fix: respect --tenant-uuid flag

[AvitalTamir]

• Fixed a bug where the --tenant-uuid flag was being ignored by 5 CLI commands (get-ingestion-key, print-api-key, get-datasources-api-key, generate-client-token, generate-service-account-token).
  These commands now properly check for the flag value before falling back to interactive tenant selection.
• Added unit tests to prevent regression.

Summary by CodeRabbit

• New Features

  • Added a --tenant-uuid flag to let CLI commands accept a tenant UUID; commands will use it when provided and fall back to existing tenant lookup when omitted. API key, client token, datasource key, ingestion key, and service account flows now consistently operate using tenant UUIDs.

• Tests

  • Added comprehensive tests covering flag registration, command visibility, viper binding, empty vs valid UUID behavior, and tenant-resolution flow.

[coderabbitai]

Walkthrough

Commands now read a TENANT_UUID_FLAG (via viper) and, if empty, fall back to fetchTenant(); code was changed to use a tenantUUID string across commands and API client calls instead of passing TenantInfo objects. A new helper getTenantUUID centralizes flag-or-fetch behavior and tests validate the flag and flows.

Changes

Cohort / File(s)	Summary
Tenant UUID helper cmd/login.go	Add getTenantUUID() which reads TENANT_UUID_FLAG via viper and returns (tenantUUID string, error); falls back to fetchTenant() when flag is empty.
Commands switched to tenantUUID cmd/api_key.go, cmd/generate_client_token.go, cmd/get_datasources_api_key.go, cmd/ingestion_key.go, cmd/service_account.go	Replace fetchTenant() usage with getTenantUUID(); call downstream functions with tenantUUID string (e.g., fetchApiKey(tenantUUID), fetchClientToken(tenantUUID), GetOrCreateIngestionKey(tenantUUID, ...)) instead of tenant.UUID; remove unused groundcover.com/pkg/api imports where applicable.
API client signatures pkg/api/client.go	Change public methods to accept tenantUUID string (GetDatasourcesAPIKey, GetOrCreateClientToken) and use the tenant UUID header when making requests.
Tests: TENANT_UUID_FLAG behavior cmd/ingestion_key_test.go, cmd/tenant_uuid_flag_test.go	Add tests using viper and testify/suite to validate TENANT_UUID_FLAG constant, persistent flag registration on RootCmd, viper binding/readback, empty vs set flag handling, visibility across commands, and getTenantUUID/fetch fallback behavior.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant CLI as CLI Command
  participant Viper as viper
  participant Helper as getTenantUUID
  participant API as Backend / fetchTenant

  User->>CLI: Run command
  CLI->>Helper: getTenantUUID()
  Helper->>Viper: Read TENANT_UUID_FLAG
  alt flag set
    Note right of Helper #DFF2E1: return tenantUUID (from flag)
    Helper-->>CLI: tenantUUID, nil
  else flag empty
    Helper->>API: fetchTenant()
    API-->>Helper: tenant (contains UUID)
    Note right of Helper #FFF3CD: tenantUUID = tenant.UUID
    Helper-->>CLI: tenantUUID, nil
  end
  CLI->>API: Call action using tenantUUID (e.g., fetchApiKey, GetOrCreateIngestionKey)
  API-->>CLI: Result
  CLI-->>User: Output

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title succinctly and accurately describes the primary change of respecting the --tenant-uuid flag, which aligns directly with the bug fix applied across the affected CLI commands.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch avital/core-6862-cli-respect-tenant-uuid-flag-in-ingestion-key-creation

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 2fc00ae and 8ac6467.

📒 Files selected for processing (8)

• cmd/api_key.go (1 hunks)
• cmd/generate_client_token.go (3 hunks)
• cmd/get_datasources_api_key.go (3 hunks)
• cmd/ingestion_key.go (3 hunks)
• cmd/login.go (2 hunks)
• cmd/service_account.go (1 hunks)
• cmd/tenant_uuid_flag_test.go (1 hunks)
• pkg/api/client.go (4 hunks)

🧰 Additional context used

🧬 Code graph analysis (6)

cmd/service_account.go (1)

pkg/auth/sa_token.go (1)

• SAToken (11-13)

cmd/get_datasources_api_key.go (1)

pkg/auth/api_key.go (1)

• ApiKey (13-15)

pkg/api/client.go (3)

pkg/auth/client.go (1)

