Bug 728357

Summary: System create API gives 403 with latest candlepin
Product: Red Hat Satellite Reporter: Jeff Weiss <jweiss>
Component: APIAssignee: Bryan Kearney <bkearney>
Status: CLOSED CURRENTRELEASE QA Contact: Katello QA List <katello-qa-list>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.0.1CC: dajohnso, gstoecke
Target Milestone: UnspecifiedKeywords: Regression, TestBlocker
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Candlepin 0.4.9-1.fc14
Last Closed: 2012-08-22 17:51:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 747354    

Description Jeff Weiss 2011-08-04 20:10:46 UTC 
Description of problem:
[root@katello-ci katello]# katello -u admin -p admin system register --org=ACME_Corporation --environment=Development --name=katello-ci
error: operation failed: RestClient::Forbidden: 403 Forbidden


Version-Release number of selected component (if applicable):
katello-0.1.57-1.git.12.5461708.fc14.noarch

How reproducible:


Steps to Reproduce:
1. Run above cli command
2.
3.
  
Actual results:
403

Expected results:
System registered

Additional info:
from cp logs:

Aug 04 14:44:14 [http-8443-2] DEBUG org.fedoraproject.candlepin.resteasy.interceptor.OAuth - Checking for oauth authentication
Aug 04 14:44:14 [http-8443-2] DEBUG org.fedoraproject.candlepin.resteasy.interceptor.RestEasyOAuthMessage - oauth_body_hash:2jmj7l5rSw0yVb/vlWAYkK/YBwk=
Aug 04 14:44:14 [http-8443-2] DEBUG org.fedoraproject.candlepin.resteasy.interceptor.RestEasyOAuthMessage - oauth_consumer_key:katello
Aug 04 14:44:14 [http-8443-2] DEBUG org.fedoraproject.candlepin.resteasy.interceptor.RestEasyOAuthMessage - oauth_nonce:QMDo52AlasnQKNwqANFrCMNcIiu87lTLfl6SiOzeQk
Aug 04 14:44:14 [http-8443-2] DEBUG org.fedoraproject.candlepin.resteasy.interceptor.RestEasyOAuthMessage - oauth_signature:Z8r0ZnJPBf71f+4YljTuWOR3j3Q=
Aug 04 14:44:14 [http-8443-2] DEBUG org.fedoraproject.candlepin.resteasy.interceptor.RestEasyOAuthMessage - oauth_signature_method:HMAC-SHA1
Aug 04 14:44:14 [http-8443-2] DEBUG org.fedoraproject.candlepin.resteasy.interceptor.RestEasyOAuthMessage - oauth_timestamp:1312483454
Aug 04 14:44:14 [http-8443-2] DEBUG org.fedoraproject.candlepin.resteasy.interceptor.RestEasyOAuthMessage - oauth_version:1.0
Aug 04 14:44:14 [http-8443-2] DEBUG org.fedoraproject.candlepin.auth.interceptor.SecurityInterceptor - Invoked security interceptor public org.fedoraproject.candlepin.model.Consumer org.fedoraproject.candlepin.resource.ConsumerResource.create(org.fedoraproject.candlepin.model.Consumer,org.fedoraproject.candlepin.auth.Principal,java.lang.String,java.lang.String,java.lang.String) throws org.fedoraproject.candlepin.exceptions.BadRequestException
Aug 04 14:44:14 [http-8443-2] WARN  org.fedoraproject.candlepin.auth.interceptor.SecurityInterceptor - Allowing invocation to proceed with no authentication required.
Aug 04 14:44:14 [http-8443-2] ERROR org.fedoraproject.candlepin.exceptions.CandlepinExceptionMapper - Runtime exception:
org.jboss.resteasy.spi.ApplicationException: org.fedoraproject.candlepin.exceptions.ForbiddenException: Insufficient permissions
        at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:154)
        at org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:248)
        at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:216)
        at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:205)
        at org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:489)
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:466)
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:120)
        at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:200)
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:48)
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:43)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:216)
        at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:141)
        at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:93)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:63)
        at org.fedoraproject.candlepin.servlet.filter.VersionFilter.doFilter(VersionFilter.java:47)
        at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:129)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
        at org.fedoraproject.candlepin.servlet.filter.logging.LoggingFilter.doFilter(LoggingFilter.java:55)
        at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:129)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
        at com.wideplay.warp.persist.PersistenceFilter$3.run(PersistenceFilter.java:141)
        at com.wideplay.warp.persist.internal.Lifecycles.failEarlyAndLeaveNoOneBehind(Lifecycles.java:29)
        at com.wideplay.warp.persist.PersistenceFilter.doFilter(PersistenceFilter.java:155)
        at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:129)
        at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:59)
        at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:122)
        at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:110)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
        at java.lang.Thread.run(Thread.java:636)
Caused by: org.fedoraproject.candlepin.exceptions.ForbiddenException: Insufficient permissions
        at org.fedoraproject.candlepin.resource.ConsumerResource.create(ConsumerResource.java:249)
        at org.fedoraproject.candlepin.resource.ConsumerResource$$EnhancerByGuice$$367808c9.CGLIB$create$1(<generated>)
        at org.fedoraproject.candlepin.resource.ConsumerResource$$EnhancerByGuice$$367808c9$$FastClassByGuice$$37d37b9e.invoke(<generated>)
        at com.google.inject.internal.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
        at com.google.inject.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:64)
        at org.fedoraproject.candlepin.auth.interceptor.SecurityInterceptor.invoke(SecurityInterceptor.java:99)
        at com.google.inject.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:64)
        at com.google.inject.InterceptorStackCallback.intercept(InterceptorStackCallback.java:44)
        at org.fedoraproject.candlepin.resource.ConsumerResource$$EnhancerByGuice$$367808c9.create(<generated>)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
Comment 1 Jeff Weiss 2011-08-12 19:28:22 UTC 
There was no official fix for this, but I believe it was fixed indirectly.

[root@katello-ci init.d]# katello -u admin -p admin system register --org=ACME_Corporation --environment=Development --name=katello-ci
Successfully registered system [ katello-ci ]
[root@katello-ci init.d]# rpm -q katello
katello-0.1.61-1.git.30.a7174a6.fc14.noarch
Comment 5 Mike McCune 2013-08-16 17:59:57 UTC 
getting rid of 6.0.0 version since that doesn't exist