Bug 1464414 - Internal Server Error when publishing content view with a user that have all content view permissions
Internal Server Error when publishing content view with a user that have all ...
Status: VERIFIED
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Content Views (Show other bugs)
6.3.0
x86_64 Linux
unspecified Severity high (vote)
: GA
: --
Assigned To: Justin Sherrill
Kedar Bidarkar
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-23 07:43 EDT by Djebran Lezzoum
Modified: 2017-09-10 16:59 EDT (History)
5 users (show)

See Also:
Fixed In Version: tfm-rubygem-katello-3.4.4
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
foreman-debug output (15.69 MB, application/x-xz)
2017-06-23 07:43 EDT, Djebran Lezzoum
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Foreman Issue Tracker 20198 None None None 2017-07-03 19:06 EDT

  None (edit)
Description Djebran Lezzoum 2017-06-23 07:43:36 EDT
Created attachment 1290982 [details]
foreman-debug output

Description of problem:
Internal Server Error when publishing content view with a user that have all content view permissions

Version-Release number of selected component (if applicable):
* candlepin-2.0.35-1.el7.noarch
* candlepin-selinux-2.0.35-1.el7.noarch
* foreman-1.15.0-1.el7sat.noarch
* foreman-cli-1.15.0-1.el7sat.noarch
* foreman-compute-1.15.0-1.el7sat.noarch
* foreman-debug-1.15.0-1.el7sat.noarch
* foreman-discovery-image-3.1.1-22.el7sat.noarch
* foreman-ec2-1.15.0-1.el7sat.noarch
* foreman-gce-1.15.0-1.el7sat.noarch
* foreman-installer-1.15.0-1.el7sat.noarch
* foreman-installer-katello-3.4.1.3-1.el7sat.noarch
* foreman-libvirt-1.15.0-1.el7sat.noarch
* foreman-openstack-1.15.0-1.el7sat.noarch
* foreman-ovirt-1.15.0-1.el7sat.noarch
* foreman-postgresql-1.15.0-1.el7sat.noarch
* foreman-proxy-1.15.0-2.el7sat.noarch
* foreman-rackspace-1.15.0-1.el7sat.noarch
* foreman-selinux-1.15.0-1.el7sat.noarch
* foreman-vmware-1.15.0-1.el7sat.noarch
* katello-3.4.1-1.el7sat.noarch
* katello-ca-consumer-sat-r220-02.lab.eng.rdu2.redhat.com-1.0-1.noarch
* katello-certs-tools-2.4.0-1.el7sat.noarch
* katello-client-bootstrap-1.4.0-1.el7sat.noarch
* katello-common-3.4.1-1.el7sat.noarch
* katello-debug-3.4.1-1.el7sat.noarch
* katello-default-ca-1.0-1.noarch
* katello-installer-base-3.4.1.3-1.el7sat.noarch
* katello-selinux-3.0.2-1.el7sat.noarch
* katello-server-ca-1.0-1.noarch
* katello-service-3.4.1-1.el7sat.noarch
* openldap-2.4.40-13.el7.x86_64
* pulp-client-1.0-1.noarch
* pulp-docker-plugins-2.3.0-1.el7sat.noarch
* pulp-katello-1.0.2-1.el7sat.noarch
* pulp-ostree-plugins-1.2.1-1.el7sat.noarch
* pulp-puppet-plugins-2.12.2-1.el7sat.noarch
* pulp-puppet-tools-2.12.2-1.el7sat.noarch
* pulp-rpm-plugins-2.12.2-1.el7sat.noarch
* pulp-selinux-2.12.2-1.el7sat.noarch
* pulp-server-2.12.2-1.el7sat.noarch
* python-ldap-2.4.15-2.el7.x86_64
* tfm-rubygem-ldap_fluff-0.4.6-1.el7sat.noarch
* tfm-rubygem-net-ldap-0.15.0-1.el7sat.noarch


How reproducible:
Always

Steps to Reproduce:
1. create an organization
2. create a content view
3. create a user
4. give that user all content view and lifecycle environment permissions eg:
view_content_views, create_content_views, edit_content_views, destroy_content_views, publish_content_views, promote_or_remove_content_views, export_content_views
view_lifecycle_environments, create_lifecycle_environments, edit_lifecycle_environments, destroy_lifecycle_environments, promote_or_remove_content_views_to_environments
5. publish content view with that user
>>> hammer -v -u user_login -p user_password content-view publish --id="1047"

