Closed norman-abramovitz closed 5 years ago
We have created an issue in Pivotal Tracker to manage this:
https://www.pivotaltracker.com/story/show/143363259
The labels on this github issue will be updated when the story is started.
Hi @norman-abramovitz
I have no plans to deprecate cf auth
any time soon. cf auth
currently guarantees non-interactive use.
Username is printed by most commands (see e.g. first line in cf apps
), so I assume the reason for piping the username in is not for security reasons.
So cf login -a api-endpoint -u username
and piping of the password works for you?
What is your use case?
Cheers, Dies Koper CF CLI PM
It was for an imposed security policy that anything stored in the client's security vault (CyberArk) needs to be handled securely. The username and secret are stored in their vault. This was a simplified case since the actual case was a script that either a devops or a pipeline could be using.
Hi, I am using CF cli version 6.33.0+a345ea34d.2017-11-20 on MAC OS, when I try to connect to pivotal api portal using cf login, I am always getting "Credentials were rejected, please try again." I have done this on both BASH and KSH prompt.
Please help me.
@geetgangwar Are you using the cf login
command in the same way as @norman-abramovitz does?
I am also experiencing this issue. What is odd however, is that I was not receiving this error roughly "last week" performing the exact same task via script. My apologies that I cannot be more exact/specific, but I haven't touched this bit of my code (bash script) in several days, upwards of a week. I am going to look into cf auth
@dkoper to possibly preempt the inquiry, I am not trying the same way. I have a Node app that is spawning a child process (bash script) which it passes arguments to, I set those arguments to vars in the child process, and log in:
cf l -a ${LOGIN_API} -u ${USERNAME} -p ${PASS} -o ${ORG} -s ${SPACE}
Hi @norman-abramovitz thanks for creating this issue. We are currently refactoring the cf login
command and believe this issue might be fixed after the refactor. We hope to release a CLI with the refactoring work soon.
This behavior is handled correctly in the newly rewritten cf login
command.
Specifically, running a command such as:
$ echo -e "$CF_USERNAME\n$CF_PASSWORD" | cf login
should behave as expected.
Please expect this fix to be included in an upcoming release.
Hi @norman-abramovitz
I have no plans to deprecate
cf auth
any time soon.cf auth
currently guarantees non-interactive use. Username is printed by most commands (see e.g. first line incf apps
), so I assume the reason for piping the username in is not for security reasons. Socf login -a api-endpoint -u username
and piping of the password works for you? What is your use case?Cheers, Dies Koper CF CLI PM
cf auth
shows Failed
but the same credentials works fine in interactive mode
LOGIN
openssl aes-256-cbc -d -in zzz -pass env:OPENSSL_PASSWORD | cf login -a api.run.pivotal.io -s www-staging
What occurred
I can pipe in either username or the password (with the stty errors showing), but I cannot pipe in both values.
API endpoint: api.run.pivotal.io Email> Password> stty: stdin isn't a terminal
stty: stdin isn't a terminal Authenticating... Credentials were rejected, please try again.
Password> stty: stdin isn't a terminal
stty: stdin isn't a terminal Authenticating... Credentials were rejected, please try again.
Password> stty: stdin isn't a terminal
stty: stdin isn't a terminal Authenticating... Credentials were rejected, please try again.
API endpoint: https://api.run.pivotal.io (API version: 2.78.0) Not logged in. Use 'cf login' to log in. FAILED Unable to authenticate.
What you expected to occur
No stty error messages and a successful login.
CLI Version
cf version 6.26.0+9c9a261fd.2017-04-06
CC API Endpoint Version
api endpoint: https://api.local.pcfdev.io api version: 2.75.0
api endpoint: https://api.run.pivotal.io api version: 2.78.0
Platform & Shell Details
Mac OS X 10.12.4 iTerm2 3.0.14 Bash 3.2.57(1)-release
Any other relevant information
I am assuming you will be deprecating the cf auth command. Otherwise, this command could be extended to accept piped input.
Since it is possible to detect stdin versus a pipe, you could echo the username.