Story #6617
closed
[Workbench] [Documentation] Display https url in repositories panel in manage_account page. Update documentation as needed.
Added by Radhika Chippada over 9 years ago.
Updated over 9 years ago.
Assigned To:
Radhika Chippada
Estimated time:
(Total: 0.00 h)
Description
Background: When logged in to a shell node via SSH, you can access git repositories via SSH (like
git@git.zzzzz.arvadosapi.com) by using agent forwarding. However, if you log in to a shell node via webshell, your options are:
- Create/store a private key on the shell node. This is a bad practice.
- Don't use SSH to authenticate to git repos when logged in via webshell.
The infrastructure is in place (pending #6619) to authenticate via https using the arvados API token that is automatically added to your environment at login time. Of course, this only helps when you clone/push https://git.zzzzz.arvadosapi.com/foo/bar.git -- but doc.arvados.org and Workbench's "Manage Account" page only suggest using the url git@git.zzzzz.arvadosapi.com:foo/bar.git.
Both docs and Workbench must be updated to present both options and provide guidance about when to use each.
- Clone with HTTPS if your ARVADOS_API_TOKEN env var is set (e.g., you're logged in to an Arvados shell VM). This is the best option for shell VMs even if you're logged in with SSH: it means "push" will work next time you log in, even if you log in with Webshell.
- Clone with SSH if you've added your SSH key to Arvados and it's available in your login session (e.g., you're cloning to your workstation).
Files
- Subject changed from [Workbench] Display https url in repositories panel in manage_account page. Update documentation as needed. to [Workbench] [Documentation] Display https url in repositories panel in manage_account page. Update documentation as needed.
- Description updated (diff)
- Category set to Workbench
- Story points set to 1.0
- Status changed from New to In Progress
- Assigned To set to Radhika Chippada
- Target version changed from 2015-08-05 sprint to 2015-07-22 sprint
- File screenshot.png added
- File deleted (
screenshot.png)
Changes look good, thanks.
We need to add guidance about how to authenticate when using the
https:// urls. I'm on the fence about whether that should block merging
db25848.
- Shouldn't block: it "just works" from a shell VM thanks to #6619, so no instructions are needed.
- Should block: if used from your workstation, it will ask for a username/password, which will be mysterious because Arvados has no passwords. At least with the SSH option, a worldly user would guess that they need to provide a public key just like on Github.
Suggest wording for guidance (edits welcome):
"If you are prompted for credentials when using https URLs, provide "none" as your username and your Arvados API token as your password. When you are using an Arvados shell account, credentials are handled automatically."
Verified that the clone with https url works in staging. Merged into master.
Reviewing 6617-doc-repo-https-url
- "If you are prompted for username and password when you try to git clone using this command, it would mean that git config needs to be updated:"
This is a little too passively worded. How about "If you are prompted for username and password when you try to git clone using this command, you may first need to update your git config:"
Everything else looks good.
- Status changed from In Progress to Resolved
- % Done changed from 50 to 100
Applied in changeset arvados|commit:f7c152d3ca9a753812bd7729ceb6cb8a23b12fce.
Also available in: Atom
PDF
Updated by 
Updated by Radhika Chippada 
Updated by 
Updated by 