token authentication for api and cli in pulp

[xm1234567]

On github, or gitlab, it is possible to have api or cli access by token . I am wondering, is it possible for Pulp? or could add it as new feature? So instead of username and password, we can use token in pulp-cli and httpie?

To use it, maybe something like:

• In http request: 'Authorization': "Token " + pulpuer_token
• In pulp-cli : --token parameter or in a variable in .config/pulp/cli.toml

For token generation:

• Pulp admin can create a token for a robot account for some automatic cron jobs
• A user can also create his token by cli or by web interface

We are very interested to this feature!

Thanks!

[bmbouter]

The CLI would need support for this, and I think we have a ticket filed here for that.

Pulp itself could follow this guide and be setup today just with settings. Thanks @ggainey for the original link to the guide.

If ^ is right then Pulp itself doesn't need code changes. So this issue could either become a docs issue or closed.

[xm1234567]

Great! I can set up token authentication with the settings!

As the guide says, I just add the needed part in INSTALLED_APPS and REST_FRAMEWORK, then restart the container from scratch, the authtoken_token table is created in DB.

I test with pulpcore-manager drf_create_token user1, and I can use the created token in my python/request script or by httpie cli:
http --verify no GET "https://x.x.x.x/pulp/api/v3/repositories/rpm/rpm/?name="repo9" "Authorization: Token xxxxxx"

Yesterday I read the guild you mentioned , but with no experience of Django, I was not ready to create a app and view things :)

Thanks very much!

[xm1234567]

yes, please transfer it to a doc issue. It would be helpful to other users who are looking for this usage of token

[mdellweg]

When you write the docs, please have a look at the generated api_spec (jq '.components.securitySchemes') and make sure the token auth mechanism is properly represented. It's ok to file a new issue if not.