feat!: remove multi-account, DWD, and impersonation support

[jpoehnelt]

BREAKING CHANGE: Remove domain-wide delegation, multi-account support,
and impersonation from the CLI authentication flow.

Removed:

• gws auth list and gws auth default commands
• --account flag from gws auth login and gws auth logout
• GOOGLE_WORKSPACE_CLI_ACCOUNT env var
• GOOGLE_WORKSPACE_CLI_IMPERSONATED_USER env var
• Per-account credential storage (accounts.json registry)
• Service account impersonation (subject/DWD)

[changeset-bot]

⚠️ No Changeset found

Latest commit: dfa4fb3

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes changesets to release 1 package

Name	Type
@googleworkspace/cli	Minor

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly refactors the authentication system by eliminating multi-account management, domain-wide delegation, and impersonation capabilities. The change aims to simplify the CLI's authentication flow, focusing on a single-user credential model. This impacts how users log in, manage, and utilize credentials, streamlining the process by removing complex account-specific configurations and commands.

Highlights

• Removed Multi-Account Support: The gws CLI no longer supports managing multiple authenticated accounts. All related commands (gws auth list, gws auth default) and the --account flag have been removed.
• Removed Domain-Wide Delegation (DWD) and Impersonation: Support for Domain-Wide Delegation and impersonation features has been entirely removed from the authentication flow, simplifying credential management.
• Simplified Authentication Logic: The underlying authentication mechanism has been streamlined by removing account resolution logic, per-account credential storage, and associated environment variables (GOOGLE_WORKSPACE_CLI_ACCOUNT, GOOGLE_WORKSPACE_CLI_IMPERSONATED_USER).
• Breaking Change: This update introduces breaking changes by removing previously available multi-account and impersonation functionalities, requiring users to adapt to a single-account authentication model.

Changelog

• src/accounts.rs
  • Removed the entire file, which previously managed the multi-account registry for gws.
• src/auth.rs
  • Updated get_token function signature to remove the account: Option<&str> parameter.
  • Removed logic for resolving accounts and per-account token caches.
  • Removed the resolve_account function and its associated test cases.
• src/auth_commands.rs
  • Updated usage strings to remove list and default subcommands from gws auth.
  • Removed the --account flag from gws auth login and gws auth logout usage descriptions.
  • Removed handle_list and handle_default functions.
  • Simplified handle_logout function by removing account-specific logic.
  • Removed logic for extracting the --account flag from handle_login.
  • Modified CliFlowDelegate to no longer use login_hint.
  • Removed logic for saving per-account encrypted credentials and registering them in accounts.json from handle_login.
• src/credential_store.rs
  • Removed encrypted_credentials_path_for and save_encrypted_for functions, which handled per-account credential paths and saving.
  • Removed several test cases related to per-account credential paths and JSON encryption/decryption.
• src/helpers/calendar.rs
  • Updated auth::get_token calls to remove the account parameter.
• src/helpers/chat.rs
  • Updated auth::get_token calls to remove the account parameter.
• src/helpers/docs.rs
  • Updated auth::get_token calls to remove the account parameter.
• src/helpers/drive.rs
  • Updated auth::get_token calls to remove the account parameter.
• src/helpers/events/renew.rs
  • Updated auth::get_token calls to remove the account parameter.
• src/helpers/events/subscribe.rs
  • Updated auth::get_token calls to remove the account parameter.
• src/helpers/gmail/send.rs
  • Updated auth::get_token calls to remove the account parameter.
• src/helpers/gmail/triage.rs
  • Updated auth::get_token calls to remove the account parameter.
• src/helpers/gmail/watch.rs
  • Updated auth::get_token calls to remove the account parameter.
• src/helpers/modelarmor.rs
  • Updated auth::get_token calls to remove the account parameter.
• src/helpers/script.rs
  • Updated auth::get_token calls to remove the account parameter.
• src/helpers/sheets.rs
  • Updated auth::get_token calls to remove the account parameter.
• src/helpers/workflows.rs
  • Updated auth::get_token calls to remove the account parameter across multiple handler functions.
• src/main.rs
  • Removed the accounts module import.
  • Removed logic for extracting the global --account flag and GOOGLE_WORKSPACE_CLI_ACCOUNT environment variable.
  • Updated usage strings to remove references to the --account flag.
  • Removed the extract_global_account function and its associated test cases.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Generative AI Prohibited Use Policy, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[googleworkspace-bot]

