1451556 – [RFE] [6.3] Describe how to use token-based authentication for the Hammer CLI

Bug 1451556 - [RFE] [6.3] Describe how to use token-based authentication for the Hammer CLI

Summary: [RFE] [6.3] Describe how to use token-based authentication for the Hammer CLI

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Docs Hammer CLI Guide
Sub Component:
Version:	6.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	Unspecified
Assignee:	Michaela Slaninkova
QA Contact:	Russell Dickenson
Docs Contact:
URL:
Whiteboard:
Depends On:	1154382
Blocks:	1486095 1502346
TreeView+	depends on / blocked

Reported:	2017-05-17 04:21 UTC by Andrew Dahms
Modified:	2019-09-26 16:15 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-10-29 23:32:59 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Andrew Dahms 2017-05-17 04:21:17 UTC

Red Hat Satellite 6.3 adds the ability to start a session to run Hammer commands so that the user only authenticates once, and subsequent commands are automatically authenticated using a token for the duration of the session. A procedure on how to start a session must be added to the Hammer CLI Guide.

Comment 2 Andrew Dahms 2017-05-23 05:38:16 UTC

Added engineering tracker to the 'depends' list.

Comment 5 Andrew Dahms 2017-08-09 02:36:59 UTC

Assigning to Misha for review.

Comment 8 Peter Ondrejka 2017-10-02 14:04:04 UTC

Hi Michaela, I checked your text again using latest snap (satellite-6.3.0-19.0.beta.el7sat.noarch) where we have a fix for 1471099 present.

With this fix, session and stored credentials are mutually exclusive, so I'd mention probably in step one in your procedure something like "Note that if you enable sessions, username and password settings in the .yml will be ignored"

Also, I'd rather not call it tokenized authentication, this name sticked from the beginning when api tokens were considered as a possible solution, but now I'd say it is misleading. I'd call it hammer authentication sessions, so for the intro paragraph I suggest something like this:

"Another option is to use a hammer authentication session. It is a cache that stores your credentials for a specified time. You provide your Satellite credentials only once, at the beginning of the session. By using sessions you can avoid storing your credentials in the ~/.hammer/cli.modules.d/foreman.yml file. Follow these steps to use authentication sessions: "

Another problem is that changes in 6.3 make the first part of section 1.2 outdated:

"By default, hammer prompts for your Satellite credentials each time you issue a command." -- in 6.3, when you install Sat (with satellite-installer) and specify the --foreman-admin-password option, the ~/.hammer/cli.modules.d/foreman.yml file is created and populated with :username and :password options so hammer will not prompt you for creds.

If you didn't install with --foreman-admin-password, hammer will prompt for creds, but you don't need to create ~/.hammer/cli_config.yml as written in step 1, just set username/password in ~/.hammer/cli.modules.d/foreman.yml that should already exist. Steps 2 and 3 are also no longer necessary.

Hope this helps

Comment 10 Peter Ondrejka 2017-10-04 13:35:38 UTC

Good work, just two comments:

In your config example, omit the ":host: 'https://satellite.example.com/'" no need to specify host there (I think it is set already somewhere in /etc/hammer/cli.modules.d/foreman.yml).

The concluding note. "Examples in this guide assume saved credentials.", could confuse people to think they have to use option one, I'd add "...or enabled session".

Otherwise ACK

Comment 22 Andrew Dahms 2017-10-29 23:32:59 UTC

This content shall be published with the next release of the Red Hat Satellite 6.3 Beta documentation.

Closing.

Note You need to log in before you can comment on or make changes to this bug.