Feature #21307
closedPlease provide a Pre-made role for registration-only usage
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1500979
Description of problem:
Because bootstrap.py requires a login and password in clear text, I decided to follow https://access.redhat.com/solutions/1570203 to create an unpriviledged role to which I could assign that user.
In the end, on sat 6.2.12, this proved to be a daunting task because the KB article was incomplete.
Here's the set of permissions which worked for me:
[root@sat6 ~]# hammer role filters --id 22
----|-------------------------|--------|------------|----------------|---------------------------------------------------------------------------------
ID | RESOURCE TYPE | SEARCH | UNLIMITED? | ROLE | PERMISSIONS
----|-------------------------|--------|------------|----------------|---------------------------------------------------------------------------------
171 | Hostgroup | none | yes | Register Hosts | view_hostgroups
173 | Katello::ActivationKey | none | yes | Register Hosts | view_activation_keys
174 | Katello::System | none | yes | Register Hosts | view_content_hosts, create_content_hosts, edit_content_hosts, destroy_content...
175 | Katello::ContentView | none | yes | Register Hosts | view_content_views
176 | Katello::GpgKey | none | yes | Register Hosts | view_gpg_keys
177 | Katello::Subscription | none | yes | Register Hosts | view_subscriptions, attach_subscriptions
178 | Host | none | yes | Register Hosts | view_hosts
179 | Katello::HostCollection | none | yes | Register Hosts | view_host_collections
180 | Organization | none | yes | Register Hosts | view_organizations
182 | Katello::KTEnvironment | none | yes | Register Hosts | view_lifecycle_environments
183 | Katello::Product | none | yes | Register Hosts | view_products
184 | Location | none | yes | Register Hosts | view_locations
185 | Domain | none | yes | Register Hosts | view_domains
186 | Architecture | none | yes | Register Hosts | view_architectures
187 | Operatingsystem | none | yes | Register Hosts | view_operatingsystems
----|-------------------------|--------|------------|----------------|------------------------------------------------------------------------
This allowed me to use bootstrap like this:
bootstrap.py -l register -p password -s ${SAT_HOSTNAME} -o ${SAT_ORGANIZATION} -a ${ACTIVATION_KEY} -L ${SAT_LOCATION} -g ${SAT_HOSTGROUP} -O ${SAT_OS_NAME} --enablerepos=* --skip-puppet --force
Most importantly, view_operatingsystems, view_architectures, view_domains and view_locations are missing from the above KB article.
Please provide a pre-defined role in 6.2.z/6.3.z so people don't have to go through this.
Thank you,