Feature #21307
closed
Please provide a Pre-made role for registration-only usage
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1500979
Description of problem:
Because bootstrap.py requires a login and password in clear text, I decided to follow https://access.redhat.com/solutions/1570203 to create an unpriviledged role to which I could assign that user.
In the end, on sat 6.2.12, this proved to be a daunting task because the KB article was incomplete.
Here's the set of permissions which worked for me:
[root@sat6 ~]# hammer role filters --id 22
----|-------------------------|--------|------------|----------------|---------------------------------------------------------------------------------
ID | RESOURCE TYPE | SEARCH | UNLIMITED? | ROLE | PERMISSIONS
----|-------------------------|--------|------------|----------------|---------------------------------------------------------------------------------
171 | Hostgroup | none | yes | Register Hosts | view_hostgroups
173 | Katello::ActivationKey | none | yes | Register Hosts | view_activation_keys
174 | Katello::System | none | yes | Register Hosts | view_content_hosts, create_content_hosts, edit_content_hosts, destroy_content...
175 | Katello::ContentView | none | yes | Register Hosts | view_content_views
176 | Katello::GpgKey | none | yes | Register Hosts | view_gpg_keys
177 | Katello::Subscription | none | yes | Register Hosts | view_subscriptions, attach_subscriptions
178 | Host | none | yes | Register Hosts | view_hosts
179 | Katello::HostCollection | none | yes | Register Hosts | view_host_collections
180 | Organization | none | yes | Register Hosts | view_organizations
182 | Katello::KTEnvironment | none | yes | Register Hosts | view_lifecycle_environments
183 | Katello::Product | none | yes | Register Hosts | view_products
184 | Location | none | yes | Register Hosts | view_locations
185 | Domain | none | yes | Register Hosts | view_domains
186 | Architecture | none | yes | Register Hosts | view_architectures
187 | Operatingsystem | none | yes | Register Hosts | view_operatingsystems
----|-------------------------|--------|------------|----------------|------------------------------------------------------------------------
This allowed me to use bootstrap like this:
bootstrap.py -l register -p password -s ${SAT_HOSTNAME} -o ${SAT_ORGANIZATION} -a ${ACTIVATION_KEY} -L ${SAT_LOCATION} -g ${SAT_HOSTGROUP} -O ${SAT_OS_NAME} --enablerepos=* --skip-puppet --force
Most importantly, view_operatingsystems, view_architectures, view_domains and view_locations are missing from the above KB article.
Please provide a pre-defined role in 6.2.z/6.3.z so people don't have to go through this.
Thank you,
Updated by Marek Hulán about 7 years ago
- Subject changed from Please provide a Pre-made role for registration-only usage to Please provide a Pre-made role for registration-only usage
- Target version set to 115
- Difficulty set to trivial
I believe it should be added from katello plugin because of required permissions and it should be fairly easy. Adding it to our backlog but anyone can take it :-)
Updated by Justin Sherrill about 7 years ago
- Translation missing: en.field_release set to 114
Updated by The Foreman Bot about 7 years ago
- Status changed from New to Ready For Testing
- Assignee set to Daniel Lobato Garcia
- Pull request https://github.com/Katello/katello/pull/7078 added
Updated by Anonymous about 7 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset katello|f70a69f3c09b9435fb833a7212b46cedf69c0f9b.
Updated by Justin Sherrill about 7 years ago
- Translation missing: en.field_release deleted (
114)
Updated by Justin Sherrill about 7 years ago
- Translation missing: en.field_release set to 284