Project

General

Profile

Feature #21307

Please provide a Pre-made role for registration-only usage

Added by Marek Hulán almost 4 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Category:
Roles and Permissions
Target version:
Difficulty:
trivial
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1500979

Description of problem:

Because bootstrap.py requires a login and password in clear text, I decided to follow https://access.redhat.com/solutions/1570203 to create an unpriviledged role to which I could assign that user.

In the end, on sat 6.2.12, this proved to be a daunting task because the KB article was incomplete.
Here's the set of permissions which worked for me:

[root@sat6 ~]# hammer role filters --id 22
----|-------------------------|--------|------------|----------------|---------------------------------------------------------------------------------
ID | RESOURCE TYPE | SEARCH | UNLIMITED? | ROLE | PERMISSIONS
----|-------------------------|--------|------------|----------------|---------------------------------------------------------------------------------
171 | Hostgroup | none | yes | Register Hosts | view_hostgroups
173 | Katello::ActivationKey | none | yes | Register Hosts | view_activation_keys
174 | Katello::System | none | yes | Register Hosts | view_content_hosts, create_content_hosts, edit_content_hosts, destroy_content...
175 | Katello::ContentView | none | yes | Register Hosts | view_content_views
176 | Katello::GpgKey | none | yes | Register Hosts | view_gpg_keys
177 | Katello::Subscription | none | yes | Register Hosts | view_subscriptions, attach_subscriptions
178 | Host | none | yes | Register Hosts | view_hosts
179 | Katello::HostCollection | none | yes | Register Hosts | view_host_collections
180 | Organization | none | yes | Register Hosts | view_organizations
182 | Katello::KTEnvironment | none | yes | Register Hosts | view_lifecycle_environments
183 | Katello::Product | none | yes | Register Hosts | view_products
184 | Location | none | yes | Register Hosts | view_locations
185 | Domain | none | yes | Register Hosts | view_domains
186 | Architecture | none | yes | Register Hosts | view_architectures
187 | Operatingsystem | none | yes | Register Hosts | view_operatingsystems
----|-------------------------|--------|------------|----------------|------------------------------------------------------------------------

This allowed me to use bootstrap like this:
bootstrap.py -l register -p password -s ${SAT_HOSTNAME} -o ${SAT_ORGANIZATION} -a ${ACTIVATION_KEY} -L ${SAT_LOCATION} -g ${SAT_HOSTGROUP} -O ${SAT_OS_NAME} --enablerepos=* --skip-puppet --force

Most importantly, view_operatingsystems, view_architectures, view_domains and view_locations are missing from the above KB article.

Please provide a pre-defined role in 6.2.z/6.3.z so people don't have to go through this.
Thank you,

Associated revisions

Revision f70a69f3 (diff)
Added by Daniel Lobato Garcia almost 4 years ago

Fixes #21307 - Pre-made role for registering hosts

Because bootstrap.py requires a login and password in clear text, I
decided to create an unprivileged role to which I could assign
that user. If Katello provides it, it will save time as non-admin
users are meant to create this to register hosts.

History

#1 Updated by Marek Hulán almost 4 years ago

  • Subject changed from Please provide a Pre-made role for registration-only usage to Please provide a Pre-made role for registration-only usage
  • Target version set to 115
  • Difficulty set to trivial

I believe it should be added from katello plugin because of required permissions and it should be fairly easy. Adding it to our backlog but anyone can take it :-)

#2 Updated by Justin Sherrill almost 4 years ago

  • Legacy Backlogs Release (now unused) set to 114

#3 Updated by The Foreman Bot almost 4 years ago

  • Assignee set to Daniel Lobato Garcia
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/Katello/katello/pull/7078 added

#4 Updated by Anonymous almost 4 years ago

  • % Done changed from 0 to 100
  • Status changed from Ready For Testing to Closed

#5 Updated by Justin Sherrill almost 4 years ago

  • Legacy Backlogs Release (now unused) deleted (114)

#6 Updated by Justin Sherrill almost 4 years ago

  • Legacy Backlogs Release (now unused) set to 284

Also available in: Atom PDF