diff --git a/cmd/cloud/setup.go b/cmd/cloud/setup.go index 190db9eea..5f26500f3 100644 --- a/cmd/cloud/setup.go +++ b/cmd/cloud/setup.go @@ -406,7 +406,7 @@ func checkAPIToken(isDeploymentFile bool, platformCoreClient astroplatformcore.C if len(claims.Permissions) == 0 { return false, errNotAPIToken } - if claims.ExpiresAt.Before(time.Now()) { + if claims.ExpiresAt != nil && claims.ExpiresAt.Before(time.Now()) { fmt.Printf("The given API Token %s has expired \n", claims.APITokenID) return false, errExpiredAPIToken } diff --git a/cmd/cloud/setup_test.go b/cmd/cloud/setup_test.go index 6f5751096..2563b6ec6 100644 --- a/cmd/cloud/setup_test.go +++ b/cmd/cloud/setup_test.go @@ -460,4 +460,44 @@ func TestCheckAPIToken(t *testing.T) { _, err = checkAPIToken(true, mockPlatformCoreClient) assert.ErrorIs(t, err, errExpiredAPIToken) }) + + t.Run("non-expiry token", func(t *testing.T) { + permissions = []string{ + "workspaceId:workspace-id", + "organizationId:org-ID", + } + mockClaims = util.CustomClaims{ + Permissions: permissions, + RegisteredClaims: jwt.RegisteredClaims{ + Issuer: "test-issuer", + Subject: "test-subject", + Audience: jwt.ClaimStrings{"audience1", "audience2"}, + NotBefore: jwt.NewNumericDate(time.Now()), + IssuedAt: jwt.NewNumericDate(time.Now()), + ID: "test-id", + }, + } + + authLogin = func(domain, token string, coreClient astrocore.CoreClient, platformCoreClient astroplatformcore.CoreClient, out io.Writer, shouldDisplayLoginLink bool) error { + return nil + } + + parseAPIToken = func(astroAPIToken string) (*util.CustomClaims, error) { + return &mockClaims, nil + } + + mockPlatformCoreClient.On("ListOrganizationsWithResponse", mock.Anything, &astroplatformcore.ListOrganizationsParams{}).Return(&mockOrgsResponse, nil).Once() + + t.Setenv("ASTRO_API_TOKEN", "token") + + // Switch context + domain := "astronomer-dev.io" + err := context.Switch(domain) + assert.NoError(t, err) + + // run CheckAPIKeys + _, err = checkAPIToken(true, mockPlatformCoreClient) + assert.NoError(t, err) + }) + }