Last active
February 6, 2024 15:00
-
-
Save marcransome/ffcefa63a0f583688098eee2f8e77986 to your computer and use it in GitHub Desktop.
Concourse OAuth bearer token retrieval
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
required_env_vars=( | |
CONCOURSE_ENDPOINT | |
CONCOURSE_USERNAME | |
CONCOURSE_PASSWORD | |
) | |
for env_var in "${required_env_vars[@]}"; do | |
if [[ -z "$(printenv ${env_var})" ]]; then | |
echo "Environment variable not set: ${env_var}" >&2 | |
missing_env_vars="true" | |
fi | |
done | |
if [[ "${missing_env_vars}" == "true" ]]; then | |
exit 1 | |
fi | |
concourse_endpoint="${CONCOURSE_ENDPOINT}" | |
concourse_username="${CONCOURSE_USERNAME}" | |
concourse_password="${CONCOURSE_PASSWORD}" | |
concourse_state_cookie_jar="skymarshal_state" | |
concourse_auth_cookie_jar="skymarshal_auth" | |
concourse_login_page_html=$(curl --location --cookie-jar "${concourse_state_cookie_jar}" "${concourse_endpoint}/sky/login" 2>/dev/null) | |
if (( $? != 0 )); then | |
echo "Unable to retrieve login page for Concourse endpoint: ${concourse_endpoint}" >&2 | |
exit 1 | |
fi | |
form_action_pattern='action="([^"]+)' | |
if [[ ${concourse_login_page_html} =~ ${form_action_pattern} ]]; then | |
if [[ -n "${BASH_REMATCH[1]}" ]]; then | |
login_path_with_params="${BASH_REMATCH[1]//$amp;/&}" | |
else | |
echo -e "Unable to extract form action from login page response:\n\n${concourse_login_page_html}" >&2 | |
exit 1 | |
fi | |
else | |
echo -e "No 'action' attribute found in login page response:\n\n${concourse_login_page_html}" >&2 | |
exit 1 | |
fi | |
concourse_login_response_html=$(curl \ | |
--location \ | |
--silent \ | |
--cookie "${concourse_state_cookie_jar}" \ | |
--cookie-jar "${concourse_auth_cookie_jar}" \ | |
--data-urlencode "login=${concourse_username}" \ | |
--data-urlencode "password=${concourse_password}" \ | |
"${concourse_endpoint}${login_path_with_params}") | |
if (( $? != 0 )); then | |
echo "Unable to retrieve auth cookie" >&2 | |
exit 1 | |
elif [[ "${concourse_login_response_html}" =~ 'invalid username and password' ]]; then | |
echo "Invalid username or password supplied" >&2 | |
exit 1 | |
fi | |
bearer_token_pattern='bearer +([^"]+)' | |
if [[ $(cat "${concourse_auth_cookie_jar}") =~ ${bearer_token_pattern} ]]; then | |
if [[ -n "${BASH_REMATCH[1]}" ]]; then | |
echo "${BASH_REMATCH[1]}" | |
rm -f "${concourse_state_cookie_jar}" "${concourse_auth_cookie_jar}" >/dev/null 2>&1 | |
exit 0 | |
else | |
echo "Unable to extract bearer token from cookie jar file: ${concourse_auth_cookie_jar}" >&2 | |
exit 1 | |
fi | |
else | |
echo "No bearer token found in cookie jar: ${concourse_auth_cookie_jar}" >&2 | |
exit 1 | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This script can be used to retrieve the OAuth bearer token for a Concourse user login using the new authentication flow (tested with Concourse
v7.9.1
). It will print the bearer token value to the standard output stream and return a0
exit code, or print one or more error messages to the standard error stream and return a non-zero exit code if an error condition is encountered.Important
CONCOURSE_ENDPOINT
,CONCOURSE_USERNAME
, andCONCOURSE_PASSWORD
are required for this script to function correctly, however the script will report any missing variables and exit with a non-zero exit code~/.flyrc
configuration file, instead it prints the bearer token to the standard output stream and returns a0
exit code on success