Bug 1879054 - UI should display password in cloud-init
Summary: UI should display password in cloud-init
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Console Kubevirt Plugin
Version: 4.6
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.6.0
Assignee: Gilad Lekner
QA Contact: Guohua Ouyang
URL:
Whiteboard:
Depends On:
Blocks: 1874403
TreeView+ depends on / blocked
 
Reported: 2020-09-15 10:46 UTC by Fabian Deutsch
Modified: 2020-10-27 16:41 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-27 16:41:13 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift console pull 6643 0 None closed Bug 1879054: UI should display password in cloud-init 2020-11-03 12:11:17 UTC
Github openshift console pull 6709 0 None closed Bug 1879054: UI should display password in cloud-init 2020-11-03 12:11:16 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 16:41:30 UTC

Description Fabian Deutsch 2020-09-15 10:46:57 UTC
Description of problem:
cloud init can be used to set passwords in guests.
The UI should provide a hint to the user that a password was (likely) set using cloud init and should give the user the ability to see the password in the ui

Version-Release number of selected component (if applicable):
2.4.0

How reproducible:


Steps to Reproduce:
1. Set a password in cloud init
2. Try to find th epassword from the UI
3.

Actual results:
yaml needs to be read to find password

Expected results:
UI gives me a way to disover the password

Additional info:
We gareed that parsing cloud initi is not good. OTOH this is needed for the fix of bug 1874403.

What we could do: We start with an UI to display passwords, but have different sources for this. Now cloud init, in future an API which is getting implemnted to set passwords (for different access modes, i.e. ssh)
IOW there will be an api which supports setting different access credentials. Today we could start working on such a UI and in future use this to be implemented api

Comment 2 Matt 2020-09-15 18:46:57 UTC
follow up questions:
If I understand this correctly - we could display the (likely) password in the UI. 
Would the console page be the best place for this? It could also be the details page - thinking through where different users would go to find this.
We will also need a message around it not being 100% successful and if it doesn't work see the YAML file for the password?

Comment 3 Guohua Ouyang 2020-09-16 01:09:04 UTC
I vote for console page, then user don't need to switch tab to find the password for login.

Comment 4 Tomas Jelinek 2020-09-16 06:41:32 UTC
also vote for console page

Comment 5 Fabian Deutsch 2020-09-16 07:33:46 UTC
Console page would also be fine for me for this bug, but a few notes:

1. The API we are working on will allow us to set several access credentials (SSH, windows [possibly], local [this])
   Thus we might want to have in future, on the details tab "Display access credentials"
2. Not display passwords by default, but require a click
   In order to avoid that somebody sees the password (could be personal) when looking over a users shoulder

Comment 6 Matt 2020-09-16 18:51:34 UTC
ok thanks 
please see this design for the suggestion
https://xd.adobe.com/view/d972d192-59b8-41fe-8ece-7ce9b3e3a71f-8c21/

I suggested the details but maybe as an additional place this would surface in the future.

Comment 8 Guohua Ouyang 2020-09-22 02:56:50 UTC
>  If the "user" is not set, the username and the password is the same.
This is not correct behavior, if the user is not set, leave the username blank. 

    #cloud-config
    password: fedora123
    chpasswd: { expire: False }

For example when above cloud-init data is provided, user can login with fedora/fedora123, but not fedora123/fedora123.

Comment 9 Tomas Jelinek 2020-09-22 09:57:49 UTC
interesting. So, instead of blank I'd say something like "default user for your operating system".
@Matt, WDYT?

Comment 10 Matt 2020-09-22 14:11:15 UTC
I think stating "No username set, see operating system documentation for the default username" is most helpful

Comment 14 errata-xmlrpc 2020-10-27 16:41:13 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196


Note You need to log in before you can comment on or make changes to this bug.