[RFC] New API to create a random guest console password

Today user may set/change the guest console password and also its expiration time through Kimchi API. When passing an empty password, a random password is automatically generated. curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"passwd": ""}}' That way is difficult to handle when user wants to reset the guest password. We have a similar issue when we automatically change the passwdValidTo when it is expired - increasing it in 30 seconds. My proposal is simple: only change "passwd" and "passwdValidTo" when user wants to do it. curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"passwd": "123456", "passwdValidTo": "<some datetime format>"}}' curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"passwdValidTo": "<some datetime format>"}}' And make sure the passwdValidTo is only acceptable when there is a passwd set. And to reset those values, we only need to send an empty string: curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"password": "", "passwdValidTo": ""}}' And create a new API: POST /vms/blah/ticket to automatically generate a random password valid only for 30 seconds. curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah/ticket -X POST -d'{}' What do you think about it? Regards, Aline Manera

On 10/13/2014 04:01 PM, Aline Manera wrote:
Today user may set/change the guest console password and also its expiration time through Kimchi API. When passing an empty password, a random password is automatically generated.
curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"passwd": ""}}'
That way is difficult to handle when user wants to reset the guest password.
We have a similar issue when we automatically change the passwdValidTo when it is expired - increasing it in 30 seconds.
My proposal is simple: only change "passwd" and "passwdValidTo" when user wants to do it.
curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"passwd": "123456", "passwdValidTo": "<some datetime format>"}}'
curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"passwdValidTo": "<some datetime format>"}}'
And make sure the passwdValidTo is only acceptable when there is a passwd set.
And to reset those values, we only need to send an empty string:
curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"password": "", "passwdValidTo": ""}}'
And create a new API: POST /vms/blah/ticket to automatically generate a random password valid only for 30 seconds.
curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah/ticket -X POST -d'{}'
Or even simpler, let UI create a random password and its expiration time and use the PUT request to do that changes.
What do you think about it?
Regards, Aline Manera
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel

Maybe we could think about it for 1.5 release On 13/10/2014 17:53, Aline Manera wrote:
On 10/13/2014 04:01 PM, Aline Manera wrote:
Today user may set/change the guest console password and also its expiration time through Kimchi API. When passing an empty password, a random password is automatically generated.
curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"passwd": ""}}'
That way is difficult to handle when user wants to reset the guest password.
We have a similar issue when we automatically change the passwdValidTo when it is expired - increasing it in 30 seconds.
My proposal is simple: only change "passwd" and "passwdValidTo" when user wants to do it.
curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"passwd": "123456", "passwdValidTo": "<some datetime format>"}}'
curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"passwdValidTo": "<some datetime format>"}}'
And make sure the passwdValidTo is only acceptable when there is a passwd set.
And to reset those values, we only need to send an empty string:
curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"password": "", "passwdValidTo": ""}}'
And create a new API: POST /vms/blah/ticket to automatically generate a random password valid only for 30 seconds.
curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah/ticket -X POST -d'{}'
Or even simpler, let UI create a random password and its expiration time and use the PUT request to do that changes.
What do you think about it?
Regards, Aline Manera
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel

+1 On 13-10-2014 16:01, Aline Manera wrote:
Today user may set/change the guest console password and also its expiration time through Kimchi API. When passing an empty password, a random password is automatically generated.
curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"passwd": ""}}'
That way is difficult to handle when user wants to reset the guest password.
We have a similar issue when we automatically change the passwdValidTo when it is expired - increasing it in 30 seconds.
My proposal is simple: only change "passwd" and "passwdValidTo" when user wants to do it.
curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"passwd": "123456", "passwdValidTo": "<some datetime format>"}}'
curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"passwdValidTo": "<some datetime format>"}}'
And make sure the passwdValidTo is only acceptable when there is a passwd set.
And to reset those values, we only need to send an empty string:
curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"password": "", "passwdValidTo": ""}}'
And create a new API: POST /vms/blah/ticket to automatically generate a random password valid only for 30 seconds.
curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah/ticket -X POST -d'{}'
What do you think about it?
Regards, Aline Manera
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
participants (2)
-
Aline Manera
-
Crístian Viana