hab cli api/depot authentication
#708
Conversation
| @@ -54,7 +54,7 @@ dependencies = [ | |||
| "iron 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)", | |||
| "persistent 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)", | |||
| "plugin 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)", | |||
| "serde 0.7.7 (registry+https://github.com/rust-lang/crates.io-index)", | |||
| "serde 0.7.8 (registry+https://github.com/rust-lang/crates.io-index)", | |||
There was a problem hiding this comment.
We're not using the parts of serde that require nightly rust, right?
There was a problem hiding this comment.
Nope! I don't think we actually even use serde, whatever crate is pulling this in just probably doesn't have/we didn't use the feature flag to disable serde
| "libc 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)", | ||
| "log 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)", | ||
| "protobuf 1.0.21 (registry+https://github.com/rust-lang/crates.io-index)", | ||
| "rustc-serialize 0.3.19 (registry+https://github.com/rust-lang/crates.io-index)", |
There was a problem hiding this comment.
Both rustc-serialize and serde is probably overkill.
There was a problem hiding this comment.
I just checked - Unfortunately I can't get rid of the Serde dependency here because the bodyparser doesn't expose a feature flag to disable Serde and it introduces it as a dependency
|
I haven't run or tested this code at all; but it all looks sane. :) No nobody will need to ask:
|
Signed-off-by: Jamie Winsor <[email protected]>
| } | ||
| Err(e @ hab_net::Error::JsonDecode(_)) => { | ||
| debug!("github user get, err={:?}", e); | ||
| let err = net::err(ErrCode::BAD_REMOTE_REPLY, "rg:auth:1"); |
There was a problem hiding this comment.
is rg: the correct prefix here?
On SessionGet if the session is expired a new session will now be created Signed-off-by: Jamie Winsor <[email protected]>
|
so good. |
| 0x00, 0x02, 0x00, 0x04, 0x12, 0x03, 0x0b, 0x02, 0x0a, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x00, 0x02, | ||
| 0x00, 0x06, 0x12, 0x03, 0x0b, 0x0b, 0x13, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x00, 0x02, 0x00, 0x01, | ||
| 0x12, 0x03, 0x0b, 0x14, 0x1c, 0x0a, 0x0c, 0x0a, 0x05, 0x04, 0x00, 0x02, 0x00, 0x03, 0x12, 0x03, | ||
| 0x0b, 0x1f, 0x20, 0x0a, 0x0b, 0x0a, 0x04, 0x04, 0x00, 0x02, 0x01, 0x12, 0x03, 0x0c, 0x02, 0x1b, |
There was a problem hiding this comment.
Typo here, should read "0x0a, 0x0b, L0LH3XC0DE"
|
@reset Wow, I'm impressed, sliding that into the CLI was far less effort than I thought. Glad to see that One question came to mind: is it ever appropriate to serialize the bearer token to disk for repeated use over a time period? What I'm wondering is: could/should this be read from disk if we were to ask for a token in |
|
I am merge 👍 on this stuff!
|
|
@fnichol totally! If you'd like to have a part of setup where it displays: ## Generate auth token
We need you to generate an authentication token from GitHub to validate that you, are you.
1. Login to GitHub
1. Go to your personal access tokens: https://github.com/settings/tokens
1. Generate a new token
a. Check the `user:email` box
1. Copy the newly generated personal access token
[press enter to continue]GitHub personal access token: <enter token>
[press enter to continue]We could then write this value into a settings file on disk at |
|
@reset I could probably turn something around here. Wouldn't impact moving this through though. |
|
@reset Do we need to wait on merging (pending some other PR), or can I do the merge dance? |
|
@fnichol if you're going to build on top of this why don't you go ahead and merge it. I'll accept a review from Dave tomorrow on the merged PR and fix/add whatever he wants. Sound good? |
|
Works for me
|
|
📌 Commit a3416df has been approved by |
Signed-off-by: Jamie Winsor <[email protected]> Pull request: #708 Approved by: fnichol
On SessionGet if the session is expired a new session will now be created Signed-off-by: Jamie Winsor <[email protected]> Pull request: #708 Approved by: fnichol
|
☀️ Test successful - travis |
Signed-off-by: Jamie Winsor <[email protected]> Pull request: #708 Approved by: fnichol
On SessionGet if the session is expired a new session will now be created Signed-off-by: Jamie Winsor <[email protected]> Pull request: #708 Approved by: fnichol
We now honor the
HAB_AUTH_TOKENenv variable and--auth/-zflag when calling CLI functions that require authentication. We currently only protect origin key upload and package upload.This also contains an improvement to SessionSrv which will perform a session create if a session get is a cache miss. To accomplish this SessionSrv needed to be able to speak to GitHub's API so the oauth module has moved from the builder-api crate to the net crate