Bug 1054127

Summary: free users are able to attach certs to aliases via REST
Product: OpenShift Online Reporter: Oleg Fayans <ofayans>
Component: MasterAssignee: Lili Nader <lnader>
Status: CLOSED WORKSFORME QA Contact: libra bugs <libra-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 1.xCC: amarecek, mfisher
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-16 15:04:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Oleg Fayans 2014-01-16 10:04:36 UTC 
Description of problem:

I am able to attach private certificate to an app's alias being a non-paid user

Version-Release number of selected component (if applicable):
ami-1b467572

How reproducible:
always

Steps to Reproduce:
1. Resgister a new user
2. create an app, add an alias to the app
3. Create a new certificate
4. attach this certificate to the alias: 
curl -k -X PUT https://<server>/broker/rest/application/<app_id>/alias/<alias_name> -u yourname:password --data-urlencode ssl_certificate=<certificate_file_contents> --data-urlencode private_key=<key_file_content>


Actual results:
The curl request succeeds. The app now has a certificate associated with it's alias

Expected results:
The curl request should fail. This feature only available to non-free users

Additional info:
Comment 1 Oleg Fayans 2014-01-16 14:54:04 UTC 
I was again able to reproduce this with the fresh devenv instance, ami_id ami-5d300334
Comment 2 Oleg Fayans 2014-01-16 15:04:56 UTC 
Oh, it's our cucumber framework keeps enabling ssl certificates explicitely