Bug 1284005 - Containers: REST API requires userid if bearer auth is selected.
Containers: REST API requires userid if bearer auth is selected.
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: API (Show other bugs)
x86_64 Linux
medium Severity medium
: GA
: 5.6.0
Assigned To: Tim Wade
Jaroslav Henner
: Reopened
Depends On: 1278041
  Show dependency treegraph
Reported: 2015-11-20 09:09 EST by Jaroslav Henner
Modified: 2017-05-15 05:32 EDT (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1278041
Last Closed: 2016-06-29 11:04:41 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:1348 normal SHIPPED_LIVE CFME 5.6.0 bug fixes and enhancement update 2016-06-29 14:50:04 EDT

  None (edit)
Description Jaroslav Henner 2015-11-20 09:09:45 EST
Description of problem:
My understanding of the token (bearer) based auth is that the token is complete information of the users identity, therefore specifying the user_id is not required for authenticating. The user thus should not be required to fill the userid field when bearer auth is used. However if the userid is not present in the POST request, the token seems not to get filled and the container provider is therefore not able to connect the target.

 curl -k -XPOST -d@- https://localhost/api/providers/ -u admin:smartvm <<EOF
            "credentials": [{
                "auth_type": "bearer",
                "userid": "not important",
                "auth_key": "...important.."

Version-Release number of selected component (if applicable):
API: "name":"API","description":"REST API","version":"2.1.0"
EVM: capablanca-1-rc2.20151120090704_2d0a131

How reproducible:

Steps to Reproduce:
1. Do the curling

Actual results:
userid requried in order for the token (auth_key) to be accepted (filled)
No error about redundant field specified.

Expected results:
userid not required.
maybe an error about a redundant field

Additional info:
Comment 2 Dayle Parker 2016-01-11 01:13:28 EST
Clarified doc text; changed made in 4.0 release notes.
Comment 3 John Prause 2016-01-19 13:34:46 EST
Reopening issue,...not sure why it was closed.
Comment 4 Tim Wade 2016-01-19 14:04:42 EST
PR: https://github.com/ManageIQ/manageiq/pull/5578
Comment 5 Federico Simoncelli 2016-02-04 08:58:00 EST
Tim, shouldn't this be at least in POST? Or even better MODIFIED?
The PR is merged.
Comment 6 Jaroslav Henner 2016-04-26 04:58:07 EDT
curl -k -XPOST -d@- https://localhost/api/providers/ -u admin:smartvm <<EOF
            "credentials": [{
                "auth_type": "bearer",
                "userid": "not important",
                "auth_key": "the key"

Comment 7 Lucy Bopf 2016-05-17 00:40:43 EDT
It appears that this bug should no longer be documented as a known issue. Removing doc text and resetting requires_doc_text flag.
Comment 9 errata-xmlrpc 2016-06-29 11:04:41 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.