Closed ddemlow closed 1 year ago
If we add extra parameter, then playbook writer can send arbitrary username. It could be confusing to look at logs, and see 'dave' opened the tunnel, but there is no user 'dave' on that cluster. Maybe we should just use the username that is used to login to cluster, and not have any extra parameter.
that would make sense... and there are discussions about putting all of this behind REST API with user authentication in the future (and if this user name is not passed - the cluster will just log "unauthenticated" as user
Testing on https://10.5.11.50/ - v9.2.16, it seems correct URL is like https://clusterip/support-api/close?&user=dave (not name=dave). I will use the user=
in code.
@TomboScaleComputing Just to double check - the 9.2.16 version does behave the way you want, the user=some_user_name
is intentional?
Is your feature request related to a problem? Please describe.
beginning in hypercore 9.2.16 and 9.1.24 changes to support tunnels are logged to cluster log along with the logged in user name where applicable.
although ansible uses endpoint that does not require auth - it would be desirable to allow module to pass a user name that would be noted in the cluster log for support tunnel opens and closes... this can be done by adding &name="{{ name }}" to end of uri for example - https://clusterip/support-api/close?&name=dave and support-api/open?code=3112&name=dave
example of cluster logging
Describe the solution you'd like
provide an optional parameter to pass a name
Describe alternatives you've considered
Additional context
Add any other context or screenshots about the feature request here.
I have tried also including &name= on older versions and appears it is simply ignored there but still takes desired action - so I don't believe any version check would be required