[ Bug ] Disabling email login break Python token generation script #136

gwright99 · 2024-07-25T17:28:14Z

Setting flag_disable_email_login = true in terraform.tfvars appears to cause the _get_access_token.py script to fail.

The script does not fail when email is allowed.

The text was updated successfully, but these errors were encountered:

gwright99 · 2024-07-25T17:57:57Z

Setting flag_disable_email_login = true causes an error to be returned by the {TOWER_API_ENDPOINT}/gate/access endpoint if called with an email address.
The token script calls this endpoint to initiate the token generation.
OIDC flow as a replacement is a non-starter -- this would be happening on an instance with a pre-existing IDP session.

Potential Short-Term Workarounds

Don't allow flag_run_seqerakit = true if flag_disable_email_login = true
Automation logic would not need to change, but it means seqerakit could not be run on the very first deployment.
Boot Tower with email enabled, generate a token, stop Tower, update tower.yml to disable email, reboot Tower, run Seqerakit.
This is super clunky and I hate it. Multiple new branches of logic will need to be created.
Other solution?

gwright99 self-assigned this Jul 25, 2024

gwright99 added the bug Something isn't working label Jul 25, 2024