Project

General

Profile

Actions

Bug #5938

closed

Registration from subscription-manager GUI is broken

Added by Michael Stead almost 10 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Subscriptions
Target version:
Difficulty:
Triaged:
Yes
Fixed in Releases:
Found in Releases:

Description

Recent changes to permissions in Katello seem to have broken subscription manager's registration functionality in the GUI.

The failure occurs when subman attempts to update the system's package profile during its registration process and is due to a permissions error.

Currently subscription manager expects that the package profile can be updated via basic auth (admin user) and consumer auth (oauth), and it appears that an admin via basic auth is no longer able to make this call.

Registration via the subman CLI is different (and working) because it creates a new connection using the newly aquired consumer id cert and uses it to update the package profile. We can fix this in subamn, but it will still be broken for old subman clients. We have to support both.

Generally in subscription manager, most 'consumer' related API calls are made via consumer id cert, however, many of them can be made via basic auth (a user who has permissions).

The following should be checked to ensure that the API can be called via basic auth.

Basic Auth (User)
---------------------------
GET /
GET /users/{user_uuid}/owners
GET /owners/{owner_key}/environments
POST /environments/{environment}/consumers (registration)
PUT /consumers/{consumer_uuid}/packages

POST /consumers/{consumer_uuid} (force regen of identity certificate)
GET /owners/{org_id}/servicelevels
PUT /hypervisors

Exception details:

[DEBUG 2014-05-27 10:18:38 cp_proxy] Checking  params  for katello/api/v1/candlepin_proxies/upload_package_profile
  Katello::System Load (0.6ms)  SELECT "katello_systems".* FROM "katello_systems" WHERE "katello_systems"."uuid" = '0b7712ee-42ad-4ed4-9141-b61cd3ba6116' LIMIT 1
  Rendered api/v1/errors/access_denied.json.rabl (1.4ms)
Filter chain halted as :authorize_client rendered or redirected
Completed 403 Forbidden in 37.4ms (Views: 30.7ms | ActiveRecord: 0.6ms)
With body: {"message":"Access denied","details":null}

Actions #1

Updated by Eric Helms almost 10 years ago

  • Status changed from New to Assigned
  • Assignee set to Eric Helms
  • Priority changed from Normal to High
  • Target version set to 45
  • Triaged changed from No to Yes
Actions #2

Updated by Eric Helms almost 10 years ago

  • Bugzilla link set to https://bugzilla.redhat.com/show_bug.cgi?id=1102333
Actions #3

Updated by Eric Helms almost 10 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

Applied in changeset katello|commit:eb414829616b361a637b5324584b0fc9bd48bb47.

Actions #4

Updated by Eric Helms over 9 years ago

  • translation missing: en.field_release set to 13
Actions

Also available in: Atom PDF