Bug 993665

Summary: [RFE] Allow additional internal accounts for authentication by API
Product: Red Hat Enterprise Virtualization Manager Reporter: thunt
Component: RFEsAssignee: Rob Young <royoung>
Status: CLOSED WONTFIX QA Contact: Shai Revivo <srevivo>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.1.5CC: dfediuck, lpeer, nbarcet, oramraz, pablo.iranzo, rbuilta, Rhev-m-bugs, srevivo, tcarlin, thunt
Target Milestone: ---Keywords: FutureFeature
Target Release: ---Flags: sherold: Triaged+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-12-23 13:09:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description thunt 2013-08-06 11:32:24 UTC 
1 Who is the customer behind the request?

  Account name: USPTO
  TAM/SRM customer yes/no: SRM
  Strategic Customer yes/no: Yes


2 What is the nature and description of the request?

Customer would like to have the ability to add additional internal accounts for use by API clients. External authentication at this organization requires regular (60 day) password changes, which makes API use impractical.


Ideally there will be the option to use/manage an anonymous account (i.e. GET only) that has limited access.


3 Why does the customer need this? (List the business requirements here)

Use cases include: -
1) CloudForms
2) Fencing for clustering
3) Read-only API access for reporting
4) We have a script that RHEV VM's can use to query RHEV-M for their name and tags (i.e. cloud-init lite). This is to be installed in templates Regular password changes are impractical.


4 How would the customer like to achieve this? (List the functional requirements here)

We would like the ability to add additional internal accounts for API use. Once added, these accounts should be treated just like other user accounts.


5 For each functional requirement listed in question 4, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.

API clients/scripts should be able to login using internal credentials.


6 Is there already an existing RFE upstream or in Red Hat bugzilla?

This is an extension of BZ #988851


7 Does the customer have any specific timeline dependencies?

As soon as practical


8 Is the sales team involved in this request and do they have any additional input?

No.


9 List any affected packages

ovirt-engine-restapi


10 Would the customer be able to assist in testing this functionality if implemented?

Yes.
Comment 1 Itamar Heim 2013-08-22 09:08:07 UTC 
temporarily setting to 3.4 to revisit and consider per auth refactoring progress/approach
Comment 2 Barak 2014-01-14 12:45:33 UTC 
Bug 988851 (read only internal user) was moved to ON_QA,
But as stated above in the bug description the customer also wants to do specific actions ( e.g. Fencing for clustering), there for this RFE is still relevant.

However there are plans to add management for internal users within RHEVM, and this should solve the above issue.

AFAIK there is no RFE for that. 
Hence moving to rhevm-future
Comment 7 Doron Fediuck 2019-12-23 13:09:46 UTC 
Closing old RFEs.
If still relevant, please re-open and provide a business justification.