Bug 1719175

Summary:

Proxy password with special character fails for insights with "407 Proxy Authentication Required"

Product:

Red Hat Satellite

Reporter:

anerurka

Component:

RH Cloud - Insights

Assignee:

Rex White <rexwhite>

Status:

CLOSED ERRATA

QA Contact:

Radovan Drazny <rdrazny>

Severity:

medium

Docs Contact:

Priority:

high

Version:

6.5.0

CC:

ableisch, ahumbe, bkearney, dpathak, egolov, ehelms, fratto, gquites, jneedle, ktordeur, lee.patterson, lphiri, mawerner, mmccune, rexwhite, robwilli, shughes, spetrosi, wpinheir

Target Milestone:

6.7.0

Keywords:

PrioBumpGSS, Triaged

Target Release:

Unused

Hardware:

Unspecified

OS:

Unspecified

Whiteboard:

Fixed In Version:

tfm-rubygem-redhat_access-2.2.9

Doc Type:

Known Issue

Doc Text:

If an HTTP proxy password contains special characters, such as "?", Insights uploads fail with the "407 Proxy Authentication Required" error. Do not use special characters in an HTTP proxy password.

Story Points:

---

Clone Of:

Environment:

Last Closed:

2020-04-14 13:24:36 UTC

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
tfm-rubygem-redhat_access-2.2.11-1.el7sat.noarch.rpm	none

Description anerurka 2019-06-11 08:50:49 UTC

Description of problem:

Proxy with a special character password "?", integrated with Satellite Server v.6.5, fails for Insights communication, fails with "407 Proxy Authentication Required"


Version-Release number of selected component (if applicable):

redhat-access-insights-puppet-0.0.9-3.el7sat.noarch
ansiblerole-insights-client-1.6-1.el7sat.noarch


How reproducible:


Steps to Reproduce:

1. Configure Satellite with proxy with a password that has special character "?"
2. In UI, navigate to "Red Hat Insights -> Manage" --> Check Connection

Actual results:

Dashboard display "Unable to get risk summary: 407 Proxy Authentication Required"

Expected results:

There should not be any error related to Proxy.

Comment 8 Rex White 2019-08-22 21:18:16 UTC

Also, can we double check that the customer whitelisted "cert-api.access.redhat.com" in their proxy configuration?

Comment 15 Mike McCune 2019-09-12 20:02:00 UTC

We are spinning out a new BZ to track the specific $ issue but are going to move this back ON_QA to see if we can say this is VERIFIED for the majority of the special characters now covered by the changes in this bz.

Comment 16 Mike McCune 2019-09-12 20:02:19 UTC

Please see the follow-on bz for the $ issue:

https://bugzilla.redhat.com/show_bug.cgi?id=1751875

Comment 23 Mike McCune 2019-12-17 22:21:49 UTC

*** Bug 1751875 has been marked as a duplicate of this bug. ***

Comment 26 Rex White 2020-02-25 15:45:51 UTC

Marek,

The build issue was cause by a missing dependency on katello that's been added to redhat_access.gemspec in 2.2.11 so it *should* build ok now.

Comment 27 Evgeni Golov 2020-02-28 11:40:45 UTC

It built fine, so moving back to ON_DEV

Comment 29 Radovan Drazny 2020-03-11 13:55:32 UTC

Tested with Sat 6.7 Snap 15 (tfm-rubygem-redhat_access-2.2.11-1). I have created proxy users with passwords containing "?", "$", "&" chars. In all cases Satellite was able to successfully connect to the Insights API.

Comment 39 Rex White 2020-04-07 15:06:06 UTC

Francesco,

I am not part of the satellite organization and don't have any direct information about their schedules for releasing these updates so, unfortunately, I can't give you a better estimate for a release date.  Ashish Humbe might be able to give you more information but as he mentioned previously you can request a hotfix if the customer needs this immediately.

This update would only address the Insights functions and proxied uploads from the client, though - Satellite had already addressed this issue in their own proxy function in a previous update (Insights uses a separate proxy).  The authentication errors with cert-api.access.redhat.com you see in the logs should have no effect on the customer's ability to download updates via CDN; this would seem to be an unrelated problem.

Let me know if there's anything else I can do to help!

Rex White

Comment 43 Mike McCune 2020-04-08 18:03:03 UTC

** Satellite 6.6 Hotfix Available **

1) Download tfm-rubygem-redhat_access-2.2.11-1.el7sat.noarch.rpm from this bugzilla to your Satellite

2) install:

rpm -Uvh tfm-rubygem-redhat_access-2.2.11-1.el7sat.noarch.rpm 

3) restart services

satellite-maintain service restart

4) resume operations

Comment 44 Mike McCune 2020-04-08 18:04:10 UTC

Created attachment 1677335 [details]
tfm-rubygem-redhat_access-2.2.11-1.el7sat.noarch.rpm

Comment 47 errata-xmlrpc 2020-04-14 13:24:36 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1454