fix bug where -n and -k was mutually exclusive (#281)

* fixed bug where  -n and -k was mutually exclusive

* added credential overlap warning messages

Author: bcwu

rsconnect/api.py

@@ -338,6 +338,7 @@ def __init__(
     ) -> None:
         self.reset()
         self._d = kwargs
+        self.logger = logger
         self.setup_remote_server(
             name=name,
             url=url or kwargs.get("server"),
@@ -350,7 +351,6 @@ def __init__(
             secret=secret,
         )
         self.setup_client(cookies, timeout)
-        self.logger = logger
 
     @classmethod
     def fromConnectServer(cls, connect_server, **kwargs):
@@ -404,12 +404,38 @@ def setup_remote_server(
         server_data = ServerStore().resolve(name, url)
         if server_data.from_store:
             url = server_data.url
-            api_key = server_data.api_key
-            insecure = server_data.insecure
-            ca_data = server_data.ca_data
-            account_name = server_data.account_name
-            token = server_data.token
-            secret = server_data.secret
+            if (
+                server_data.api_key
+                and api_key
+                or server_data.insecure
+                and insecure
+                or server_data.ca_data
+                and ca_data
+                or server_data.account_name
+                and account_name
+                or server_data.token
+                and token
+                or server_data.secret
+                and secret
+            ) and self.logger:
+                self.logger.warning(
+                    "Connect detected CLI commands and/or environment variables that overlap with stored credential.\n"
+                )
+                self.logger.warning(
+                    "Check your environment variables (e.g. CONNECT_API_KEY) to make sure you want them to be used.\n"
+                )
+                self.logger.warning(
+                    "Credential paremeters are taken with the following precedence: stored > CLI > environment.\n"
+                )
+                self.logger.warning(
+                    "To ignore an environment variable, override it in the CLI with an empty string (e.g. -k '').\n"
+                )
+            api_key = server_data.api_key or api_key
+            insecure = server_data.insecure or insecure
+            ca_data = server_data.ca_data or ca_data
+            account_name = server_data.account_name or account_name
+            token = server_data.token or token
+            secret = server_data.secret or secret
         self.is_server_from_store = server_data.from_store
 
         if api_key:

rsconnect/main.py

@@ -314,11 +314,19 @@ def _test_shinyappsio_creds(server: api.ShinyappsServer):
     type=click.File(),
     help="The path to trusted TLS CA certificates.",
 )
-@shinyapps_args
 @click.option("--verbose", "-v", is_flag=True, help="Print detailed messages.")
-def add(name, server, api_key, insecure, cacert, account, token, secret, verbose):
+@shinyapps_args
+@click.pass_context
+def add(ctx, name, server, api_key, insecure, cacert, account, token, secret, verbose):
 
     set_verbosity(verbose)
+    if sys.version_info >= (3, 8):
+        click.echo("Detected the following inputs:")
+        for k, v in locals().items():
+            if k in {"ctx", "verbose"}:
+                continue
+            if v is not None:
+                click.echo("    {}: {}".format(k, ctx.get_parameter_source(k).name))
 
     validation.validate_connection_options(
         url=server,
@@ -385,10 +393,11 @@ def list_servers(verbose):
             for server in servers:
                 click.echo('Nickname: "%s"' % server["name"])
                 click.echo("    URL: %s" % server["url"])
-                click.echo("    API key is saved")
-                if server["insecure"]:
+                if server.get("api_key"):
+                    click.echo("    API key is saved")
+                if server.get("insecure"):
                     click.echo("    Insecure mode (TLS host/certificate validation disabled)")
-                if server["ca_cert"]:
+                if server.get("ca_cert"):
                     click.echo("    Client TLS certificate data provided")
                 click.echo()
 

rsconnect/validation.py

@@ -14,7 +14,7 @@ def validate_connection_options(url, api_key, insecure, cacert, account_name, to
     """
     connect_options = {"-k/--api-key": api_key, "-i/--insecure": insecure, "-c/--cacert": cacert}
     shinyapps_options = {"-T/--token": token, "-S/--secret": secret, "-A/--account": account_name}
-    options_mutually_exclusive_with_name = {"-s/--server": url, **connect_options, **shinyapps_options}
+    options_mutually_exclusive_with_name = {"-s/--server": url, **shinyapps_options}
     present_options_mutually_exclusive_with_name = _get_present_options(options_mutually_exclusive_with_name)
 
     if name and present_options_mutually_exclusive_with_name: