Description of problem: For Central Admin to work properly, the users logging into the global region also need to exist in the lower region if the user needs to order anything that requires ownership relationships. If the user doesn't exist the newly ordered objects cannot be assigned to that user. As there is not any user syncing mechanisms or centralized identity in CF multi-region setups currently this makes it burdensome to customers to require either: A, all users must log into all down-level regions so the user records will exist B, some sort of automated user creation and maintenance scripts or routines. Version-Release number of selected component (if applicable): 5.7 GA Expected results: When a user is logged into the global region and executes an action such as an ad-hoc provision or provisioning through the service catalog (or any other action that requires the user account exists) the user is created in the lower region so that the newly provisioned items can have their ownership assigned to the owning user account. Additional info: this is 1 of 2 requests for the functionality. Integration with MIQ LDAP is first priority.
https://github.com/ManageIQ/manageiq/pull/13068
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/3a3b835bc8efca391eea6c34960b743a62b0c2bb commit 3a3b835bc8efca391eea6c34960b743a62b0c2bb Author: Alberto Bellotti <abellott> AuthorDate: Wed Nov 30 18:36:14 2016 -0500 Commit: Alberto Bellotti <abellott> CommitDate: Thu Dec 8 14:38:10 2016 -0500 Enhance API to authorize users with system token authenticated requests. This capability is needed for MiqLdap and External Authentication Authentication Modes so users are authorized and auto-created with system token authenticated requests. - Added a User.admin?(userid) method - Added a User.authorize_by_userid method - Add support for authorize_user_by_userid for ldap, ldaps - Add support for authorize_user_by_userid for httpd - Add support to fetch user attrs for httpd This solves the following BZ's: https://bugzilla.redhat.com/show_bug.cgi?id=1400349 https://bugzilla.redhat.com/show_bug.cgi?id=1400350 .../api/base_controller/authentication.rb | 4 +- app/models/authenticator.rb | 20 +++++++-- app/models/authenticator/amazon.rb | 2 +- app/models/authenticator/httpd.rb | 51 ++++++++++++++++++---- app/models/authenticator/ldap.rb | 6 ++- app/models/user.rb | 9 ++++ 6 files changed, 78 insertions(+), 14 deletions(-)
New commit detected on ManageIQ/manageiq/euwe: https://github.com/ManageIQ/manageiq/commit/766e56776d716f151ee23ccec9c3c46d3cdc3c37 commit 766e56776d716f151ee23ccec9c3c46d3cdc3c37 Author: Gregg Tanzillo <gtanzill> AuthorDate: Mon Dec 12 16:58:10 2016 -0500 Commit: Oleg Barenboim <chessbyte> CommitDate: Mon Dec 12 18:57:16 2016 -0500 Merge pull request #13068 from abellotti/api_sys_auth_authorize_user Enhance API to authorize users with system token authenticated requests. (cherry picked from commit fadf640a190c8d6dc97a84e3143163a07e5ef2c6) https://bugzilla.redhat.com/show_bug.cgi?id=1400349 https://bugzilla.redhat.com/show_bug.cgi?id=1400350 .../api/base_controller/authentication.rb | 4 +- app/models/authenticator.rb | 19 +++++-- app/models/authenticator/amazon.rb | 2 +- app/models/authenticator/httpd.rb | 62 +++++++++++++++++++--- app/models/authenticator/ldap.rb | 6 ++- app/models/user.rb | 9 ++++ spec/models/authenticator/httpd_spec.rb | 44 +++++++++++++++ spec/models/authenticator/ldap_spec.rb | 6 +++ spec/models/user_spec.rb | 20 +++++++ 9 files changed, 157 insertions(+), 15 deletions(-)