Authn/Authz

To initialize a host to use Tapis, run the tapis auth init command.

$ tapis auth init
Available Tenants
=================
3dem        agave.prod      araport.org     bridge  designsafe
iplantc.org irec    portals sd2e    sgci
tacc.prod   vdjserver.org
Enter a tenant name: tacc.prod
Username: tacotron
Password for tacotron:
+--------------+---------------------------------+
| Field        | Value                           |
+--------------+---------------------------------+
| tenant_id    | tacc.prod                       |
| username     | tacotron                        |
| client_name  | _cli-tacc.prod-tacotron-macbook |
| api_key      | uAShaDfy0vF7hgFcAqx7oeAtO6oa    |
| access_token | a31c66cfaa45451c95df6fd473ffd4b |
| expires_at   | Thu Sep 19 14:08:37 2019        |
+--------------+---------------------------------+

Re-running without changing tenant or username will display the current auth context, while changing either tenant or username (or specifying --interactive mode) will re-initialize the host to use the specified tenant/username combination.

Explicit configuration switching (tapis auth switch) is not supported.

NOTE If you have a configured, but expired Agave client in ~/.agave/current, the init command may fail to detect the expiration and may skip a key step. If you get a message Tapis client appears invalid re-run with tapis auth init --interactive and follow the prompts.

Manually Specifying Client Name

The default behavior for Tapis CLI is to generate and manage one Oauth2 client per host you have installed it on. This helps avoid race conditions when you might be using the CLI in two places at once. This is done by naming the client after your local host. However, this can be a problem if you are using Tapis CLI for automation where the hostname may change (such as within Github actions or a Jenkins job). In this case, you can manually specify a client name by passing --client-name along with tapis auth init. Please note the client name must be <= 64 characters and may only contain A-Za-z0-9 and . - _

Commands

auth init

Command description

tapis auth init
    [--interactive]
    [--tenant-id TENANT_ID]
    [--username USERNAME]
    [--password PASSWORD]
    [--client-name CLIENT_NAME]
    [--registry-url URL]
    [--registry-username USERNAME]
    [--registry-password PASSWORD]
    [--registry-namespace NAMESPACE]
    [--git-username USERNAME]
    [--git-token TOKEN]
    [--git-namespace NAMESPACE]
    [--github]
    [--no-dockerhub]
--interactive

Prompt for all values

--tenant-id <TENANT_ID>

Tapis tenant ID

--username <USERNAME>

Tapis username

--password <PASSWORD>

Tapis password

--client-name <CLIENT_NAME>

Tapis client name. Leave empty to auto-generate.

--registry-url URL

Registry URL

--registry-username USERNAME

Registry username

--registry-password PASSWORD

Registry password

--registry-namespace NAMESPACE

Registry namespace

--git-username USERNAME

Git username

--git-token TOKEN

Git personal access token

--git-namespace NAMESPACE

Git namespace

--github

Configure Github credentials

--no-dockerhub

Do not configure DockerHub credentials

auth show

Show current Tapis authentication configuration

tapis auth show

This command is provided by the tapis-cli plugin.

auth tokens create

Command description

tapis auth tokens create
    [--password TAPIS_PASSWORD]
    [--token-username TOKEN_USERNAME]
--password <TAPIS_PASSWORD>

Tapis password

--token-username <TOKEN_USERNAME>

Impersonation username (requires admin privileges)

auth tokens refresh

Command description

tapis auth tokens refresh