Bug 1138535
| Summary: | Subscription-Manager should be able to use an API key instead of a password | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | James (purpleidea) <jshubin> |
| Component: | subscription-manager | Assignee: | candlepin-bugs |
| Status: | CLOSED WONTFIX | QA Contact: | John Sefler <jsefler> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.0 | CC: | bkearney, cgoern, jshubin, mmccune, tomckay |
| Target Milestone: | rc | ||
| Target Release: | 7.1 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-09-29 19:46:22 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1005618 | ||
|
Description
James (purpleidea)
2014-09-05 06:25:16 UTC
Isn't this functionality equivalent to activation keys? If the user creates an activation key, naming it like a key (eg. "li0bvekdydeedhmva7rxw7d1"), then that would be equivalent to an api key. In addition, if candlepin implemented features like Satellite-6 has such as a limit to the number of times used, this would add an additional layer of confidence that the activation key could not be abused. (In reply to Tom McKay from comment #3) > Isn't this functionality equivalent to activation keys? If the user creates > an activation key, naming it like a key (eg. "li0bvekdydeedhmva7rxw7d1"), > then that would be equivalent to an api key. In addition, if candlepin > implemented features like Satellite-6 has such as a limit to the number of > times used, this would add an additional layer of confidence that the > activation key could not be abused. I asked, but was told that it wasn't, and that my proposed feature would be a good one to add. Hence me opening this ticket. mmccune, can you confirm? From my point of view an activation key serves the purpose: we are able to register a system and let it subscribe to repos without providing a username/password. From the docs "Activation keys are a way to preconfigure subscriptions for a system before it is registered [...] This grants [...] control to administrators over which subscriptions to attach to new systems, while simplifying the registration process [...]." [1] [1] https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html-single/Using_Subscription_Asset_Manager/#sam-activation (In reply to Christoph Görn from comment #5) > From my point of view an activation key serves the purpose: we are able to > register a system and let it subscribe to repos without providing a > username/password. > > From the docs "Activation keys are a way to preconfigure subscriptions for a > system before it is registered [...] This grants [...] control to > administrators over which subscriptions to attach to new systems, while > simplifying the registration process [...]." [1] > > [1] > https://access.redhat.com/documentation/en-US/ > Red_Hat_Subscription_Management/1/html-single/ > Using_Subscription_Asset_Manager/#sam-activation I didn't know the activation keys can do the equivalent of the username/password, but I'm very unfamiliar with subscription-manager things... If you can POC how this works, I can patch oh-my-vagrant [1] to include this feature. Cheers James [1] https://github.com/purpleidea/oh-my-vagrant Implemented a POC at https://github.com/goern/oh-my-vagrant/tree/feature/activation-key-vs-subscription-manager tested against an Satellite 5.6 open issue is unregistering/deleting systems from Sat5 As you have externalized the user/pass from the vagrant.yaml we should reevaluate if we still need the activation key approach. Acking 7.1 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |