Bug 841310
| Summary: | /api/pools does not work with admin | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Brad P. Crochet <brad> |
| Component: | API | Assignee: | Justin Sherrill <jsherril> |
| Status: | CLOSED ERRATA | QA Contact: | Og Maciel <omaciel> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.0.0 | CC: | dmacpher, mmccune, omaciel, snansi |
| Target Milestone: | Unspecified | Keywords: | Triaged |
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
The System Engine API denied admin users access to /katello/api/pools. A fix in the latest version of System Engine allows admin users access to /katello/api/pools.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-12-04 19:47:31 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Brad P. Crochet
2012-07-18 16:12:53 UTC
QE: Can you see if this is a regression from 1.0.1? Reproduced on CFSE 1.0. Will try 1.0.1 next. # curl -k -X GET 'https://admin:admin@qetello01.aaaaa.bbbb.ccc/cfse/api/pools' {"errors":["User admin is not allowed to access api/candlepin_proxies/get"],"displayMessage":"User admin is not allowed to access api/candlepin_proxies/get"} Environment: * candlepin-0.6.5-1.el6_2.noarch * candlepin-tomcat6-0.6.5-1.el6_2.noarch * katello-0.1.318-1.el6cf.noarch * katello-all-0.1.318-1.el6cf.noarch * katello-candlepin-cert-key-pair-1.0-1.noarch * katello-certs-tools-1.0.7-1.el6_3.noarch * katello-cli-0.1.112-1.el6cf.noarch * katello-cli-common-0.1.112-1.el6cf.noarch * katello-common-0.1.318-1.el6cf.noarch * katello-configure-0.1.111-1.el6cf.noarch * katello-glue-candlepin-0.1.318-1.el6cf.noarch * katello-glue-foreman-0.1.318-1.el6cf.noarch * katello-glue-pulp-0.1.318-1.el6cf.noarch * katello-qpid-broker-key-pair-1.0-1.noarch * katello-qpid-client-key-pair-1.0-1.noarch * katello-selinux-0.1.10-1.el6.noarch * pulp-1.0.4-1.el6.noarch * pulp-common-1.0.4-1.el6.noarch * pulp-selinux-server-1.0.4-1.el6.noarch First of all, a small correction. Comment #2 was for a 1.0.1 CFSE installation. With a brand new 1.0 installation, the same issue was detected: # curl -k -X GET 'https://admin:admin@qetello01.aaaaa.bbbb.ccc/cfse/api/pools' {"errors":["User admin is not allowed to access api/candlepin_proxies/get"],"displayMessage":"User admin is not allowed to access api/candlepin_proxies/get"} CFSE 1.0: * candlepin-0.5.26-1.el6.noarch * candlepin-tomcat6-0.5.26-1.el6.noarch * katello-0.1.311-1.el6_2.noarch * katello-all-0.1.311-1.el6_2.noarch * katello-candlepin-cert-key-pair-1.0-1.noarch * katello-certs-tools-1.0.4-1.el6.noarch * katello-cli-0.1.107-1.el6.noarch * katello-cli-common-0.1.107-1.el6.noarch * katello-common-0.1.311-1.el6_2.noarch * katello-configure-0.1.107-1.el6.noarch * katello-glue-candlepin-0.1.311-1.el6_2.noarch * katello-glue-foreman-0.1.311-1.el6_2.noarch * katello-glue-pulp-0.1.311-1.el6_2.noarch * katello-qpid-broker-key-pair-1.0-1.noarch * katello-qpid-client-key-pair-1.0-1.noarch * katello-selinux-0.1.10-1.el6.noarch * pulp-1.0.4-1.el6.noarch * pulp-common-1.0.4-1.el6.noarch * pulp-selinux-server-1.0.4-1.el6.noarch since this is not a regression, moving to 2.0 This appears to work just fine in the latest nightly and master (after confirming it did not work in CFSE 1.0). I'm not entirely sure what would have fixed it though, as I can't find any code change that looks like it might have fixed it. Moving to modified. $ curl -k -X GET 'https://admin:admin@qetello02.aaa.bbb.ccc/cfse/apiools' [{"created":"2012-09-14T21:06:06.646+0000","updated":"2012-09-14T21:06:06.646+0000","id":"ff80808139c66f4d0139c69a54b60006","owner":{"id":"ff80808139c66f4d0139c67f2d2f0003","key":"QE","displayName":"QE","href":"/owners/QE"},"activeSubscription":true,"subscriptionId":"ff80808139c66f4d0139c69a53ef0005","subscriptionSubKey":"master","sourceEntitlement":null,"quantity":-1,"startDate":"2012-09-14T00:00:00.000+0000","endDate":"2042-09-07T00:00:00.000+0000","productId":"1347656766292","providedProducts":[],"attributes":[],"productAttributes":[],"restrictedToUsername":null,"contractNumber":"","accountNumber":"","consumed":0,"exported":0,"productName":"Nightly","href":"/pools/ff80808139c66f4d0139c69a54b60006"}] Verified using: * candlepin-0.7.8-1.el6cf.noarch * candlepin-selinux-0.7.8-1.el6cf.noarch * candlepin-tomcat6-0.7.8-1.el6cf.noarch * katello-1.1.12-7.el6cf.noarch * katello-all-1.1.12-7.el6cf.noarch * katello-candlepin-cert-key-pair-1.0-1.noarch * katello-certs-tools-1.1.8-1.el6cf.noarch * katello-cli-1.1.8-4.el6cf.noarch * katello-cli-common-1.1.8-4.el6cf.noarch * katello-common-1.1.12-7.el6cf.noarch * katello-configure-1.1.9-3.el6cf.noarch * katello-glue-candlepin-1.1.12-7.el6cf.noarch * katello-glue-pulp-1.1.12-7.el6cf.noarch * katello-qpid-broker-key-pair-1.0-1.noarch * katello-qpid-client-key-pair-1.0-1.noarch * katello-selinux-1.1.1-1.el6cf.noarch * pulp-1.1.12-1.el6cf.noarch * pulp-common-1.1.12-1.el6cf.noarch * pulp-selinux-server-1.1.12-1.el6cf.noarch Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-1543.html |