Bug 1199853

Summary: bkr CLI options to authenticate as another account using proxy_user powers
Product: [Retired] Beaker Reporter: Dan Callaghan <dcallagh>
Component: command lineAssignee: Amit Saha <asaha>
Status: CLOSED CURRENTRELEASE QA Contact: tools-bugs <tools-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: agialluc, aigao, asaha, asavkov, azelinka, dcallagh, dowang, drohwer, ebaak, jburke, jstancek
Target Milestone: 20.0Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-04-20 02:22:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dan Callaghan 2015-03-09 00:05:56 UTC 
Since 0.6 Beaker has had the "proxy user" feature whereby accounts can be granted permission to authenticate to Beaker as any other user. The purpose of this feature is for bots or scripts running as trusted service accounts (generally, under the control of the Beaker administrator only) to perform actions on behalf of real users.

A service needs to pass an extra parameter to the auth.login_* XMLRPC methods:

https://beaker-project.org/docs/server-api/xmlrpc.html#authentication

The bkr client should also expose this functionality, so that scripts can use this feature when invoking bkr (without having to make XMLRPC calls directly).
Comment 2 Dan Callaghan 2015-03-09 00:07:54 UTC 
I suggest a new common option --proxy-user=<username> which, when set, is passed as the extra param to the login methods.

This option should *not* be included in --help, we don't want it to appear in the help message for every single subcommand and confuse people when regular users will never be able to use it. It should appear in bkr(1) alongside the other common auth options however.
Comment 3 Jan Stancek 2015-03-09 13:24:58 UTC 
(In reply to Dan Callaghan from comment #2)
> I suggest a new common option --proxy-user=<username> which, when set, is
> passed as the extra param to the login methods.

Proposed patch v1:
  http://gerrit.beaker-project.org/#/c/4030/
Comment 4 Dan Callaghan 2015-03-20 04:13:01 UTC 
*** Bug 1203041 has been marked as a duplicate of this bug. ***
Comment 5 Amit Saha 2015-03-24 22:43:24 UTC 
Patch which was merged: http://gerrit.beaker-project.org/#/c/4035/


This fix is available for testing in the beaker client packages (beaker-client-19.4-0.git.109.fc3396d)  available from https://beaker-project.org/nightlies/develop/
Comment 10 Dan Callaghan 2015-04-20 02:22:46 UTC 
Beaker 20.0 has been released.