Mender-cli login by tenant token

General Discussions
1

Hi!

I have three question regarding the mender-cli.

  1. Is it possible to login to the server e.g. https://hosted.mender.io or self hosted in Enterprise with the tenant token instead of username and password? I don’t like the idea of having a plain text file lying around with my credentials.
  2. Currently i linked my github account to mender.io, but the login does not work. I created the ~/.mender-clirc json file
{
    "username": "<email-used-for-github-account>",
    "password": "<password-for-github-account>",
    "server"  : "https://hosted.mender.io"
}

When i try to login i get 401

$ mender-cli login
Using configuration file: /home/armin/.mender-clirc
FAILURE: login failed with status 401

Therefore i cannot use the mender-cli for artifacts managing within my CI/CD.

  1. Why are issues in the github-repo for mender-cli disabled? I would create an issue as it is the github way to go.
2

Right now we only support user/password login. There is something in the works to support “API keys” functionality.

Many CI environments have the possibility to manage secrets, to avoid storing them as plain text files. I do not know if that is a possibility for you.

Currently i linked my github account to mender.io, but the login does not work. I created the ~/.mender-clirc json file

Will defer to @tranchitella or @peter.

Why are issues in the github-repo for mender-cli disabled? I would create an issue as it is the github way to go.

Issues on github are disabled for all of our repositories, mostly I think since we have many repositories (59 and counting) and we prefer to centrally manage any questions/issues.

The prefererad is https://hub.mender.io or Mender - Issues - Mender and CFEngine (by Northern.tech) Jira (also public)

3

Hi!

thanks for clearing things up.
I created a PR (https://github.com/mendersoftware/mender-cli/pull/76) that makes configuration file handling and password handling a little bit better. The current behavior was a little non verbose. Also the interactive password prompt never got used.

4

hello @siredmar

were you able to login with github?

peter

5

Following up on this thread to see if the status has changed.

@mirzak: You mentioned that support for API access using keys/token was in the works. Do you have any update on this? It’s four years on and, unless I’m doing something wrong, it doesn’t seem to be supported yet (mender-cli version 1.12.0).

Thanks,
Steve

6

Hello,

Indeed, several improvements are in place in this area now:

This should hopefully make your integrations much easier!

7

Thanks @eystein. Do you know what version of mender-cli had access via tokens added? Unless I’m doing something wrong, it doesn’t appear to work with version 1.12.0 that’s on the downloads page.

$ ./mender-cli --version
Configuration file not found. Continuing.
mender-cli version 1.12.0

$ ./mender-cli artifacts --server https://hosted.mender.io --token-value XXXXX list
Configuration file not found. Continuing.
FAILURE: Get https://hosted.mender.io/api/management/v1/deployments/artifacts request failed with status 401

I get the same result if I write the token to a file and use the -token option.

The same token in /etc/mender/mender.conf on a client works with mender-authd. I can also list the files with mender-cli after I login.

Steve
8

Hi Steve!

Those are two different types of tokens it appears.

mender-cli supports JWT token only it appears, which are short-lived and returned by the login enpoint. Did those work for you? Take a look here: Using the APIs | Mender documentation

The newer long-lived tokens are PAT (Personal Access Tokens). Those are used by the CI/CD integrations I referenced.

9

Hi.

I’ve not tried to use JWT tokens. If they are only short lived, then they are not of much interest I’m afraid.

I’m having a hard time putting together this:

with this:

Indeed, the referenced information says that it uses Personal Access Tokens. But at the same time the mender:upload:artifact that it references uses mender-cli to upload the artifacts.

So if mender-cli only supports JWT, how can the ${MENDER_SERVER_ACCESS_TOKEN} variable that the CI scripts use be a PAT?

Steve