Red Hat Bugzilla – Bug 1273582
Permissions seem to be wrong
Last modified: 2015-11-23 19:14:51 EST
Created attachment 1084857 [details]
Description of problem:
I cannot create a new certification on the production CWE.
When I log in using my Red Hat SSO, I get a "you do not have permissions" message
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Log on to the prodcution CWE - access.redhat.com
2.Browse to a vendor/ISV page
3.Click on a product
4.Select an existing Software product.
5.Click on create new cert
6.See the error result
Permission denied message
Should be able to create a cert.
Can you verify if you are in the user list of the vendor which you want to create cert for ?
Only the sso account who is in the user list of the vendor can create cert for it.
Any idea about this issue?
Is Glen have the proper right to access the HAProxy products?
The access denied is occuring when Glen gets redirected to https://hardware.redhat.com/enter.cgi?product_nid=1471483&product_type=sw&vendor_nid=1466253
(In reply to MaoPeng from comment #1)
> Hi Glen,
> Can you verify if you are in the user list of the vendor which you want to
> create cert for ?
> Only the sso account who is in the user list of the vendor can create cert
> for it.
> Any idea about this issue?
> Is Glen have the proper right to access the HAProxy products?
> Peng Mao
Peng - this is HAProxy - it was the vendor that attempted to submit the cert. I had to use the 'vendor login' feature to be able to create the cert. Otherwise, I was getting a 'permission denied' message.
The catalogue is for HAProxy:
The user is using the 'haproxy' userid to submit a cert from the rhcert-backend tool.
He is getting the following:
I'm getting the user access errors when trying to submit the image for
the certification process:
Error: could not submit the image
Error: The username or password you entered is not valid. (300)
I'm using the haproxy username with the corresponding password we've had
on our registry -- has that been changed? I've replicated step by step
on how we've been publishing the previous images..
I tried this with my account as well. I attempted to create a certification for Black Duck Hub:
And got a permission error. I even tried to add myself to the list of "Certification Users" for that vendor. Didn't make any difference.
This means the certification workflow is broken and partners cannot submit a new certification. This is a P1, please treat is as such.
Created attachment 1085271 [details]
Error message when trying to create a cert for "Black Duck Hub" with account firstname.lastname@example.org
This problem is caused by that 'groupMembers' attribute of each vendor has disappear. When I try to use relative link to get IBM's vendor information, it shows like following:
Obviously no 'groupMembers' attribute in the xml. The node for 'Black Duck Software, Inc.' are the same, no 'groupMembers' attribute in xml. From CWE, we can determine if a user can/cannot create a cert by and only by seeing the login name is in the 'groupMembers' or not. But now the 'groupMembers' attribute disappear, all login users are not in the 'groupMembers', so no one can create cert from CWE redirected from UCC. Would you please help us to take a look in this issue? This could be a blocking issue... Thanks a lot for your kindly help!
Are there any workarounds to allow a Red Hat person to create a cert ID? If so, will an external user be allowed to use that cert id to submit a certification via rhcert?
I'm now seeing a 'broken pipe' message at the command line. Errno 32 Broken Pipe.
I cancelled the operation and I tried again.
The upload seems to be 'stuck' - 40 minutes with no activity.
When I attempt to submit the second time, I see the following:
Red Hat Catalog User Name: email@example.com
Error: could not ftp image file: [Errno 110] Connection timed out
FTP to dropbox.redhat.com
RHEL71Vbox [root@rhel7glenI openshift-haproxy
Please try again on web2 or partner site, we have fix that.
Partner site is fixed by workaround way, Live site need to be fixed by IT to change the configuration of idp.redhat.com which refuse connection request from hardware.redhat.com.
This is may or may not be related but I logged into access.redhat.com with my sso account and then I tried logging to hardware.redhat.com and got this following error on live site. (useraccount I used: firstname.lastname@example.org)
Insecure dependency in piped open while running with -T switch at Catalog/Strata/StrataClient.pm line 805.
For help, please send mail to the webmaster (email@example.com), giving this error message and the time and date of the error.
@Mao do you think this maybe because of idp.redhat.com issue ? But I tried logging on access.stage.redhat.com and cwe stage: https://partner-hwcert.redhat.com/ it worked perfectly there.