Bug 1879054

Summary: UI should display password in cloud-init
Product: OpenShift Container Platform Reporter: Fabian Deutsch <fdeutsch>
Component: Console Kubevirt PluginAssignee: Gilad Lekner <glekner>
Status: CLOSED ERRATA QA Contact: Guohua Ouyang <gouyang>
Severity: high Docs Contact:
Priority: high    
Version: 4.6CC: aos-bugs, cnv-qe-bugs, glekner, gouyang, mcarleto, tjelinek
Target Milestone: ---   
Target Release: 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-27 16:41:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1874403    

Description Fabian Deutsch 2020-09-15 10:46:57 UTC 
Description of problem:
cloud init can be used to set passwords in guests.
The UI should provide a hint to the user that a password was (likely) set using cloud init and should give the user the ability to see the password in the ui

Version-Release number of selected component (if applicable):
2.4.0

How reproducible:


Steps to Reproduce:
1. Set a password in cloud init
2. Try to find th epassword from the UI
3.

Actual results:
yaml needs to be read to find password

Expected results:
UI gives me a way to disover the password

Additional info:
We gareed that parsing cloud initi is not good. OTOH this is needed for the fix of bug 1874403.

What we could do: We start with an UI to display passwords, but have different sources for this. Now cloud init, in future an API which is getting implemnted to set passwords (for different access modes, i.e. ssh)
IOW there will be an api which supports setting different access credentials. Today we could start working on such a UI and in future use this to be implemented api
Comment 2 Matt 2020-09-15 18:46:57 UTC 
follow up questions:
If I understand this correctly - we could display the (likely) password in the UI. 
Would the console page be the best place for this? It could also be the details page - thinking through where different users would go to find this.
We will also need a message around it not being 100% successful and if it doesn't work see the YAML file for the password?
Comment 3 Guohua Ouyang 2020-09-16 01:09:04 UTC 
I vote for console page, then user don't need to switch tab to find the password for login.
Comment 4 Tomas Jelinek 2020-09-16 06:41:32 UTC 
also vote for console page
Comment 5 Fabian Deutsch 2020-09-16 07:33:46 UTC 
Console page would also be fine for me for this bug, but a few notes:

1. The API we are working on will allow us to set several access credentials (SSH, windows [possibly], local [this])
   Thus we might want to have in future, on the details tab "Display access credentials"
2. Not display passwords by default, but require a click
   In order to avoid that somebody sees the password (could be personal) when looking over a users shoulder
Comment 6 Matt 2020-09-16 18:51:34 UTC 
ok thanks 
please see this design for the suggestion
https://xd.adobe.com/view/d972d192-59b8-41fe-8ece-7ce9b3e3a71f-8c21/

I suggested the details but maybe as an additional place this would surface in the future.
Comment 8 Guohua Ouyang 2020-09-22 02:56:50 UTC 
>  If the "user" is not set, the username and the password is the same.
This is not correct behavior, if the user is not set, leave the username blank. 

    #cloud-config
    password: fedora123
    chpasswd: { expire: False }

For example when above cloud-init data is provided, user can login with fedora/fedora123, but not fedora123/fedora123.
Comment 9 Tomas Jelinek 2020-09-22 09:57:49 UTC 
interesting. So, instead of blank I'd say something like "default user for your operating system".
@Matt, WDYT?
Comment 10 Matt 2020-09-22 14:11:15 UTC 
I think stating "No username set, see operating system documentation for the default username" is most helpful
Comment 14 errata-xmlrpc 2020-10-27 16:41:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196