1357881 – candlepin_proxies_controller still uses content_host permissions

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1357881 - candlepin_proxies_controller still uses content_host permissions

Summary: candlepin_proxies_controller still uses content_host permissions

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	API - Content
Sub Component:
Version:	6.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	Unspecified
Assignee:	Justin Sherrill
QA Contact:	Jitendra Yejare
Docs Contact:
URL:	http://projects.theforeman.org/issues...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-07-19 13:06 UTC by Justin Sherrill
Modified:	2019-09-25 21:29 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-02-21 16:54:37 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	15724	0	None	None	None	2016-07-19 14:00:56 UTC

Description Justin Sherrill 2016-07-19 13:06:51 UTC

it needs to be updated to use host permissions

Comment 1 Justin Sherrill 2016-07-19 13:06:53 UTC

Created from redmine issue http://projects.theforeman.org/issues/15724

Comment 3 Bryan Kearney 2016-08-10 18:16:53 UTC

Upstream bug assigned to jsherril

Comment 4 Bryan Kearney 2016-08-10 19:19:04 UTC

Upstream bug component is API - Content

Comment 5 Bryan Kearney 2016-08-10 20:20:08 UTC

Upstream bug component is API

Comment 6 Bryan Kearney 2016-08-10 22:19:41 UTC

Upstream bug component is API - Content

Comment 7 Bryan Kearney 2016-09-06 20:17:57 UTC

Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/15724 has been resolved.

Comment 8 Justin Sherrill 2016-09-06 20:55:22 UTC

I would probably argue for this to be moved to 6.3.0, given:

1) this may break existing customers, which we don't want to do in a z-stream
2) it was done as part of the System model removal for 6.3, so it would need to be a one off patch.

Comment 11 Justin Sherrill 2017-12-20 15:01:33 UTC

Previously, a user would have to use the "content_hosts" permissions to register a system, such as:

create_content_hosts

These should now be gone, and the user should use "create_hosts".

If you create a role with

create_hosts
view_organizations
view_lifecycle_environments


you should now be able to register a system

Comment 12 Jitendra Yejare 2017-12-20 16:26:04 UTC

Verified !

@ Satellite 6.3 snap 29

Steps: (as per comment 11)
1. Created Org admin role that has permissions for:
 create_hosts(instead of create_content_hosts which is now removed)
 view_lifecycle_environments
 Added View_organizations permission
2. Create user non_admin with above role
3. Attempted to register the content host with the above user

Observation:
# subscription-manager register --org="Default_Organization" --username=non_admin --password=passwd
Registering to: qeblade36.rhq.lab.eng.bos.redhat.com:443/rhsm
Environment: Library
The system has been registered with ID: 90faee8f-9ca0-478f-99f3-276e07b47bbf 

Hence changing the state to Verified!

Comment 13 Satellite Program 2018-02-21 16:54:37 UTC

Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> > 
> > For information on the advisory, and where to find the updated files, follow the link below.
> > 
> > If the solution does not work for you, open a new bug report.
> > 
> > https://access.redhat.com/errata/RHSA-2018:0336

Note You need to log in before you can comment on or make changes to this bug.