Non-interactive login to the IRIS terminal
Hey ISC Community!
For a small automation feature I would like to login to the IRIS shell non-interactively, skipping the whole username and password prompts, providing the credentials through other means. Something in the fashion of "iris session <instance-name> --user myuser --pass mypass" would be great, but the session tool itself doesn't seem to be capable of doing this.
Does anyone know a way to accomplish this? It need not be through "iris session", any way that can be automated would be fine. Disabling authentication for the terminal is not an option, though.
Product version: IRIS 2021.1
Would OS Authentication be of use to you?
When enabled, you should be able to automatically log in based on the OS user account running the script, however you will need an IRIS account with the exact same username as the OS account, and it will need the appropriate permissions in IRIS for what you're looking to do.
I might need to try this, though, it will probably be the same as allowing unauthenticated access - I should have mentioned the IRIS instance is running in Docker. We could bake an automation user into the image, but I guess anyone could just assume that users identity.
It will behave as if it was unauthenticated in the sense that you'll login automatically, however the trust is based on the successful login to the operating system, whereas actual unauthenticated access just lets anyone in.
When reviewed within my organisation, it was certainly preferred when compared to leaving user/pass in plaintext in a script.
I would second Julian's suggestion (and also his note that having a password in plaintext would probably not be great), as OS auth is the most common solution I've seen for people looking to run scripts without needing to explicitly log in to terminal.
You mention authenticating by other means; delegated authentication is generally how you would implement custom authentication by writing a ZAUTHENTICATE routine. If you're not already familiar, see the docs:
https://docs.intersystems.com/irislatest/csp/docbook/DocBook.UI.Page.cls?KEY=TSQS_DelAuth
That might be overkill for what you describe as a small tool though...
Depending on what this automation is, does it need to log in in the first place? Could you set it up as a task to run within IRIS? Perhaps a bit more detail on exactly what you want to do could point to other workarounds.
I look forward to seeing if other people have other solutions though.
Yeah I think we'll be utilizing the OS auth for this!
Regarding the use case: Part of our team uses Studio on the "old" develop-on-remote-instance style of development. We built a process that grabs the code from the remote instance to deploy it to the next stage. It's an intermediary solution to building actual docker images instead of just pushing code into docker images.
Basically, a job would execute a git pull, then open an iris session, and execute a manifest updater that will pull the source code from a mounted volume. Right now, this is done manually because of said password prompt.
Hi,
I was struggling with the same thing but managed to find a way to input the username and password unattended as a part of a CI/CD pipeline.
I use that to check if access to terminal is OK.
You can also run a script file after login by replacing the last echo with cat <script_ file>. For example:
PS: It would be nice if iris session could accept a username and password via a command-line argument, so we don't have to resort to using these hacky methods.
Br. Kari