• Client (21-27)

pkg/auth/api_key.go (1)

• ApiKey (13-15)

pkg/api/tenant.go (1)

• TenantUUIDHeader (8-8)

cmd/login.go (1)

cmd/root.go (1)

• TENANT_UUID_FLAG (30-30)

cmd/api_key.go (1)

pkg/auth/api_key.go (1)

• ApiKey (13-15)

cmd/tenant_uuid_flag_test.go (2)

cmd/root.go (2)

• TENANT_UUID_FLAG (30-30)
• RootCmd (94-128)

cmd/ingestion_key.go (1)

• IngestionKeyCmd (14-62)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Analyze (go)

🔇 Additional comments (21)

cmd/login.go (2)

9-9: Import added for flag lookup.

Viper import supports reading the --tenant-uuid flag.

---

122-133: Helper centralizes tenant UUID resolution.

getTenantUUID() checks the flag first, then falls back to interactive selection. Clean implementation that eliminates duplication across commands.

cmd/service_account.go (2)

16-19: Migrated to getTenantUUID().

Consistently uses the new helper to respect the flag.

---

22-22: Passes tenantUUID string to API call.

Aligns with updated fetchServiceAccountToken signature.

cmd/get_datasources_api_key.go (2)

16-19: Migrated to getTenantUUID().

Now respects the --tenant-uuid flag.

---

36-36: Signature updated to accept tenantUUID string.

Cleaner API - no longer requires full tenant object.

cmd/ingestion_key.go (2)

22-25: Migrated to getTenantUUID().

Respects the flag before falling back to interactive selection.

---

53-53: Passes tenantUUID to ingestion key API.

Consistent with the tenantUUID-centric approach.

cmd/api_key.go (2)

15-18: Migrated to getTenantUUID().

Respects the flag as intended by the fix.

---

21-21: Passes tenantUUID to fetch API key.

Aligns with fetchApiKey signature in login.go.

cmd/generate_client_token.go (2)

16-19: Migrated to getTenantUUID().

Previous complexity eliminated - now uses centralized helper.

---

32-32: Signature simplified to accept tenantUUID string.

Cleaner than passing full tenant object.

pkg/api/client.go (4)

112-112: API signature updated to accept tenantUUID string.

Cleaner contract - callers pass UUID directly instead of tenant object.

---

125-125: Header correctly uses tenantUUID.

Consistent with the signature change.

---

141-141: API signature updated to accept tenantUUID string.

Matches the pattern in GetDatasourcesAPIKey.

---

154-154: Header correctly uses tenantUUID.

Consistent with the signature change.

cmd/tenant_uuid_flag_test.go (5)

15-23: Setup preserves viper state between tests.

Clean isolation prevents test pollution.

---

29-35: Validates flag registration.

Confirms flag exists with correct default and usage text.

---

69-89: Verifies flag accessibility across commands.

Ensures all five affected commands can read the persistent flag.

---

92-119: Tests flag-or-fetch pattern.

Validates conditional logic: empty flag triggers fetchTenant(), non-empty flag skips it.

---

121-145: Tests getTenantUUID() behavior.

Covers flag-set scenario - confirms UUID returned from flag without calling fetchTenant().

Note: These tests only verify the flag-set path. When the flag is empty, getTenantUUID() calls fetchTenant(), which requires Auth0 token and makes API requests - those paths aren't covered here. Consider mocking fetchTenant() to test the fallback path without external dependencies.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

cmd/get_datasources_api_key.go (1)

17-26: LGTM - Consistent flag handling pattern.

The tenant UUID flag logic correctly prioritizes the flag value before falling back to fetchTenant(). The creation of a partial TenantInfo struct on Line 25 ensures downstream code receives the required type.

Note: fetchDatasourcesAPIKey receives a *api.TenantInfo but only uses it for API calls. Consider refactoring to accept tenantUUID string directly for consistency with other refactored functions like fetchServiceAccountToken and fetchApiKey.

cmd/ingestion_key_test.go (1)

10-44: Good test coverage for flag state management.

The table-driven test validates that viper correctly stores and retrieves the tenant UUID flag value. The setup/teardown properly isolates test state.

Note: These tests verify viper state but don't exercise the command execution path. Consider adding integration tests that mock fetchTenant and verify the command uses the flag value correctly when set vs. falling back to fetchTenant when empty.

cmd/tenant_uuid_flag_test.go (1)

69-89: Validates flag accessibility across commands.

