WIP Atmos Auth

[Benbentwo]

Note

Replaces PR #1389

Atmos Auth

This pull request introduces a new authentication framework to the Atmos CLI, adds a demo project for auth configuration, and improves CI/CD workflows to support OIDC and integration testing. The most important changes are the addition of new CLI commands for authentication, a comprehensive demo project showcasing auth configuration, and updates to CI workflows to test these features.

Authentication CLI enhancements

• auth - Helper Command containing other commands
  • login - Sign into an identity - forces refresh of credentials
  • user - User command root.
    • configure - Configure an Identities Credentials in keystore.

Demo project for authentication

• Added a new examples/demo-auth project, including a sample atmos.yaml with a detailed auth section, Terraform component, stack manifest, and supporting files to demonstrate and test authentication flows (examples/demo-auth/README.md, examples/demo-auth/atmos.yaml, examples/demo-auth/components/terraform/whoami/*, examples/demo-auth/stacks/deploy/dev/demo.yaml). [1] [2] [3] [4] [5] [6] [7]

CI/CD and integration testing improvements

• Added a new GitHub Actions workflow (oidc-localstack-integration.yml) to run unit and OIDC + LocalStack integration tests, ensuring authentication features are validated in CI (.github/workflows/oidc-localstack-integration.yml).
• Updated the main test workflow to include the new demo project and grant id-token permissions for OIDC testing (.github/workflows/test.yml). [1] [2] [3]

Dependency updates

• Added dependencies for AWS SSO, SSOOIDC, SAML2, keyring, testcontainers, and related libraries to support new authentication features and secure credential storage (go.mod). [1] [2] [3] [4] [5]

Utility and codebase improvements

• Refactored URL opening logic in the docs command to use a new utility function, improving cross-platform compatibility (cmd/docs.go). [1] [2] [3]

These changes collectively introduce robust authentication support in Atmos, provide a demo for users and CI, and ensure the codebase is ready for advanced identity and access management workflows.

[github-advanced-security]

golangci-lint found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

[codecov]

Codecov Report

❌ Patch coverage is 34.57711% with 1052 lines in your changes missing coverage. Please review.
✅ Project coverage is 54.55%. Comparing base (6f99b9e) to head (e6b1391).

Files with missing lines	Patch %	Lines
internal/auth/aws_saml.go	9.92%	233 Missing and 3 partials ⚠️
internal/auth/aws_identity_center.go	4.93%	209 Missing and 3 partials ⚠️
internal/auth/aws_oidc.go	42.77%	93 Missing and 10 partials ⚠️
internal/auth/utils_aws.go	59.13%	60 Missing and 25 partials ⚠️
internal/auth/aws_user.go	42.27%	66 Missing and 5 partials ⚠️
cmd/auth_user.go	4.34%	66 Missing ⚠️
internal/auth/load.go	58.99%	45 Missing and 12 partials ⚠️
internal/auth/utils.go	0.00%	47 Missing ⚠️
internal/auth/exec.go	35.82%	40 Missing and 3 partials ⚠️
internal/auth/aws_assume_role.go	74.30%	27 Missing and 10 partials ⚠️
... and 12 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1424      +/-   ##
==========================================
- Coverage   55.61%   54.55%   -1.07%     
==========================================
  Files         273      287      +14     
  Lines       28620    30190    +1570     
==========================================
+ Hits        15918    16470     +552     
- Misses      10919    11856     +937     
- Partials     1783     1864      +81     

Flag	Coverage Δ
unittests	54.55% <34.57%> (-1.07%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[mergify]

💥 This pull request now has conflicts. Could you fix it @Benbentwo? 🙏