From 8918b6729ebf4529aa14f70da94c4726f036533d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gon=C3=A7alo=20Garcia?= <ggarcia@cloudflare.com>
Date: Fri, 17 Jan 2025 08:16:36 -0800
Subject: [PATCH] TUN-8871: Accept login flag to authenticate with Fedramp
 environment

## Summary
Some description...

Closes TUN-8871
---
 cmd/cloudflared/tunnel/login.go | 46 ++++++++++++++++++++++++++++++---
 1 file changed, 42 insertions(+), 4 deletions(-)

diff --git a/cmd/cloudflared/tunnel/login.go b/cmd/cloudflared/tunnel/login.go
index fd9bc01f..632e622a 100644
--- a/cmd/cloudflared/tunnel/login.go
+++ b/cmd/cloudflared/tunnel/login.go
@@ -19,8 +19,32 @@ import (
 )
 
 const (
-	baseLoginURL     = "https://dash.cloudflare.com/argotunnel"
-	callbackStoreURL = "https://login.cloudflareaccess.org/"
+	baseLoginURL = "https://dash.cloudflare.com/argotunnel"
+	callbackURL  = "https://login.cloudflareaccess.org/"
+	// For now these are the same but will change in the future once we know which URLs to use (TUN-8872)
+	fedBaseLoginURL      = "https://dash.cloudflare.com/argotunnel"
+	fedCallbackStoreURL  = "https://login.cloudflareaccess.org/"
+	fedRAMPParamName     = "fedramp"
+	loginURLParamName    = "loginURL"
+	callbackURLParamName = "callbackURL"
+)
+
+var (
+	loginURL = &cli.StringFlag{
+		Name:  loginURLParamName,
+		Value: baseLoginURL,
+		Usage: "The URL used to login (default is https://dash.cloudflare.com/argotunnel)",
+	}
+	callbackStore = &cli.StringFlag{
+		Name:  callbackURLParamName,
+		Value: callbackURL,
+		Usage: "The URL used for the callback (default is https://login.cloudflareaccess.org/)",
+	}
+	fedramp = &cli.BoolFlag{
+		Name:    fedRAMPParamName,
+		Aliases: []string{"f"},
+		Usage:   "Login with FedRAMP High environment.",
+	}
 )
 
 func buildLoginSubcommand(hidden bool) *cli.Command {
@@ -30,6 +54,11 @@ func buildLoginSubcommand(hidden bool) *cli.Command {
 		Usage:     "Generate a configuration file with your login details",
 		ArgsUsage: " ",
 		Hidden:    hidden,
+		Flags: []cli.Flag{
+			loginURL,
+			callbackStore,
+			fedramp,
+		},
 	}
 }
 
@@ -44,9 +73,18 @@ func login(c *cli.Context) error {
 		return err
 	}
 
-	loginURL, err := url.Parse(baseLoginURL)
+	var (
+		baseloginURL     = c.String(loginURLParamName)
+		callbackStoreURL = c.String(callbackURLParamName)
+	)
+
+	if c.Bool(fedRAMPParamName) {
+		baseloginURL = fedBaseLoginURL
+		callbackStoreURL = fedCallbackStoreURL
+	}
+
+	loginURL, err := url.Parse(baseloginURL)
 	if err != nil {
-		// shouldn't happen, URL is hardcoded
 		return err
 	}