Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1464414 - Internal Server Error when publishing content view with a user that have all content view permissions
Summary: Internal Server Error when publishing content view with a user that have all ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Content Views
Version: 6.3.0
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: Unspecified
Assignee: Justin Sherrill
QA Contact: Kedar Bidarkar
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-06-23 11:43 UTC by Djebran Lezzoum
Modified: 2019-04-01 20:27 UTC (History)
5 users (show)

Fixed In Version: tfm-rubygem-katello-3.4.4
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-02-21 16:40:52 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
foreman-debug output (15.69 MB, application/x-xz)
2017-06-23 11:43 UTC, Djebran Lezzoum 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 20198 0 Normal Closed publishing/promoting a CV with puppet content fails as non admin user 2020-06-01 15:17:52 UTC

Description Djebran Lezzoum 2017-06-23 11:43:36 UTC 
Created attachment 1290982 [details]
foreman-debug output

Description of problem:
Internal Server Error when publishing content view with a user that have all content view permissions

Version-Release number of selected component (if applicable):
* candlepin-2.0.35-1.el7.noarch
* candlepin-selinux-2.0.35-1.el7.noarch
* foreman-1.15.0-1.el7sat.noarch
* foreman-cli-1.15.0-1.el7sat.noarch
* foreman-compute-1.15.0-1.el7sat.noarch
* foreman-debug-1.15.0-1.el7sat.noarch
* foreman-discovery-image-3.1.1-22.el7sat.noarch
* foreman-ec2-1.15.0-1.el7sat.noarch
* foreman-gce-1.15.0-1.el7sat.noarch
* foreman-installer-1.15.0-1.el7sat.noarch
* foreman-installer-katello-3.4.1.3-1.el7sat.noarch
* foreman-libvirt-1.15.0-1.el7sat.noarch
* foreman-openstack-1.15.0-1.el7sat.noarch
* foreman-ovirt-1.15.0-1.el7sat.noarch
* foreman-postgresql-1.15.0-1.el7sat.noarch
* foreman-proxy-1.15.0-2.el7sat.noarch
* foreman-rackspace-1.15.0-1.el7sat.noarch
* foreman-selinux-1.15.0-1.el7sat.noarch
* foreman-vmware-1.15.0-1.el7sat.noarch
* katello-3.4.1-1.el7sat.noarch
* katello-ca-consumer-sat-r220-02.lab.eng.rdu2.redhat.com-1.0-1.noarch
* katello-certs-tools-2.4.0-1.el7sat.noarch
* katello-client-bootstrap-1.4.0-1.el7sat.noarch
* katello-common-3.4.1-1.el7sat.noarch
* katello-debug-3.4.1-1.el7sat.noarch
* katello-default-ca-1.0-1.noarch
* katello-installer-base-3.4.1.3-1.el7sat.noarch
* katello-selinux-3.0.2-1.el7sat.noarch
* katello-server-ca-1.0-1.noarch
* katello-service-3.4.1-1.el7sat.noarch
* openldap-2.4.40-13.el7.x86_64
* pulp-client-1.0-1.noarch
* pulp-docker-plugins-2.3.0-1.el7sat.noarch
* pulp-katello-1.0.2-1.el7sat.noarch
* pulp-ostree-plugins-1.2.1-1.el7sat.noarch
* pulp-puppet-plugins-2.12.2-1.el7sat.noarch
* pulp-puppet-tools-2.12.2-1.el7sat.noarch
* pulp-rpm-plugins-2.12.2-1.el7sat.noarch
* pulp-selinux-2.12.2-1.el7sat.noarch
* pulp-server-2.12.2-1.el7sat.noarch
* python-ldap-2.4.15-2.el7.x86_64
* tfm-rubygem-ldap_fluff-0.4.6-1.el7sat.noarch
* tfm-rubygem-net-ldap-0.15.0-1.el7sat.noarch


How reproducible:
Always

Steps to Reproduce:
1. create an organization
2. create a content view
3. create a user
4. give that user all content view and lifecycle environment permissions eg:
view_content_views, create_content_views, edit_content_views, destroy_content_views, publish_content_views, promote_or_remove_content_views, export_content_views
view_lifecycle_environments, create_lifecycle_environments, edit_lifecycle_environments, destroy_lifecycle_environments, promote_or_remove_content_views_to_environments
5. publish content view with that user
>>> hammer -v -u user_login -p user_password content-view publish --id="1047"

Actual results:
[ERROR 2017-06-23 07:27:29 API] 500 Internal Server Error
[ERROR 2017-06-23 07:27:29 Exception] Content View uhhWVy2fUf  cannot be published without an internal capsule.
Could not publish the content view:
  Content View uhhWVy2fUf  cannot be published without an internal capsule.
[ERROR 2017-06-23 07:27:29 Exception] 

