Bug 993665 - [RFE] Allow additional internal accounts for authentication by API
[RFE] Allow additional internal accounts for authentication by API
Status: NEW
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: RFEs (Show other bugs)
3.1.5
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Rob Young
Shai Revivo
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-06 07:32 EDT by thunt
Modified: 2017-09-12 11:13 EDT (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
sherold: Triaged+


Attachments (Terms of Use)

  None (edit)
Description thunt 2013-08-06 07:32:24 EDT
1 Who is the customer behind the request?

  Account name: USPTO
  TAM/SRM customer yes/no: SRM
  Strategic Customer yes/no: Yes


2 What is the nature and description of the request?

Customer would like to have the ability to add additional internal accounts for use by API clients. External authentication at this organization requires regular (60 day) password changes, which makes API use impractical.


Ideally there will be the option to use/manage an anonymous account (i.e. GET only) that has limited access.


3 Why does the customer need this? (List the business requirements here)

Use cases include: -
1) CloudForms
2) Fencing for clustering
3) Read-only API access for reporting
4) We have a script that RHEV VM's can use to query RHEV-M for their name and tags (i.e. cloud-init lite). This is to be installed in templates Regular password changes are impractical.


4 How would the customer like to achieve this? (List the functional requirements here)

We would like the ability to add additional internal accounts for API use. Once added, these accounts should be treated just like other user accounts.


5 For each functional requirement listed in question 4, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.

API clients/scripts should be able to login using internal credentials.


6 Is there already an existing RFE upstream or in Red Hat bugzilla?

This is an extension of BZ #988851


7 Does the customer have any specific timeline dependencies?

As soon as practical


8 Is the sales team involved in this request and do they have any additional input?

No.


9 List any affected packages

ovirt-engine-restapi


10 Would the customer be able to assist in testing this functionality if implemented?

Yes.
Comment 1 Itamar Heim 2013-08-22 05:08:07 EDT
temporarily setting to 3.4 to revisit and consider per auth refactoring progress/approach
Comment 2 Barak 2014-01-14 07:45:33 EST
Bug 988851 (read only internal user) was moved to ON_QA,
But as stated above in the bug description the customer also wants to do specific actions ( e.g. Fencing for clustering), there for this RFE is still relevant.

However there are plans to add management for internal users within RHEVM, and this should solve the above issue.

AFAIK there is no RFE for that. 
Hence moving to rhevm-future

Note You need to log in before you can comment on or make changes to this bug.