ISSv3 - Added support for token authentication

[mackdk]

What does this PR change?

This PR adds the basic classes and methods to support Token Authentication to allow servers to communicate with other in ISSv3

GUI diff

No difference.

• DONE

Documentation

• Documentation WIP

• DONE

Test coverage

• Unit tests were added

• DONE

Links

Issue(s): https://github.com/SUSE/spacewalk/issues/25351

• DONE

Changelogs

Make sure the changelogs entries you are adding are compliant with https://github.com/uyuni-project/uyuni/wiki/Contributing#changelogs and https://github.com/uyuni-project/uyuni/wiki/Contributing#uyuni-projectuyuni-repository

If you don't need a changelog check, please mark this checkbox:

• No changelog needed

If you uncheck the checkbox after the PR is created, you will need to re-run changelog_test (see below)

Re-run a test

If you need to re-run a test, please mark the related checkbox, it will be unchecked automatically once it has re-run:

• Re-run test "changelog_test"
• Re-run test "backend_unittests_pgsql"
• Re-run test "java_pgsql_tests"
• Re-run test "schema_migration_test_pgsql"
• Re-run test "susemanager_unittests"
• Re-run test "javascript_lint"
• Re-run test "spacecmd_unittests"

Before you merge

Check How to branch and merge properly!

[github-actions]

👋 Hello! Thanks for contributing to our project.
Acceptance tests will take some time (aprox. 1h), please be patient ☕
You can see the progress at the end of this page and at https://github.com/uyuni-project/uyuni/pull/9545/checks
Once tests finish, if they fail, you can check 👀 the cucumber report. See the link at the output of the action.
You can also check the artifacts section, which contains the logs at https://github.com/uyuni-project/uyuni/pull/9545/checks.

If you are unsure the failing tests are related to your code, you can check the "reference jobs". These are jobs that run on a scheduled time with code from master. If they fail for the same reason as your build, it means the tests or the infrastructure are broken. If they do not fail, but yours do, it means it is related to your code.

Reference tests:

• https://github.com/uyuni-project/uyuni/actions/workflows/acceptance_tests_secondary_parallel.yml?query=event%3Aschedule

• https://github.com/uyuni-project/uyuni/actions/workflows/acceptance_tests_secondary.yml?query=event%3Aschedule

KNOWN ISSUES

Sometimes the build can fail when pulling new jar files from download.opensuse.org . This is a known limitation. Given this happens rarely, when it does, all you need to do is rerun the test. Sorry for the inconvenience.

For more tips on troubleshooting, see the troubleshooting guide.

Happy hacking!
⚠️ You should not merge if acceptance tests fail to pass. ⚠️

[github-actions]

