Bug 1467692

Summary: credentials not required when adding provider using the REST API
Product: Red Hat CloudForms Management Engine Reporter: Martin Kourim <mkourim>
Component: APIAssignee: Jillian Tullo <jtullo>
Status: CLOSED ERRATA QA Contact: Martin Kourim <mkourim>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.8.0CC: jhardy, jtullo, mkourim, obarenbo, simaishi, smallamp
Target Milestone: GA   
Target Release: 5.9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: api:rest:provider
Fixed In Version: 5.9.0.1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-01 13:14:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Martin Kourim 2017-07-04 15:40:38 UTC 
Description of problem:
When adding providers using UI, specifying credentials is required. Using the REST API it's possible to add providers without specifying credentials.

This behavior is documented in <http://manageiq.org/docs/reference/latest/api/appendices/resource_attributes.html#providers>, but it's inconsistent with how providers are added using UI.
Comment 2 Gregg Tanzillo 2017-07-06 14:28:37 UTC 
*** Bug 1467694 has been marked as a duplicate of this bug. ***
Comment 3 Jillian Tullo 2017-07-07 18:31:45 UTC 
PR: https://github.com/ManageIQ/manageiq/pull/15528
Comment 4 Satoe Imaishi 2017-09-28 19:16:07 UTC 
PR: https://github.com/ManageIQ/manageiq-api/pull/16
Comment 7 Martin Kourim 2017-10-23 16:44:58 UTC 
It's still possible to add provider without specifying credentials. Having empty "connection_configurations" or "credentials" is enough for the request to succeed.
Comment 8 Jillian Tullo 2017-10-24 15:10:16 UTC 
I think that for this part, we may want to create a separate RFE. There are a lot of providers, and specific logic about what should be in the "connection_configurations" or "credentials" should really be done within the provider itself, not within the API controller. Does that work?
Comment 9 Martin Kourim 2017-10-24 15:21:55 UTC 
Makes sense, I agree. I'm marking this one as verified then.
Comment 12 errata-xmlrpc 2018-03-01 13:14:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0380