From: Thanh Ha Date: Wed, 24 Oct 2018 01:08:14 +0000 (-0400) Subject: Allow additional credential input methods X-Git-Tag: v0.19.0~21^2 X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=commitdiff_plain;h=9b3f9748c5ef839e941adef6cc15e9214c598bfa;p=releng%2Flftools.git Allow additional credential input methods Provide additional methods for credential passing. 1. Via explicit --password parameter 2. Via environment variable LFTOOLS_PASSWORD 3. At runtime if --interactive mode is set Issue: RELENG-1207 Change-Id: I9f083cc7b7381ab8df0578664ae29fa18ef279cf Signed-off-by: Thanh Ha --- diff --git a/lftools/cli/__init__.py b/lftools/cli/__init__.py index 21df0bad..b2b0720d 100644 --- a/lftools/cli/__init__.py +++ b/lftools/cli/__init__.py @@ -11,10 +11,14 @@ __author__ = 'Thanh Ha' +import getpass import logging import click +from six.moves import configparser +from six.moves import input +from lftools import config as conf from lftools.cli.config import config_sys from lftools.cli.dco import dco from lftools.cli.deploy import deploy @@ -30,9 +34,12 @@ log = logging.getLogger(__name__) @click.group() @click.option('--debug', envvar='DEBUG', is_flag=True, default=False) +@click.option('--password', envvar='LFTOOLS_PASSWORD', default=None) +@click.option('--username', envvar='LFTOOLS_USERNAME', default=None) +@click.option('-i', '--interactive', is_flag=True, default=False) @click.pass_context @click.version_option() -def cli(ctx, debug): +def cli(ctx, debug, interactive, password, username): """CLI entry point for lftools.""" if debug: logging.getLogger("").setLevel(logging.DEBUG) @@ -40,6 +47,31 @@ def cli(ctx, debug): ctx.obj['DEBUG'] = debug log.debug('DEBUG mode enabled.') + # Start > Credentials + if username is None: + if interactive: + username = input('Username: ') + else: + try: + username = conf.get_setting('global', 'username') + except (configparser.NoOptionError, + configparser.NoSectionError) as e: + username = None + + if password is None: + if interactive: + password = getpass.getpass('Password: ') + else: + try: + password = conf.get_setting('global', 'password') + except (configparser.NoOptionError, + configparser.NoSectionError) as e: + password = None + + ctx.obj['username'] = username + ctx.obj['password'] = password + # End > Credentials + cli.add_command(config_sys) cli.add_command(infofile) diff --git a/lftools/cli/jenkins/token.py b/lftools/cli/jenkins/token.py index 1adcdfc9..a673b5fc 100644 --- a/lftools/cli/jenkins/token.py +++ b/lftools/cli/jenkins/token.py @@ -36,7 +36,15 @@ def token(ctx): def change(ctx): """Generate a new API token.""" jenkins = ctx.obj['jenkins'] - log.info(get_token(jenkins.url, change=True)) + username = ctx.obj['username'] + password = ctx.obj['password'] + + if not username or not password: + log.error('Username or password not set.') + sys.exit(1) + + log.info(get_token(jenkins.url, change=True, + username=username, password=password)) @click.command() @@ -46,12 +54,20 @@ def change(ctx): def init(ctx, name, url): """Initialize jenkins_jobs.ini config for new server section.""" jenkins = ctx.obj['jenkins'] + username = ctx.obj['username'] + password = ctx.obj['password'] + + if not username or not password: + log.error('Username or password not set.') + sys.exit(1) + _require_jjb_ini(jenkins.config_file) config = configparser.ConfigParser() config.read(jenkins.config_file) - token = get_token(url, True) + token = get_token(url, change=True, + username=username, password=password) try: config.add_section(name) except configparser.DuplicateSectionError as e: @@ -71,7 +87,14 @@ def init(ctx, name, url): def print_token(ctx): """Print current API token.""" jenkins = ctx.obj['jenkins'] - log.info(get_token(jenkins.url)) + username = ctx.obj['username'] + password = ctx.obj['password'] + + if not username or not password: + log.error('Username or password not set.') + sys.exit(1) + + log.info(get_token(jenkins.url, username=username, password=password)) @click.command() @@ -90,13 +113,21 @@ def reset(ctx, servers): configuration file will be reset via multi-server mode. """ jenkins = ctx.obj['jenkins'] + username = ctx.obj['username'] + password = ctx.obj['password'] + + if not username or not password: + log.error('Username or password not set.') + sys.exit(1) + _require_jjb_ini(jenkins.config_file) def _reset_key(config, server): url = config.get(server, 'url') try: - token = get_token(url, True) + token = get_token(url, change=True, + username=username, password=password) config.set(server, 'password', token) with open(jenkins.config_file, 'w') as configfile: config.write(configfile) diff --git a/lftools/jenkins/token.py b/lftools/jenkins/token.py index b6128ed4..42c25ed7 100644 --- a/lftools/jenkins/token.py +++ b/lftools/jenkins/token.py @@ -15,21 +15,16 @@ import logging import jenkins -from lftools import config - log = logging.getLogger(__name__) -def get_token(url, change=False): +def get_token(url, username, password, change=False): """Get API token. This function uses the global username / password for Jenkins from lftools.ini as the user asking for the token may not already know the api token. """ - username = config.get_setting('global', 'username') - password = config.get_setting('global', 'password') - if change: log.debug('Resetting Jenkins API token on {}'.format(url)) else: diff --git a/releasenotes/notes/credential-input-73245c664c98cdc1.yaml b/releasenotes/notes/credential-input-73245c664c98cdc1.yaml new file mode 100644 index 00000000..fc7b82e1 --- /dev/null +++ b/releasenotes/notes/credential-input-73245c664c98cdc1.yaml @@ -0,0 +1,8 @@ +--- +features: + - | + Provide additional methods to pass LFID to lftools than lftools.ini + + 1. Via explicit ``--password`` parameter + 2. Via environment variable ``LFTOOLS_PASSWORD`` + 3. At runtime if ``--interactive`` mode is set