Bug 1323921

Summary: allow bkr workflow command dry runs without authenticating
Product: [Retired] Beaker Reporter: Dan Callaghan <dcallagh>
Component: command lineAssignee: Dan Callaghan <dcallagh>
Status: CLOSED CURRENTRELEASE QA Contact: tools-bugs <tools-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 22CC: dcallagh, dowang, jburke, jjaburek, mjia, rjoost
Target Milestone: 23.0Keywords: FutureFeature, Patch
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-07 23:11:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dan Callaghan 2016-04-05 05:30:21 UTC 
If you pass --dry-run to a bkr workflow command it won't submit the job to Beaker. That means that it won't be making any calls to Beaker which actually require authentication.

It may be useful to use bkr workflow-* --dry-run as part of some automation to produce a job XML definition, where the script is running under some account which does not have credentials to authenticate to Beaker.

Currently the workflow commands will just fail during authentication to Beaker, but if --dry-run is given they should skip authentication and run unauthenticated to support this scenario.
Comment 1 Dan Callaghan 2016-04-05 05:30:45 UTC 
Jeff Burke sent me a patch for this.
Comment 2 Dan Callaghan 2016-04-05 08:12:46 UTC 
I realised there is a much simpler and more suitable solution here (and also less error prone)...

We can add a bit of code which will just skip the authentication if your config has AUTH_METHOD="none". Then bkr will just proceed as normal, any calls which don't require authentication will succeed, and if you do try to do something which requires authentication like submitting a job you will just get an error saying "Anonymous access denied".

It's a very unintrusive patch and it won't affect existing installations since it requires opting in by setting AUTH_METHOD="none".

It also seems like the best option in this case, where there is a script running unattended and it has no Kerberos credentials. In that case there really is no possible authentication method to be used.

Jeff, how does that sound to you?
Comment 3 Dan Callaghan 2016-04-05 08:28:17 UTC 
http://gerrit.beaker-project.org/4780
Comment 4 Dan Callaghan 2016-04-08 06:44:39 UTC 
This bug fix is included in beaker-client-22.4-0.git.6.5613dcf which is currently available for download here:

https://beaker-project.org/nightlies/release-22/
Comment 6 Jeff Burke 2016-05-09 13:58:48 UTC 
Hi All,
 Do you know when a version of beaker-client will be available to be installed.

Thanks,
Jeff
Comment 7 Dan Callaghan 2016-05-09 22:53:13 UTC 
At the moment we are not planning to do a 22.4 release since 23.0 is nearly ready.

In the meantime you can grab the latest build from the release-22 nightlies repo mentioned in comment 4. Even though it's a git build, it's still identical to what would be released as 22.4 so it should be fine to use.
Comment 8 Dan Callaghan 2016-06-10 01:40:40 UTC 
This patch was merged to the release-22 branch but the next release will be 23.0.
Comment 9 Dan Callaghan 2016-06-14 05:54:44 UTC 
*** Bug 1214231 has been marked as a duplicate of this bug. ***
Comment 10 Dan Callaghan 2016-07-07 23:11:34 UTC 
Beaker 23.0 has been released.