fix: addresses cli erroneously wants a secret when env password is set (#30892)
closes: #30866 Signed-off-by: Steve Hawkins <shawkins@redhat.com>
This commit is contained in:
parent
690c6051bb
commit
aae1fa1417
3 changed files with 37 additions and 8 deletions
|
@ -63,19 +63,19 @@ public abstract class BaseAuthOptionsCmd extends BaseGlobalOptionsCmd {
|
||||||
@Option(names = "--user", description = "Username to login with")
|
@Option(names = "--user", description = "Username to login with")
|
||||||
protected String user;
|
protected String user;
|
||||||
|
|
||||||
@Option(names = "--password", description = "Password to login with (prompted for if not specified, --user is used, and the env variable KC_CLI_PASSWORD is not defined)", defaultValue = "${env:KC_CLI_PASSWORD}")
|
@Option(names = "--password", description = "Password to login with (prompted for if not specified, --user is used, and the env variable KC_CLI_PASSWORD is not defined)")
|
||||||
protected String password;
|
protected String password;
|
||||||
|
|
||||||
@Option(names = "--secret", description = "Secret to authenticate the client (prompted for if no --user nor --keystore is specified, and the env variable KC_CLI_CLIENT_SECRET is not defined)", defaultValue = "${env:KC_CLI_CLIENT_SECRET}")
|
@Option(names = "--secret", description = "Secret to authenticate the client (prompted for if no --user nor --keystore is specified, and the env variable KC_CLI_CLIENT_SECRET is not defined)")
|
||||||
protected String secret;
|
protected String secret;
|
||||||
|
|
||||||
@Option(names = "--keystore", description = "Path to a keystore containing private key")
|
@Option(names = "--keystore", description = "Path to a keystore containing private key")
|
||||||
protected String keystore;
|
protected String keystore;
|
||||||
|
|
||||||
@Option(names = "--storepass", description = "Keystore password (prompted for if not specified, --keystore is used, and the env variable KC_CLI_STORE_PASSWORD is undefined)", defaultValue = "${env:KC_CLI_STORE_PASSWORD}")
|
@Option(names = "--storepass", description = "Keystore password (prompted for if not specified, --keystore is used, and the env variable KC_CLI_STORE_PASSWORD is undefined)")
|
||||||
protected String storePass;
|
protected String storePass;
|
||||||
|
|
||||||
@Option(names = "--keypass", description = "Key password (prompted for if not specified and --keystore is used without --storepass, \n otherwise defaults to keystore password)", defaultValue = "${env:KC_CLI_KEY_PASSWORD}")
|
@Option(names = "--keypass", description = "Key password (prompted for if not specified, --keystore is used without --storepass, and the env variable KC_CLI_KEY_PASSWORD is undefined, otherwise defaults to keystore password)")
|
||||||
protected String keyPass;
|
protected String keyPass;
|
||||||
|
|
||||||
@Option(names = "--alias", description = "Alias of the key inside a keystore (defaults to the value of ClientId)")
|
@Option(names = "--alias", description = "Alias of the key inside a keystore (defaults to the value of ClientId)")
|
||||||
|
@ -84,7 +84,7 @@ public abstract class BaseAuthOptionsCmd extends BaseGlobalOptionsCmd {
|
||||||
@Option(names = "--truststore", description = "Path to a truststore")
|
@Option(names = "--truststore", description = "Path to a truststore")
|
||||||
protected String trustStore;
|
protected String trustStore;
|
||||||
|
|
||||||
@Option(names = "--trustpass", description = "Truststore password (prompted for if not specified, --user is used, and the env variable KC_CLI_TRUSTSTORE_PASSWORD is not defined)", defaultValue = "${env:KC_CLI_TRUSTSTORE_PASSWORD}")
|
@Option(names = "--trustpass", description = "Truststore password (prompted for if not specified, --user is used, and the env variable KC_CLI_TRUSTSTORE_PASSWORD is not defined)")
|
||||||
