Skip to content

feat: implement credential manager #78

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: implement credential manager #78

wants to merge 1 commit into from

Conversation

sujit4
Copy link
Contributor

@sujit4 sujit4 commented Jul 25, 2025
edited
Loading

Implement Unified Credential Manager

Screenshot 2025-07-24 at 4 52 55 PM

🎯 Overview

This PR introduces a comprehensive credential management system for Halberd, refactoring the existing monolithic credential handling into a clean, modular architecture that supports all four cloud providers (AWS, Azure, GCP, Entra ID) through a unified interface.

📊 Changes Summary

  • +1,010 additions, -37 deletions across 14 files
  • Major architectural refactoring from monolithic to modular design
  • Enhanced credential dropdown UI with provider-specific styling
  • Improved error handling and token management
  • Added comprehensive CSS styling for multi-provider credential display

✨ Key Features Implemented

🏗️ Core Architecture

  • Unified Credential Manager (core/credential_manager.py): Central orchestrator for all cloud provider credentials
  • Standardized Data Types (core/credential_types.py): Common data structures and provider configurations
  • Plugin Architecture (core/providers/): Extensible provider system with abstract base class

🔌 Provider System

  • Base Provider (core/providers/base_provider.py): Abstract interface defining credential operations
  • Provider Implementations:
    • AWS Provider: Integrates with SessionManager for AWS credential management
    • Azure Provider: Handles Azure CLI-based credentials
    • GCP Provider: Manages service account and user credentials with new deletion capability
    • Entra ID Provider: Enhanced JWT token handling with robust error handling

🎨 Enhanced UI/UX

  • Provider-Specific Icons: Visual distinction with mdi:aws, mdi:microsoft, mdi:google-cloud icons
  • Status Indicators: Clear active/expired/inactive states with color coding
  • Improved Dropdown: Better organization, hover effects, and responsive design
  • Credential Count Display: Shows valid/total credentials ratio

🛠️ Technical Improvements

Error Handling & Robustness

JWT Token Processing (core/entra/token_info.py):

  • Added defensive programming for missing token claims
  • Graceful handling of malformed tokens with fallback values
  • Fixed KeyError issues with optional fields (tid, idtyp, exp, scp, roles)

GCP Credential Management

New Deletion Method (core/gcp/gcp_access.py):

  • Added delete_credential_by_name() method for targeted credential removal
  • Proper error handling for non-existent credentials
  • Maintains credential file integrity

AWS Session Management

Fixed Missing Decorator (core/aws/aws_session_manager.py):

  • Added @classmethod decorator to remove_session() method

UI Enhancements (assets/halberd.css)

  • Credential Dropdown Styling: 134+ lines of new CSS for polished multi-provider interface
  • Dark Theme Integration: Consistent with existing Halberd dark theme
  • Responsive Design: Proper sizing and overflow handling for credential lists
  • Interactive Elements: Hover effects, focus states, and smooth transitions

💡 Code Quality Improvements

Separation of Concerns

  • UI Layer: Clean separation between presentation and business logic
  • Provider Layer: Each cloud provider encapsulated in dedicated modules
  • Data Layer: Standardized credential data structures across providers

DRY Principles

  • Unified Interface: Common operations (get, delete, set_active) across all providers
  • Shared Components: Reusable credential item creation logic
  • Configuration-Driven: Provider configs eliminate hardcoded values

Type Safety

  • Dataclasses: Structured credential data with type hints
  • Enums: Standardized credential status enumeration
  • Type Aliases: Better code readability and maintainability

✅ Testing & Validation

  • Comprehensive Provider Coverage: All four cloud providers tested and validated
  • Error Scenario Handling: Graceful degradation when providers are unavailable
  • Token Format Compatibility: Handles both legacy string and new dictionary token formats

🔄 Migration Impact

  • Zero Breaking Changes: Existing functionality preserved during refactoring
  • Backward Compatibility: Legacy token formats continue to work
  • Seamless Integration: Drop-in replacement for existing credential management

📁 Files Modified

File Lines Changed Type
core/credential_manager.py +166 New
core/credential_types.py +70 New
core/providers/ (4 files) +357 New
assets/halberd.css +134 Enhanced
halberd.py +152, -37 Refactored
core/entra/token_info.py +28, -13 Fixed
core/gcp/gcp_access.py +16 Enhanced

🎯 Test Plan

  • Test AWS credential display, deletion, and activation
  • Test Azure credential integration with CLI
  • Test GCP credential management with new deletion feature
  • Test Entra ID token handling with improved error handling
  • Verify UI responsiveness across all providers
  • Validate backward compatibility with existing credentials

@openrec0n openrec0n self-assigned this Jul 25, 2025
@openrec0n openrec0n added enhancement New feature or request new feature Change that adds a new feature labels Jul 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@openrec0n openrec0n

Labels
enhancement New feature or request new feature Change that adds a new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sujit4 @openrec0n