Skip to content

feat: added suborg login property for machine identities#117

Merged
akhilmhdh merged 3 commits intomainfrom
feat/sub-org-flag
Feb 2, 2026
Merged

feat: added suborg login property for machine identities#117
akhilmhdh merged 3 commits intomainfrom
feat/sub-org-flag

Conversation

@akhilmhdh
Copy link
Member

@akhilmhdh akhilmhdh commented Jan 30, 2026

Description 📣

This PR adds support for sub-org login for the machine identity both in login command and gateway command. This allows accessing resources inside a sub-organization.

Type ✨

  • Bug fix
  • New feature
  • Improvement
  • Breaking change
  • Documentation

Tests 🛠️

  • Login without organization slug
  • Login with --organization-slug flag

@akhilmhdh akhilmhdh requested a review from varonix0 January 30, 2026 16:21
@greptile-apps
Copy link
Contributor

greptile-apps bot commented Jan 30, 2026

Greptile Overview

Greptile Summary

This PR adds support for sub-organization login scoping for machine identities in both the login and gateway start commands.

Key Changes

  • Added --organization-slug flag to the login command and gateway start command
  • Updated all machine identity authentication methods (HandleUniversalAuthLogin, HandleJwtAuthLogin, HandleKubernetesAuthLogin, HandleAzureAuthLogin, HandleGcpIdTokenAuthLogin, HandleGcpIamAuthLogin, HandleAwsIamAuthLogin, HandleOidcAuthLogin, HandleLdapAuthLogin) to retrieve and pass the organization slug to the SDK via .WithOrganizationSlug()
  • Upgraded github.com/infisical/go-sdk from v0.6.1 to v0.6.8 to support the new functionality
  • Used consistent pattern across all auth methods: retrieve slug with GetCmdFlagOrEnvWithDefaultValue (defaults to empty string), then chain .WithOrganizationSlug(organizationSlug) before the auth call

Documentation Gap

No documentation exists in the /docs folder for this feature. Consider documenting how customers can discover and use the --organization-slug flag for sub-organization access.

Confidence Score: 5/5

  • This PR is safe to merge with no critical issues found
  • The implementation follows a consistent pattern across all authentication methods, properly retrieves the organization slug with appropriate error handling, and uses a safe default value (empty string) when not provided. The SDK upgrade appears to be the enabler for this feature. No security vulnerabilities or breaking changes detected.
  • No files require special attention

Important Files Changed

Filename Overview
go.mod Updated go-sdk from v0.6.1 to v0.6.8, moved memguard from indirect to direct dependency
packages/util/auth.go Added organization-slug support to all machine identity auth methods using WithOrganizationSlug() pattern
packages/cmd/login.go Added organization-slug flag to login command for machine identity logins
packages/cmd/gateway.go Added organization-slug flag to gateway start command for sub-organization scoping

varonix0
varonix0 requested changes Jan 30, 2026
View reviewed changes
packages/util/auth.go
}

return a.infisicalClient.Auth().UniversalAuthLogin(clientId, clientSecret)
organizationSlug, err := GetCmdFlagOrEnvWithDefaultValue(a.cmd, "organization-slug", []string{}, "")
Copy link
Member

@varonix0 varonix0 Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

q: why not allow using the same environment variable that we support in the go SDK for the org slug?

@akhilmhdh akhilmhdh merged commit 9ef9396 into main Feb 2, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@varonix0 varonix0 varonix0 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@akhilmhdh @varonix0