/gemini review

[codecov]

Codecov Report

❌ Patch coverage is 17.56757% with 61 lines in your changes missing coverage. Please review.
✅ Project coverage is 57.97%. Comparing base (54b3b31) to head (dfa4fb3).
⚠️ Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
src/auth_commands.rs	7.69%	24 Missing ⚠️
src/main.rs	16.66%	10 Missing ⚠️
src/helpers/workflows.rs	0.00%	5 Missing ⚠️
src/auth.rs	33.33%	4 Missing ⚠️
src/helpers/calendar.rs	0.00%	2 Missing ⚠️
src/helpers/events/subscribe.rs	0.00%	2 Missing ⚠️
src/helpers/gmail/watch.rs	0.00%	2 Missing ⚠️
src/helpers/modelarmor.rs	0.00%	2 Missing ⚠️
src/helpers/sheets.rs	0.00%	2 Missing ⚠️
src/helpers/chat.rs	0.00%	1 Missing ⚠️
... and 7 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #253      +/-   ##
==========================================
+ Coverage   57.69%   57.97%   +0.28%     
==========================================
  Files          38       37       -1     
  Lines       14327    13797     -530     
==========================================
- Hits         8266     7999     -267     
+ Misses       6061     5798     -263     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[gemini-code-assist]

Code Review

This pull request removes all multi-account management features from the gws CLI tool. The accounts.rs module, which handled account registration, default account management, and email normalization, has been deleted. Consequently, the auth::get_token function no longer accepts an account parameter, and all calls to it across various helper modules (calendar, chat, docs, drive, events, gmail, modelarmor, script, sheets, workflows) have been updated to reflect this change. The auth_commands.rs file has been modified to remove list and default subcommands, and the login and logout commands no longer support --account flags or per-account operations. The credential_store.rs module has removed functions for per-account encrypted credentials. Finally, main.rs has removed all global --account flag parsing logic, related environment variable documentation, and associated test cases, streamlining the authentication flow to a single, non-account-specific credential store.

[googleworkspace-bot]

/gemini review

[gemini-code-assist]

Code Review

This pull request is a significant and welcome simplification of the authentication flow, removing multi-account support, domain-wide delegation, and impersonation. The changes are extensive and touch many parts of the codebase, but they appear to be correctly implemented for the most part. I've identified a couple of areas for improvement, mainly concerning cleanup of old credential files during logout and ensuring robust test coverage for the encryption logic. Overall, this is a great step towards a more streamlined and maintainable CLI.

I am having trouble creating individual review comments. Click here to see my feedback.

src/credential_store.rs (390-399)

The test decrypt_rejects_tampered_nonce has been removed. This test was important as it verified that tampering with the nonce of an encrypted payload would cause decryption to fail, which is a critical security property of AEAD ciphers like AES-GCM. Removing this test reduces confidence in the security of the credential encryption. Please consider re-adding this test or a similar one to ensure this security guarantee is maintained.

[gemini-code-assist]

Code Review

This pull request correctly removes multi-account, domain-wide delegation, and impersonation support, which significantly simplifies the authentication flow. The changes are extensive and consistent with the stated goal. I've identified a couple of areas for improvement related to the completeness of the cleanup logic and maintaining test coverage for security-sensitive components.

I am having trouble creating individual review comments. Click here to see my feedback.

src/credential_store.rs (349-363)

The tests encrypt_decrypt_json_credentials and encrypt_decrypt_large_payload were removed. These tests are valuable for ensuring the encryption logic works correctly with realistic and large payloads. Please consider restoring them to maintain good test coverage for this critical component.

src/credential_store.rs (390-399)

This test, decrypt_rejects_tampered_nonce, is important for verifying the security of the encryption implementation. Tampering with the nonce is a valid attack vector, and ensuring that the decryption function correctly rejects such attempts is crucial. This test should be restored to maintain robust security testing for the credential store.