rpk: take into account auth kind to clear profiles

If we have profile A from auth SSO, we cannot keep profile A if we subsequently log in with client credentials. Even though the organizations are the same, the auth is different, and we need a new profile tied to the new auth.
redpanda-data · Mar 14, 2024 · f470087 · f470087
1 parent 9d55535
commit f470087
Showing 1 changed file with 2 additions and 6 deletions.
diff --git a/src/go/rpk/pkg/oauth/load.go b/src/go/rpk/pkg/oauth/load.go
@@ -93,7 +93,7 @@ func LoadFlow(ctx context.Context, fs afero.Fs, cfg *config.Config, cl Client, n
  if orgErr != nil {
  return nil, authVir, false, false, orgErr
  }
- if org.ID != pAuthAct.OrgID {
+ if org.ID != pAuthAct.OrgID || pAuthAct.Kind != authKind {
  clearedProfile = true
  yAct.CurrentProfile = ""
  yVir.CurrentProfile = ""
@@ -112,12 +112,8 @@ func LoadFlow(ctx context.Context, fs afero.Fs, cfg *config.Config, cl Client, n
  if orgErr != nil {
  return nil, authVir, false, false, orgErr
  }
- if org.ID != yAuthAct.OrgID {
+ if org.ID != yAuthAct.OrgID || yAuthAct.Kind != authKind {
  yAuthVir := yVir.CurrentAuth()
- // The virtual auth here *should* have the same org and kind.
- if yAuthAct.OrgID != yAuthVir.OrgID || yAuthAct.Kind != yAuthVir.Kind {
- panic("params invariant: virtual auth != actual auth")
- }
  yAct.CurrentCloudAuthOrgID = ""
  yVir.CurrentCloudAuthOrgID = ""
  yAct.CurrentCloudAuthKind = ""