faas-cli icon indicating copy to clipboard operation
faas-cli copied to clipboard
verified publisher icon openfaas

maintain user TLS context selection after faas-cli login

Open lamw opened this issue 6 years ago • 5 comments

Expected Behavior

I've got an OpenFaaS deployment which uses a custom self-sign certificate. When logging into the OpenFaas endpoint via faas-cli, I need to use --tls-no-verify flag as expected. However, upon a successful login, I would not expect to need to pass this argument again as that user selection should be part of the login operation and stored.

Below is an example of logging and specify no TLS verify and then following operation is to create a secret and I would not expect to provide the no TLS verify argument again.

faas-cli login --username admin --password-stdin --tls-no-verify
faas-cli secret create vcconfig --from-file=vcconfig.toml

Current Behaviour

Since the no TLS verify argument is not persisted upon successful login, all CLI operations must have this additional flag appended which is a bit cumbersome.

faas-cli login --username admin --password-stdin --tls-no-verify
faas-cli secret create vcconfig --from-file=vcconfig.toml --tls-no-verify

Possible Solution

Persist the TLS context as part of the initial login and not require that upon subsequent CLI operations until session has either expired or user has logged out

Steps to Reproduce (for bugs)

Step 1 - Configure OpenFaaS w/self-sign certificate Step 2 - Login via the CLI and specify --tls-no-verify Step 3 - Perform operation afterwards like creating a secret without specifying --tls-no-verify

Your Environment

  • FaaS-CLI version ( Full output from: faas-cli version ): 0.8.4

  • Docker version docker version (e.g. Docker 17.0.05 ): 19.03.2

  • Are you using Docker Swarm or Kubernetes (FaaS-netes)? FaaS-netes

  • Operating System and version (e.g. Linux, Windows, MacOS): VMware PhotonOS

  • Code example or link to GitHub repo or gist to reproduce problem: N/A

  • Other diagnostic information / logs from troubleshooting guide: N/A

lamw avatar Oct 01 '19 19:10 lamw

I agree with you @lamw.

We could accomplish this by adding an entry to ~/.openfaas/config.yaml:

auths:
- gateway: http://127.0.0.1:31112
  auth: basic
  token: <token>
  tls_no_verify: true

And check this in the subsequent commands.

jonatasbaldin avatar Oct 04 '19 16:10 jonatasbaldin

If these is an accepted design, I could work on it.

jonatasbaldin avatar Oct 04 '19 16:10 jonatasbaldin

Moving to correct faas/faas-cli repo.

alexellis avatar Oct 06 '19 17:10 alexellis

Happy to take a PR from the VMware team for this @lamw @embano1 WDYT?

alexellis avatar Oct 08 '19 08:10 alexellis

@alexellis This looks good to me. An alternative solution that would yield the same result is that if user passes in disable TLS upon login, it can automatically add this into the config file and this way it doesn't require user to manually remember to do so for subsequent calls. Its minor but I've seen this behavior in pass CLIs and would make for a better experience IMO.

lamw avatar Oct 08 '19 13:10 lamw