RestClient::InternalServerError (500 Internal Server Error):
    /opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.8.0/lib/restclient/abstract_response.rb:74:in `return!'
    /opt/theforeman/tfm/root/usr/share/gems/gems/apipie-bindings-0.2.0/lib/apipie_bindings/api.rb:352:in `block in rest_client_call_block'
    /opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.8.0/lib/restclient/request.rb:493:in `process_result'
    /opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.8.0/lib/restclient/request.rb:421:in `block in transmit'
    /opt/rh/rh-ruby23/root/usr/share/ruby/net/http.rb:853:in `start'
    /opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.8.0/lib/restclient/request.rb:413:in `transmit'
    /opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.8.0/lib/restclient/request.rb:176:in `execute'
    /opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.8.0/lib/restclient/request.rb:41:in `execute'
    /opt/theforeman/tfm/root/usr/share/gems/gems/rest-client-1.8.0/lib/restclient/resource.rb:67:in `post'
    /opt/theforeman/tfm/root/usr/share/gems/gems/apipie-bindings-0.2.0/lib/apipie_bindings/api.rb:324:in `call_client'
    /opt/theforeman/tfm/root/usr/share/gems/gems/apipie-bindings-0.2.0/lib/apipie_bindings/api.rb:240:in `http_call'
    /opt/theforeman/tfm/root/usr/share/gems/gems/apipie-bindings-0.2.0/lib/apipie_bindings/api.rb:190:in `call_action'
    /opt/theforeman/tfm/root/usr/share/gems/gems/apipie-bindings-0.2.0/lib/apipie_bindings/api.rb:185:in `call'
    /opt/theforeman/tfm/root/usr/share/gems/gems/apipie-bindings-0.2.0/lib/apipie_bindings/resource.rb:21:in `call'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli-0.10.2/lib/hammer_cli/apipie/command.rb:43:in `send_request'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli_foreman-0.10.2/lib/hammer_cli_foreman/commands.rb:166:in `send_request'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli_foreman_tasks-0.0.10/lib/hammer_cli_foreman_tasks/async_command.rb:14:in `execute'
    /opt/theforeman/tfm/root/usr/share/gems/gems/clamp-1.0.0/lib/clamp/command.rb:68:in `run'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli-0.10.2/lib/hammer_cli/abstract.rb:29:in `run'
    /opt/theforeman/tfm/root/usr/share/gems/gems/clamp-1.0.0/lib/clamp/subcommand/execution.rb:11:in `execute'
    /opt/theforeman/tfm/root/usr/share/gems/gems/clamp-1.0.0/lib/clamp/command.rb:68:in `run'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli-0.10.2/lib/hammer_cli/abstract.rb:29:in `run'
    /opt/theforeman/tfm/root/usr/share/gems/gems/clamp-1.0.0/lib/clamp/subcommand/execution.rb:11:in `execute'
    /opt/theforeman/tfm/root/usr/share/gems/gems/clamp-1.0.0/lib/clamp/command.rb:68:in `run'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli-0.10.2/lib/hammer_cli/abstract.rb:29:in `run'
    /opt/theforeman/tfm/root/usr/share/gems/gems/clamp-1.0.0/lib/clamp/command.rb:133:in `run'
    /opt/theforeman/tfm/root/usr/share/gems/gems/hammer_cli-0.10.2/bin/hammer:147:in `<top (required)>'
    /usr/bin/hammer:23:in `load'
    /usr/bin/hammer:23:in `<main>'



Expected results:
The content view published successfully

Additional info:
The user is able to edit the content view
Comment 2 Evgeni Golov 2017-06-23 12:08:13 UTC 
My initial guess would be that the user for some reason cannot see the internal capsule. Either because it is not belonging to his org, or location, or whatever.

I had no way to verify this, though, as the machine this happened did not want to load the /smart_proxies page :(
Comment 4 Justin Sherrill 2017-07-03 17:52:09 UTC 
Its hard to tell without the production.log output, but i believe this was fixed (for yum content as part of https://bugzilla.redhat.com/show_bug.cgi?id=1437134).

