3ea4bb234c
This feature was proposed in https://bugs.launchpad.net/ironic-python-agent/+bug/2021947 Change-Id: I70733fbf6b06c4e99888c6c38212e578c65ef92f Signed-off-by: Adam Rozman <adam.rozman@est.tech>
33 lines
1.7 KiB
YAML
33 lines
1.7 KiB
YAML
---
|
|
features:
|
|
- |
|
|
Introducing basic authentication and configurable authentication strategy
|
|
support for image and image checksum download processes. This feature
|
|
introduces 3 new configuration variables that could be used to select
|
|
the authentication strategy and provide credentials for authentication
|
|
strategies. The 3 variables are structured in way that 1 of them
|
|
``[deploy]image_server_auth_strategy`` (string) provides the ability to
|
|
select between authentication strategies by specifying the name of the
|
|
authentication strategy.
|
|
|
|
Currently the only supported authentication strategy is the ``http-basic``
|
|
which will make IPA use HTTP(S) basic authentication also known as the
|
|
``RFC 7617`` standard. The other 2 variables are
|
|
``[deploy]image_server_password`` and ``[deploy]image_server_user``
|
|
provide username and password credentials for image download processes. The
|
|
``[deploy]image_server_password`` and ``[deploy]image_server_user``
|
|
are not strategy specific and could be reused for any username + password
|
|
based authentication strategy, but for the moment these 2 variables are
|
|
only used for the ``http-basic`` strategy.
|
|
|
|
``[deploy]image_server_auth_strategy`` doesn't just enable the feature but
|
|
enforces checks on the values of the 2 related credentials. When the
|
|
``http-basic`` strategy is enabled for image server download workflow the
|
|
download logic will make sure to raise an exception in case any of the
|
|
credentials are None or an empty string.
|
|
|
|
Example of activating the ``http-basic`` strategy can be found in
|
|
`HTTP(s) Authentication strategy for user image servers` section of the
|
|
admin guide.
|
|
|