ironic/releasenotes/notes/user-image-server-basic-auth-c2b605aade241901.yaml
Adam Rozman 3ea4bb234c implement basic-auth support for user image download process
This feature was proposed in https://bugs.launchpad.net/ironic-python-agent/+bug/2021947

Change-Id: I70733fbf6b06c4e99888c6c38212e578c65ef92f
Signed-off-by: Adam Rozman <adam.rozman@est.tech>
2023-11-13 15:37:27 +02:00

33 lines
1.7 KiB
YAML

---
features:
- |
Introducing basic authentication and configurable authentication strategy
support for image and image checksum download processes. This feature
introduces 3 new configuration variables that could be used to select
the authentication strategy and provide credentials for authentication
strategies. The 3 variables are structured in way that 1 of them
``[deploy]image_server_auth_strategy`` (string) provides the ability to
select between authentication strategies by specifying the name of the
authentication strategy.
Currently the only supported authentication strategy is the ``http-basic``
which will make IPA use HTTP(S) basic authentication also known as the
``RFC 7617`` standard. The other 2 variables are
``[deploy]image_server_password`` and ``[deploy]image_server_user``
provide username and password credentials for image download processes. The
``[deploy]image_server_password`` and ``[deploy]image_server_user``
are not strategy specific and could be reused for any username + password
based authentication strategy, but for the moment these 2 variables are
only used for the ``http-basic`` strategy.
``[deploy]image_server_auth_strategy`` doesn't just enable the feature but
enforces checks on the values of the 2 related credentials. When the
``http-basic`` strategy is enabled for image server download workflow the
download logic will make sure to raise an exception in case any of the
credentials are None or an empty string.
Example of activating the ``http-basic`` strategy can be found in
`HTTP(s) Authentication strategy for user image servers` section of the
admin guide.