REQ-403 Non-Interactive Authentication (Service Accounts / Tokens)

[UweSchwaeke]

🆔 Requirement Details

• ID: REQ-403
• Priority: Must Have
• Google Doc Link: link

📝 Description

The platform must support secure, non-interactive authentication methods to enable automated systems and scripts (e.g., CI/CD pipelines) to authenticate and perform write/publish operations. This must be achievable without any interactive login prompts, web-based redirects, or manual human intervention. Supported methods should include Personal Access Tokens (PATs), API Keys, or dedicated Service Accounts.

🧪 Evaluation / Acceptance Criteria

• Successfully generate an authentication token or API key for a user/account with "Publisher" permissions.
• Automated OCI Push: Using only the token/key, successfully authenticate (podman login --password-stdin or similar) and push an OCI image via a non-interactive script.
• Automated RPM Upload: Using only the token/key, successfully authenticate and upload an RPM package via the platform's CLI or REST API in a non-interactive script.
• Security: Verify that the generated token/key can be manually revoked or invalidated by an administrator.