Pragmatism in the real world

Logging in to Bluemix via wsk

To set up the authentication for the OpenWhisk cli tool wsk you do this:

$ wsk property set --apihost {host} --auth {key} > /dev/null
$ wsk property unset --namespace > /dev/null

The host and key are provided to from your OpenWhisk supplier. For Bluemix OpenWhisk, you can find it by logging in and then going to the Download OpenWhisk CLI page.

To make my life easier, I use a bash function to swap OpenWhisk environments and I documented it in my Switching OpenWhisk Environments article.

Log into Bluemix for API Gateway

OpenWhisk also comes with an API Gateway and authentication for this on Bluemix OpenWhisk, at least, is different. The wsk api set of commands don’t work unless you’ve logged into Bluemix using wsk bluemix login, for which you need your Bluemix username and password.

A better way to do it is to use the --sso switch to wsk bluemix login which will use the credentials from the main Bluemix command line tool which is called bx. You can grab bx from this page and then you authenticate using:

$ bx login
$ wsk bluemix login --sso

Note that you need an API host for bx login. The easiest way to get this is to take your OpenWhisk one and change the openwhisk to api. i.e. if you OpenWhisk host is openwhisk.eu-gb.bluemix.net, then the bx one is api.eu-gb.bluemix.net. You can always find your OpenWhisk host using wsk property get --apihost

The reason we use bx login is that you can create an API key rather than using your username and password which is much better for automation. I recommend you do this by following the instructions on the Managing API Keys page and then put the API key into an environment variable in your `~/.bash_profile`:

export BLUEMIX_API_KEY="{some string of characters here}"

Automatically logging into to Bluemix

Given that you have a exported BLUEMIX_API_KEY and you have set the apihost and auth key for your wsk, then you can log into Bluemix using this handy function:

# Login to bluemix with info from wsk
function bxlogin() {
    owapihost=`wsk property get --apihost | rev | cut -f1 | rev`
    ownamespace=`wsk namespace list | tail -n1`

    bxhost="${owapihost/openwhisk/api}"
    org=`echo $ownamespace | cut -d'_' -f1`
    namespace=`echo $ownamespace | cut -d'_' -f2`

    bx login -a $bxhost -o $org -s $namespace
    wsk bluemix login --sso --namespace $ownamespace
}

You can now use the wsk api commands to work with the API Gateway on the correct Bluemix region, organisation and namespace without having to enter your Bluemix password .

Why do it this way around?

You only need to be logged into bx in order to work with the API Gateway. It turns out that I don’t do this very often and as it can take up to 10 seconds to log into Bluemix and it’s less than 1 second to change the OpenWhisk auth key and host, I just do that nearly all the time. When I do find that I need to work with Bluemix’s API Gateway, then I can simply do `bxlogin` and it will log me into the correct region, organisation and namespace based on the current wsk information which is where I’m currently working.

It just makes the Bluemix authentication a little less painful, but I can’t help but think that this should all be quicker and easier for Bluemix OpenWhisk customers that don’t use the Bluemix Cloud Foundry offering.