Make 'st2 login' actually work

[Mierdin]

In st2client/base.py, there's a conditional that detects if the username and password
is provided, and if so, try to retrieve a token and update the token attribute of the
client before returning. However, in a traditional st2 login scenario, only the
username field is populated, so this code will never run.

Previous tests were done on systems that effectively had auth disabled (doh!), so while
the config file and token files were being changed/generated correctly, API requests
did not carry the X-Auth-Token header. Since auth was disabled, this was no problem.
However, on a real installation, this feature just plainly did not work.

In short, this allows the 'st2 login' feature to work, and it also provides unit tests
to help prevent this kind of thing

• Add another unit test to check that other commands also send auth header after being configured with st2 login

[codecov-io]

Codecov Report

❗ No coverage uploaded for pull request base (master@a0157d5). Click here to learn what that means.
The diff coverage is 100%.

@@            Coverage Diff            @@
##             master    #3219   +/-   ##
=========================================
  Coverage          ?   77.81%           
=========================================
  Files             ?      433           
  Lines             ?    22416           
  Branches          ?        0           
=========================================
  Hits              ?    17443           
  Misses            ?     4973           
  Partials          ?        0

Impacted Files	Coverage Δ
st2client/st2client/commands/auth.py	69.61% <ø> (ø)
st2client/st2client/base.py	82.32% <100%> (ø)
st2client/st2client/shell.py	85.6% <100%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a0157d5...5f7b2e5. Read the comment docs.

[Kami]

Good catch - thanks.

Will test and confirm locally it works (with auth enabled :)).

[Kami]

LoginCommand needs to be here otherwise it won't work - I confirmed it locally.

[Kami]

On a related note - we need a test case to catch this.

If LoginCommand class is not here, st2 login won't work so we should have a test which catches this :)

[Kami]

I confirmed it's working locally with this change - 4b8a146.

[Kami]

I pushed another change to skip auth api call when running st2 whoami command - 7d09f74

Imo (please correct me if I'm wrong), there is no need to try to authenticate and hit the auth API when running st2 whoami command - we just want to read the username from config file / environment variable.

[Kami]

This test was correct since this request is hitting auth api (and not regular API) to authenticate to retrieve the token and as such, only username and password should be sent (and token returned in the response and used on subsequent requests to the st2 api).

[Kami]

Alright, I belive this should do it - cd89193, 545c7ba.

[Kami]

I believe this should do it as far as current state of st2 tests goes - https://github.com/StackStorm/st2/pull/3219/files#r101242702

Some additional st2tests (aka integration tests) would also be nice at some point.

[Kami]

Same story for e2e tests here - #3215 (comment)

[lakshmi-kannan]

One thing I realized is if password is not written to config file and token expires, the code doesn't handle the case correctly. So if password is not present, we have to throw an exception that user needs to re-login with credentials or write password to config.

[Kami]

As far as "not handling that case correctly" - that's an expect behavior, but yes, as discussed on Slack, we should improve on it and print a message if user doesn't use -w option that token will expire in X hours and user will need to re-login.

And yeah, we can perhaps do the same on "token expired error" (advise to re-login), but we don't really know if the exception is related to expired token or it's simply an invalid token so we need to keep that in mind so the message needs to be more advisory.

StackStorm/st2docs#380 (comment)

[lakshmi-kannan]

it's simply an invalid token so we need to keep that in mind so the message needs to be more advisory

Yes, this is what I want. Sorry to confuse with the word "exception". Right now the message we get when a token expires with this change is not ideal. See https://gist.github.com/lakshmi-kannan/31c4f5cbc10f81f382ae76380ae1994c#file-gistfile1-txt-L9

[Kami]

Updated the code to print a message on successful login in 3418ffe.

st2 login testu -p testp
Logged in as testu

Note: You didn't use --write-password option so the password hasn't been stored in the client config and you will need to login again in 24 hours when the auth token expires.
As an alternative you can run st2 login command with the "--write-password" flag, but keep it mind this will cause it to store the password in plain-text in the client config file.

[Mierdin]

@Kami @lakshmi-kannan was CI finished when this was merged?

[arm4b]

I think we should enable in GitHub setting which will block merging if some tests are still red/unfinished.
Hopefully this will push us more to improve the build machinery.

Bug introduced after merging this PR was actually caught in st2-packages build: https://circleci.com/gh/StackStorm/st2-packages/1886

/bin/sh -c st2\ run\ core.local\ --\ hostname

Failed to authenticate with credentials provided in the config.
ERROR: 401 Client Error: Unauthorized
MESSAGE: Invalid or missing credentials for url: http://127.0.0.1:9100/tokens

when there is no ./st2/config file and auth is disabled in st2.conf.

[Mierdin]

@armab just for my own sanity - after circle runs basic testing like unit and integration, things eventually go back to circle for actual package build right? Just curious we have checks in place for this or if this would have only shown up post-merge.

[arm4b]

@Mierdin You're right.
Actually in your PR #3226 8 successful checks is a good demonstration how it should work.