search

nulldriver / cf-cli-resource

Cloud Foundry CLI Concourse Resource
Apache License 2.0
45 stars 55 forks source link

Read credentials from a file #59

Closed eruvanos closed 4 years ago

eruvanos commented 5 years ago

Hi, our organisation just changed the access to CF and restricted CI/CD pipelines to use temporary cf users.

We are able to retrieve them in a task, but do not see a way to fill them back into the cf-cli-resource.

It would be nice, if we could provide the credentials or config.json from outside. This may also help others, that are limited to multi factor authentication using cf login --sso.

What do you think?

aegershman commented 5 years ago

Apologies for unwarranted interjection, but I'm curious how this could solve the cf login --sso use-case? What credentials would you pass in for this? Interesting.

Could see this as valuable, though some food for thought--

Again apologies for unwarranted comments, but find this interesting.

eruvanos commented 5 years ago

Hi, our platform provides a service (secured by oauth) which can create a temporary CF user using an API.

So in a task, we are calling this API and login into CF with the temporary user. We could now pass the ~/.cf/config.json file to the next tasks or resources in the same job. The config.json contains the refresh token and all information to skip the login in all other tasks.

Solving the cf login --sso would look the same:

  1. Create a task, which automates the login (for example with a python script)
  2. Passing the config.json to the next tasks (in the same job, so they are not stored permanently)
  3. Instead of cf login --sso copy the config.json to ~/.cf/config.json (which has to be supported in resources)

PS. We are thinking about the autorotation, that could be another way to solve it.

shyamz-22 commented 5 years ago

Hi, We are also interested in this option. We would like to know your opinion on this.

Thanks

patrickcrocker commented 4 years ago

Implemented in v2.16.0