However i do still see an issue with puppet content.  I will investigate.
Comment 5 Justin Sherrill 2017-07-03 23:06:43 UTC 
Connecting redmine issue http://projects.theforeman.org/issues/20198 from this bug
Comment 6 Satellite Program 2017-07-11 14:12:51 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/20198 has been resolved.
Comment 7 Satellite Program 2017-08-03 22:15:01 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/20198 has been resolved.
Comment 8 Kedar Bidarkar 2017-09-10 20:52:50 UTC 
[root@qe-sat6 ~]# hammer -u admin -p changeme user list
---|----------|----------------|---------------------------------------
ID | LOGIN    | NAME           | EMAIL                                 
---|----------|----------------|---------------------------------------
3  | admin    | Admin User     | root.com    
5  | foobar   | foobar         | foobar                     
4  | kbidarka | Kedar Bidarkar | kbidarka.com
---|----------|----------------|---------------------------------------


[root@qe-sat6 ~]# hammer -u admin -p changeme user info --id 5
Id:                    5
Login:                 foobar
Name:                  foobar 
Email:                 foobar
Admin:                 no
Effective admin:       no
Authorized by:         win10452
Locale:                default
Timezone:              
Last login:            2017/09/10 20:32:37
Description:           
Default organization:  kbidarka_org
Default location:      kbidarka_loc
Roles:                 
    Default role
User groups:           
 1) Usergroup: katello1
    Roles:     
        lfe_roles
        hostgroup_roles
        cv_roles
        View hosts
Inherited User groups: 

Locations:             
    Default Location
    kbidarka_loc
Organizations:         
    Default Organization
    kbidarka_org
Created at:            2017/09/10 18:04:12
Updated at:            2017/09/10 18:12:27


[root@qe-sat6 ~]# hammer -u admin -p changeme role filters --id 26
----|----------------------|--------|------------|-----------|----------|---------------------------------------------------------------------------------
ID  | RESOURCE TYPE        | SEARCH | UNLIMITED? | OVERRIDE? | ROLE     | PERMISSIONS                                                                     
----|----------------------|--------|------------|-----------|----------|---------------------------------------------------------------------------------
271 | Katello::ContentView | none   | no         | no        | cv_roles | view_content_views, create_content_views, edit_content_views, destroy_content...
----|----------------------|--------|------------|-----------|----------|---------------------------------------------------------------------------------


[root@qe-sat6 ~]# hammer -u admin -p changeme role filters --id 27
----|------------------------|--------|------------|-----------|-----------|---------------------------------------------------------------------------------
ID  | RESOURCE TYPE          | SEARCH | UNLIMITED? | OVERRIDE? | ROLE      | PERMISSIONS                                                                     
----|------------------------|--------|------------|-----------|-----------|---------------------------------------------------------------------------------
272 | Katello::KTEnvironment | none   | no         | no        | lfe_roles | view_lifecycle_environments, create_lifecycle_environments, edit_lifecycle_en...
----|------------------------|--------|------------|-----------|-----------|---------------------------------------------------------------------------------


[root@qe-sat6 ~]# hammer -u admin -p changeme content-view list
----------------|---------------------------|--------------------------------------|-----------|---------------------|---------------
CONTENT VIEW ID | NAME                      | LABEL                                | COMPOSITE | LAST PUBLISHED      | REPOSITORY IDS
----------------|---------------------------|--------------------------------------|-----------|---------------------|---------------
4               | Capsule RHEL 7 CV         | Capsule_RHEL_7_CV                    |           | 2017/09/09 18:54:04 | 6, 3, 7       
5               | Default Organization View | 9e0b4abc-42ef-4cd2-bd02-d0c2f3f72618 |           | 2017/09/10 16:31:14 |               
1               | Default Organization View | Default_Organization_View            |           | 2017/09/09 17:28:52 |               
3               | RHEL 6 CV                 | RHEL_6_CV                            |           | 2017/09/09 18:39:49 | 2, 4, 5       
2               | RHEL 7 CV                 | RHEL_7_CV                            |           | 2017/09/09 18:31:37 | 6, 1, 3       
----------------|---------------------------|--------------------------------------|-----------|---------------------|---------------

NOTE: 

1) All the above commands were executed with ADMIN user, whic is showcase the perms for the user being used.
2) the publish was done via the non-admin user by assigning roles to it.
------------------

[root@qe-sat6 ~]# hammer -u foobar -p Secret@777 content-view publish --id=2
[..........................................................................................................................................................................................................] [100%]


VERIFIED with Sat6.3.0 snap15.0 successfully
Comment 9 Bryan Kearney 2018-02-21 16:39:14 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336
Comment 10 Bryan Kearney 2018-02-21 16:40:52 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336
Comment 11 Satellite Program 2018-02-21 16:54:17 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> 
> For information on the advisory, and where to find the updated files, follow the link below.
> 
> If the solution does not work for you, open a new bug report.
> 
> https://access.redhat.com/errata/RHSA-2018:0336
Note You need to log in before you can comment on or make changes to this bug.