hammer_cli_foreman 0.18.2 → 0.19.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e0cdf6461be3ef29ad406ca4e0b5df67a71d1696bdc30cc27a27fb5fcfe32b40
-  data.tar.gz: 5e1effc59d2f218e0fc3ff07284f50b8d31aac6a31e444491e280c4840d00a08
+  metadata.gz: 39c04732f825e9e11d775e76b74b527ddb1db099cd29770530f2f7df1274a484
+  data.tar.gz: bbadb602bf0eb3836db5aaa90aad41b0d1f38be39749c2d7292398181d668dbc
 SHA512:
-  metadata.gz: b6763b4f96743429ca23bf0ab687d725eeeeed0982c2c7eda4452d0454d96d87cae0b62449fcd0163391faaf77084319fa3741ba1f2567e495c60dad1671fd72
-  data.tar.gz: '095b4445ef69d9aedc2174af90c191edb2b6cc58c50f3095f8e61af04d6858a1edd34cc5a1f0bbd04d32da6f4571dd060fd8de2220da3f5540252267c370f881'
+  metadata.gz: 567f870185f45995e3dd4341321ecea98ab099a7b387a63457ded17b6752d2cd0f27c3eb2fdf7649058762855f4583839ec73b5e9140f4c993f971ee230ae2e1
+  data.tar.gz: aeb5cea9ec9175f27045b57cfc43575fde5a559061dbcf243f048aa60401e734900746a1939c565adb503b562287bc47b15ea821813933fa98ab6284dc4b71fc

data/config/foreman.yml

@@ -6,9 +6,29 @@
   :host: 'https://localhost/'
 
   # Credentials. You'll be asked for them interactively if you leave them blank here
+  # Possible values:
+
+  # Basic Auth:
+  #:default_auth_type: 'Basic_Auth'
   :username: 'admin'
   #:password: 'example'
 
+  # Oauth using the Password Grant Flow:
+  # This authentication method requires sessions to be enabled, uncomment the following
+  # lines to use this authentication method.
+  #:default_auth_type: 'Oauth_Password_Grant'
+  #:oidc_token_endpoint: https://keycloak.example.com/token
+  #:oidc_client_id: example-client-id
+
+  # Oauth using Authentication Code Flow(Two Factor):
+  # This authentication method requires sessions to be enabled, uncomment the following
+  # lines to use this authentication method.
+  #:default_auth_type: 'Oauth_Authentication_Code_Grant'
+  #:oidc_token_endpoint: https://keycloak.example.com/token
+  #:oidc_authorization_endpoint: https://keycloak.example.com/auth
+  #:oidc_client_id: example-client-id
+  #:oidc_redirect_uri: urn:ietf:wg:oauth:2.0:oob
+
   # Enable using sessions
   # When sessions are enabled, hammer ignores credentials stored in the config file
   # and asks for them interactively at the begining of each session.

data/doc/host_create.md

@@ -175,17 +175,16 @@ Provider specific options
 Available keys for `--compute-attributes`:
 ```
 flavor_id          # select one of available flavours
-image_id           # select one of available images
 availability_zone
 security_group_ids
 managed_ip
+groups
 ```
 
 ## GCE
 Available keys for `--compute-attributes`:
 ```
 machine_type # one of available flavors
-image_id
 network
 associate_external_ip
 ```
@@ -195,6 +194,7 @@ Available keys for `--compute-attributes`:
 ```
 cpus          # number of CPUs
 memory        # string, amount of memory, value in bytes
+cpu_mode      # possible values: default, host-model, host-passthrough
 start         # Must be a 1 or 0, whether to start the machine or not
 ```
 
@@ -208,13 +208,16 @@ compute_model                     # one of [virtio, rtl8139, ne2k_pci, pcnet, e1
 Available keys for `--volume`:
 ```
 pool_name   # list of available storage pools
-capacity    # string value, eg. 10G
+capacity    # string value, e.g. 10G
 format_type # one of [raw, qcow2]
+allocation  # initial allocation, e.g. 0G
 ```
 
 ## OpenStack
 Available keys for `--compute-attributes`:
 ```
+availability_zone
+boot_from_volume
 flavor_ref
 image_ref
 tenant_id
@@ -228,6 +231,7 @@ Available keys for `--compute-attributes`:
 cluster
 template   # hardware profile to use
 cores      # int value, number of cores
+sockets    # int value, number of sockets
 memory     # amount of memory, int value in bytes
 start      # Must be a 1 or 0, whether to start the machine or not
 ```
@@ -236,20 +240,22 @@ Available keys for `--interface`:
 ```
 compute_name         # eg. eth0
 compute_network      # select one of available networks for a cluster
+compute_interface    # interface type
 ```
 
