search

hashicorp / nomad

Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Nomad is easy to operate and scale and has native Consul and Vault integrations.
https://www.nomadproject.io/
Other
14.79k stars 1.94k forks source link

Headless Login on CLI with OIDC not currently possible #23669

Open msherman13 opened 1 month ago

msherman13 commented 1 month ago

Proposal

The nomad login command (when using OIDC auth) currrently uses xdg-open to open the browser for login. It also does not print the auth URL, so on a headless machine we cannot login at all. Please print the login URL to console so a headless remote machine can login.

Use-cases

There are many but one example would be a development server which is accessed remotely via ssh. X-forwarding is possible but very slow.

Attempted Solutions

Current workaround is to login to the web-ui on a local machine and copy-paste the secret into the NOMAD_TOKEN env var. This is very cumbersome.

jrasell commented 1 month ago

Hi @msherman13 and thanks for raising this issue. I'll mark it for roadmapping on our backlog. In the meantime, I wonder if the API could prove useful here and provide an way to script this on your target machines.

sofixa commented 1 month ago

@msherman13, depending on what you're trying to achieve, using the login API endpoint you can auth with the JWT from your OIDC provider.