Bug 1381574 - RFE: proxyuser authentication
Summary: RFE: proxyuser authentication
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Copr
Classification: Community
Component: frontend
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Suchý
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-10-04 13:04 UTC by Ralph Bean
Modified: 2017-03-10 13:51 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2017-03-10 13:51:34 UTC
Embargoed:


Attachments (Terms of Use)

Description Ralph Bean 2016-10-04 13:04:35 UTC
koji has a `proxyuser` parameter that you can pass to its login methods, which lets you authenticate as another user.

Does COPR have a feature like this?  It would be nice if the module-build-service we're working on could submit builds on behalf of other users, instead of as itself.

See https://pagure.io/fm-orchestrator/pull-request/77 for reference.

Comment 1 Nils Philippsen 2016-10-04 13:30:40 UTC
NB: Koji limits this to certain privileged users.

Comment 2 Miroslav Suchý 2016-10-05 04:58:35 UTC
cop-cli have --config and you can use config with different credentials. Is this enough for you?

Comment 3 Ralph Bean 2016-10-05 14:05:53 UTC
No, that won't do it.

Say the user 'ralph' has some kind of admin permissions on the copr system.  This is a request for 'ralph' to be able to use his credentials to login as 'msuchy'.

The practical application here is that we want the modularity build service to be able to receive a request from the msuchy user, and to then kick off builds in copr as the msuchy user, but without needing access to msuchy's private credentials.

Comment 4 Miroslav Suchý 2016-10-18 09:54:52 UTC
1) This is technically possible today. It the modularity user is flagged as admin, then he can submit build to any project. Although under his own identity.

2) Why modularity build service should kick off builds in Copr? I thought that the process will be: build module in Copr, notify Rida that there is module in Copr. So no need to Rida initiate builds in Copr itself.

Comment 5 Ralph Bean 2016-10-18 13:29:39 UTC
(In reply to Miroslav Suchý from comment #4)
> 1) This is technically possible today. It the modularity user is flagged as
> admin, then he can submit build to any project. Although under his own
> identity.

Ah, we want not only to be able to submit the build to any project, but also under the identity of other users.
 
> 2) Why modularity build service should kick off builds in Copr? I thought
> that the process will be: build module in Copr, notify Rida that there is
> module in Copr. So no need to Rida initiate builds in Copr itself.

I guess I thought the process was going to be:  build module in Rida, which would in turn create a copr project and schedule builds in it.  I'll go ping Adam Samalik, who wrote the copr+modularity doc and is the common denominator here.

Comment 6 Adam Samalik 2016-10-18 13:37:31 UTC
My thought on building modules in Copr was that Copr would run it's own instance of Rida and use it to orchestrate the builds in itself - so copr could stay separated from the main infra as it is today, but without duplicating code.

Comment 7 Jakub Kadlčík 2017-02-07 13:47:38 UTC
PR: https://pagure.io/copr/copr/pull-request/36

Comment 8 Jakub Kadlčík 2017-02-14 13:20:54 UTC
Merged as: a301f62

Comment 9 Jakub Kadlčík 2017-02-14 14:05:43 UTC
Hmm, better to list the actual commits, ...

* 0cb0bea [frontend] rename add_debug_user command to add_user
* 88a6070 [python] fix setting username on multipart data
* 8b2651a [frontend][cli] proxyuser feature (RhBug: 1381574)
* 8b873db [frontend] allow setting proxy/no-proxy when altering user
* 6dd9203 [frontend] rewrite broken add_debug_user command
* d6cd091 [frontend] add boolean proxy column to user table

Comment 10 clime 2017-03-10 13:51:34 UTC
New Copr version has been released.


Note You need to log in before you can comment on or make changes to this bug.