Bug 2019495

Summary: RFE - Enable entitlement certificates for third party tools (JFrog Artifactory)
Product: Red Hat Enterprise Linux 8 Reporter: Scott Spurrier <spurrier>
Component: subscription-managerAssignee: candlepin-bugs
Status: NEW --- QA Contact: Red Hat subscription-manager QE Team <rhsm-qe>
Severity: high Docs Contact:
Priority: unspecified    
Version: 8.4CC: cdonnell, joeherna, ktordeur, mallmen, redakkan, rjerrido, shivagup, youngkim
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Story
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Scott Spurrier 2021-11-02 16:32:18 UTC 
Description of problem:

Customers using third party tools for Red Hat repository management need a reliable way to entitle those tools like JFrog Artifactory.  JFrog currently instructs users to download the entitlement certificate from a system registered to the Red Hat Customer Portal[1].  The problem with this method is that the entitlement certificates are periodically revoked (for reasons like new content being added or during yum/dnf operations).  

What JFrog is doing is:

• creating a stub host record in RHSM.
• attaching a sub to it.
• downloading the entitlement certificate and using that for
authorization/authentication to cdn.redhat.com


Expected results:

Build an interface that can properly handle the lifecycle of the entitlement certificates similar to subscription-manager and Satellite's manifest system for use with third party tools.  


Additional info:


[1] https://jfrog.com/knowledge-base/how-to-mirror-a-red-hat-network-rhn-repository/