Description of problem: in API 'password' should be a required key during user creation as in CLI: pulp-admin -u admin -p admin auth user create --login test-user Enter password for user [test-user] : Re-enter password for user [test-user]: Password cannot be empty Enter password for user [test-user] : If user will be created with API where 'password' can be skipped then it will be impossible to login with that user: $ curl -i -H "Accept: application/json" -H "WebFrameworkSwitch: django" -X POST -k -u admin:admin -d '{"login":"test-user1"}' 'https://localhost/pulp/api/v2/users/' HTTP/1.1 201 CREATED Date: Mon, 16 Feb 2015 10:36:24 GMT Server: Apache/2.4.10 (Fedora) OpenSSL/1.0.1e-fips mod_wsgi/3.5 Python/2.7.5 Content-Length: 196 Location: https://localhost/pulp/api/v2/users/test-user1/ Content-Type: application/json {"_id": {"$oid": "54e1c82845ef485a4c9595f7"}, "name": "test-user1", "roles": [], "_ns": "users", "login": "test-user1", "id": "54e1c82845ef485a4c9595f7", "_href": "/pulp/api/v2/users/test-user1/"}[ $ pulp-admin -u test-user1 repo list Warning: path should have mode 0700 because it may contain sensitive information: /home/ipanova/.pulp/ Enter password: +----------------------------------------------------------------------+ Repositories +----------------------------------------------------------------------+ Session Expired The session certificate expired on Jan 23 08:13:41 2015 GMT. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
also, docs should be updated http://pulp.readthedocs.org/en/latest/dev-guide/integration/rest-api/user/cud.html#create-a-user
Since we do support other forms of authentication that do not involve the password, I believe we should not require the password to be specified. Pulp respects the REMOTE_USER environment variable if set by httpd, so any httpd authentication module can be used. We have an open pull request to add Kerberos support, for example.
I agree with Randy's assessment.
Moved to https://pulp.plan.io/issues/699