Unable to add a saml private key using tower cli

[skamithi]

trying to use tower-cli to input the saml cert private key..

I got the public cert to be accepted by removing the headers and removing newlines.

For the private key I tried the following

• first just removed the headers of the key and removed the newlines
• then just tried without doing anything.

All attempts say key is invalid. But if I input the key into the UI it works.

Here is the output I get, key is redacted

# first just try remove new lines
(tower-cli)% tower-cli setting modify SOCIAL_AUTH_SAML_SP_PRIVATE_KEY `cat aws.key | tr -d '\n'`
Error: no such option: -----BEGIN

# then try remove --begin private key -- and --end private key -- headers
(tower-cli) :% tower-cli setting modify SOCIAL_AUTH_SAML_SP_PRIVATE_KEY `sed -e '/^-/d'  aws.key | tr -d '\n'`
Error: The Tower server claims it was sent a bad request.

PATCH https://mytowerserver/api/v1/settings/all/
Params: None
Data: {"SOCIAL_AUTH_SAML_SP_PRIVATE_KEY": "[removed]"}

Response: {"SOCIAL_AUTH_SAML_SP_PRIVATE_KEY":["Invalid certificate or key: u'MIIEvQIBADA[removed]'..."]}

[AlanCoding]

This is a problem for direct input, but I think that we have a workaround that may be acceptable if it can be documented fully.

From my testing, I believe the following syntax should work:

tower-cli setting modify SOCIAL_AUTH_SAML_SP_PRIVATE_KEY @aws.key -v

This won't remove the newlines, but I'm not sure off the top of my head if that's necessary or not for the server to correctly use the key.

We added the option to get contents from a file by prefixing with the "@" character due to similar hangups that people experienced.

EDIT: this is not documented in the help text, but it should be.