protected String trustPass;
|
protected String trustPass;
|
||||||
|
|
||||||
@Option(names = "--insecure", description = "Turns off TLS validation")
|
@Option(names = "--insecure", description = "Turns off TLS validation")
|
||||||
|
@ -174,7 +174,10 @@ public abstract class BaseAuthOptionsCmd extends BaseGlobalOptionsCmd {
|
||||||
pass = configData.getTrustpass();
|
pass = configData.getTrustpass();
|
||||||
}
|
}
|
||||||
if (pass == null) {
|
if (pass == null) {
|
||||||
pass = IoUtil.readSecret("Enter truststore password: ");
|
pass = System.getenv("KC_CLI_TRUSTSTORE_PASSWORD");
|
||||||
|
}
|
||||||
|
if (pass == null) {
|
||||||
|
pass = IoUtil.readSecret("Enter truststore password: ");
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
|
@ -103,6 +103,9 @@ public class BaseConfigCredentialsCmd extends BaseAuthOptionsCmd {
|
||||||
printErr("Logging into " + server + " as user " + user + " of realm " + realm);
|
printErr("Logging into " + server + " as user " + user + " of realm " + realm);
|
||||||
|
|
||||||
// if user was set there needs to be a password so we can authenticate
|
// if user was set there needs to be a password so we can authenticate
|
||||||
|
if (password == null) {
|
||||||
|
password = System.getenv("KC_CLI_PASSWORD");
|
||||||
|
}
|
||||||
if (password == null) {
|
if (password == null) {
|
||||||
password = readSecret("Enter password: ");
|
password = readSecret("Enter password: ");
|
||||||
}
|
}
|
||||||
|
@ -114,7 +117,10 @@ public class BaseConfigCredentialsCmd extends BaseAuthOptionsCmd {
|
||||||
grantTypeForAuthentication = OAuth2Constants.CLIENT_CREDENTIALS;
|
grantTypeForAuthentication = OAuth2Constants.CLIENT_CREDENTIALS;
|
||||||
printErr("Logging into " + server + " as " + "service-account-" + clientId + " of realm " + realm);
|
printErr("Logging into " + server + " as " + "service-account-" + clientId + " of realm " + realm);
|
||||||
if (keystore == null && secret == null) {
|
if (keystore == null && secret == null) {
|
||||||
secret = readSecret("Enter client secret: ");
|
secret = System.getenv("KC_CLI_CLIENT_SECRET");
|
||||||
|
if (secret == null) {
|
||||||
|
secret = readSecret("Enter client secret: ");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -127,9 +133,18 @@ public class BaseConfigCredentialsCmd extends BaseAuthOptionsCmd {
|
||||||
throw new RuntimeException("No such keystore file: " + keystore);
|
throw new RuntimeException("No such keystore file: " + keystore);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (storePass == null) {
|
||||||
|
storePass = System.getenv("KC_CLI_STORE_PASSWORD");
|
||||||
|
}
|
||||||
|
if (keyPass == null) {
|
||||||
|
keyPass = System.getenv("KC_CLI_KEY_PASSWORD");
|
||||||
|
}
|
||||||
|
|
||||||
if (storePass == null) {
|
if (storePass == null) {
|
||||||
storePass = readSecret("Enter keystore password: ");
|
storePass = readSecret("Enter keystore password: ");
|
||||||
keyPass = readSecret("Enter key password: ");
|
if (keyPass == null) {
|
||||||
|
keyPass = readSecret("Enter key password: ");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (keyPass == null) {
|
if (keyPass == null) {
|
||||||
|
|
|
@ -673,4 +673,15 @@ public class KcAdmTest extends AbstractAdmCliTest {
|
||||||
assertExitCodeAndStreamSizes(exec, 0, 0, 1);
|
assertExitCodeAndStreamSizes(exec, 0, 0, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testEnvPasswordWithRegularCommand() {
|
||||||
|
execute("config credentials --server " + serverUrl + " --realm master --user admin --password admin");
|
||||||
|
KcAdmExec exec = KcAdmExec.newBuilder()
|
||||||
|
.argsLine("get users --format csv")
|
||||||
|
.env("KC_CLI_PASSWORD=ignoreme")
|
||||||
|
.execute();
|
||||||
|
// should not contain an error message
|
||||||
|
assertExitCodeAndStreamSizes(exec, 0, 1, 0);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue