action #174301
Updated by jbaier_cz 3 days ago
## Motivation This ticket is a concrete approach to cover the most crucial aspect of #174154. Checkout that ticket for details. ## Acceptance criteria * **AC1**: It is possible to enable authentication for openQA tests assets served by NGINX. * **AC2**: NGINX accepts the usual authentication methods openQA provides. * **AC2.1**: [basic auth via personal access token](https://open.qa/docs/#_personal_access_token) * **AC2.2**: **AC2.2:**: API key/secret * **AC2.3**: **AC2.3:** web session ## Acceptance tests * **AT2.1**: Invoke a command like `curl -u Demo:…:… http://localhost/assets/other/openSUSE-Tumbleweed-DVD-x86_64-Snapshot20230109-Media.iso.sha256` and see whether you get a correct 200 response or a 403 response depending on whether the credentials are correct or wrong. * **AT2.2**: Invoke a command like `MOJO_CLIENT_DEBUG=1 openqa-cli api http://localhost/assets/other/openSUSE-Tumbleweed-DVD-x86_64-Snapshot20230109-Media.iso.sha256` and see whether you get a correct 200 response or a 403 response depending on whether the credentials are correct or wrong. * **AT2.3**: Open a test details page, select "Logs and assets" and try to download an asset. When logged in, the download prompt should appear; otherwise a login is supposed be triggered. ## Suggestions * Configure NGINX locally as it is described on https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication * Checkout commit https://github.com/Martchus/openQA/commit/b5950273aa4168b20a4c31f03ecc451465d466c9 for a simple example which already covers AC2.1.