cloudfoundry/credhub-cli

Setting CREDHUB_SERVER environment variable causes successful logins to be ignored.

tjvman opened this issue · 4 comments

tjvman commented

What version of the credhub server you are using?
2.5.9

What version of the credhub cli you are using?
2.6.2

If you were attempting to accomplish a task, what was it you were attempting to do?
Log in to Credhub with credhub login and run auth-required commands with the CREDHUB_SERVER environment variable set.

What did you expect to happen?
Commands run successfully after logging in via credhub login, regardless of whether CREDHUB_SERVER is set or not..

What was the actual behavior?
Auth-required commands run after logging in failed with You are not currently authenticated. Please log in to continue.

Please confirm where necessary:

  • I have included steps for reproduction

Steps to Repro

  1. export CREDHUB_SERVER=<ip>. Don't set any of the other magic variables (CREDHUB_CLIENT, etc).
  2. credhub login -s <server> -u <user> -p <pass>
  3. Run any auth-required command and see that it fails with the aforementioned error. We used credhub find -n /.
  4. unset CREDHUB_SERVER
  5. Run the same command again and see that it works.
cf-gitbot commented

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/173204360

The labels on this github issue will be updated when the story is started.

will-gant commented

We're seeing this behaviour as well (also 2.6.2 of the Credhub CLI, in our case with 2.6.0 of the Credhub bosh release).

$ export CREDHUB_SERVER=https://XXXXXXXX:8844
$ credhub login -u 'user@example.com' -p 'XXXXXXXX'
Setting the target url: https://XXXXXXX:8844
Login Successful
$ credhub find
You are not currently authenticated. Please log in to continue.
$ unset CREDHUB_SERVER
$ credhub login -u 'user@example.com' -p 'XXXXXXXX' -s https://XXXXXXXX:8844
$ credhub find
credentials: []
will-gant commented

By contrast I have no problems at all when exporting CREDHUB_SERVER if I'm authenticating with a client.

adobley commented

The CLI now returns warnings that two auth methods were detected when:

  1. attempting to login with any CREDHUB_ environment variables set to inform the user that it does not actually log in and they do not need to run that command.
  2. logged in already using credhub login --xxx and then set CREDHUB_SERVER env var, and then run subsequent authenticated commands like credhub find

It would still be valuable to resolve the case in the issue where the user only set the SERVER variable and used a username/password flow, but we have not addressed that in this yet.

We do plan to address this with a more comprehensive fix. It will likely wind up being a breaking change and are evaluating our options.