Project

General

Profile

Actions

Idea #3897

open

[SDKs] Clients can specify which auth config file to load.

Added by Tim Pierce about 10 years ago. Updated 9 months ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
-
Target version:
Start date:
Due date:
Story points:
0.5
Release:
Release relationship:
Auto

Description

The usual methods by which a client authenticates to Arvados are
  • ARVADOS_API_HOST, ARVADOS_API_TOKEN and ARVADOS_API_HOST_INSECURE environment variables
  • $HOME/.config/arvados/settings.conf

Both methods stop being convenient when a given UNIX shell account is used to authenticate to more than a single Arvados account at a single Arvados instance with a single API token. Both methods are just plain useless when a single process uses multiple Arvados accounts/instances/tokens (e.g., arv-copy).

The Python SDK has a concept of a connection profile (API version, host, token, insecure flag). This concept should be extended to configuration files: the choice of which credentials/endpoint to use can be indicated by a path to a configuration file.

For example, these could be equivalent:

arv --auth-file ~/.config/arvados/foo.conf user current
arv --auth foo user current
Notes:
  • Avoid the obvious command line parameter name --config for choosing a connection profile, despite the tempting ~/.config path convention. This causes confusion between configuration and authentication. (When the arv tool gets real configuration options, like default output format, visual editor, and auth profile, we'll want those configs to be orthogonal to authentication profiles.)
  • Avoid assuming there is only one auth profile per Arvados instance. In documentation, avoid directing users to make qr1hi.conf. Something like tom@qr1hi.conf makes it more clear what's happening.
  • Leave room for supporting a file format like yaml, and multiple auth profiles per config file. But for now, ~/.config/arvados/{string}.conf provides a decent amount of flexibility.

Related issues

Has duplicate Arvados - Feature #9070: arv-put to another clusterDuplicate04/27/2016Actions
Has duplicate Arvados - Feature #3805: [SDKs] CLI supports ARVADOS_CONFIG variableDuplicate09/03/2014Actions
Actions #1

Updated by Tim Pierce about 10 years ago

  • Description updated (diff)
Actions #2

Updated by Tom Clegg about 10 years ago

  • Subject changed from Clients can authenticate to multiple Arvados instances consistently to [SDKs] Clients can specify which auth config file to load.
  • Story points set to 0.5
Actions #3

Updated by Tom Clegg about 10 years ago

  • Description updated (diff)
Actions #4

Updated by Brett Smith over 8 years ago

#3805 suggests an implementation based on an ARVADOS_CONFIG environment variable.

Actions #5

Updated by Ward Vandewege over 3 years ago

  • Target version deleted (Arvados Future Sprints)
Actions #6

Updated by Peter Amstutz almost 2 years ago

  • Release set to 60
Actions #7

Updated by Peter Amstutz 9 months ago

  • Target version set to Future
Actions

Also available in: Atom PDF