Suggested tests to cover this Pull Request

• allcli_overview_systems_details
• srv_sync_fake_channels
• min_cve_id_new_syntax
• proxy_container_branch_network
• min_deblike_salt_install_package
• srv_salt
• proxy_container
• sle_minion
• srv_power_management_redfish
• srv_first_settings
• buildhost_docker_auth_registry
• min_salt_minion_details
• min_deblike_ssh
• min_rhlike_ssh
• min_deblike_openscap_audit
• srv_channel_api
• srv_rename_hostname
• srv_disable_local_repos_off
• srv_delete_channel_from_ui
• min_move_from_and_to_proxy
• srv_patches_page
• srv_create_repository
• srv_user_configuration_salt_states
• srv_create_fake_channels
• proxy_container_retail_mass_import
• proxy_traditional_cobbler_pxeboot
• min_salt_formulas_advanced
• srv_dist_channel_mapping
• srv_reportdb
• srv_group_union_intersection
• srv_advanced_search
• srv_docker_cve_audit
• min_rhlike_salt
• srv_mainpage
• srv_delete_channel_with_tool
• minssh_tunnel
• srv_enable_sync_products
• min_cve_audit
• proxy_traditional_branch_network
• min_salt_minions_page
• min_activationkey
• srv_user_api
• min_ansible_control_node
• srv_salt_download_endpoint
• min_salt_formulas
• min_bootstrap_ssh_key
• srv_user_preferences
• srv_disable_scheduled_reposync
• srv_power_management_api
• allcli_sanity
• srv_cobbler_distro
• min_rhlike_salt_install_package_and_patch
• srv_scc_user_credentials
• srv_virtual_host_manager
• allcli_update_activationkeys
• min_empty_system_profiles
• buildhost_osimage_build_image
• min_timezone
• allcli_action_chain
• srv_restart
• min_deblike_salt_install_with_staging
• proxy_container_cobbler_pxeboot
• srv_cobbler_profile
• srv_handle_config_channels_with_ISS_v2
• min_rhlike_remote_command
• min_recurring_action
• srv_logfile
• srv_create_activationkey
• min_monitoring
• minssh_salt_install_package
• srv_organization_credentials
• srv_task_status_engine
• srv_cobbler_buildiso
• srv_content_lifecycle
• proxy_retail_pxeboot_and_mass_import
• min_custom_pkg_download_endpoint
• min_action_chain
• proxy_traditional
• srv_create_fake_repositories
• srv_change_task_schedule
• srv_sync_products
• min_deblike_monitoring
• min_change_software_channel
• min_retracted_patches
• srv_notifications
• srv_menu_filter
• allcli_config_channel
• min_config_state_channel_subscriptions
• srv_docker_advanced_content_management
• srv_monitoring
• min_config_state_channel
• srv_add_rocky8_repositories
• min_docker_api
• proxy_container_retail_pxeboot
• min_rhlike_monitoring
• srv_maintenance_windows
• min_bootstrap_api
• srv_manage_channels_page
• min_deblike_salt
• min_salt_pkgset_beacon
• minkvm_guests
• allcli_software_channels
• srv_payg_ssh_connection
• minssh_action_chain
• proxy_register_as_minion_with_script
• buildhost_docker_build_image
• minssh_ansible_control_node
• srv_menu
• min_rhlike_openscap_audit
• srv_datepicker
• proxy_cobbler_pxeboot
• srv_handle_software_channels_with_ISS_v2
• min_check_patches_install
• srv_clone_channel_npn
• srv_errata_api
• srv_channels_add
• min_salt_user_states
• srv_check_channels_page
• srv_docker
• min_virthost
• min_salt_lock_packages
• min_salt_install_package
• srv_sync_channels
• allcli_system_group
• srv_distro_cobbler
• min_project_lotus
• srv_wait_for_reposync
• srv_cobbler_sync
• min_bootstrap_negative
• min_salt_openscap_audit
• sle_ssh_minion
• min_salt_migration
• srv_change_password
• srv_check_sync_source_packages
• allcli_reboot
• allcli_software_channels_dependencies
• proxy_branch_network
• min_salt_software_states
• srv_users
• srv_power_management
• buildhost_bootstrap
• proxy_traditional_retail_pxeboot
• min_ssh_tunnel
• min_config_state_channel_api
• proxy_as_pod_basic_tests
• srv_osimage
• srv_check_reposync
• min_bootstrap_reactivation
• minssh_bootstrap_api
• srv_activationkey_api
• min_salt_mgrcompat_state
• srv_push_package
• min_salt_install_with_staging
• minssh_move_from_and_to_proxy
• min_deblike_remote_command
• proxy_traditional_retail_mass_import
• srv_custom_system_info
• min_bootstrap_script
• srv_security
• srv_manage_activationkey

[cbbayburt]

LGTM. I just have a couple of minor comments below.

[cbbayburt]

The namespace sync is a big ambiguous without description. Can we make this more descriptive like iss or something like that?

[mackdk]

Good point. I used sync because it was the one we previously had with sync.master, sync.slave and sync.content. We can definitely change it.

[mcalmer]

sync.master and sync.slave is ISSv1 and will be deprecated and removed. sync.content has the endpoints for syncing with SCC. So i think sync.iss or just iss would be good

[rjmateus]

or maybe we can use it as hub.iss, and have a new namespace for hub management, since we don't know yet how this will grow in the future.

[mackdk]

The namespace is now sync.iss. We are not yet merging to master, so we can still review the naming

[rjmateus]

@admd any opinion on this one? sync.iss or should it be hub.iss?

[admd]

Apologies for missing this earlier. I would stick with sync.iss as it’s more generic but provides a clear idea of its purpose. But if this end-point make sense only for hub then I would go with your suggestion.

[rjmateus]

I proposed the hub.X because we may have the need to add more then just ISS for the hub context. Keeping it generic would help on that.

[rjmateus]

A few small comments. overall looks really good, thank you

[mcalmer]

sync.master and sync.slave is ISSv1 and will be deprecated and removed. sync.content has the endpoints for syncing with SCC. So i think sync.iss or just iss would be good

[mcalmer]

found only some more minor issues

[mcalmer]

2024

[mcalmer]

This can also be added to com.suse.manager.xmlrpc.... as we have the manager class also under com.suse.

[mackdk]

I didn't notice that package existed... I will move it

[mcalmer]

2024