 Available keys for `--volume`:
 ```
-size_gb          # volume size in GB, integer value
-storage_domain   # select one of available storage domains
-bootable         # boolean, only one volume can be bootable
+size_gb            # volume size in GB, integer value
+storage_domain     # select one of available storage domains
+bootable           # boolean, only one volume can be bootable
+preallocate        # boolean, set true to preallocate
+wipe_after_delete  # boolean, set true to wipe disk after delete
 ```
 
 ## Rackspace
 Available keys for `--compute-attributes`:
 ```
 flavor_id
-image_id
 ```
 
 ## VMware
@@ -263,13 +269,15 @@ cluster               Cluster ID from VMware
 resource_pool         Resource Pool ID from VMware
 path                  Path to folder
 guest_id              Guest OS ID form VMware
-scsi_controller_type  ID of the controller from VMware
 hardware_version      Hardware version ID from VMware
 add_cdrom             Must be a 1 or 0, Add a CD-ROM drive to the virtual machine
 cpuHotAddEnabled      Must be a 1 or 0, lets you add memory resources while the machine is on
-memoryHotAddEnabled   Must be a 1 or 0, lets you add CPU resources while the machine is on
-start                 Must be a 1 or 0, whether to start the machine or not
+memoryHotAddEnabled   Must be a 1 or 0, lets you add CPU resources while the machine is on the machine or not
 annotation            Annotation Notes
+scsi_controllers      List with SCSI controllers definitions
+                        type - ID of the controller from VMware
+                        key  - Key of the controller (e.g. 1000)
+start         # Must be a 1 or 0, whether to start the machine or not
 ```
 
 Available keys for `--interface`:
@@ -292,4 +300,5 @@ size_gb             Integer number, volume size in GB
 thin                true/false
 eager_zero          true/false
 mode                persistent/independent_persistent/independent_nonpersistent
+controller_key      Associated SCSI controller key
 ```

data/doc/release_notes.md

@@ -1,10 +1,18 @@
 Release notes
 =============
-### 0.18.2 (2019-11-18)
-* Fix method typo ([PR #450](https://github.com/theforeman/hammer-cli-foreman/pull/450)), [#27868](http://projects.theforeman.org/issues/27868)
-
-### 0.18.1 (2019-10-31)
+### 0.19.0 (2019-10-26)
 * Add option to support host's param type ([PR #448](https://github.com/theforeman/hammer-cli-foreman/pull/448)), [#27868](http://projects.theforeman.org/issues/27868)
+* Adding sso func. through cli using openid-connect ([PR #405](https://github.com/theforeman/hammer-cli-foreman/pull/405)), [#25848](http://projects.theforeman.org/issues/25848)
+* Ping command ([PR #394](https://github.com/theforeman/hammer-cli-foreman/pull/394)), [#3036](http://projects.theforeman.org/issues/3036), [#12587](http://projects.theforeman.org/issues/12587), [#3956](http://projects.theforeman.org/issues/3956)
+* Add description field to templates ([PR #449](https://github.com/theforeman/hammer-cli-foreman/pull/449)), [#27997](http://projects.theforeman.org/issues/27997)
+* New lines in text attr dont break output ([PR #415](https://github.com/theforeman/hammer-cli-foreman/pull/415)), [#25878](http://projects.theforeman.org/issues/25878)
+* Fixed inconsistent in output format, [#27597](http://projects.theforeman.org/issues/27597)
+* Added gateway to subnet list, [#27596](http://projects.theforeman.org/issues/27596)
+* Improve help for compute resources, [#25584](http://projects.theforeman.org/issues/25584)
+* Fix interfaces when creating a host ([PR #439](https://github.com/theforeman/hammer-cli-foreman/pull/439)), [#27652](http://projects.theforeman.org/issues/27652)
+* Additional compute resource attrs for ovirt ([PR #440](https://github.com/theforeman/hammer-cli-foreman/pull/440)), [#27554](http://projects.theforeman.org/issues/27554)
+* Change the search fields to search / order fields, [#27602](http://projects.theforeman.org/issues/27602)
+* Update docs for scl ruby to include bundle exec
 
