CLI 'nomad ui -authenticate' flag for one-time token exchange
Includes swapping the previously documented `-login` flag for `-authenticate` to align better with Waypoint.
This commit is contained in:
Tim Gross
parent
75878f978e
commit
bd4d888375
|
|
@ -75,8 +75,11 @@ func (c *UiCommand) Synopsis() string {
|
|||
func (c *UiCommand) Name() string { return "ui" }
|
||||
|
||||
func (c *UiCommand) Run(args []string) int {
|
||||
var authenticate bool
|
||||
|
||||
flags := c.Meta.FlagSet(c.Name(), FlagSetClient)
|
||||
flags.Usage = func() { c.Ui.Output(c.Help()) }
|
||||
flags.BoolVar(&authenticate, "authenticate", false, "")
|
||||
|
||||
if err := flags.Parse(args); err != nil {
|
||||
return 1
|
||||
|
|
@ -103,6 +106,16 @@ func (c *UiCommand) Run(args []string) int {
|
|||
return 1
|
||||
}
|
||||
|
||||
var ottSecret string
|
||||
if authenticate {
|
||||
ott, _, err := client.ACLTokens().UpsertOneTimeToken(nil)
|
||||
if err != nil {
|
||||
c.Ui.Error(fmt.Sprintf("Could not get one-time token: %s", err))
|
||||
return 1
|
||||
}
|
||||
ottSecret = ott.OneTimeSecretID
|
||||
}
|
||||
|
||||
// We were given an id so look it up
|
||||
if len(args) == 1 {
|
||||
id := args[0]
|
||||
|
|
@ -159,7 +172,12 @@ func (c *UiCommand) Run(args []string) int {
|
|||
}
|
||||
}
|
||||
|
||||
c.Ui.Output(fmt.Sprintf("Opening URL %q", url.String()))
|
||||
if authenticate && ottSecret != "" {
|
||||
c.Ui.Output(fmt.Sprintf("Opening URL %q with one-time token", url.String()))
|
||||
url.RawQuery = fmt.Sprintf("ott=%s", ottSecret)
|
||||
} else {
|
||||
c.Ui.Output(fmt.Sprintf("Opening URL %q", url.String()))
|
||||
}
|
||||
if err := open.Start(url.String()); err != nil {
|
||||
c.Ui.Error(fmt.Sprintf("Error opening URL: %s", err))
|
||||
return 1
|
||||
|
|
|
|||
|
|
@ -24,10 +24,10 @@ details for that object. Supported identifiers are jobs, allocations and nodes.
|
|||
|
||||
If ACLs are enabled, the web UI will start in an unauthenticated state and you
|
||||
may see a 403 Unauthorized page if anonymous read access is denied. The `nomad
|
||||
ui -login` option will exchange your command line client's Nomad ACL token for
|
||||
a one-time login token to the web UI. That one-time token will be exchanged
|
||||
for your Nomad ACL token and stored in the browser's local storage for
|
||||
authentication.
|
||||
ui -authenticate` option will exchange your command line client's Nomad ACL
|
||||
token for a one-time token, which is passed to the web UI. That one-time token
|
||||
will be exchanged for your Nomad ACL token and stored in the browser's local
|
||||
storage for authentication.
|
||||
|
||||
## General Options
|
||||
|
||||
|
|
@ -35,7 +35,8 @@ authentication.
|
|||
|
||||
## UI Options
|
||||
|
||||
- `-login`: Exchange your Nomad ACL token for a one-time token in the web UI.
|
||||
- `-authenticate`: Exchange your Nomad ACL token for a one-time token in the
|
||||
web UI.
|
||||
|
||||
## Examples
|
||||
|
||||
|
|
@ -60,9 +61,9 @@ $ nomad ui d4005969
|
|||
Opening URL "http://127.0.0.1:4646/ui/allocations/d4005969-b16f-10eb-4fe1-a5374986083d"
|
||||
```
|
||||
|
||||
Open the UI and login using your ACL token:
|
||||
Open the UI and authenticate using your ACL token:
|
||||
|
||||
```shell-session
|
||||
$ NOMAD_ACL_TOKEN=e9674b26-763b-4637-a28f-0df95c53cdda nomad ui -login
|
||||
$ NOMAD_ACL_TOKEN=e9674b26-763b-4637-a28f-0df95c53cdda nomad ui -authenticate
|
||||
Opening URL "http://127.0.0.1:4646" with token
|
||||
```
|
||||
|
|
|
|||
Loading…
Reference in a new issue