Skip to content
This repository has been archived by the owner on Mar 24, 2022. It is now read-only.

Make fly available for download without authentication to concourse #65

Closed
ghost opened this issue Mar 17, 2016 · 9 comments
Closed

Make fly available for download without authentication to concourse #65

ghost opened this issue Mar 17, 2016 · 9 comments

Comments

@ghost
Copy link

ghost commented Mar 17, 2016

Enhancement: Make fly download URI available without authentication or ship as separate binary.
@concourse-bot
Copy link

Hi there!

We use Pivotal Tracker to provide visibility into what our team is working on. A story for this issue has been automatically created.

The current status is as follows:

  • #115872395 Make fly available for download without authentication to concourse

This comment, as well as the labels on the issue, will be automatically updated as the status in Tracker changes.

@zachgersh
Copy link
Contributor

Is there any reason that fly shouldn't be available to download without authentication?

@vito
Copy link
Contributor

vito commented Mar 22, 2016

It already is downloadable if your CI is publicly reachable, so not sure what this means.

@ghost
Copy link
Author

ghost commented Mar 22, 2016

I was unable to reach the the download fly using the URL http://192.168.50.205:8080/api/v1/cli?arch=amd64&platform=linux, it was not reachable. After logging into concourse I can resolve the URL and download the package. I am scripting the fly download and install in chef but cannot download the package on the server running concourseci using wget or remotefile resource.

@zachgersh
Copy link
Contributor

@vito I was actually wondering the opposite. If it isn't public accessible, why can't I still do a sync? Shouldn't sync be one of the few things that doesn't require you to login?

I could imagine a scenario where we make a backwards incompatible change to concourse login and then all of a sudden you can no longer login to get a fly that can actually login. Obviously they would just go to the UI at this point and download it but still

@zachgersh
Copy link
Contributor

done here: vmware-archive/atc#76

cc @vito

@danger-ranger
Copy link

Not sure if this is the same issue: #82

@danger-ranger danger-ranger mentioned this issue May 3, 2016
Closed
@vito
Copy link
Contributor

vito commented May 10, 2016

@dvanbuskirk As mentioned in vmware-archive/atc#76 I'm a little wary of opening any endpoints up except for those that are absolutely necessary for logging in.

If it's acceptable to give creds to your script, you could use basic auth and fetch the CLI like so:

token="$(curl -u user:pass http://your.concourse.ci/api/v1/auth/token | jq -r '.type + " " + .value')"
curl -H "Authorization: $token" 'http://your.concourse.ci/api/v1/cli?arch=amd64&platform=linux'

@ghost
Copy link
Author

ghost commented May 10, 2016

@vito thanks for the workaround, security is always good.

@ghost ghost closed this as completed May 10, 2016
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@vito @zachgersh @danger-ranger @concourse-bot