 ### 0.18.0 (2019-08-01)
 * Report template schedule works with --name ([#27339](http://projects.theforeman.org/issues/27339))

data/lib/hammer_cli_foreman/api/authenticator.rb

@@ -0,0 +1,81 @@
+module HammerCLIForeman
+  module Api
+    class Authenticator
+      attr_accessor :auth_type, :uri, :settings
+      def initialize(auth_type, uri, settings)
+        @auth_type = auth_type
+        @uri = uri
+        @settings = settings
+      end
+
+      def fetch
+        if ssl_cert_authentication? && !use_basic_auth?
+          void_auth
+        elsif auth_type == AUTH_TYPES[:basic_auth]
+          basic_auth
+        elsif auth_type == AUTH_TYPES[:oauth_password_grant]
+          oauth_password_grant
+        elsif auth_type == AUTH_TYPES[:oauth_authentication_code_grant]
+          oauth_authentication_code_grant
+        end
+      end
+
+      private
+
+      def void_auth
+        VoidAuth.new(_('Using certificate authentication.'))
+      end
+
+      def basic_auth
+        if HammerCLIForeman::Sessions.enabled?
+          authenticator = InteractiveBasicAuth.new(
+            settings.get(:_params, :username) || ENV['FOREMAN_USERNAME'],
+            settings.get(:_params, :password) || ENV['FOREMAN_PASSWORD']
+          )
+          SessionAuthenticatorWrapper.new(authenticator, uri, auth_type)
+        else
+          username = settings.get(:_params, :username) || ENV['FOREMAN_USERNAME'] || settings.get(:foreman, :username)
+          password = settings.get(:_params, :password) || ENV['FOREMAN_PASSWORD']
+          if password.nil? && (username == settings.get(:foreman, :username))
+            password = settings.get(:foreman, :password)
+          end
+          InteractiveBasicAuth.new(username, password)
+        end
+      end
+
+      def oauth_password_grant
+        return unless HammerCLIForeman::Sessions.enabled?
+
+        authenticator = Oauth::PasswordGrant.new(
+          ENV['OIDC_TOKEN_ENDPOINT'] || settings.get(:foreman, :oidc_token_endpoint),
+          ENV['OIDC_CLIENT_ID'] || settings.get(:foreman, :oidc_client_id),
+          ENV['OIDC_USERNAME'],
+          ENV['OIDC_PASSWORD']
+        )
+        SessionAuthenticatorWrapper.new(authenticator, uri, auth_type)
+      end
+
+      def oauth_authentication_code_grant
+        return unless HammerCLIForeman::Sessions.enabled?
+
+        authenticator = Oauth::AuthenticationCodeGrant.new(
+          ENV['OIDC_TOKEN_ENDPOINT'] || settings.get(:foreman, :oidc_token_endpoint),
+          ENV['OIDC_AUTHORIZATION_URL'] || settings.get(:foreman, :oidc_authorization_endpoint),
+          ENV['OIDC_CLIENT_ID'] || settings.get(:foreman, :oidc_client_id),
+          ENV['OIDC_REDIRECT_URI'] || settings.get(:foreman, :oidc_redirect_uri)
+        )
+        SessionAuthenticatorWrapper.new(authenticator, uri, auth_type)
+      end
+
+      def ssl_cert_authentication?
+        (settings.get(:_params, :ssl_client_cert) || settings.get(:ssl, :ssl_client_cert)) &&
+          (settings.get(:_params, :ssl_client_key) || settings.get(:ssl, :ssl_client_key))
+      end
+
+      def use_basic_auth?
+        settings.get(:_params, :ssl_with_basic_auth) ||
+          settings.get(:ssl, :ssl_with_basic_auth)
+      end
+    end
+  end
+end

data/lib/hammer_cli_foreman/api/connection.rb

@@ -1,14 +1,26 @@
 require 'hammer_cli_foreman/api/session_authenticator_wrapper'
+require 'hammer_cli_foreman/api/authenticator'
 require 'hammer_cli_foreman/api/interactive_basic_auth'
+require 'hammer_cli_foreman/api/oauth/authentication_code_grant'
+require 'hammer_cli_foreman/api/oauth/password_grant'
 require 'hammer_cli_foreman/api/void_auth'
+require 'uri'
 
 module HammerCLIForeman
+  CONNECTION_NAME = 'foreman'
+  AUTH_TYPES = {
+    basic_auth: 'Basic_Auth',
+    oauth_authentication_code_grant: 'Oauth_Authentication_Code_Grant',
+    oauth_password_grant: 'Oauth_Password_Grant'
+  }.freeze
+
   module Api
     class Connection < HammerCLI::Apipie::ApiConnection
       attr_reader :authenticator
 
-      def initialize(settings, logger = nil, locale = nil)
-        default_params = build_default_params(settings, logger, locale)
+      def initialize(settings, logger = nil, locale = nil, auth_type = nil)
+        auth_type ||= default_auth_type(settings)
+        default_params = build_default_params(settings, logger, locale, auth_type)
         super(default_params,
           :logger => logger,
           :reload_cache => settings.get(:_params, :reload_cache) || settings.get(:reload_cache)
@@ -16,7 +28,7 @@ module HammerCLIForeman
       end
 
       def login
-        # Call some api entry point to trigger the
+        # Call some api entry point to trigger the successful connection
         @api.resource(:home).action(:status).call
       end
 
@@ -30,40 +42,35 @@ module HammerCLIForeman
 
       protected
 
-      def create_authenticator(uri, settings)
-        return @authenticator if @authenticator
+      # If the settings in foreman.yml has use_sessions as false, use :basic_auth
+      # Else if the settings in foreman.yml has use_sessions as true
+      # and if there exists a session_file with valid contents, we use the auth_type from sessions_file
+      # Thus if the session expires (indicated by nil session_id), we use the
+      # same auth_type for re-authentication as was used by the previous session.
+      # Else we use the passed auth_type.
+      def default_auth_type(settings)
+        return AUTH_TYPES[:basic_auth] unless HammerCLIForeman::Sessions.enabled?
 
-        if ssl_cert_authentication?(settings) && !use_basic_auth?(settings)
-          @authenticator = VoidAuth.new(_('Using certificate authentication.'))
+        url = settings.get(:_params, :host) || settings.get(:foreman, :host)
+        username = settings.get(:_params, :username) || settings.get(:foreman, :username)
+        session = HammerCLIForeman::Sessions.get(url)
+        if !session.valid? && session.user_name == username && !session.auth_type.nil?
+          session.auth_type
         else
-          if settings.get(:foreman, :use_sessions)
-            @authenticator = InteractiveBasicAuth.new(
-              settings.get(:_params, :username) || ENV['FOREMAN_USERNAME'],
-              settings.get(:_params, :password) || ENV['FOREMAN_PASSWORD']
-            )
-            @authenticator = SessionAuthenticatorWrapper.new(@authenticator, uri)
-          else
-            username = settings.get(:_params, :username) || ENV['FOREMAN_USERNAME'] || settings.get(:foreman, :username)
-            password = settings.get(:_params, :password) || ENV['FOREMAN_PASSWORD']
-            if (password.nil? && (username == settings.get(:foreman, :username)))
-              password = settings.get(:foreman, :password)
-            end
-            @authenticator = InteractiveBasicAuth.new(username, password)
-          end
-          @authenticator
+          # If the caller has not sepcified an 'auth_type'
+          # and the 'default_auth_type' in settings is also undefined
+          # use :basic_auth for authentication.
+          HammerCLI::Settings.get(:foreman, :default_auth_type) || AUTH_TYPES[:basic_auth]
         end
       end
 
-      def ssl_cert_authentication?(settings)
-        (settings.get(:_params, :ssl_client_cert) || settings.get(:ssl, :ssl_client_cert)) &&
-        (settings.get(:_params, :ssl_client_key) || settings.get(:ssl, :ssl_client_key))
-      end
+      def create_authenticator(uri, settings, auth_type)
+        return @authenticator if @authenticator
 
-      def use_basic_auth?(settings)
-        settings.get(:_params, :ssl_with_basic_auth) || settings.get(:ssl, :ssl_with_basic_auth)
+        @authenticator = HammerCLIForeman::Api::Authenticator.new(auth_type, uri, settings).fetch
       end
 
-      def build_default_params(settings, logger, locale)
+      def build_default_params(settings, logger, locale, auth_type)
         config = {}
         config[:uri] = settings.get(:_params, :host) || settings.get(:foreman, :host)
         config[:logger] = logger unless logger.nil?
@@ -77,22 +84,30 @@ module HammerCLIForeman
         config[:timeout] = settings.get(:foreman, :request_timeout)
         config[:timeout] = -1 if (config[:timeout] && config[:timeout].to_i < 0)
         config[:apidoc_authenticated] = false
-        config[:authenticator] = create_authenticator(config[:uri], settings)
+        config[:authenticator] = create_authenticator(config[:uri], settings, auth_type)
         config
       end
     end
   end
 
