charm login needs non-interactive authentication

[ryan-beisner]

charm login appears to be interactive-only. A non-interactive authentication method is needed in order to automate charm pushing and publishing on the back end of dev, test and release workflows.

CI operators and dev teams are accustomed to systematically authenticating with the likes of Launchpad, Github and Gerrit, and we should have a similar experience with the Charm Store.

OpenStack charmers have ~208 (26 x [stable+next] x [precise, trusty, wily, xenial]) resultant charms that are no longer ingesting into the charm store from branches.

The OpenStack charms in the charm store are growing stale. We've done some charm pushes where urgent and needed, and we have our review system ready to do automatic charm publishing on the tail end of the dev/ci flow. Just need auths. 😄

[ryan-beisner]

FYI:

ERROR cannot log in: cannot retrieve the authentication macaroon: cannot get discharge from "https://api.jujucharms.com/identity/v1/discharger": cannot start interactive session: cannot read login parameters: cannot complete form: cannot read input: unexpected EOF
ERROR cannot log in: cannot retrieve the authentication macaroon: cannot get discharge from "https://api.jujucharms.com/identity/v1/discharger": cannot start interactive session: cannot read login parameters: cannot complete form: cannot read input: unexpected EOF
ERROR cannot log in: cannot retrieve the authentication macaroon: cannot get discharge from "https://api.jujucharms.com/identity/v1/discharger": cannot start interactive session: cannot read login parameters: cannot complete form: cannot read input: unexpected EOF
ERROR cannot log in: cannot retrieve the authentication macaroon: cannot get discharge from "https://api.jujucharms.com/identity/v1/discharger": cannot start interactive session: cannot read login parameters: cannot complete form: cannot read input: unexpected EOF
ERROR cannot log in: cannot retrieve the authentication macaroon: cannot get discharge from "https://api.jujucharms.com/identity/v1/discharger": cannot start interactive session: cannot read login parameters: cannot complete form: cannot read input: unexpected EOF
ERROR cannot log in: cannot retrieve the authentication macaroon: cannot get discharge from "https://api.jujucharms.com/identity/v1/discharger": cannot start interactive session: cannot read login parameters: cannot complete form: cannot read input: unexpected EOF
ERROR cannot log in: cannot retrieve the authentication macaroon: cannot get discharge from "https://api.jujucharms.com/identity/v1/discharger": cannot start interactive session: cannot read login parameters: cannot complete form: cannot read input: unexpected EOF
ERROR cannot log in: cannot retrieve the authentication macaroon: cannot get discharge from "https://api.jujucharms.com/identity/v1/discharger": cannot start interactive session: cannot read login parameters: cannot complete form: cannot read input: unexpected EOF
ERROR cannot log in: cannot retrieve the authentication macaroon: cannot get discharge from "https://api.jujucharms.com/identity/v1/discharger": cannot start interactive session: cannot read login parameters: cannot complete form: cannot read input: unexpected EOF
ERROR cannot log in: cannot retrieve the authentication macaroon: cannot get discharge from "https://api.jujucharms.com/identity/v1/discharger": cannot start interactive session: cannot read login parameters: cannot complete form: cannot read input: unexpected EOF
Press return to select a default value. Username: Press return to select a default value. Username: Press return to select a default value. Username: Press return to select a default value. Username: Press return to select a default value. Username: Press return to select a default value. Username: Press return to select a default value. Username: Press return to select a default value. Username: Press return to select a default value. Username: Press return to select a default value. Username:

[urosj]

@ryan-beisner I think your CI is now publishing charms, right?

[mhilton]

Underneath charm login uses an OAuth token obtained from Ubuntu SSO so it is possible to set it up without the need for interaction. The token is stored in ${XDG_DATA_HOME:-$HOME/.local/share}/juju/store-usso-token. Once you have such a token it can be copied between accounts to enable access. The user experience for this does need some work though.

[urosj]

@ryan-beisner Can we close this?

[ryan-beisner]

Thank you all for the info and support. Yes, we have push + publish automation in place. 😃

We have had to re-auth and re-distribute the tokens periodically, presumably the same as SSO periodically requires humans to re-auth. That should be improved IMO. The experience I would aim for is one that can be keyed up, then just works. Such as the experience with LP or GH + SSH keys.

Before closing, I'd like to see the current approach documented somewhere outside the GH bug, as others will want to do CS push automation.