Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ocm login --use-config #69

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

2uasimojo
Copy link

This allows you to log in using the values from your config without
overwriting it. This lets you use a refresh token indefinitely if
desired, reducing/eliminating "token expired" errors while doing other
stuff like ocm cluster login.

@app-sre-bot
Copy link
Collaborator

Can one of the admins verify this patch?

@2uasimojo
Copy link
Author

[test]

@2uasimojo 2uasimojo force-pushed the ocm-login-use-config branch from 9527da0 to 6fabc27 Compare April 3, 2020 21:40
@2uasimojo
Copy link
Author

[test]

This allows you to log in using the values from your config without
overwriting it. This lets you use a refresh token indefinitely if
desired, reducing/eliminating "token expired" errors while doing other
stuff like ocm cluster login.
@2uasimojo 2uasimojo force-pushed the ocm-login-use-config branch from 6fabc27 to 4af940d Compare April 3, 2020 22:14
@igoihman
Copy link

@vkareh PTAL

@2uasimojo
Copy link
Author

/hold
bleh, this doesn't work

@cben
Copy link
Contributor

cben commented Oct 6, 2020

This would be neat for internal use as we have several production/staging/integration envs to log into, all using same SSO!

For "token expired" use cases, I'm not sure we need it. Most commands already write refreshed tokens back to config file, #153 discusses some corner cases to improve.
@2uasimojo assuming we fix up all commands to save refreshed tokens, do you still see this as useful?

@2uasimojo
Copy link
Author

This would be neat for internal use as we have several production/staging/integration envs to log into, all using same SSO!

For "token expired" use cases, I'm not sure we need it. Most commands already write refreshed tokens back to config file, #153 discusses some corner cases to improve.
@2uasimojo assuming we fix up all commands to save refreshed tokens, do you still see this as useful?

To be honest, I'm not sure. So let's back up to my use case.

What was frustrating me was being able to run ocm commands for "a while" (whatever the short-lived token timeout is) but eventually failing and having to ocm login again. Especially since it looked like there was a way for the config to store my offline token. That's what I really want: to be able to set up my config with my offline token, and then run arbitrary ocm commands forever, without ever having to log in explicitly again*. In pseudocode terms, I want every auth-needing invocation of ocm to do this:

if !config.ephemeral_token || expired(config.ephemeral_token):
    if config.offline_token:
        config.ephemeral_token = new_ephemeral_token(config.offline_token)
        write_config(config)  # Important: this preserves config.offline_token
    else:
        { other ways of authenticating, like user/pass CLI args }

* Understanding that we have separate environments, I guess I'm okay needing to log in explicitly when I need to switch from one to the other. But even there, why should I need to, since the offline token is the same? Heck, what would be really neat is if the config were able to maintain separate sections, each with its short-lived token, to minimize SSO calls even when I'm thrashing among envs.

@2uasimojo 2uasimojo mentioned this pull request Oct 20, 2020
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants