Open pirog opened 4 years ago
This does not work for me. I've set a valid token in PLATFORMSH_CLI_TOKEN
locally but running the following ...
lando destroy --force
lando init --source platformsh --platformsh-site projectname
lando start
lando pull (interactive)
... will always result in ...
Verifying you are authenticated against platform.sh...
The API token is invalid.
[RequestException]
Authentication is required.
Please log in by running:
platform login
To log in using an API token, run: platform auth:api-token-login
[LoginRequiredException]
Authentication is required.
Please log in by running:
platform login
To log in using an API token, run: platform auth:api-token-login
After manually deleting ~/.lando/cache/platformsh.tokens
it seems that lando init
does ask for a token, but it seems it still does not respect/read PLATFORMSH_CLI_TOKEN
from the environment. Not providing a token seems to hang the process after Killing ...
.
➜ lando init --source platformsh --platformsh-site projectname
? Enter a Platform.sh access token [hidden]
Starting landoinittypo310_init_1 ... done
Killing landoinittypo310_init_1 ... done
Providing a token manually will result in a crash.
➜ lando init --source platformsh --platformsh-site projectname
? Enter a Platform.sh access token [hidden]
Starting landoinittypo310_init_1 ... done
Killing landoinittypo310_init_1 ... done
██████╗██████╗ █████╗ ███████╗██╗ ██╗██╗██╗██╗
██╔════╝██╔══██╗██╔══██╗██╔════╝██║ ██║██║██║██║
██║ ██████╔╝███████║███████╗███████║██║██║██║
██║ ██╔══██╗██╔══██║╚════██║██╔══██║╚═╝╚═╝╚═╝
╚██████╗██║ ██║██║ ██║███████║██║ ██║██╗██╗██╗
╚═════╝╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝╚═╝╚═╝╚═╝
Running lando init
interactively results in an error, because the project has a Git repo locally already.
Whoooops! Looks like you've already got a git repo here!
Either delete this repo or try to lando init in a folder without .git in it
Killing landoinitpixotypo310lts_init_1 ... done
Removing landoinitpixotypo310lts_init_1 ... done
Removing network landoinitpixotypo310lts_default
Removing volume landoinitpixotypo310lts_data_init
Removing volume landoinitpixotypo310lts_home_init
ERROR ==>
This is a pretty old issue; is there more up to date documentation regarding this issue. At the moment it seems lando platform
commands are not useable.
It’s not supposed to work the way you are using it.
On Fri, Apr 9, 2021 at 6:21 AM Thomas Deinhamer @.***> wrote:
This does not work for me. I've set a valid token in PLATFORMSH_CLI_TOKEN locally but running the following ...
lando destroy --force
lando init --source platformsh --platformsh-site projectname
lando start
lando pull (interactive)
... will always result in ...
Verifying you are authenticated against platform.sh...
The API token is invalid.
[RequestException]
Authentication is required.
Please log in by running:
platform login
To log in using an API token, run: platform auth:api-token-login
[LoginRequiredException]
Authentication is required.
Please log in by running:
platform login
To log in using an API token, run: platform auth:api-token-login
After manually deleting ~/.lando/cache/platformsh.tokens it seems that lando init does ask for a token, but it seems it still does not respect/read PLATFORMSH_CLI_TOKEN from the environment. Not providing a token seems to hang the process after Killing ....
➜ lando init --source platformsh --platformsh-site typo3-10 ? Enter a Platform.sh access token [hidden]
Starting landoinittypo310_init_1 ... done
Killing landoinittypo310_init_1 ... done
This is a pretty old issue; is there more up to date documentation regarding this issue. At the moment it seems lando platform commands are not useable.
— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/lando/lando/issues/2398#issuecomment-816582900, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFOFUABLNJQMCZSHILX3NDTH3IJNANCNFSM4N76L3VA .
I'm trying to figure out how it is supposed to work for a local platform.sh
project with an existing .lando.yml
configuration. As far as I understand I need to run lando init
for every local project, to set the platform.sh
CLI token for Lando. If so, I'm looking for a way to run lando init
in a non-interactive way which also does not rewrite or change the existing .lando.yml
configuration.
Best I came up with now is running this command.
lando init --recipe platformsh --source cwd --platformsh-site "Project Title XY" --platformsh-auth "$PLATFORMSH_CLI_TOKEN"
Unfortunately it does rewrite the .lando.yml
configuration, changes the name
value, changes indentation, etc.
Is there currently a way to configure platform.sh
authentication for an existing local platform.sh
project without using lando init
? lando init
seems to be a good choice when creating new projects but seems to have some quirks when using it for already set up projects containing a .lando.yml
configuration.
You do not need to run lando init
every time. If it already has a Landofile you can git clone && lando start
. When you go tolando pull
it will ask you to authenticate if it needs to authenticate. If you want to authenticate manually you can do so with the usual lando platform
commands.
That said, you will probably want to accept what lando init
does to your existing Landofile re: setting the name
and recipe
to ensure that things work as expected. If you manually change these values you are in unsupported territory.
@pirog Thank you! Got it now. The first time when using lando pull
, it asks for a platform.sh
CLI token. Would it be possible to use the contents of PLATFORMSH_CLI_TOKEN
as the default/fallback value, if no token is provided manually? The issue description states Right now we make use of the PLATFORMSH_CLI_TOKEN envvar to automatically authenticate the platform cli tool.
but this does not apply to lando pull
if I understand correctly. Is PLATFORMSH_CLI_TOKEN
used somewhere automatically?
Right now we make use of the
PLATFORMSH_CLI_TOKEN
envvar to automatically authenticate theplatform
cli tool. This is set from the value in~/.lando/cache/APPNAME.meta.cache
which is set duringlando init
based on the platform token/account you use. It can also be set iflando pull
orlando push
are run and~/.lando/cache/APPNAME.meta.cache
has not been set yet.You can test the above out with:
lando init --source platformsh --platformsh-site lando-d8
lando start && lando pull -r database -m web/sites/default/files
(does not require auth)lando destroy && lando start
lando pull -r database -m web/sites/default/files
(will prompt for auth)This works pretty good but the handling is awkward in a few places:
lando init
orlando pull --auth
to update~/.lando/cache/APPNAME.meta.cache
with the correct token. More problematicallyPLATFORM_CLI_TOKEN
is set only on a container create which means that alando rebuild
is currently required to update that value in-container.lando init
orlando pull --auth
to reset the token. It's more likely the user will attempt tolando platform auth:api-token-login
which is probably not going to work as expected.Proposed improvement:
Lando now lets you set specific environment variables in specific tooling commands. We are currently using this for
lando pull
andlando push
for the relationship dump and connection strings. We should should not setPLATFORMSH_CLI_TOKEN
globally in the application and instead set it on a per-tooling basis for any commands where lando is managing and relies on the auth to be set a certain way. This should sandbox landos need for auth so that other auth concerns can be managed by the user in the way they want. We may want to also set another envvar globally that contains the token so users can leverage that if they want.Right now
lando pull
andlando push
will only ask for authentication if they see that there is no token set in~/.lando/cache/APPNAME.meta.cache
. This is good but it doesnt handle the use case of the token being revoked well. Perhaps instead we should only ask the user for auth if they do not have a valid token eg we should use the platform api to validate the token before we determine whether we need to ask for auth or not.