Bug 1357881

Summary: candlepin_proxies_controller still uses content_host permissions
Product: Red Hat Satellite Reporter: Justin Sherrill <jsherril>
Component: API - ContentAssignee: Justin Sherrill <jsherril>
Status: CLOSED ERRATA QA Contact: Jitendra Yejare <jyejare>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.2.0CC: bbuckingham, cwelton, jyejare
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
URL: http://projects.theforeman.org/issues/15724
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-21 16:54:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Justin Sherrill 2016-07-19 13:06:51 UTC 
it needs to be updated to use host permissions
Comment 1 Justin Sherrill 2016-07-19 13:06:53 UTC 
Created from redmine issue http://projects.theforeman.org/issues/15724
Comment 3 Bryan Kearney 2016-08-10 18:16:53 UTC 
Upstream bug assigned to jsherril
Comment 4 Bryan Kearney 2016-08-10 19:19:04 UTC 
Upstream bug component is API - Content
Comment 5 Bryan Kearney 2016-08-10 20:20:08 UTC 
Upstream bug component is API
Comment 6 Bryan Kearney 2016-08-10 22:19:41 UTC 
Upstream bug component is API - Content
Comment 7 Bryan Kearney 2016-09-06 20:17:57 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/15724 has been resolved.
Comment 8 Justin Sherrill 2016-09-06 20:55:22 UTC 
I would probably argue for this to be moved to 6.3.0, given:

1) this may break existing customers, which we don't want to do in a z-stream
2) it was done as part of the System model removal for 6.3, so it would need to be a one off patch.
Comment 11 Justin Sherrill 2017-12-20 15:01:33 UTC 
Previously, a user would have to use the "content_hosts" permissions to register a system, such as:

create_content_hosts

These should now be gone, and the user should use "create_hosts".

If you create a role with

create_hosts
view_organizations
view_lifecycle_environments


you should now be able to register a system
Comment 12 Jitendra Yejare 2017-12-20 16:26:04 UTC 
Verified !

@ Satellite 6.3 snap 29

Steps: (as per comment 11)
1. Created Org admin role that has permissions for:
 create_hosts(instead of create_content_hosts which is now removed)
 view_lifecycle_environments
 Added View_organizations permission
2. Create user non_admin with above role
3. Attempted to register the content host with the above user

Observation:
# subscription-manager register --org="Default_Organization" --username=non_admin --password=passwd
Registering to: qeblade36.rhq.lab.eng.bos.redhat.com:443/rhsm
Environment: Library
The system has been registered with ID: 90faee8f-9ca0-478f-99f3-276e07b47bbf 

Hence changing the state to Verified!
Comment 13 Satellite Program 2018-02-21 16:54:37 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> > 
> > For information on the advisory, and where to find the updated files, follow the link below.
> > 
> > If the solution does not work for you, open a new bug report.
> > 
> > https://access.redhat.com/errata/RHSA-2018:0336