Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

maintain user TLS context selection after faas-cli login #700

Open
lamw opened this issue Oct 1, 2019 · 5 comments
Open

maintain user TLS context selection after faas-cli login #700

lamw opened this issue Oct 1, 2019 · 5 comments
Labels
design/review enhancement priority/low

Comments

@lamw
Copy link

lamw commented Oct 1, 2019

Expected Behavior

I've got an OpenFaaS deployment which uses a custom self-sign certificate. When logging into the OpenFaas endpoint via faas-cli, I need to use --tls-no-verify flag as expected. However, upon a successful login, I would not expect to need to pass this argument again as that user selection should be part of the login operation and stored.

Below is an example of logging and specify no TLS verify and then following operation is to create a secret and I would not expect to provide the no TLS verify argument again.

faas-cli login --username admin --password-stdin --tls-no-verify
faas-cli secret create vcconfig --from-file=vcconfig.toml

Current Behaviour

Since the no TLS verify argument is not persisted upon successful login, all CLI operations must have this additional flag appended which is a bit cumbersome.

faas-cli login --username admin --password-stdin --tls-no-verify
faas-cli secret create vcconfig --from-file=vcconfig.toml --tls-no-verify

Possible Solution

Persist the TLS context as part of the initial login and not require that upon subsequent CLI operations until session has either expired or user has logged out

Steps to Reproduce (for bugs)

Step 1 - Configure OpenFaaS w/self-sign certificate
Step 2 - Login via the CLI and specify --tls-no-verify
Step 3 - Perform operation afterwards like creating a secret without specifying --tls-no-verify

Your Environment

  • FaaS-CLI version ( Full output from: faas-cli version ): 0.8.4

  • Docker version docker version (e.g. Docker 17.0.05 ): 19.03.2

  • Are you using Docker Swarm or Kubernetes (FaaS-netes)? FaaS-netes

  • Operating System and version (e.g. Linux, Windows, MacOS): VMware PhotonOS

  • Code example or link to GitHub repo or gist to reproduce problem: N/A

  • Other diagnostic information / logs from troubleshooting guide: N/A
@jonatasbaldin
Copy link
Contributor

I agree with you @lamw.

We could accomplish this by adding an entry to ~/.openfaas/config.yaml:

auths:
- gateway: http://127.0.0.1:31112
  auth: basic
  token: <token>
  tls_no_verify: true

And check this in the subsequent commands.

@jonatasbaldin
Copy link
Contributor

If these is an accepted design, I could work on it.

@alexellis alexellis transferred this issue from openfaas/faas Oct 6, 2019
@alexellis
Copy link
Member

Moving to correct faas/faas-cli repo.

@alexellis
Copy link
Member

Happy to take a PR from the VMware team for this @lamw @embano1 WDYT?

@lamw
Copy link
Author

lamw commented Oct 8, 2019

@alexellis This looks good to me. An alternative solution that would yield the same result is that if user passes in disable TLS upon login, it can automatically add this into the config file and this way it doesn't require user to manually remember to do so for subsequent calls. Its minor but I've seen this behavior in pass CLIs and would make for a better experience IMO.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
design/review enhancement priority/low
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lamw @alexellis @jonatasbaldin