We had a short discussion and decided to implement this feature for 5.1 in this way:
1. Do not store credentials at all even in browser 2. Do not implement specific handling of auth errors 3. Make the form hidden by default; it can be shown by clicking a button 4. There will be a short description It will look like this: http://i.imgur.com/0Uwx0M5.png http://i.imgur.com/VF1skHw.png I think we'll change the button text to "Provide Credentials" and the description to "If you changed the credentials after deployment, you need to provide new ones to run the checks. The credentials won't be stored anywhere.". Your suggestions are welcome. 2014-07-12 2:54 GMT+04:00 David Easter <deas...@mirantis.com>: > I think showing this only upon failure is good – if the user is also given > the option to sore the credentials in the browser. That way, you only have > to re-enter the credentials once if you want convenience, or do it every > time if you want improved security. > > One downside would be that if you don’t cache the credentials, you’ll have > to “fail” the auth every time to be given the chance to re-enter the > credentials. It may not be obvious that clicking “run tests” will then let > you enter new credentials. I was thinking that having a button you can > press to enter the credentials would make it more obvious, but wouldn’t > reduce the number of clicks… I.e. either run tests and fail or click “Enter > credentials” and enter new ones. The “Enter credential” option would > obviously be a little faster… > > - David J. Easter > Director of Product Management, Mirantis, Inc. > > From: Mike Scherbakov <mscherba...@mirantis.com> > Reply-To: "OpenStack Development Mailing List (not for usage questions)" < > openstack-dev@lists.openstack.org> > Date: Friday, July 11, 2014 at 2:36 PM > To: "OpenStack Development Mailing List (not for usage questions)" < > openstack-dev@lists.openstack.org> > Subject: Re: [openstack-dev] [Fuel] [OSTF] OSTF stops working after > password is changed > > I'm wondering if we can show all these windows ONLY if there is authz > failure with existing credentials from Nailgun. > So the flow would be: user clicks on "Run tests" button, healthcheck tries > to access OpenStack and fails. It shows up text fields to enter > tenant/user/pass with the message similar to "Default administrative > credentials to OpenStack were changed since the deployment time. Please > provide current credentials so HealthCheck can access OpenStack and run > verification tests." > > I think it should be more obvious this way... > > Anyone, it must be a choice for a user, if he wants to store creds in a > browser. > > > On Fri, Jul 11, 2014 at 8:50 PM, Vitaly Kramskikh <vkramsk...@mirantis.com > > wrote: > >> Hi, >> >> In the current implementation we store provided credentials in browser >> local storage. What's your opinion on that? Maybe we shouldn't store new >> credentials at all even in browser? So users have to enter them manually >> every time they want to run OSTF. >> >> >> 2014-06-25 13:47 GMT+04:00 Dmitriy Shulyak <dshul...@mirantis.com>: >> >> It is possible to change everything so username, password and tenant >>> fields >>> >>> Also this way we will be able to run tests not only as admin user >>> >>> >>> On Wed, Jun 25, 2014 at 12:29 PM, Vitaly Kramskikh < >>> vkramsk...@mirantis.com> wrote: >>> >>>> Dmitry, >>>> >>>> Fields or field? Do we need to provide password only or other >>>> credentials are needed? >>>> >>>> >>>> 2014-06-25 13:02 GMT+04:00 Dmitriy Shulyak <dshul...@mirantis.com>: >>>> >>>> Looks like we will stick to #2 option, as most reliable one. >>>>> >>>>> - we have no way to know that openrc is changed, even if some scripts >>>>> relies on it - ostf should not fail with auth error >>>>> - we can create ostf user in post-deployment stage, but i heard that >>>>> some ceilometer tests relied on admin user, also >>>>> operator may not want to create additional user, for some reasons >>>>> >>>>> So, everybody is ok with additional fields on HealthCheck tab? >>>>> >>>>> >>>>> >>>>> >>>>> On Fri, Jun 20, 2014 at 8:17 PM, Andrew Woodward <xar...