Bug 1313441 - hammer ping prompts for admin password
hammer ping prompts for admin password
Status: CLOSED ERRATA
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Hammer (Show other bugs)
6.2.0
Unspecified Unspecified
unspecified Severity medium (vote)
: GA
: --
Assigned To: Andrew Kofink
Katello QA List
http://projects.theforeman.org/issues...
: Regression, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-03-01 10:33 EST by Roman Plevka
Modified: 2016-09-19 21:55 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-07-27 07:11:54 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Foreman Issue Tracker 14397 None None None 2016-04-22 10:58 EDT

  None (edit)
Description Roman Plevka 2016-03-01 10:33:38 EST
Description of problem:
issuing `hammer ping` command results in prompting user for admin password and anything submitted for a password is being accepted.
The command then prints the proper ping output

Version-Release number of selected component (if applicable):
6.2.0 Snap1

How reproducible:
always

Steps to Reproduce:
1. `hammer ping`

Actual results:
# hammer ping
Ignoring ruby-libvirt-0.5.2 because its extensions are not built.  Try: gem pristine ruby-libvirt --version 0.5.2
[Foreman] Password for admin: <someTotallyInvalidPassword>
candlepin:      
    Status:          ok
    Server Response: Duration: 74ms
candlepin_auth: 
    Status:          ok
    Server Response: Duration: 72ms
pulp:           
    Status:          ok
    Server Response: Duration: 155ms
foreman_tasks:  
    Status:          ok
    Server Response: Duration: 29ms



Expected results:
`hammer ping` should not prompt for credentials.

Additional info:
Comment 3 Andrew Kofink 2016-03-07 14:13:06 EST
Additionally, if you type a valid password, you see ping output for pulp_auth but not for an invalid password.

```
[vagrant@sat-test-rhel7 ~]$ hammer ping
[Foreman] Password for admin: <correct password>
candlepin:      
    Status:          ok
    Server Response: Duration: 42ms
candlepin_auth: 
    Status:          ok
    Server Response: Duration: 37ms
pulp:           
    Status:          ok
    Server Response: Duration: 146ms
pulp_auth:      
    Status:          ok
    Server Response: Duration: 39ms
foreman_tasks:  
    Status:          ok
    Server Response: Duration: 77ms

[vagrant@sat-test-rhel7 ~]$ hammer ping
[Foreman] Password for admin: <incorrect password>
candlepin:      
    Status:          ok
    Server Response: Duration: 58ms
candlepin_auth: 
    Status:          ok
    Server Response: Duration: 32ms
pulp:           
    Status:          ok
    Server Response: Duration: 66ms
foreman_tasks:  
    Status:          ok
    Server Response: Duration: 29ms
```
Comment 4 Andrew Kofink 2016-03-08 13:07:15 EST
Also, this appears to be reproducible only in upstream but not in downstream (satellite-6.2.0-4.beta.el7sat.noarch).
Comment 5 Brad Buckingham 2016-03-09 06:54:22 EST
I see the behavior described in comment 3 on the downstream (tfm-rubygem-katello-3.0.0.5-1.el7sat.noarch).
Comment 6 Andrew Kofink 2016-03-09 08:01:48 EST
(In reply to Brad Buckingham from comment #5)
> I see the behavior described in comment 3 on the downstream
> (tfm-rubygem-katello-3.0.0.5-1.el7sat.noarch).

Yes, you're right. Comment 4 is incorrect; I can reproduce in downstream but not upstream. Here's the upstream behavior:

[vagrant@centos7-devel hammer-cli-katello]$ hammer ping
candlepin:      
    Status:          ok
    Server Response: Duration: 14ms
candlepin_auth: 
    Status:          ok
    Server Response: Duration: 33ms
pulp:           
    Status:          ok
    Server Response: Duration: 39ms
pulp_auth:      
    Status:          ok
    Server Response: Duration: 49ms
foreman_tasks:  
    Status:          ok
    Server Response: Duration: 467ms
Comment 7 Andrew Kofink 2016-03-16 09:44:03 EDT
I'm not sure how to find where this was fixed. I've tried using `git bisect` to go back in time until other things start breaking too much, and I still cannot reproduce this in upstream. Any help would be greatly appreciated.
Comment 8 Brad Buckingham 2016-03-16 11:03:12 EDT
Hi Andrew,  I am able to reproduce this issue on both the upstream and downstream  I suspect the reason we were not seeing it before upstream is that the developer configuration probably has something like the following:

~/.hammer/cli.modules.d/foreman.yaml containing the following:

:foreman:
  :enable_module: true
  :host: 'http://localhost:3000/'
  :username: 'admin'
  :password: 'adminpassword'


With the above, the user will never be prompted for the password.

Do you happen to have a similar configuration on the environment where you are not seeing the password prompted?
Comment 9 Andrew Kofink 2016-03-16 11:12:40 EDT
Yes. I can now reproduce it upstream. Thank you!
Comment 10 Andrew Kofink 2016-03-18 15:53:10 EDT
After some research, it seems that any hammer command which requires authentication by the API will prompt the user. Isn't this desired behavior? If it is desired behavior, then wouldn't this be a new feature rather than a bug? And if we do want to circumvent the prompt for a given command, should we make it an explicit flag? Additionally, I need to know how the system should respond if invalid credentials are provided; in this case, it seems that a partial response may be appropriate, whereas some commands would be completely impossible without authentication.
Comment 11 Andrew Kofink 2016-03-28 11:15:25 EDT
As an example for comment 10, try "hammer organization list" without a password configured. Should this bug affect similar commands?

[vagrant@centos7-devel hammer-cli-katello]$ hammer organization list
[Foreman] Password for admin: 
Invalid username or password

This code resides in hammer-cli-foreman: https://github.com/theforeman/hammer-cli-foreman/blob/master/lib/hammer_cli_foreman/commands.rb#L15
Comment 12 Andrew Kofink 2016-03-30 10:25:45 EDT
Created redmine issue http://projects.theforeman.org/issues/14397 from this bug
Comment 13 Brad Buckingham 2016-03-31 11:27:01 EDT
Andrew, for this one, I would address only the ping command.  I would recommend opening an upstream redmine in the foreman project for the behavior that you found for 'organization list'.  I am not sure it was intended to behave that way.
Comment 14 Brad Buckingham 2016-04-21 11:46:29 EDT
WORKAROUND: Enter the Satellite 6 user's password.
Comment 15 Tomas Strachota 2016-05-18 10:02:13 EDT
Verified with 6.2 snap 11

tfm-rubygem-hammer_cli-0.5.1.6-1.el7sat.noarch
tfm-rubygem-hammer_cli_katello-0.0.22.10-1.el7sat.noarch
Comment 16 Bryan Kearney 2016-07-27 07:11:54 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1501

Note You need to log in before you can comment on or make changes to this bug.