; fall back to domain saved at enrollment time.
// For enrollment flow with alreadyEnrolled, domain was set during original enrollment
// and needs to be loaded from config.
isResourceAuth := enrollMethod == gatewayv2.EnrollMethodToken || enrollMethod == gatewayv2.EnrollMethodAws
if !isResourceAuth || alreadyEnrolled {
if flagDomain, _ := cmd.Flags().GetString("domain"); flagDomain != "" {
config.INFISICAL_URL = util.AppendAPIEndpoint(flagDomain)
} else if storedDomain, _ := gatewayv2.LoadStoredDomain(gatewayName); storedDomain != "" {
config.INFISICAL_URL = util.AppendAPIEndpoint(storedDomain)
}
}

// Only use the stored token when no explicit identity credentials are provided.
// If --token or --auth-method is set, the user wants the identity-based path.
Expand Down Expand Up @@ -388,8 +360,8 @@ var gatewayStartCmd = &cobra.Command{
}

var accessToken atomic.Value
cancelSdk := func() {} // noop by default
var sdkTokenGetter func() string // nil when using stored token
cancelSdk := func() {} // noop by default
var sdkTokenGetter func() string // nil when using stored token
if runningWithStoredToken {
if enrolledAccessToken != "" {
// Fresh enrollment: use the token directly to avoid env var interference
Expand Down
50 changes: 12 additions & 38 deletions packages/cmd/relay.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,14 @@ var relayStartCmd = &cobra.Command{
util.HandleError(err, fmt.Sprintf("unable to get type flag or %s env", gatewayv2.RELAY_TYPE_ENV_NAME))
}

if flagDomain, _ := cmd.Flags().GetString("domain"); flagDomain != "" {
config.INFISICAL_URL = util.AppendAPIEndpoint(flagDomain)
} else if storedDomain, _ := relay.LoadStoredDomain(relayName); storedDomain != "" {
config.INFISICAL_URL = util.AppendAPIEndpoint(storedDomain)
} else if configFile, cfgErr := util.GetConfigFile(); cfgErr == nil && configFile.LoggedInUserDomain != "" {
config.INFISICAL_URL = util.AppendAPIEndpoint(configFile.LoggedInUserDomain)
}
Comment thread
x032205 marked this conversation as resolved.

var enrolledAccessToken string

// --- AWS Auth path ---
Expand All @@ -76,13 +84,6 @@ var relayStartCmd = &cobra.Command{
util.HandleError(errors.New("--relay-id is required when --enroll-method=aws"))
}

domain, _ := cmd.Flags().GetString("domain")
if domain != "" {
config.INFISICAL_URL = util.AppendAPIEndpoint(domain)
} else if storedDomain, _ := relay.LoadStoredDomain(relayName); storedDomain != "" {
config.INFISICAL_URL = util.AppendAPIEndpoint(storedDomain)
}

httpClient, err := util.GetRestyClientWithCustomHeaders()
if err != nil {
util.HandleError(err, "unable to create HTTP client")
Expand All @@ -100,14 +101,8 @@ var relayStartCmd = &cobra.Command{
util.HandleError(err, "failed to save relay id to config")
}

effectiveDomain := domain
if effectiveDomain == "" {
effectiveDomain = config.INFISICAL_URL
}
if effectiveDomain != "" {
if err := relay.SaveDomain(relayName, effectiveDomain); err != nil {
util.HandleError(err, "failed to save domain to config")
}
if err := relay.SaveDomain(relayName, config.INFISICAL_URL); err != nil {
util.HandleError(err, "failed to save domain to config")
}

log.Info().Msgf("Relay authenticated via AWS Auth. State saved to %s", relay.GetConfPathDisplay(relayName))
Expand All @@ -127,13 +122,6 @@ var relayStartCmd = &cobra.Command{
if alreadyEnrolled {
log.Info().Msg("Enrollment token matches stored token. Skipping enrollment.")
} else {
domain, _ := cmd.Flags().GetString("domain")
if domain != "" {
config.INFISICAL_URL = util.AppendAPIEndpoint(domain)
} else if storedDomain, _ := relay.LoadStoredDomain(relayName); storedDomain != "" {
config.INFISICAL_URL = util.AppendAPIEndpoint(storedDomain)
}

httpClient, err := util.GetRestyClientWithCustomHeaders()
if err != nil {
util.HandleError(err, "unable to create HTTP client")
Expand All @@ -156,14 +144,8 @@ var relayStartCmd = &cobra.Command{
util.HandleError(err, "failed to save enrollment token to config")
}

effectiveDomain := domain
if effectiveDomain == "" {
effectiveDomain = config.INFISICAL_URL
}
if effectiveDomain != "" {
if err := relay.SaveDomain(relayName, effectiveDomain); err != nil {
util.HandleError(err, "failed to save domain to config")
}
if err := relay.SaveDomain(relayName, config.INFISICAL_URL); err != nil {
util.HandleError(err, "failed to save domain to config")
}

log.Info().Msgf("Relay enrolled successfully. Access token saved to %s", relay.GetConfPathDisplay(relayName))
Expand All @@ -172,15 +154,7 @@ var relayStartCmd = &cobra.Command{
log.Info().Msg("Starting relay...")
}

// --- Domain resolution for resource auth / stored token ---
isResourceAuth := enrollMethod == relay.EnrollMethodToken || enrollMethod == relay.EnrollMethodAws
if isResourceAuth {
if flagDomain, _ := cmd.Flags().GetString("domain"); flagDomain != "" {
config.INFISICAL_URL = util.AppendAPIEndpoint(flagDomain)
} else if storedDomain, _ := relay.LoadStoredDomain(relayName); storedDomain != "" {
config.INFISICAL_URL = util.AppendAPIEndpoint(storedDomain)
}
}

relayInstance, err := relay.NewRelay(&relay.RelayConfig{
RelayName: relayName,
Expand Down
Loading