Actual results:
[ERROR 2017-06-23 07:27:29 API] 500 Internal Server Error
[ERROR 2017-06-23 07:27:29 Exception] Content View uhhWVy2fUf  cannot be published without an internal capsule.
Could not publish the content view:
  Content View uhhWVy2fUf  cannot be published without an internal capsule.
[ERROR 2017-06-23 07:27:29 Exception] 

RestClient::InternalServerError (500 Internal Server Error):
    /opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.8.0/lib/restclient/abstract_response.rb:74:in `return!'
    /opt/theforeman/tfm/root/usr/share/gems/gems/apipie-bindings-0.2.0/lib/apipie_bindings/api.rb:352:in `block in rest_client_call_block'
    /opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.8.0/lib/restclient/request.rb:493:in `process_result'
    /opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.8.0/lib/restclient/request.rb:421:in `block in transmit'
    /opt/rh/rh-ruby23/root/usr/share/ruby/net/http.rb:853:in `start'
    /opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.8.0/lib/restclient/request.rb:413:in `transmit'
    /opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.8.0/lib/restclient/request.rb:176:in `execute'
    /opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.8.0/lib/restclient/request.rb:41:in `execute'
    /opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.8.0/lib/restclient/resource.rb:67:in `post'
    /opt/theforeman/tfm/root/usr/share/gems/gems/apipie-bindings-0.2.0/lib/apipie_bindings/api.rb:324:in `call_client'
    /opt/theforeman/tfm/root/usr/share/gems/gems/apipie-bindings-0.2.0/lib/apipie_bindings/api.rb:240:in `http_call'
    /opt/theforeman/tfm/root/usr/share/gems/gems/apipie-bindings-0.2.0/lib/apipie_bindings/api.rb:190:in `call_action'
    /opt/theforeman/tfm/root/usr/share/gems/gems/apipie-bindings-0.2.0/lib/apipie_bindings/api.rb:185:in `call'
    /opt/theforeman/tfm/root/usr/share/gems/gems/apipie-bindings-0.2.0/lib/apipie_bindings/resource.rb:21:in `call'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli-0.10.2/lib/hammer_cli/apipie/command.rb:43:in `send_request'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli_foreman-0.10.2/lib/hammer_cli_foreman/commands.rb:166:in `send_request'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli_foreman_tasks-0.0.10/lib/hammer_cli_foreman_tasks/async_command.rb:14:in `execute'
    /opt/theforeman/tfm/root/usr/share/gems/gems/clamp-1.0.0/lib/clamp/command.rb:68:in `run'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli-0.10.2/lib/hammer_cli/abstract.rb:29:in `run'
    /opt/theforeman/tfm/root/usr/share/gems/gems/clamp-1.0.0/lib/clamp/subcommand/execution.rb:11:in `execute'
    /opt/theforeman/tfm/root/usr/share/gems/gems/clamp-1.0.0/lib/clamp/command.rb:68:in `run'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli-0.10.2/lib/hammer_cli/abstract.rb:29:in `run'
    /opt/theforeman/tfm/root/usr/share/gems/gems/clamp-1.0.0/lib/clamp/subcommand/execution.rb:11:in `execute'
    /opt/theforeman/tfm/root/usr/share/gems/gems/clamp-1.0.0/lib/clamp/command.rb:68:in `run'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli-0.10.2/lib/hammer_cli/abstract.rb:29:in `run'
    /opt/theforeman/tfm/root/usr/share/gems/gems/clamp-1.0.0/lib/clamp/command.rb:133:in `run'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli-0.10.2/bin/hammer:147:in `<top (required)>'
    /usr/bin/hammer:23:in `load'
    /usr/bin/hammer:23:in `<main>'



Expected results:
The content view published successfully

Additional info:
The user is able to edit the content view
Comment 2 Evgeni Golov 2017-06-23 08:08:13 EDT
My initial guess would be that the user for some reason cannot see the internal capsule. Either because it is not belonging to his org, or location, or whatever.

I had no way to verify this, though, as the machine this happened did not want to load the /smart_proxies page :(
Comment 4 Justin Sherrill 2017-07-03 13:52:09 EDT
Its hard to tell without the production.log output, but i believe this was fixed (for yum content as part of https://bugzilla.redhat.com/show_bug.cgi?id=1437134).

