Open sgnn7 opened 5 years ago
How does this map to current conjur init
and conjur authn login
? What other info can you send in the cli profile create
command?
TODO: This seems gnarly - wil need some more UX pondering
I agree, overall I like the direction but the create command still doesn't seem very elegant
How does this map to current conjur init and conjur authn login? What other info can you send in the cli profile create command?
conjur init
and conjur authn login
is all one command rolled into cli profile create
in this proposal. All fields provided would end up in the profile config.
I like the direction but the create command still doesn't seem very elegant
Yeah this is mostly to make the v1 easier to implement since all commands accept these flags. I think the ideal solution would probably be something like:
$ cli profile create <url> <account> <login_id> \
[--tofu <bool>]|[--insecure <bool>]|[--ca-bundle <pem_path>] \
[--password <password]|[--api-key <api_key>]
Common use would be something like:
cli profile create https://hostname myaccount myuser -p mypassword
which would add all the needed info into the profile and TOFU the cert
One of the things I've run into a bunch is that you do the login
and then only when you try a request do you find out your login creds were invalid. Will the CLI have a login
command that actually tries to login and returns meaningful success / failure information?
Will the CLI have a login command that actually tries to login and returns meaningful success / failure information?
Oooh! I like this a lot! Maybe we can try cli list
as a preconf step to verify things are working?
@gary Super jelly of your Github handle, and love your emoji selection! ^5 I apologize for Srdjan, he thinks Github is Slack :wink:
I'd prefer keeping at least the files that the original CLI and Go CLI use. I agree they're cumbersome relatively speaking, but if we're going to revamp it should be a group effort (i.e. the projects should all have near-future support of the new format, and the maintainers be in agreement about the best way forward) IMO.
I'd prefer keeping at least the files that the original CLI and Go CLI use
@garymoon That part (reading of those configs) is already there in the CLI. This logic probably should be conditional depending on if you have .conjur/
dir so it will use .conjurrc
/netrc
if the dir is not there but if you create a profile, you will no longer use the old-style config. Thoughts?
@sgnn7 Oh nice! :clap:
I would add @apotterri for comment, and if he's on board then :shipit:
Current plan but open RFC
FS structure:
<profile_name>.yml
:Usage:
CC: @izgeri / @ismarc / @apotterri / @infamousjoeg / @jodyhuntatx / @ryanprior / @garymoon / @jonahx