@gmail.com> >>>>> wrote: >>>>> >>>>>> The openrc file has to be up to date for some of the HA scripts to >>>>>> work, we could just source that. >>>>>> >>>>>> On Fri, Jun 20, 2014 at 12:12 AM, Sergii Golovatiuk >>>>>> <sgolovat...@mirantis.com> wrote: >>>>>> > +1 for #2. >>>>>> > >>>>>> > ~Sergii >>>>>> > >>>>>> > >>>>>> > On Fri, Jun 20, 2014 at 1:21 AM, Andrey Danin <ada...@mirantis.com> >>>>>> wrote: >>>>>> >> >>>>>> >> +1 to Mike. Let the user provide actual credentials and use them >>>>>> in place. >>>>>> >> >>>>>> >> >>>>>> >> On Fri, Jun 20, 2014 at 2:01 AM, Mike Scherbakov >>>>>> >> <mscherba...@mirantis.com> wrote: >>>>>> >>> >>>>>> >>> I'm in favor of #2. I think users might not want to have their >>>>>> password >>>>>> >>> stored in Fuel Master node. >>>>>> >>> And if so, then it actually means we should not save it when user >>>>>> >>> provides it on HealthCheck tab. >>>>>> >>> >>>>>> >>> >>>>>> >>> On Thu, Jun 19, 2014 at 8:05 PM, Vitaly Kramskikh >>>>>> >>> <vkramsk...@mirantis.com> wrote: >>>>>> >>>> >>>>>> >>>> Hi folks, >>>>>> >>>> >>>>>> >>>> We have a bug which prevents OSTF from working if user changes a >>>>>> >>>> password which was using for the initial installation. I skimmed >>>>>> through the >>>>>> >>>> comments and it seems there are 2 viable options: >>>>>> >>>> >>>>>> >>>> Create a separate user just for OSTF during OpenStack >>>>>> installation >>>>>> >>>> Provide a field for a password in UI so user could provide actual >>>>>> >>>> password in case it was changed >>>>>> >>>> >>>>>> >>>> What do you guys think? Which options is better? >>>>>> >>>> >>>>>> >>>> -- >>>>>> >>>> Vitaly Kramskikh, >>>>>> >>>> Software Engineer, >>>>>> >>>> Mirantis, Inc. >>>>>> >>>> >>>>>> >>>> _______________________________________________ >>>>>> >>>> OpenStack-dev mailing list >>>>>> >>>> OpenStack-dev@lists.openstack.org >>>>>> >>>> >>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>>>>> >>>> >>>>>> >>> >>>>>> >>> >>>>>> >>> >>>>>> >>> -- >>>>>> >>> Mike Scherbakov >>>>>> >>> #mihgen >>>>>> >>> >>>>>> >>> >>>>>> >>> _______________________________________________ >>>>>> >>> OpenStack-dev mailing list >>>>>> >>> OpenStack-dev@lists.openstack.org >>>>>> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>>>>> >>> >>>>>> >> >>>>>> >> >>>>>> >> >>>>>> >> -- >>>>>> >> Andrey Danin >>>>>> >> ada...@mirantis.com >>>>>> >> skype: gcon.monolake >>>>>> >> >>>>>> >> _______________________________________________ >>>>>> >> OpenStack-dev mailing list >>>>>> >> OpenStack-dev@lists.openstack.org >>>>>> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>>>>> >> >>>>>> > >>>>>> > >>>>>> > _______________________________________________ >>>>>> > OpenStack-dev mailing list >>>>>> > OpenStack-dev@lists.openstack.org >>>>>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>>>>> > >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Andrew >>>>>> Mirantis >>>>>> Ceph community >>>>>> >>>>>> _______________________________________________ >>>>>> OpenStack-dev mailing list >>>>>> OpenStack-dev@lists.openstack.org >>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> OpenStack-dev mailing list >>>>> OpenStack-dev@lists.openstack.org >>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Vitaly Kramskikh, >>>> Software Engineer, >>>> Mirantis, Inc. >>>> >>>> _______________________________________________ >>>> OpenStack-dev mailing list >>>> OpenStack-dev@lists.openstack.org >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>>> >>>> >>> >>> _______________________________________________ >>> OpenStack-dev mailing list >>> OpenStack-dev@lists.openstack.org >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >>> >> >> >> -- >> Vitaly Kramskikh, >> Software Engineer, >> Mirantis, Inc. >> >> _______________________________________________ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > > -- > Mike Scherbakov > #mihgen > > _______________________________________________ OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Vitaly Kramskikh, Software Engineer, Mirantis, Inc.
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
