Red Hat Bugzilla – Bug 993665
[RFE] Allow additional internal accounts for authentication by API
Last modified: 2017-09-12 11:13:00 EDT
1 Who is the customer behind the request?
Account name: USPTO
TAM/SRM customer yes/no: SRM
Strategic Customer yes/no: Yes
2 What is the nature and description of the request?
Customer would like to have the ability to add additional internal accounts for use by API clients. External authentication at this organization requires regular (60 day) password changes, which makes API use impractical.
Ideally there will be the option to use/manage an anonymous account (i.e. GET only) that has limited access.
3 Why does the customer need this? (List the business requirements here)
Use cases include: -
2) Fencing for clustering
3) Read-only API access for reporting
4) We have a script that RHEV VM's can use to query RHEV-M for their name and tags (i.e. cloud-init lite). This is to be installed in templates Regular password changes are impractical.
4 How would the customer like to achieve this? (List the functional requirements here)
We would like the ability to add additional internal accounts for API use. Once added, these accounts should be treated just like other user accounts.
5 For each functional requirement listed in question 4, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.
API clients/scripts should be able to login using internal credentials.
6 Is there already an existing RFE upstream or in Red Hat bugzilla?
This is an extension of BZ #988851
7 Does the customer have any specific timeline dependencies?
As soon as practical
8 Is the sales team involved in this request and do they have any additional input?
9 List any affected packages
10 Would the customer be able to assist in testing this functionality if implemented?
temporarily setting to 3.4 to revisit and consider per auth refactoring progress/approach
Bug 988851 (read only internal user) was moved to ON_QA,
But as stated above in the bug description the customer also wants to do specific actions ( e.g. Fencing for clustering), there for this RFE is still relevant.
However there are plans to add management for internal users within RHEVM, and this should solve the above issue.
AFAIK there is no RFE for that.
Hence moving to rhevm-future