Ensures all 5 affected commands can access the persistent flag. The test correctly iterates through the command list.

Minor suggestion: The test retrieves tc.cmd but then checks RootCmd.PersistentFlags(). Consider using the command's own persistent flags lookup to make the test more accurate, though the current approach works since persistent flags inherit from parent commands.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between c3cdc85 and ded15d3.

📒 Files selected for processing (7)

• cmd/api_key.go (2 hunks)
• cmd/generate_client_token.go (2 hunks)
• cmd/get_datasources_api_key.go (2 hunks)
• cmd/ingestion_key.go (3 hunks)
• cmd/ingestion_key_test.go (1 hunks)
• cmd/service_account.go (2 hunks)
• cmd/tenant_uuid_flag_test.go (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (7)

cmd/api_key.go (3)

pkg/api/tenant.go (1)

• TenantInfo (20-24)

cmd/root.go (1)

• TENANT_UUID_FLAG (30-30)

pkg/auth/api_key.go (1)

• ApiKey (13-15)

cmd/ingestion_key_test.go (1)

cmd/root.go (2)

• TENANT_UUID_FLAG (30-30)
• RootCmd (94-128)

cmd/generate_client_token.go (2)

pkg/api/tenant.go (1)

• TenantInfo (20-24)

cmd/root.go (1)

• TENANT_UUID_FLAG (30-30)

cmd/ingestion_key.go (2)

pkg/api/tenant.go (1)

• TenantInfo (20-24)

cmd/root.go (1)

• TENANT_UUID_FLAG (30-30)

cmd/get_datasources_api_key.go (2)

pkg/api/tenant.go (1)

• TenantInfo (20-24)

cmd/root.go (1)

• TENANT_UUID_FLAG (30-30)

cmd/service_account.go (3)

pkg/api/tenant.go (1)

• TenantInfo (20-24)

cmd/root.go (1)

• TENANT_UUID_FLAG (30-30)

pkg/auth/sa_token.go (1)

• SAToken (11-13)

cmd/tenant_uuid_flag_test.go (2)

cmd/root.go (2)

• TENANT_UUID_FLAG (30-30)
• RootCmd (94-128)

cmd/ingestion_key.go (1)

• IngestionKeyCmd (15-67)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: goreleaser
• GitHub Check: Analyze (go)

🔇 Additional comments (8)

cmd/api_key.go (1)

17-24: Clean implementation - no issues found.

The tenant UUID handling is straightforward and fetchApiKey correctly accepts tenantUUID as a string parameter, avoiding the need for a partial struct.

cmd/service_account.go (1)

17-24: LGTM - Consistent with other commands.

Implementation follows the same clean pattern as api_key.go. The tenant variable is declared but unused when the flag is provided, which is acceptable as it maintains code symmetry.

cmd/ingestion_key.go (1)

28-35: LGTM - Properly integrated.

The tenant UUID flag handling integrates cleanly with both selectBackendName and GetOrCreateIngestionKey calls, using tenantUUID consistently throughout.

cmd/ingestion_key_test.go (1)

46-54: LGTM - Validates flag registration.

Verifies the constant value, flag existence, and default value. Essential checks for ensuring the flag is properly configured.

cmd/tenant_uuid_flag_test.go (4)

10-27: Excellent use of test suite for state isolation.

The suite pattern with SetupTest/TearDownTest ensures each test starts with a clean viper state, preventing test pollution.

---

29-40: Thorough validation of flag configuration.

Tests verify registration, default value, usage description, and constant correctness. Complete coverage of flag metadata.

---

42-66: Good coverage of viper behavior.

Tests cover both empty and valid UUID scenarios, ensuring viper correctly handles the flag value in both cases.

---

92-119: Integration-style test validates the implementation pattern.

This test simulates the actual conditional logic used in the commands (if tenantUUID == ""), providing valuable coverage of the pattern's behavior.

[ryechezkel]

Maybe easier to put the logic inside the fetchTenanat logic ?

[AvitalTamir]

@ryechezkel yes it could be DRYer, added a helper to either fetch the tenant or use the flag.

[ryechezkel]

Why do we need tenant info and UUID? Why not just return tenant info ?

[AvitalTamir]

Cleaned up some everything uses UUID across the board