Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated Authentication section to reflect AWX only method. #15602

Open
wants to merge 3 commits into
base: devel
Choose a base branch
from
Open

Updated Authentication section to reflect AWX only method. #15602

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0a8dfdb
Updated Authentication section to reflect AWX only method.
tvo318 Oct 25, 2024
1d20342
Update awxkit/awxkit/cli/docs/source/authentication.rst
tvo318 Oct 31, 2024
95339be
Merge branch 'devel' into removeOAuth-CLI
tvo318 Oct 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 1 addition & 59 deletions awxkit/awxkit/cli/docs/source/authentication.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,65 +3,7 @@
Authentication
==============

Generating a Personal Access Token
----------------------------------

The preferred mechanism for authenticating with AWX and |RHAT| is by generating and storing an OAuth2.0 token. Tokens can be scoped for read/write permissions, are easily revoked, and are more suited to third party tooling integration than session-based authentication.

|prog| provides a simple login command for generating a personal access token from your username and password.

.. code:: bash

CONTROLLER_HOST=https://awx.example.org \
CONTROLLER_USERNAME=alice \
CONTROLLER_PASSWORD=secret \
awx login

As a convenience, the ``awx login -f human`` command prints a shell-formatted token
value:

.. code:: bash

export CONTROLLER_OAUTH_TOKEN=6E5SXhld7AMOhpRveZsLJQsfs9VS8U

By ingesting this token, you can run subsequent CLI commands without having to
specify your username and password each time:

.. code:: bash

export CONTROLLER_HOST=https://awx.example.org
$(CONTROLLER_USERNAME=alice CONTROLLER_PASSWORD=secret awx login -f human)
awx config

Working with OAuth2.0 Applications
----------------------------------

AWX and |RHAT| allow you to configure OAuth2.0 applications scoped to specific
organizations. To generate an application token (instead of a personal access
token), specify the **Client ID** and **Client Secret** generated when the
application was created.

.. code:: bash

CONTROLLER_USERNAME=alice CONTROLLER_PASSWORD=secret awx login \
--conf.client_id <value> --conf.client_secret <value>


OAuth2.0 Token Scoping
----------------------

By default, tokens created with ``awx login`` are write-scoped. To generate
a read-only token, specify ``--scope read``:

.. code:: bash

CONTROLLER_USERNAME=alice CONTROLLER_PASSWORD=secret \
awx login --conf.scope read

Session Authentication
----------------------
If you do not want or need to generate a long-lived token, |prog| allows you to
specify your username and password on every invocation:
To authenticate to AWX, include your username and password in each command invocation as shown in the following examples:

.. code:: bash

Expand Down
Loading