Bug 1192955

Summary: Make "password" not required in pulp-admin for user creation.
Product: [Retired] Pulp Reporter: Ina Panova <ipanova>
Component: API/integrationAssignee: pulp-bugs
Status: CLOSED UPSTREAM QA Contact: pulp-qe-list
Severity: low Docs Contact:
Priority: medium    
Version: 2.6 BetaCC: jortel, mhrivnak, rbarlow
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-02-28 23:24:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Ina Panova 2015-02-16 10:37:51 UTC
Description of problem:
in API 'password' should be a required key during user creation as in CLI:

pulp-admin -u admin -p admin auth user create --login test-user

Enter password for user [test-user] : 
Re-enter password for user [test-user]: 

Password cannot be empty

Enter password for user [test-user] : 

If user will be created with API where 'password' can be skipped then it will be impossible to login with that user:

$ curl -i -H "Accept: application/json" -H "WebFrameworkSwitch: django" -X POST -k -u admin:admin -d '{"login":"test-user1"}' 'https://localhost/pulp/api/v2/users/'
Date: Mon, 16 Feb 2015 10:36:24 GMT
Server: Apache/2.4.10 (Fedora) OpenSSL/1.0.1e-fips mod_wsgi/3.5 Python/2.7.5
Content-Length: 196
Location: https://localhost/pulp/api/v2/users/test-user1/
Content-Type: application/json

{"_id": {"$oid": "54e1c82845ef485a4c9595f7"}, "name": "test-user1", "roles": [], "_ns": "users", "login": "test-user1", "id": "54e1c82845ef485a4c9595f7", "_href": "/pulp/api/v2/users/test-user1/"}[

$ pulp-admin -u test-user1 repo list
Warning: path should have mode 0700 because it may contain sensitive information: /home/ipanova/.pulp/

Enter password: 

Session Expired

The session certificate expired on Jan 23 08:13:41 2015 GMT.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

Comment 2 Randy Barlow 2015-02-16 15:08:22 UTC
Since we do support other forms of authentication that do not involve the password, I believe we should not require the password to be specified. Pulp respects the REMOTE_USER environment variable if set by httpd, so any httpd authentication module can be used. We have an open pull request to add Kerberos support, for example.

Comment 3 Michael Hrivnak 2015-02-16 16:08:09 UTC
I agree with Randy's assessment.

Comment 4 Brian Bouterse 2015-02-28 23:24:05 UTC
Moved to https://pulp.plan.io/issues/699