def setup_cluster(dcos_url,
username,
password,
ssl_verify=True,
refresh_auth=False):
"""Setup a new connection to a DC/OS cluster.
:returns: the cluster that was connected to
:rtype: str
"""
url = util.normalize_url(dcos_url)
# first see if it is already configured
cluster = get_cluster(url)
if cluster is not None:
cluster.set_attached()
if refresh_auth:
auth.dcos_uid_password_auth(url, username, password)
return cluster
with setup_directory() as tempdir:
set_attached(tempdir)
# in python 2 this url NEEDS to be a str
# otherwise for some reason toml messes up
config.set_val("core.dcos_url", str(url))
config.set_val("core.ssl_verify", ssl_verify)
auth.dcos_uid_password_auth(url, username, password)
return setup_cluster_config(url, tempdir, False)
def login(dcos_url, password_str, password_env, password_file, provider,
username, key_path):
"""
:param dcos_url: URL of DC/OS cluster
:type dcos_url: str
:param password_str: password
:type password_str: str
:param password_env: name of environment variable with password
:type password_env: str
:param password_file: path to file with password
:type password_file: bool
:param provider: name of provider to authentication with
:type provider: str
:param username: username
:type username: str
:param key_path: path to file with private key
:type param: str
:rtype: int
"""
password = _get_password(password_str, password_env, password_file)
if provider is None:
if username and password:
auth.dcos_uid_password_auth(dcos_url, username, password)
elif username and key_path:
auth.servicecred_auth(dcos_url, username, key_path)
else:
try:
providers = auth.get_providers()
# Let users know if they have non-default providers configured
# This is a weak check, we should check default versions per
# DC/OS version since defaults will change. jj
if len(providers) > 2:
msg = ("\nYour cluster has several authentication "
"providers enabled. Run `dcos auth "
"list-providers` to see all providers and `dcos "
"auth login --provider <provider-id>` to "
"authenticate with a specific provider\n")
emitter.publish(DefaultError(msg))
except DCOSException:
pass
finally:
auth.header_challenge_auth(dcos_url)
else:
providers = auth.get_providers()
if providers.get(provider):
_trigger_client_method(provider, providers[provider], username,
password, key_path)
else:
msg = "Provider [{}] not configured on your cluster"
raise DCOSException(msg.format(provider))
return 0
def _trigger_client_method(provider,
provider_info,
username=None,
password=None,
key_path=None):
"""
Trigger client method for authentication type user requested
:param provider: provider_id requested by user
:type provider: str
:param provider_info: info about auth type defined by provider
:param provider_info: dict
:param username: username
:type username: str
:param password: password
:type password: str
:param key_path: path to file with service key
:type param: str
:rtype: None
"""
client_method = provider_info.get("client-method")
dcos_url = config.get_config_val("core.dcos_url")
if client_method == "browser-prompt-authtoken":
auth.browser_prompt_auth(dcos_url, provider_info)
elif client_method == "browser-prompt-oidcidtoken-get-authtoken":
auth.oidc_implicit_flow_auth(dcos_url)
elif client_method == "dcos-usercredential-post-receive-authtoken" or \
client_method == "dcos-credential-post-receive-authtoken":
if not username or not password:
msg = "Please specify username and password for provider [{}]"
raise DCOSException(msg.format(provider))
auth.dcos_uid_password_auth(dcos_url, username, password)
elif client_method == "dcos-servicecredential-post-receive-authtoken":
if not username or not key_path:
msg = "Please specify username and service key for provider [{}]"
raise DCOSException(msg.format(provider))
auth.servicecred_auth(dcos_url, username, key_path)
else:
msg = "Authentication by provider [{}] is not supported by this CLI"
raise DCOSException(msg.format(provider))