Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1704415

Summary: [DOCS] Accessing Registry prerequisites need clarification.
Product: OpenShift Container Platform Reporter: Eric Rich <erich>
Component: DocumentationAssignee: Brandi Munilla <bmcelvee>
Status: CLOSED CURRENTRELEASE QA Contact: Wenjing Zheng <wzheng>
Severity: low Docs Contact: Vikram Goyal <vigoyal>
Priority: low    
Version: 4.1.0CC: aos-bugs, bmcelvee, jokerman, mmccomas, wsun
Target Milestone: ---   
Target Release: 4.1.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-03 13:52:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1704414    

Description Eric Rich 2019-04-29 16:53:48 UTC 
Document URL: https://docs.openshift.com/container-platform/4.1/registry/accessing-the-registry.html#registry-accessing-directly-accessing-the-registry

Section Number and Name: Accessing registry directly

Describe the issue: 

pre-requisites are misleading, as kubeadmin is often confused with system:admin (we may want to explain this better - see https://bugzilla.redhat.com/show_bug.cgi?id=1704414).  

> Prerequisites
For any direct access, you must have a regular user for your preferred identity provider.

> A regular user can generate an access token required for logging in to the registry.

> System users, such as system:admin, cannot obtain access tokens and, therefore, cannot access the registry directly.

In short, while this is all true, you can login as kubeadmin: 

> $ oc login -u kubeadmin -p PASSWORD_FROM_INSTALL_LOG
> $ podman login --tls-verify=false -u openshift -p $(oc whoami -t) $(oc get route -n openshift-image-registry default-route -o jsonpath='{.status.ingress[*].host}{"\n"}')
Login Succeeded!

Suggestions for improvement: 

Explain kubeadmin is a normal user (until deleted)[https://docs.openshift.com/container-platform/4.1/authentication/remove-kubeadmin.html] (provide a link to this). 

Instead of explaining how to setup htpassword point user to https://docs.openshift.com/container-platform/4.1/authentication/understanding-identity-provider.html to choose their own IDP. 

Additional information:
Comment 1 Brandi Munilla 2019-05-21 18:08:56 UTC 
Thanks, Eric! I'm addressing the prereqs inthe following PR: 
https://github.com/openshift/openshift-docs/pull/14986

Since I have a handful of registry-related bugs, I'm addressing the changes in a single PR to keep everything in order.
Comment 2 Brandi Munilla 2019-05-21 20:43:07 UTC 
Going ahead and requesting QE review too so I can get the fixes merged sooner. 

Thanks!
Comment 3 Wenjing Zheng 2019-05-22 06:51:28 UTC 
Comments have been added to pull request.
Comment 4 Brandi Munilla 2019-05-24 21:25:34 UTC 
I updated the PR to incorporate feedback.
Comment 5 Wenjing Zheng 2019-05-27 07:41:53 UTC 
Still needs some adjustments, so change the bug status for now.
Comment 6 Brandi Munilla 2019-05-29 20:38:55 UTC 
The kubeadmin and preferred identity provider sections are linked in the additional resources section of the assembly. I've updated the log in step, but do need a bit of clarification. 

Thanks!
Comment 8 Wenjing Zheng 2019-05-31 01:59:33 UTC 
I think I can move this bug to verified, just a small issue which I have commented in the pr.
Comment 9 Brandi Munilla 2019-05-31 16:59:03 UTC 
Thanks so much! PR merged.