Private key is lost when key pairs are autogenerated

[petervo]

By not providing a public key on the form here, /auth_key_pair_cloud/new, at least with openstack the cloud provider generates a new public key pair. However then the private key is lost and only the fingerprint is saved making that key pair useless.

I fixed locally by doing

diff --git a/app/models/manageiq/providers/cloud_manager/auth_key_pair.rb b/app/models/manageiq/providers/cloud_manager/auth_key_pair.rb
index 954f84a..87574f4 100644
--- a/app/models/manageiq/providers/cloud_manager/auth_key_pair.rb
+++ b/app/models/manageiq/providers/cloud_manager/auth_key_pair.rb
@@ -17,7 +17,9 @@ class ManageIQ::Providers::CloudManager::AuthKeyPair < ::AuthPrivateKey
     klass.create(
       :name        => created_key_pair.name,
       :fingerprint => created_key_pair.fingerprint,
-      :resource    => ext_management_system
+      :resource    => ext_management_system,
+      :public_key  => created_key_pair.public_key,
+      :auth_key => created_key_pair.private_key
     )
   end

But i realize that might be somewhat controversial. If people are ok with this change, I'll submit a PR. Then some thought probably needs to go into UI around letting users retrieve it and optionally delete it.

If not then the public key field should probably be required.

[jbeal-work]

I agree that this is currently not useful. The above does look useful.

I would also like a call back so that the keypair can have the correct tagging applied as allowing everyone access to both the public and the private key is less than useful. By having a callback I could apply tags which control access.

[blomquisg]

@Fryguy, @dclarizio I thought we handled the case where the user creates a KeyPair in MIQ.

Is this an OpenStack-specific issue? Or, is this something that's a problem with all providers?

[Fryguy]

We do not create key pairs in ManageIQ at the moment as far as I'm aware. We fetch them from the provider, and we don't get back the private part of the key pair when we do it.

However, we've always wanted to have this feature and I would expect it to be implemented as is done here.

[petervo]

@Fryguy, on the /auth_key_pair_cloud/show_list with a openstack provider enabled there is a
Add a new Key Pair button in the Configuration dropdown. That's how I came across this.

[haphan]

@Fryguy ManageIQ/Cloudforms should internally generates a key-pair and then submit the public key portion to OpenStack then allows user to download the private key.

Without the ability to download the private key renders the featureCreate key pair useless.

The other thing we can do is to make the public key field mandatory.

[Fryguy]

@Fryguy, on the /auth_key_pair_cloud/show_list with a openstack provider enabled there is a
Add a new Key Pair button in the Configuration dropdown. That's how I came across this.

I was not aware we were creating native key pairs, and if that's the case, then yes, this is a bug, IMO, because without the private key, it's pointless.

[Fryguy]

@blomquisg Assigned to you, but can you reassign? cc @bronaghs