Bug 1284005

Summary: Containers: REST API requires userid if bearer auth is selected.
Product: Red Hat CloudForms Management Engine Reporter: Jaroslav Henner <jhenner>
Component: APIAssignee: Tim Wade <twade>
Status: CLOSED ERRATA QA Contact: Jaroslav Henner <jhenner>
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: cpelland, fsimonce, jhardy, jhenner, jmatthew, jprause, lbopf, mfeifer, obarenbo, simaishi, srevivo, tcarlin, twade
Target Milestone: GAKeywords: Reopened
Target Release: 5.6.0   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: 5.6.0.0 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1278041 Environment:
Last Closed: 2016-06-29 15:04:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1278041    
Bug Blocks:    

Description Jaroslav Henner 2015-11-20 14:09:45 UTC 
Description of problem:
My understanding of the token (bearer) based auth is that the token is complete information of the users identity, therefore specifying the user_id is not required for authenticating. The user thus should not be required to fill the userid field when bearer auth is used. However if the userid is not present in the POST request, the token seems not to get filled and the container provider is therefore not able to connect the target.

 curl -k -XPOST -d@- https://localhost/api/providers/ -u admin:smartvm <<EOF
        {
            "name":"openshift-ansible-deployment_two-stack",
            "port":"8443",
            "hostname":"10.X.Y.Z",
            "zone_id":1,
            "type":"ManageIQ::Providers::Openshift::ContainerManager",
            "tenant_id":1,
            "credentials": [{
                "auth_type": "bearer",
                "userid": "not important",
                "auth_key": "...important.."
            }]
        }
        EOF

Version-Release number of selected component (if applicable):
API: "name":"API","description":"REST API","version":"2.1.0"
EVM: capablanca-1-rc2.20151120090704_2d0a131


How reproducible:
always

Steps to Reproduce:
1. Do the curling

Actual results:
userid requried in order for the token (auth_key) to be accepted (filled)
No error about redundant field specified.

Expected results:
userid not required.
maybe an error about a redundant field

Additional info:
Comment 2 Dayle Parker 2016-01-11 06:13:28 UTC 
Clarified doc text; changed made in 4.0 release notes.
Comment 3 John Prause 2016-01-19 18:34:46 UTC 
Reopening issue,...not sure why it was closed.
Comment 4 Tim Wade 2016-01-19 19:04:42 UTC 
PR: https://github.com/ManageIQ/manageiq/pull/5578
Comment 5 Federico Simoncelli 2016-02-04 13:58:00 UTC 
Tim, shouldn't this be at least in POST? Or even better MODIFIED?
The PR is merged.
Comment 6 Jaroslav Henner 2016-04-26 08:58:07 UTC 
curl -k -XPOST -d@- https://localhost/api/providers/ -u admin:smartvm <<EOF
        {
            "name":"openshift-ansible-deployment_two-stack",
            "port":"8443",
            "hostname":"10.X.Y.Z",
            "zone_id":1,
            "type":"ManageIQ::Providers::Openshift::ContainerManager",
            "tenant_id":1,
            "credentials": [{
                "auth_type": "bearer",
                "userid": "not important",
                "auth_key": "the key"
            }]
        }

> 
> EOF
{"results":[{"id":1,"name":"openshift-ansible-deployment_two-stack","created_on":"2016-04-26T08:57:34Z","updated_on":"2016-04-26T08:57:34Z","guid":"eae89684-0b8c-11e6-8446-fa163efedd11","zone_id":1,"type":"ManageIQ::Providers::Openshift::ContainerManager","tenant_id":1}]}
Comment 7 Lucy Bopf 2016-05-17 04:40:43 UTC 
It appears that this bug should no longer be documented as a known issue. Removing doc text and resetting requires_doc_text flag.
Comment 9 errata-xmlrpc 2016-06-29 15:04:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1348