| Summary: | system registration routes issue when no activation keys present | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Shannon Hughes <shughes> |
| Component: | API | Assignee: | Lukas Zapletal <lzap> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Garik Khachikyan <gkhachik> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.0.0 | CC: | gkhachik, lzap, mkoci |
| Target Milestone: | Unspecified | ||
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-08-22 17:56:07 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | |||
| Bug Blocks: | 747354 | ||
Regarding this issue, I have pushed a simple workaround to allow registration without activation keys. 1634bdc 736384 - workaround for perm. denied for rhsm registration This should be removed when we refactor permissions for system activations. So I reverted the temporary fix and refactored way we handle RHSM permissions. 629d2ca 737563 - Subscription Manager fails permissions on accessing subscriptions eebb966 736141 - Systems Registration perms need to be reworked e84d7e8 Revert "736384 - workaround for perm. denied (unit test)" 95ea20a Revert "736384 - workaround for perm. denied for rhsm registration" I am not able to reproduce it now. # VERIFIED doing call of `system subscribe` does not invoke the "*#activate" action (looking in the production.log of katello) All looks fine, RHSM gets exit 0. Checked against: katello-0.1.174-2.el6.noarch katello-cli-0.1.35-1.el6.noarch |
Description of problem: when subscribing a system via subscription manager to katello without activation keys, I am seeing the API systems controller #create action get called as expected but then I also see the activate action being called. Looks like there is a match in the routes that is causing the activate to get invoked: match '/consumers' => 'systems#activate', :via => :post, :constraints => RegisterWithActivationKeyContraint.new this is causing a permissions error that gets sent back to subscription manager, 'content': "Errors::SecurityViolation: User admin is not allowed to access api/systems/activate\n/git/katello/src/lib/authorization_rules.rb:30:in `authorize'\n/usr/lib/ruby/gems/1.8/gems/activesupport-3.0.5/lib/active_support/callback Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: