Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated Authentication section to reflect AWX only method. #15602

Merged
merged 2 commits into from
Nov 7, 2024
Merged

Updated Authentication section to reflect AWX only method. #15602

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
53a5af8
Updated Authentication section to reflect AWX only method.
tvo318 Oct 25, 2024
749f550
Update awxkit/awxkit/cli/docs/source/authentication.rst
tvo318 Oct 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 1 addition & 59 deletions awxkit/awxkit/cli/docs/source/authentication.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,65 +3,7 @@
Authentication
==============

Generating a Personal Access Token
----------------------------------

The preferred mechanism for authenticating with AWX and |RHAT| is by generating and storing an OAuth2.0 token. Tokens can be scoped for read/write permissions, are easily revoked, and are more suited to third party tooling integration than session-based authentication.

|prog| provides a simple login command for generating a personal access token from your username and password.

.. code:: bash
CONTROLLER_HOST=https://awx.example.org \
CONTROLLER_USERNAME=alice \
CONTROLLER_PASSWORD=secret \
awx login
As a convenience, the ``awx login -f human`` command prints a shell-formatted token
value:

.. code:: bash
export CONTROLLER_OAUTH_TOKEN=6E5SXhld7AMOhpRveZsLJQsfs9VS8U
By ingesting this token, you can run subsequent CLI commands without having to
specify your username and password each time:

.. code:: bash
export CONTROLLER_HOST=https://awx.example.org
$(CONTROLLER_USERNAME=alice CONTROLLER_PASSWORD=secret awx login -f human)
awx config
Working with OAuth2.0 Applications
----------------------------------

AWX and |RHAT| allow you to configure OAuth2.0 applications scoped to specific
organizations. To generate an application token (instead of a personal access
token), specify the **Client ID** and **Client Secret** generated when the
application was created.

.. code:: bash
CONTROLLER_USERNAME=alice CONTROLLER_PASSWORD=secret awx login \
--conf.client_id <value> --conf.client_secret <value>
OAuth2.0 Token Scoping
----------------------

By default, tokens created with ``awx login`` are write-scoped. To generate
a read-only token, specify ``--scope read``:

.. code:: bash
CONTROLLER_USERNAME=alice CONTROLLER_PASSWORD=secret \
awx login --conf.scope read
Session Authentication
----------------------
If you do not want or need to generate a long-lived token, |prog| allows you to
specify your username and password on every invocation:
To authenticate to AWX, include your username and password in each command invocation as shown in the following examples:

.. code:: bash
Expand Down
Loading