I am finding myself wishing increasingly for API tokens. My use cases…
- During provisioning, I want to run hammer commands but don't want to embed credentials into the templates.
- During remote execution, I want to run hammer commands but don't want to embed credentials into the templates.
- I want to allow others to run one-shot or time-limited hammer commands against my server.
Way (way!) back in January 2015 (almost Happy New Year!!), @josephmagen submitted a PR to add token-based auth to the API[1]. The PR was not accepted, but I think the concept is still necessary.
Would you, katello&foreman users, support such a concept? Do you need it?
The benefits of a token are that…
- It may be created by the user with only the user's scope of permissions.
- It may be revoked by the user at any time if they feel it has been compromised.
- The revocation does not then invalidate their own user account.
- Others?
[1] https://github.com/theforeman/foreman/pull/2052
···
--
@thomasmckay
–
“The leader must aim high, see big, judge widely, thus setting himself apart form the ordinary people who debate in narrow confines.” ~ Charles De Gaulle
“Leadership is about making others better as a result of your presence and making sure that impact lasts in your absence.” ~ Harvard Business School
>
> I am finding myself wishing increasingly for API tokens. My use cases…
> 1. During provisioning, I want to run hammer commands but don't want to
> embed credentials into the templates.
> 2. During remote execution, I want to run hammer commands but don't want
> to embed credentials into the templates.
> 3. I want to allow others to run one-shot or time-limited hammer commands
> against my server.
>
> Way (way!) back in January 2015 (almost Happy New Year!!), @josephmagen
> submitted a PR to add token-based auth to the API[1]. The PR was not
> accepted, but I think the concept is still necessary.
>
> Would you, katello&foreman users, support such a concept? Do you need it?
>
> The benefits of a token are that…
> 1. It may be created by the user with only the user's scope of permissions.
> 2. It may be revoked by the user at any time if they feel it has been
> compromised.
> 3. The revocation does not then invalidate their own user account.
> 4. Others?
>
while not 100% related, i could see us extend user session management,
similar to gmail maybe, where you could see all of your "current active"
connections, from which device/ip and if its api request or not for example.
similar to github approch [2]
>
>
>
> [1] https://github.com/theforeman/foreman/pull/2052
>
[2] https://github.com/blog/1661-modeling-your-app-s-user-session
···
On Wed, Dec 16, 2015 at 12:04 AM, Tom McKay wrote:
–
@thomasmckay
–
“The leader must aim high, see big, judge widely, thus setting himself
apart form the ordinary people who debate in narrow confines.” ~ Charles De
Gaulle
“Leadership is about making others better as a result of your presence and
making sure that impact lasts in your absence.” ~ Harvard Business School
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
