Bug 1315901

Summary: Stacktrace displayed when running rct against an inaccessible file
Product: Red Hat Enterprise Linux 7 Reporter: Morgan Weetman <mweetman>
Component: python-rhsmAssignee: William Poteat <wpoteat>
Status: CLOSED ERRATA QA Contact: John Sefler <jsefler>
Severity: low Docs Contact:
Priority: medium    
Version: 7.2CC: bcourt, redakkan, skallesh, vrjain, wpoteat
Target Milestone: rcKeywords: StringChange, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-03 20:27:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch for rhsm/certificate2.py none

Description Morgan Weetman 2016-03-09 00:02:00 UTC 
Created attachment 1134339 [details]
Patch for rhsm/certificate2.py

Description of problem:
Stacktrace occurs when using rct against an inaccessible file

Version-Release number of selected component (if applicable):
subscription-manager-1.15.9-15.el7.x86_64

How reproducible:
As a normal user, execute:
rct cat-cert /etc/pki/consumer/


Actual results:
[student@desktop pki]$ rct cat-cert consumer/cert.pem 
Traceback (most recent call last):
  File "/usr/bin/rct", line 49, in <module>
    sys.exit(abs(main() or 0))
  File "/usr/bin/rct", line 44, in main
    return RctCLI().main()
  File "/usr/share/rhsm/subscription_manager/cli.py", line 159, in main
    return cmd.main()
  File "/usr/share/rhsm/rct/commands.py", line 39, in main
    return_code = self._do_command()
  File "/usr/share/rhsm/rct/cert_commands.py", line 74, in _do_command
    cert = self._create_cert()
  File "/usr/share/rhsm/rct/cert_commands.py", line 43, in _create_cert
    return certificate.create_from_file(cert_file)
  File "/usr/lib64/python2.7/site-packages/rhsm/certificate.py", line 59, in create_from_file
    return _CertFactory().create_from_file(path)
  File "/usr/lib64/python2.7/site-packages/rhsm/certificate2.py", line 65, in create_from_file
    pem = open(path, 'r').read()
IOError: [Errno 13] Permission denied: 'consumer/cert.pem'


Expected results:

[student@desktop ~]$ rct cat-cert /etc/pki/consumer/cert.pem
Permission denied
[student@desktop ~]$ sudo rct cat-cert /etc/pki/consumer/cert.pem 
+-------------------------------------------+
	Identity Certificate
+-------------------------------------------+

Certificate:
	Path: /etc/pki/consumer/cert.pem
	Version: 1.0
	Serial: 6678847080198154076
	Start Date: 2016-02-28 23:52:59+00:00
	End Date: 2017-02-28 23:52:59+00:00
	Alt Name: URI:CN=desktop.lab.internal

Subject:
	CN: 10bc093b-fe9a-4633-ad35-c679a7853724

Issuer:
	C: US
	CN: Red Hat Candlepin Authority
	O: Red Hat, Inc.
	OU: Red Hat Network
	ST: North Carolina
	emailAddress: ca-support


Additional info:

I've attached a patch for rhsm/certificate2.py which generates the expected results, testing required
Comment 2 William Poteat 2016-06-29 19:14:59 UTC 
PR filed https://github.com/candlepin/python-rhsm/pull/174
Comment 3 William Poteat 2016-08-04 20:39:09 UTC 
master commit 340c7cc97518ceb56ff5845cade729a78ef22942
Comment 5 Shwetha Kallesh 2016-08-10 07:43:54 UTC 
Marking verified

[root@dhcp35-77 ~]# subscription-manager version
server type: Red Hat Subscription Management
subscription management server: 0.9.51.15-1
subscription management rules: 5.15.1
subscription-manager: 1.17.10-1.el7
python-rhsm: 1.17.6-1.el7


[shwetha@dhcp35-77 ~]$ whoami
shwetha

[shwetha@dhcp35-77 ~]$ rct cat-cert consumer/cert.pem 
The specified certificate file does not exist.
[shwetha@dhcp35-77 ~]$ rct cat-cert /etc/pki/consumer/cert.pem
Permission denied


[root@dhcp35-77 ~]# whoami
root

[root@dhcp35-77 ~]# rct cat-cert /etc/pki/consumer/cert.pem 

+-------------------------------------------+
	Identity Certificate
+-------------------------------------------+

Certificate:
	Path: /etc/pki/consumer/cert.pem
	Version: 1.0
	Serial: 8596013141950419348
	Start Date: 2016-08-10 03:50:57+00:00
	End Date: 2017-08-10 03:50:57+00:00
	Alt Name: URI:CN=dhcp35-77.lab.eng.blr.redhat.com

Subject:
	CN: cf19c106-b13f-4f91-bb1e-bbe05cc97879

Issuer:
	C: US
	CN: Red Hat Candlepin Authority
	O: Red Hat, Inc.
	OU: Red Hat Network
	ST: North Carolina
	emailAddress: ca-support

[root@dhcp35-77 ~]# rct cat-cert cert.pem
The specified certificate file does not exist.
Comment 8 errata-xmlrpc 2016-11-03 20:27:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2592.html
Comment 10 John Sefler 2018-03-30 15:57:07 UTC 
The output shown in the verification demonstration in comment 5 has been slightly altered by the commit for bug 1472715.  See https://bugzilla.redhat.com/show_bug.cgi?id=1472715#c5