-  CONNECTION_NAME = 'foreman'
-
   def self.foreman_api_connection
     HammerCLI.context[:api_connection].create(CONNECTION_NAME) do
       HammerCLIForeman::Api::Connection.new(HammerCLI::Settings, Logging.logger['API'], HammerCLI::I18n.locale)
     end
   end
 
+  def self.foreman_api_reconnect(auth_type)
+    HammerCLI.context[:api_connection].drop(CONNECTION_NAME)
+    HammerCLI.context[:api_connection].create(CONNECTION_NAME) do
+      HammerCLIForeman::Api::Connection.new(
+        HammerCLI::Settings,
+        Logging.logger['API'],
+        HammerCLI::I18n.locale,
+        auth_type)
+    end
+  end
+
   def self.init_api_connection
     foreman_api_connection
   end
 end
-

data/lib/hammer_cli_foreman/api/interactive_basic_auth.rb

@@ -12,12 +12,12 @@ module HammerCLIForeman
       def error(ex)
         if ex.is_a?(RestClient::Unauthorized)
           self.clear
-          message = _("Invalid username or password.")
+          message = _('Invalid username or password.')
           begin
             message = JSON.parse(ex.response.body)['error']['message']
           rescue
           end
-          return UnauthorizedError.new(message)
+          UnauthorizedError.new(message)
         end
       end
 

data/lib/hammer_cli_foreman/api/oauth/authentication_code_grant.rb

@@ -0,0 +1,100 @@
+require 'jwt'
+require 'hammer_cli_foreman/openid_connect'
+
+module HammerCLIForeman
+  module Api
+    module Oauth
+      class AuthenticationCodeGrant < ApipieBindings::Authenticators::TokenAuth
+        attr_accessor :oidc_token_endpoint, :oidc_authorization_endpoint, :oidc_client_id, :token, :oidc_redirect_uri
+
+        def initialize(oidc_token_endpoint, oidc_authorization_endpoint, oidc_client_id, oidc_redirect_uri)
+          @oidc_token_endpoint = oidc_token_endpoint
+          @oidc_authorization_endpoint = oidc_authorization_endpoint
+          @oidc_client_id = oidc_client_id
+          @oidc_redirect_uri = oidc_redirect_uri
+          super set_token(oidc_token_endpoint, oidc_authorization_endpoint, oidc_client_id, oidc_redirect_uri)
+        end
+
+        def authenticate(request, token)
+          if HammerCLI.interactive?
+            set_token_interactively
+          end
+          super
+        end
+
+        def set_token_interactively
+          @token ||= set_token(get_oidc_token_endpoint, get_oidc_authorization_endpoint, get_oidc_client_id, get_oidc_redirect_uri)
+        end
+
+        def set_token(input_oidc_token_endpoint, input_oidc_authorization_endpoint, input_oidc_client_id, input_oidc_redirect_uri)
+          @oidc_token_endpoint = input_oidc_token_endpoint if input_oidc_token_endpoint
+          @oidc_authorization_endpoint = input_oidc_authorization_endpoint if input_oidc_authorization_endpoint
+          @oidc_client_id = input_oidc_client_id if input_oidc_client_id
+          @oidc_redirect_uri = input_oidc_redirect_uri if input_oidc_redirect_uri
+
+          if @oidc_client_id && @oidc_authorization_endpoint && @oidc_redirect_uri && @oidc_token_endpoint
+            get_code
+            @token = HammerCLIForeman::OpenidConnect.new(
+              @oidc_token_endpoint, @oidc_client_id).get_token_via_2fa(@code, @oidc_redirect_uri)
+          else
+            @token = nil
+          end
+        end
+
+        def user
+          return nil unless @token
+          payload = JWT.decode(@token, nil, false)
+          payload.first["preferred_username"]
+        end
+
+        def error(ex)
+          if ex.is_a?(RestClient::InternalServerError)
+            @oidc_token_endpoint = @oidc_authorization_endpoint = @oidc_client_id = @oidc_client_id = nil
+            original_message = _("Invalid oidc-client-id or oidc-token-endpoint or oidc-authorization-endpoint.\n")
+            begin
+              message = JSON.parse(ex.response.body)['error']['message']
+            rescue
+            end
+            UnauthorizedError.new(original_message << message)
+          end
+        end
+
+        private
+
+        def get_code
+          @token_url = "#{@oidc_authorization_endpoint}?"\
+                        'response_type=code'\
+                        "&client_id=#{@oidc_client_id}"\
+                        "&redirect_uri=#{@oidc_redirect_uri}"\
+                        '&scope=openid'
+          HammerCLI.interactive_output.say("Enter URL in browser: #{@token_url}")
+          @code ||= ask_user(_("Code:%s") % " ")
+        end
+
+        def get_oidc_authorization_endpoint
+          @oidc_authorization_endpoint ||= ask_user(_("Openidc Provider Authorization Endpoint:%s") % " ")
+        end
+
+        def get_oidc_token_endpoint
+          @oidc_token_endpoint ||= ask_user(_("Openidc Provider Token Endpoint:%s") % " ")
+        end
+
+        def get_oidc_client_id
+          @oidc_client_id ||= ask_user(_("Client ID:%s") % " ")
+        end
+
+        def get_oidc_redirect_uri
+          @oidc_redirect_uri ||= ask_user(_("Redirect URI:%s") % " ")
+        end
+
+        def ask_user(prompt, silent=false)
+          if silent
+            HammerCLI.interactive_output.ask(prompt) { |q| q.echo = false }
+          else
+            HammerCLI.interactive_output.ask(prompt)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hammer_cli_foreman/api/oauth/password_grant.rb

