[Kimchi-devel] [RFC] New API to create a random guest console password

Aline Manera alinefm at linux.vnet.ibm.com
Mon Oct 13 19:01:23 UTC 2014


Today user may set/change the guest console password and also its 
expiration time through Kimchi API.
When passing an empty password, a random password is automatically 
generated.

curl -u <user:password> -H "Content-Type: application/json" -H "Accept: 
application/json"
     http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"passwd": ""}}'

That way is difficult to handle when user wants to reset the guest password.

We have a similar issue when we automatically change the passwdValidTo 
when it is expired - increasing it in 30 seconds.

My proposal is simple: only change "passwd" and "passwdValidTo" when 
user wants to do it.

curl -u <user:password> -H "Content-Type: application/json" -H "Accept: 
application/json"
     http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"passwd": 
"123456", "passwdValidTo": "<some datetime format>"}}'

curl -u <user:password> -H "Content-Type: application/json" -H "Accept: 
application/json"
     http://localhost:8010/vms/blah -X PUT -d'{"graphics": 
{"passwdValidTo": "<some datetime format>"}}'

And make sure the passwdValidTo is only acceptable when there is a 
passwd set.

And to reset those values, we only need to send an empty string:

curl -u <user:password> -H "Content-Type: application/json" -H "Accept: 
application/json"
     http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"password": 
"", "passwdValidTo": ""}}'

And create a new API: POST /vms/blah/ticket to automatically generate a 
random password valid only for 30 seconds.

curl -u <user:password> -H "Content-Type: application/json" -H "Accept: 
application/json"
     http://localhost:8010/vms/blah/ticket -X POST -d'{}'

What do you think about it?

Regards,
Aline Manera




More information about the Kimchi-devel mailing list