Bug 1284005 - Containers: REST API requires userid if bearer auth is selected.
Summary: Containers: REST API requires userid if bearer auth is selected.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: API
Version: unspecified
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: GA
: 5.6.0
Assignee: Tim Wade
QA Contact: Jaroslav Henner
URL:
Whiteboard:
Depends On: 1278041
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-11-20 14:09 UTC by Jaroslav Henner
Modified: 2017-05-15 09:32 UTC (History)
13 users (show)

Fixed In Version: 5.6.0.0
Doc Type: Bug Fix
Doc Text:
Clone Of: 1278041
Environment:
Last Closed: 2016-06-29 15:04:41 UTC
Category: ---
Cloudforms Team: ---
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:1348 normal SHIPPED_LIVE CFME 5.6.0 bug fixes and enhancement update 2016-06-29 18:50:04 UTC

Description Jaroslav Henner 2015-11-20 14:09:45 UTC
Description of problem:
My understanding of the token (bearer) based auth is that the token is complete information of the users identity, therefore specifying the user_id is not required for authenticating. The user thus should not be required to fill the userid field when bearer auth is used. However if the userid is not present in the POST request, the token seems not to get filled and the container provider is therefore not able to connect the target.

 curl -k -XPOST -d@- https://localhost/api/providers/ -u admin:smartvm <<EOF
        {
            "name":"openshift-ansible-deployment_two-stack",
            "port":"8443",
            "hostname":"10.X.Y.Z",
            "zone_id":1,
            "type":"ManageIQ::Providers::Openshift::ContainerManager",
            "tenant_id":1,
            "credentials": [{
                "auth_type": "bearer",
                "userid": "not important",
                "auth_key": "...important.."
            }]
        }
        EOF

Version-Release number of selected component (if applicable):
API: "name":"API","description":"REST API","version":"2.1.0"
EVM: capablanca-1-rc2.20151120090704_2d0a131


How reproducible:
always

Steps to Reproduce:
1. Do the curling

Actual results:
userid requried in order for the token (auth_key) to be accepted (filled)
No error about redundant field specified.

Expected results:
userid not required.
maybe an error about a redundant field

Additional info:

Comment 2 Dayle Parker 2016-01-11 06:13:28 UTC
Clarified doc text; changed made in 4.0 release notes.

Comment 3 John Prause 2016-01-19 18:34:46 UTC
Reopening issue,...not sure why it was closed.

Comment 4 Tim Wade 2016-01-19 19:04:42 UTC
PR: https://github.com/ManageIQ/manageiq/pull/5578

Comment 5 Federico Simoncelli 2016-02-04 13:58:00 UTC
Tim, shouldn't this be at least in POST? Or even better MODIFIED?
The PR is merged.

Comment 6 Jaroslav Henner 2016-04-26 08:58:07 UTC
curl -k -XPOST -d@- https://localhost/api/providers/ -u admin:smartvm <<EOF
        {
            "name":"openshift-ansible-deployment_two-stack",
            "port":"8443",
            "hostname":"10.X.Y.Z",
            "zone_id":1,
            "type":"ManageIQ::Providers::Openshift::ContainerManager",
            "tenant_id":1,
            "credentials": [{
                "auth_type": "bearer",
                "userid": "not important",
                "auth_key": "the key"
            }]
        }

> 
> EOF
{"results":[{"id":1,"name":"openshift-ansible-deployment_two-stack","created_on":"2016-04-26T08:57:34Z","updated_on":"2016-04-26T08:57:34Z","guid":"eae89684-0b8c-11e6-8446-fa163efedd11","zone_id":1,"type":"ManageIQ::Providers::Openshift::ContainerManager","tenant_id":1}]}

Comment 7 Lucy Bopf 2016-05-17 04:40:43 UTC
It appears that this bug should no longer be documented as a known issue. Removing doc text and resetting requires_doc_text flag.

Comment 9 errata-xmlrpc 2016-06-29 15:04:41 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1348


Note You need to log in before you can comment on or make changes to this bug.