Bug 1357881 - candlepin_proxies_controller still uses content_host permissions
Summary: candlepin_proxies_controller still uses content_host permissions
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: API - Content
Version: 6.2.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: Unspecified
Assignee: Justin Sherrill
QA Contact: Jitendra Yejare
URL: http://projects.theforeman.org/issues...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-07-19 13:06 UTC by Justin Sherrill
Modified: 2019-09-25 21:29 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-02-21 16:54:37 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Foreman Issue Tracker 15724 None None None 2016-07-19 14:00:56 UTC

Description Justin Sherrill 2016-07-19 13:06:51 UTC
it needs to be updated to use host permissions

Comment 1 Justin Sherrill 2016-07-19 13:06:53 UTC
Created from redmine issue http://projects.theforeman.org/issues/15724

Comment 3 Bryan Kearney 2016-08-10 18:16:53 UTC
Upstream bug assigned to jsherril@redhat.com

Comment 4 Bryan Kearney 2016-08-10 19:19:04 UTC
Upstream bug component is API - Content

Comment 5 Bryan Kearney 2016-08-10 20:20:08 UTC
Upstream bug component is API

Comment 6 Bryan Kearney 2016-08-10 22:19:41 UTC
Upstream bug component is API - Content

Comment 7 Bryan Kearney 2016-09-06 20:17:57 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/15724 has been resolved.

Comment 8 Justin Sherrill 2016-09-06 20:55:22 UTC
I would probably argue for this to be moved to 6.3.0, given:

1) this may break existing customers, which we don't want to do in a z-stream
2) it was done as part of the System model removal for 6.3, so it would need to be a one off patch.

Comment 11 Justin Sherrill 2017-12-20 15:01:33 UTC
Previously, a user would have to use the "content_hosts" permissions to register a system, such as:

create_content_hosts

These should now be gone, and the user should use "create_hosts".

If you create a role with

create_hosts
view_organizations
view_lifecycle_environments


you should now be able to register a system

Comment 12 Jitendra Yejare 2017-12-20 16:26:04 UTC
Verified !

@ Satellite 6.3 snap 29

Steps: (as per comment 11)
1. Created Org admin role that has permissions for:
 create_hosts(instead of create_content_hosts which is now removed)
 view_lifecycle_environments
 Added View_organizations permission
2. Create user non_admin with above role
3. Attempted to register the content host with the above user

Observation:
# subscription-manager register --org="Default_Organization" --username=non_admin --password=passwd
Registering to: qeblade36.rhq.lab.eng.bos.redhat.com:443/rhsm
Environment: Library
The system has been registered with ID: 90faee8f-9ca0-478f-99f3-276e07b47bbf 

Hence changing the state to Verified!

Comment 13 pm-sat@redhat.com 2018-02-21 16:54:37 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> > 
> > For information on the advisory, and where to find the updated files, follow the link below.
> > 
> > If the solution does not work for you, open a new bug report.
> > 
> > https://access.redhat.com/errata/RHSA-2018:0336


Note You need to log in before you can comment on or make changes to this bug.