Bug 1273582
Summary: | Permissions seem to be wrong | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Certification Program | Reporter: | Glen Millard <gmillard> | ||||||
Component: | Certification Workflow Engine | Assignee: | MaoPeng <pmao> | ||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Suprith Gangawar <sgangawa> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | urgent | ||||||||
Version: | 1.0 | CC: | hrivero, pmao, rlandry, sguha, thong, tmctighe | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2015-11-24 00:14:51 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Hi Glen, Can you verify if you are in the user list of the vendor which you want to create cert for ? Only the sso account who is in the user list of the vendor can create cert for it. Traivs, Any idea about this issue? Is Glen have the proper right to access the HAProxy products? Thanks, Peng Mao Peng, The access denied is occuring when Glen gets redirected to https://hardware.redhat.com/enter.cgi?product_nid=1471483&product_type=sw&vendor_nid=1466253 (In reply to MaoPeng from comment #1) > Hi Glen, > > Can you verify if you are in the user list of the vendor which you want to > create cert for ? > Only the sso account who is in the user list of the vendor can create cert > for it. > > Traivs, > > Any idea about this issue? > Is Glen have the proper right to access the HAProxy products? > > > Thanks, > Peng Mao Peng - this is HAProxy - it was the vendor that attempted to submit the cert. I had to use the 'vendor login' feature to be able to create the cert. Otherwise, I was getting a 'permission denied' message. The catalogue is for HAProxy: https://access.redhat.com/ecosystem/software/1471483 The user is using the 'haproxy' userid to submit a cert from the rhcert-backend tool. He is getting the following: +++++++++++++++++++ Hi Glen, I'm getting the user access errors when trying to submit the image for the certification process: Error: could not submit the image Error: The username or password you entered is not valid. (300) I'm using the haproxy username with the corresponding password we've had on our registry -- has that been changed? I've replicated step by step on how we've been publishing the previous images.. Kind regards, D. +++++++++++++++++++++++ I tried this with my account as well. I attempted to create a certification for Black Duck Hub: https://access.redhat.com/ecosystem/software/2018643 And got a permission error. I even tried to add myself to the list of "Certification Users" for that vendor. Didn't make any difference. This means the certification workflow is broken and partners cannot submit a new certification. This is a P1, please treat is as such. Created attachment 1085271 [details]
Error message when trying to create a cert for "Black Duck Hub" with account hrivero
Hi, Travis, This problem is caused by that 'groupMembers' attribute of each vendor has disappear. When I try to use relative link to get IBM's vendor information, it shows like following: <vendor> <title>IBM</title> <language>en</language> <id>918313</id> <tnid>0</tnid> <uri>https://api.access.redhat.com/rs/ecosystem/vendors/918313</uri> <viewUri>https://access.redhat.com/ecosystem/vendors/918313</viewUri> <tsaNetMemberLevel>Premium</tsaNetMemberLevel> <displayTitle>IBM</displayTitle> <vendorType>Certified Hardware</vendorType> <vendorType>Certified Software</vendorType> <logoUrl>https://access.redhat.com/sites/default/files/ibm_small.jpg</logoUrl></vendor> Obviously no 'groupMembers' attribute in the xml. The node for 'Black Duck Software, Inc.' are the same, no 'groupMembers' attribute in xml. From CWE, we can determine if a user can/cannot create a cert by and only by seeing the login name is in the 'groupMembers' or not. But now the 'groupMembers' attribute disappear, all login users are not in the 'groupMembers', so no one can create cert from CWE redirected from UCC. Would you please help us to take a look in this issue? This could be a blocking issue... Thanks a lot for your kindly help! Best Regards, Hong Tao Are there any workarounds to allow a Red Hat person to create a cert ID? If so, will an external user be allowed to use that cert id to submit a certification via rhcert? I'm now seeing a 'broken pipe' message at the command line. Errno 32 Broken Pipe. I cancelled the operation and I tried again. The upload seems to be 'stuck' - 40 minutes with no activity. Glen When I attempt to submit the second time, I see the following: Red Hat Catalog User Name: gmillard response: gmillard Password: Error: could not ftp image file: [Errno 110] Connection timed out FTP to dropbox.redhat.com RHEL71Vbox [root@rhel7glenI openshift-haproxy Please try again on web2 or partner site, we have fix that. Please try again on web2 or partner site, we have fix that. Partner site is fixed by workaround way, Live site need to be fixed by IT to change the configuration of idp.redhat.com which refuse connection request from hardware.redhat.com. Hi folks, This is may or may not be related but I logged into access.redhat.com with my sso account and then I tried logging to hardware.redhat.com and got this following error on live site. (useraccount I used: sguha) Software error: Insecure dependency in piped open while running with -T switch at Catalog/Strata/StrataClient.pm line 805. For help, please send mail to the webmaster (bugzilla-owner), giving this error message and the time and date of the error. @Mao do you think this maybe because of idp.redhat.com issue ? But I tried logging on access.stage.redhat.com and cwe stage: https://partner-hwcert.redhat.com/ it worked perfectly there. |
Created attachment 1084857 [details] Error message Description of problem: I cannot create a new certification on the production CWE. When I log in using my Red Hat SSO, I get a "you do not have permissions" message Version-Release number of selected component (if applicable): How reproducible: Repoducible Steps to Reproduce: 1.Log on to the prodcution CWE - access.redhat.com 2.Browse to a vendor/ISV page 3.Click on a product 4.Select an existing Software product. 5.Click on create new cert 6.See the error result Actual results: Permission denied message Expected results: Should be able to create a cert. Additional info: