DEVP-476: Fix init failure when keychain is missing but profile exists #32
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Implements DEVP-492: Extract reusable credential prompt and validation method to eliminate code duplication and improve maintainability. Changes: - Add _prompt_and_validate_credentials() async method to ConfigManager - Method prompts for API token with hidden input - Validates credentials via Workato API call - Stores validated token in keyring - Returns ProfileData with workspace information - Comprehensive error handling for empty tokens, API failures, and keyring issues Tests: - Add 4 unit tests covering success, empty token, API failure, and keyring disabled scenarios - All tests pass (79 tests total) - Type checking and linting clean 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Modified _prompt_and_validate_credentials() to return tuple[ProfileData, str] - Removed duplicate credential prompting and token storage logic from _create_new_profile() - Updated _create_new_profile() to use the reusable credential validation method - Updated tests to match new method signature - Token storage now handled consistently by set_profile() method This eliminates code duplication and improves separation of concerns between credential validation and profile storage. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
When selecting an existing profile, check if credentials exist in keychain. If missing, prompt user to re-enter API token and validate via API call. This fixes the bug where init fails when keychain is missing credentials. Added tests: - test_setup_profile_existing_with_valid_credentials - test_setup_profile_existing_with_missing_credentials 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Add validation to detect when a profile exists but credentials are missing from the keychain in non-interactive mode. This provides clear, actionable error messages instead of cryptic authentication failures. Changes: - Add credential check after ConfigManager.initialize() for existing profiles - Use SystemExit(1) for JSON mode to ensure proper exit codes - Use click.Abort() for table mode for standard CLI behavior - Skip validation when creating new profiles (region+api_token provided) - Respect WORKATO_API_TOKEN environment variable Tests: - Add test for missing credentials in JSON mode - Add test for missing credentials in table mode - Add test for valid credentials (success path) - Add test for new profile creation (validation skipped) - Update existing tests to mock validate_environment_config() All tests pass (25/25), type checking passes, linting passes. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Update test_setup_profile_existing_with_missing_credentials to check for the actual prompt message "Enter your API token" instead of the incorrect "Please re-enter your API token". The implementation in _prompt_and_validate_credentials() outputs "Enter your Workato API token", so the test should verify this actual behavior. Test results: - All 929 tests pass - 97% code coverage maintained - Type checking passes (mypy) - Linting passes (ruff) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
When running `workato init` in non-interactive mode with an existing profile that has missing keychain credentials, the CLI now shows a clear error message instead of attempting authentication and failing with "Authentication failed". Changes: - Add credential validation in ConfigManager._setup_non_interactive() before attempting API authentication - Add specific ClickException handler to show clean error messages without the "ClickException" label - Error message now clearly states: "Profile 'X' exists but credentials not found in keychain. Please run 'workato init' interactively or set WORKATO_API_TOKEN environment variable." This improves the user experience by providing actionable guidance when credentials are missing in non-interactive scenarios. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
The validation logic was moved from init.py to manager.py in commit 3a70678, which changes how ClickException is raised and handled. The exception handler now converts all ClickException to SystemExit(1) for both JSON and table modes, with appropriate error messages for each. Updated tests to: - Expect SystemExit(1) for both JSON and table modes (not click.Abort) - Mock ConfigManager.initialize to raise ClickException directly - Verify error_code is 'CLI_ERROR' (not 'MISSING_CREDENTIALS') - Mock click.get_current_context to provide output_mode to exception handler All 25 tests in test_init.py now pass. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
…sing-but-profile-exists
hovu96
deleted the
DEVP-476-bug-init-fails-when-keychain-is-missing-but-profile-exists
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Fixes the bug where
workato initfails with a generic "Authentication failed" error when keychain credentials are missing for an existing profile.Before: Users got a confusing error and were unable to re-initialize
After: Clear error messages guide users to re-enter credentials or set environment variables
Changes Made
1. Core Refactoring (DEVP-492, DEVP-493)
_prompt_and_validate_credentials()method_create_new_profile()to eliminate ~39 lines of duplicate code2. Interactive Mode Fix (DEVP-494)
_setup_profile()for existing profiles3. Non-Interactive Mode Fix (DEVP-495)
_setup_non_interactive()before API authenticationWORKATO_API_TOKENenvironment variable4. Exception Handling Improvements (DEVP-497)
click.ClickExceptionin exception_handler.pyFiles Modified
src/workato_platform_cli/cli/utils/config/manager.py- Core credential validation logicsrc/workato_platform_cli/cli/utils/exception_handler.py- Improved error handlingtests/unit/config/test_manager.py- Added 6 new teststests/unit/commands/test_init.py- Added 4 new tests for non-interactive modeTesting
Test Plan
Interactive mode with missing credentials:
workato initNon-interactive mode with missing credentials:
workato init --profile existing --non-interactive --project-id 123Environment variable fallback:
WORKATO_API_TOKENand run non-interactive mode🤖 Generated with Claude Code