@@ -0,0 +1,81 @@
+require 'hammer_cli_foreman/openid_connect'
+
+module HammerCLIForeman
+  module Api
+    module Oauth
+      class PasswordGrant < ApipieBindings::Authenticators::TokenAuth
+        attr_accessor :oidc_token_endpoint, :oidc_client_id, :user, :password, :token
+
+        def initialize(oidc_token_endpoint, oidc_client_id, user, password)
+          @oidc_token_endpoint = oidc_token_endpoint
+          @oidc_client_id = oidc_client_id
+          @user = user
+          @password = password
+          super set_token(oidc_token_endpoint, oidc_client_id, user, password)
+        end
+
+        def authenticate(request, token)
+          if HammerCLI.interactive?
+            set_token_interactively
+          end
+          super
+        end
+
+        def set_token_interactively
+          @token ||= set_token(get_oidc_token_endpoint, get_oidc_client_id, get_user, get_password)
+        end
+
+        def set_token(input_oidc_token_endpoint, input_oidc_client_id, input_user, input_password)
+          @oidc_token_endpoint = input_oidc_token_endpoint if input_oidc_token_endpoint
+          @user = input_user
+          @password = input_password
+          @oidc_client_id = input_oidc_client_id if input_oidc_client_id
+          if @user && @password && @oidc_token_endpoint && @oidc_client_id
+            @token = HammerCLIForeman::OpenidConnect.new(
+              @oidc_token_endpoint, @oidc_client_id).get_token(@user, @password)
+          else
+            @token = nil
+          end
+        end
+
+        def error(ex)
+          if ex.is_a?(RestClient::InternalServerError)
+            @user = @password = @oidc_token_endpoint = @oidc_client_id = nil
+            original_message = _("Invalid credentials or oidc-client-id or oidc-token-endpoint.\n")
+            begin
+              message = JSON.parse(ex.response.body)['error']['message']
+            rescue
+            end
+            UnauthorizedError.new(original_message << message)
+          end
+        end
+
+        private
+
+        def get_user
+          @user ||= ask_user(_("Username:%s") % " ")
+        end
+
+        def get_password
+          @password ||= ask_user(_("Password:%{wsp}") % {:wsp => " "}, true)
+        end
+
+        def get_oidc_token_endpoint
+          @oidc_token_endpoint ||= ask_user(_("Openidc Provider Token Endpoint:%s") % " ")
+        end
+
+        def get_oidc_client_id
+          @oidc_client_id ||= ask_user(_("Client ID:%s") % " ")
+        end
+
+        def ask_user(prompt, silent=false)
+          if silent
+            HammerCLI.interactive_output.ask(prompt) { |q| q.echo = false }
+          else
+            HammerCLI.interactive_output.ask(prompt)
+          end
+        end
+      end
+    end
+  end
+end