Bug 2218302

Summary:	[RFE] Need a feature in Satellite so that hammer cli user can authenticate using ssh keys.
Product:	Red Hat Satellite	Reporter:	dprabhu
Component:	Hammer	Assignee:	satellite6-bugs <satellite6-bugs>
Status:	NEW ---	QA Contact:	Satellite QE Team <sat-qe-bz-list>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	6.13.0	CC:	aruzicka, ofedoren, rlavi
Target Milestone:	Unspecified	Keywords:	FutureFeature
Target Release:	Unused	Flags:	aruzicka: needinfo? (dprabhu)
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:		Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description dprabhu 2023-06-28 16:49:39 UTC

1. Proposed title of this feature request.
=> Need a feature in Satellite so that hammer cli user can authenticate using ssh keys.

2. Who is the customer behind the request? 

Account: Autostadt GmbH
Account no. 5298150


3. What are the nature and description of the request?  
While using hammer it requires satellite credentials and can be authenticated by passing the credentials using the hammer command or storing it in the hammer configuration file or using hammer authentication session. But the credentials are in plain text format. So customer requesting if the hammer can be authenticated using the ssh keys.

4. Why do you need this? (List the business requirements here).
The storage of UID and Password of hammer cli user in plain text (even as root user) is prohibited. The custom scripts (bash) uses hammer cli on daily automated basis (e.g. cron job) without user interface. 
 
5. How would you like to achieve this? (List the functional requirements here).
Inside ~/.hammer/cli.modules.d/foreman.yml provide section :foreman:  :username: 'admin'   :privatekey: 'example'. Inside satellite in the section https://satellite-server/users/16/edit - section SSH Key provide public keys.

6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented. 
We can create ssh keys and use the private key in the hammer config file 
  
7. Do you have any specific timeline dependencies and which release would they like to target (i.e. Satellite 6.8,7)?
NA
     
8. List any affected packages or components. 
hammer
      
9. Would you be able to assist in testing this functionality if implemented?  
Yes

Comment 1 Adam Ruzicka 2023-08-14 10:08:23 UTC

This is an interesting idea and technically I don't see a reason why this couldn't work, but at the same time it feels like we'd be inventing something uncommon. Is there a precedent for this? Does any other RH product support anything like this? I'm not saying that "has this been done before" would be a deciding factor, but it is nevertheless something to consider.

On a side note, iirc it should be possible to use a personal access token instead of the password. Would that help in any way?