From e6c71a112a99fbd4581578852dc455700f634ebf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julian=20Peliz=C3=A4us?= <julian.pelizaeus@canonical.com>
Date: Fri, 21 Jun 2024 15:16:36 +0200
Subject: [PATCH] lxc: Always allow specifying a password when adding remotes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This fixes a regression introduced in #13567.

If the client talks to an older LXD that has the explicit_trust_token extension,
let the provided password take priority and don't ask for the token if not provided.

Signed-off-by: Julian Pelizäus <julian.pelizaeus@canonical.com>
---
 lxc/remote.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lxc/remote.go b/lxc/remote.go
index 558a24e71835..503c405e6dc7 100644
--- a/lxc/remote.go
+++ b/lxc/remote.go
@@ -558,7 +558,9 @@ func (c *cmdRemoteAdd) run(cmd *cobra.Command, args []string) error {
 		if c.flagAuthType == api.AuthenticationMethodTLS {
 			req := api.CertificatesPost{}
 
-			if d.(lxd.InstanceServer).HasExtension("explicit_trust_token") {
+			// If the password flag isn't provided and the server supports the explicit_trust_token extension,
+			// use the token instead and prompt for it if not present.
+			if d.(lxd.InstanceServer).HasExtension("explicit_trust_token") && c.flagPassword == "" {
 				// Prompt for trust token.
 				if c.flagToken == "" {
 					c.flagToken, err = c.global.asker.AskString(fmt.Sprintf(i18n.G("Trust token for %s: "), server), "", nil)