Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1418119 - [RFE] Implement Org / Environment level content access
Summary: [RFE] Implement Org / Environment level content access
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: subscription-manager
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: candlepin-bugs
QA Contact: John Sefler
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-31 23:11 UTC by Chris Snyder
Modified: 2017-08-01 19:20 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 19:20:42 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github candlepin python-rhsm pull 191 0 'None' 'closed' 'Add consumer content API to python-rhsm' 2019-11-28 07:46:38 UTC
Github candlepin subscription-manager pull 1520 0 'None' 'closed' 'Add content access cert functionality to subman' 2019-11-28 07:46:38 UTC
Red Hat Product Errata RHBA-2017:2083 0 normal SHIPPED_LIVE python-rhsm and subscription-manager bug fix and enhancement update 2017-08-01 18:14:19 UTC

Description Chris Snyder 2017-01-31 23:11:15 UTC
This RFE bug is intended to be a tracker for the implementation of the following design (in both subscription-manager and python-rhsm):

https://docs.google.com/document/d/1fL_BECstpgpH3HGRIiOG6J9hQK6NzeUmmRXDLe2rAwA/edit#heading=h.g5l7o97lgmz7

Comment 1 Chris Snyder 2017-01-31 23:14:41 UTC
Moving this to modified as the attached PRs implementing this feature have been merged upstream. Consequently, this should be pulled in to the first build for rhel 7.4.

Comment 3 Shwetha Kallesh 2017-06-22 08:24:21 UTC
System has access to golden ticket when registered to owner that has contentAccessMode set to org_environment and revoked when contentAccessMode is null


[root@dhcp71-155 ~]# subscription-manager version
server type: Red Hat Subscription Management
subscription management server: 2.1.1-1
subscription management rules: 5.23
subscription-manager: 1.19.20-1.el7
python-rhsm: 1.19.9-1.el7


[root@dhcp71-155 ~]# curl --stderr /dev/null --insecure --user admin:admin --request PUT --data '{"contentAccessMode":"org_environment"}' --header 'accept: application/json' --header 'content-type: application/json' https://F21-candlepin.usersys.redhat.com:8443/candlepin/owners/snowwhite
{
  "parentOwner" : null,
  "id" : "8ac6a3625ccedd85015cceddcf0d0003",
  "key" : "snowwhite",
  "displayName" : "Snow White",
  "contentPrefix" : null,
  "defaultServiceLevel" : null,
  "upstreamConsumer" : null,
  "logLevel" : null,
  "autobindDisabled" : null,
  "contentAccessMode" : "org_environment",
  "contentAccessModeList" : "org_environment",
  "href" : "/owners/snowwhite",
  "created" : "2017-06-22T08:14:21+0000",
  "updated" : "2017-06-22T08:17:44+0000"
}

[root@dhcp71-155 ~]# subscription-manager register --serverurl F21-candlepin.usersys.redhat.com:8443/candlepin
Registering to: F21-candlepin.usersys.redhat.com:8443/candlepin
Username: admin
Password: 
Organization: snowwhite
The system has been registered with ID: 3810ffb4-ed45-435f-850d-e834f2db87ac 
[root@dhcp71-155 ~]# subscription-manager list --consumed
No consumed subscription pools to list
[root@dhcp71-155 ~]# ls /etc/pki/entitlement/
5910486032266321287-key.pem  5910486032266321287.pem
[root@dhcp71-155 ~]# rct cc /etc/pki/entitlement/5910486032266321287.pem --no-content

+-------------------------------------------+
	Entitlement Certificate
+-------------------------------------------+

Certificate:
	Path: /etc/pki/entitlement/5910486032266321287.pem
	Version: 3.3
	Serial: 5910486032266321287
	Start Date: 2017-06-22 07:18:37+00:00
	End Date: 2018-06-22 07:18:37+00:00
	Pool ID: Not Available

Subject:
	CN: 3810ffb4-ed45-435f-850d-e834f2db87ac
	O: snowwhite

Issuer:
	C: US
	CN: F21-candlepin.usersys.redhat.com
	L: Raleigh

Product:
	ID: content_access
	Name:  Content Access
	Version: 
	Arch: 
	Tags: 
	Brand Type: 
	Brand Name: 

Order:
	Name: Content Access
	Number: 
	SKU: content_access
	Contract: 
	Account: 
	Service Level: 
	Service Type: 
	Quantity: 
	Quantity Used: 1
	Socket Limit: 
	RAM Limit: 
	Core Limit: 
	Virt Only: False
	Stacking ID: 
	Warning Period: 0
	Provides Management: False

[root@dhcp71-155 ~]# curl --stderr /dev/null --insecure --user admin:admin --request PUT --data '{"contentAccessMode":""}' --header 'accept: application/json' --header 'content-type: application/json' https://F21-candlepin.usersys.redhat.com:8443/candlepin/owners/snowwhite
{
  "parentOwner" : null,
  "id" : "8ac6a3625ccedd85015cceddcf0d0003",
  "key" : "snowwhite",
  "displayName" : "Snow White",
  "contentPrefix" : null,
  "defaultServiceLevel" : null,
  "upstreamConsumer" : null,
  "logLevel" : null,
  "autobindDisabled" : null,
  "contentAccessMode" : null,
  "contentAccessModeList" : "org_environment",
  "href" : "/owners/snowwhite",
  "created" : "2017-06-22T08:14:21+0000",
  "updated" : "2017-06-22T08:22:37+0000"
}[root@dhcp71-155 ~]# subscription-manager refresh
1 local certificate has been deleted.
All local data refreshed
[root@dhcp71-155 ~]# ls /etc/pki/entitlement/
[root@dhcp71-155 ~]# rct cc /etc/pki/entitlement/5910486032266321287.pem --no-content
The specified certificate file does not exist.

Comment 4 errata-xmlrpc 2017-08-01 19:20:42 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2083


Note You need to log in before you can comment on or make changes to this bug.