[Devel][AAP-65384]Restoration of Token Authentication for AWX CLI (#16281)

* Added token authentication in logic, arguments, and test
2026-06-26 17:08:03 -02:30 · 2026-02-16 10:14:31 -05:00
parent 7ccc14daeb
commit 994a2b3c04
4 changed files with 74 additions and 4 deletions
--- a/awxkit/awxkit/api/client.py
+++ b/awxkit/awxkit/api/client.py
@@ -12,6 +12,15 @@ class ConnectionException(exc.Common):
    pass


+class TokenAuth(requests.auth.AuthBase):
+    def __init__(self, token):
+        self.token = token
+
+    def __call__(self, request):
+        request.headers['Authorization'] = 'Bearer {0.token}'.format(self)
+        return request
+
+
 def log_elapsed(r, *args, **kwargs):  # requests hook to display API elapsed time
    log.debug('"{0.request.method} {0.url}" elapsed: {0.elapsed}'.format(r))

@@ -37,7 +46,7 @@ class Connection(object):
        self.get(config.api_base_path)  # this causes a cookie w/ the CSRF token to be set
        return dict(next=next)

-    def login(self, username=None, password=None, **kwargs):
+    def login(self, username=None, password=None, token=None, **kwargs):
        if username and password:
            _next = kwargs.get('next')
            if _next:
@@ -52,6 +61,8 @@ class Connection(object):
                self.uses_session_cookie = True
            else:
                self.session.auth = (username, password)
+        elif token:
+            self.session.auth = TokenAuth(token)
        else:
            self.session.auth = None

--- a/awxkit/awxkit/cli/client.py
+++ b/awxkit/awxkit/cli/client.py
@@ -83,12 +83,23 @@ class CLI(object):
    def authenticate(self):
        """Configure the current session for authentication.

-        Uses Basic authentication when AWXKIT_FORCE_BASIC_AUTH environment variable
-        is set to true, otherwise defaults to session-based authentication.
+        Authentication priority:
+        1. Token authentication (if --conf.token provided)
+        2. Basic authentication (if AWXKIT_FORCE_BASIC_AUTH=true)
+        3. Session-based authentication (default)
+

        For AAP Gateway environments, set AWXKIT_FORCE_BASIC_AUTH=true to bypass
-        session login restrictions.
+        session login restrictions when using username/password.
+
        """
+        # Token authentication (if token is provided)
+        token = self.get_config('token')
+        if token:
+            config.use_sessions = False
+            self.root.connection.login(None, None, token=token)
+            return
+
        # Check if Basic auth is forced via environment variable
        if config.get('force_basic_auth', False):
            config.use_sessions = False
--- a/awxkit/awxkit/cli/format.py
+++ b/awxkit/awxkit/cli/format.py
@@ -59,6 +59,12 @@ def add_authentication_arguments(parser, env):
        default=env.get('CONTROLLER_PASSWORD', env.get('TOWER_PASSWORD', config_password)),
        metavar='TEXT',
    )
+    auth.add_argument(
+        '--conf.token',
+        default=env.get('CONTROLLER_OAUTH_TOKEN', env.get('TOWER_OAUTH_TOKEN', None)),
+        metavar='TEXT',
+        help='OAuth2 token for authentication (takes precedence over username/password)',
+    )

    auth.add_argument(
        '-k',