---
features:
  - |
    Introducing basic authentication and configurable authentication strategy
    support for image and image checksum download processes. This feature
    introduces 3 new configuration variables that could be used to select
    the authentication strategy and provide credentials for authentication
    strategies. The 3 variables are structured in way that 1 of them
    ``[deploy]image_server_auth_strategy`` (string) provides the ability to
    select between authentication strategies by specifying the name of the
    authentication strategy.

    Currently the only supported authentication strategy is the ``http-basic``
    which will make IPA use HTTP(S) basic authentication also known as the
    ``RFC 7617`` standard. The other 2 variables are
    ``[deploy]image_server_password`` and ``[deploy]image_server_user``
    provide username and password credentials for image download processes. The
    ``[deploy]image_server_password`` and ``[deploy]image_server_user``
    are not strategy specific and could be reused for any username + password
    based authentication strategy, but for the moment these 2 variables are
    only used for the ``http-basic`` strategy.

    ``[deploy]image_server_auth_strategy`` doesn't just enable the feature but
    enforces checks on the values of the 2 related credentials. When the
    ``http-basic`` strategy is enabled for image server download workflow the
    download logic will make sure to raise an exception in case any of the
    credentials are None or an empty string.

    Example of activating the ``http-basic`` strategy can be found in
    `HTTP(s) Authentication strategy for user image servers` section of the
    admin guide.