fix: credential overrides for credential aliases

Signed-off-by: Grant Linville <[email protected]>

Author: g-linville

docs/docs/03-tools/04-credential-tools.md

@@ -159,6 +159,13 @@ need to be aware of which environment variables the credential tool sets. You ca
 
 ### Format
 
+:::info
+In the examples that follow `toolA`, `toolB`, etc. are the names of credentials.
+By default, a credential has the same name as the tool that created it.
+This can be overridden with credential overrides, i.e. `credential: my-cred-tool.gpt as myAlias`.
+If the credential has an alias, use it instead of the tool name when you specify an override..
+:::
+
 The `--credential-override` argument must be formatted in one of the following three ways:
 
 #### 1. Key-Value Pairs

pkg/runner/credentials.go

@@ -8,18 +8,18 @@ import (
 
 // parseCredentialOverrides parses a string of credential overrides that the user provided as a command line arg.
 // The format of credential overrides can be one of three things:
-// tool1:ENV1,ENV2;tool2:ENV1,ENV2 (direct mapping of environment variables)
-// tool1:ENV1=VALUE1,ENV2=VALUE2;tool2:ENV1=VALUE1,ENV2=VALUE2 (key-value pairs)
-// tool1:ENV1->OTHER_ENV1,ENV2->OTHER_ENV2;tool2:ENV1->OTHER_ENV1,ENV2->OTHER_ENV2 (mapping to other environment variables)
+// cred1:ENV1,ENV2;cred2:ENV1,ENV2 (direct mapping of environment variables)
+// cred1:ENV1=VALUE1,ENV2=VALUE2;cred2:ENV1=VALUE1,ENV2=VALUE2 (key-value pairs)
+// cred1:ENV1->OTHER_ENV1,ENV2->OTHER_ENV2;cred2:ENV1->OTHER_ENV1,ENV2->OTHER_ENV2 (mapping to other environment variables)
 //
 // This function turns it into a map[string]map[string]string like this:
 //
 //	{
-//	  "tool1": {
+//	  "cred1": {
 //	    "ENV1": "VALUE1",
 //	    "ENV2": "VALUE2",
 //	  },
-//	  "tool2": {
+//	  "cred2": {
 //	    "ENV1": "VALUE1",
 //	    "ENV2": "VALUE2",
 //	  },
@@ -28,7 +28,7 @@ func parseCredentialOverrides(override string) (map[string]map[string]string, er
 	credentialOverrides := make(map[string]map[string]string)
 
 	for _, o := range strings.Split(override, ";") {
-		toolName, envs, found := strings.Cut(o, ":")
+		credName, envs, found := strings.Cut(o, ":")
 		if !found {
 			return nil, fmt.Errorf("invalid credential override: %s", o)
 		}
@@ -48,7 +48,7 @@ func parseCredentialOverrides(override string) (map[string]map[string]string, er
 			}
 			envMap[key] = value
 		}
-		credentialOverrides[toolName] = envMap
+		credentialOverrides[credName] = envMap
 	}
 
 	return credentialOverrides, nil

pkg/runner/runner.go

@@ -813,19 +813,24 @@ func (r *Runner) handleCredentials(callCtx engine.Context, monitor Monitor, env
 	}
 
 	for _, credToolName := range callCtx.Tool.Credentials {
+		toolName, credentialAlias, args, err := types.ParseCredentialArgs(credToolName, callCtx.Input)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse credential tool %q: %w", credToolName, err)
+		}
+
+		credName := toolName
+		if credentialAlias != "" {
+			credName = credentialAlias
+		}
+
 		// Check whether the credential was overridden before we attempt to find it in the store or run the tool.
-		if override, exists := credOverrides[credToolName]; exists {
+		if override, exists := credOverrides[credName]; exists {
 			for k, v := range override {
 				env = append(env, fmt.Sprintf("%s=%s", k, v))
 			}
 			continue
 		}
 
-		toolName, credentialAlias, args, err := types.ParseCredentialArgs(credToolName, callCtx.Input)
-		if err != nil {
-			return nil, fmt.Errorf("failed to parse credential tool %q: %w", credToolName, err)
-		}
-
 		var (
 			cred   *credentials.Credential
 			exists bool
@@ -884,13 +889,9 @@ func (r *Runner) handleCredentials(callCtx engine.Context, monitor Monitor, env
 			}
 
 			cred = &credentials.Credential{
-				Type: credentials.CredentialTypeTool,
-				Env:  envMap.Env,
-			}
-			if credentialAlias != "" {
-				cred.ToolName = credentialAlias
-			} else {
-				cred.ToolName = toolName
+				Type:     credentials.CredentialTypeTool,
+				Env:      envMap.Env,
+				ToolName: credName,
 			}
 
 			isEmpty := true