However i do still see an issue with puppet content.  I will investigate.
Comment 5 Justin Sherrill 2017-07-03 19:06:43 EDT
Connecting redmine issue http://projects.theforeman.org/issues/20198 from this bug
Comment 6 pm-sat@redhat.com 2017-07-11 10:12:51 EDT
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/20198 has been resolved.
Comment 7 pm-sat@redhat.com 2017-08-03 18:15:01 EDT
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/20198 has been resolved.
Comment 8 Kedar Bidarkar 2017-09-10 16:52:50 EDT
[root@qe-sat6 ~]# hammer -u admin -p changeme user list
---|----------|----------------|---------------------------------------
ID | LOGIN    | NAME           | EMAIL                                 
---|----------|----------------|---------------------------------------
3  | admin    | Admin User     | root@domain.redhat.com    
5  | foobar   | foobar         | foobar@redhat.com                     
4  | kbidarka | Kedar Bidarkar | kbidarka@domain.redhat.com
---|----------|----------------|---------------------------------------


[root@qe-sat6 ~]# hammer -u admin -p changeme user info --id 5
Id:                    5
Login:                 foobar
Name:                  foobar 
Email:                 foobar@redhat.com
Admin:                 no
Effective admin:       no
Authorized by:         win10452
Locale:                default
Timezone:              
Last login:            2017/09/10 20:32:37
Description:           
Default organization:  kbidarka_org
Default location:      kbidarka_loc
Roles:                 
    Default role
User groups:           
 1) Usergroup: katello1
    Roles:     
        lfe_roles
        hostgroup_roles
        cv_roles
        View hosts
Inherited User groups: 

Locations:             
    Default Location
    kbidarka_loc
Organizations:         
    Default Organization
    kbidarka_org
Created at:            2017/09/10 18:04:12
Updated at:            2017/09/10 18:12:27


[root@qe-sat6 ~]# hammer -u admin -p changeme role filters --id 26
----|----------------------|--------|------------|-----------|----------|---------------------------------------------------------------------------------
ID  | RESOURCE TYPE        | SEARCH | UNLIMITED? | OVERRIDE? | ROLE     | PERMISSIONS                                                                     
----|----------------------|--------|------------|-----------|----------|---------------------------------------------------------------------------------
271 | Katello::ContentView | none   | no         | no        | cv_roles | view_content_views, create_content_views, edit_content_views, destroy_content...
----|----------------------|--------|------------|-----------|----------|---------------------------------------------------------------------------------


[root@qe-sat6 ~]# hammer -u admin -p changeme role filters --id 27
----|------------------------|--------|------------|-----------|-----------|---------------------------------------------------------------------------------
ID  | RESOURCE TYPE          | SEARCH | UNLIMITED? | OVERRIDE? | ROLE      | PERMISSIONS                                                                     
----|------------------------|--------|------------|-----------|-----------|---------------------------------------------------------------------------------
272 | Katello::KTEnvironment | none   | no         | no        | lfe_roles | view_lifecycle_environments, create_lifecycle_environments, edit_lifecycle_en...
----|------------------------|--------|------------|-----------|-----------|---------------------------------------------------------------------------------


[root@qe-sat6 ~]# hammer -u admin -p changeme content-view list
----------------|---------------------------|--------------------------------------|-----------|---------------------|---------------
CONTENT VIEW ID | NAME                      | LABEL                                | COMPOSITE | LAST PUBLISHED      | REPOSITORY IDS
----------------|---------------------------|--------------------------------------|-----------|---------------------|---------------
4               | Capsule RHEL 7 CV         | Capsule_RHEL_7_CV                    |           | 2017/09/09 18:54:04 | 6, 3, 7       
5               | Default Organization View | 9e0b4abc-42ef-4cd2-bd02-d0c2f3f72618 |           | 2017/09/10 16:31:14 |               
1               | Default Organization View | Default_Organization_View            |           | 2017/09/09 17:28:52 |               
3               | RHEL 6 CV                 | RHEL_6_CV                            |           | 2017/09/09 18:39:49 | 2, 4, 5       
2               | RHEL 7 CV                 | RHEL_7_CV                            |           | 2017/09/09 18:31:37 | 6, 1, 3       
----------------|---------------------------|--------------------------------------|-----------|---------------------|---------------

NOTE: 

1) All the above commands were executed with ADMIN user, whic is showcase the perms for the user being used.
2) the publish was done via the non-admin user by assigning roles to it.
------------------

[root@qe-sat6 ~]# hammer -u foobar -p Secret@777 content-view publish --id=2
[..........................................................................................................................................................................................................] [100%]


VERIFIED with Sat6.3.0 snap15.0 successfully

Note You need to log in before you can comment on or make changes to this bug.