Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1980121 - katello assumes GET params in repo url are SLES auth tokens, but may not be
Summary: katello assumes GET params in repo url are SLES auth tokens, but may not be
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Repositories
Version: 6.8.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: 6.10.0
Assignee: James Jeffers
QA Contact: Cole Higgins
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-07-07 20:28 UTC by Justin Sherrill
Modified: 2021-11-03 19:44 UTC (History)
4 users (show)

Fixed In Version: tfm-rubygem-katello-4.1.1.28-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-11-03 19:29:08 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 32660 0 Normal New katello assumes GET params in repo url are SLES auth tokens, but may not be 2021-07-07 20:28:53 UTC

Description Justin Sherrill 2021-07-07 20:28:52 UTC 
when trying to sync a mirror repo like:

http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock

get params are specified.  Katello interprets these as sles auth tokens:  https://github.com/Katello/katello/blob/master/app/services/katello/pulp3/repository/yum.rb#L20-L25

but in this case they are not.  This doesn't actually cause a problem, as usually they are ignored, except its not exactly 100% correct, and exposed another bug in pulp:  https://pulp.plan.io/issues/8816
Comment 1 Justin Sherrill 2021-07-07 20:28:56 UTC 
Created from redmine issue https://projects.theforeman.org/issues/32660
Comment 2 Justin Sherrill 2021-07-07 20:28:57 UTC 
Upstream bug assigned to None
Comment 3 Brad Buckingham 2021-09-29 14:45:24 UTC 
Moving to POST as upstream PR is merged.
Comment 6 James Jeffers 2021-11-03 17:42:25 UTC 
To reproduce this issue, try to sync http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock

Before the change, this sync would have issues as the query string would be interpreted as a SLES auth token. 

With this change, there is now an explicit field for the SLES auth token.

Additionally, verification should include attempting to sync from a SLES repository with a valid auth token supplied either at repo creation in Satellite or by editing an existing repository and specifying the auth token in the repository details page.
Comment 7 Mike McCune 2021-11-03 19:29:08 UTC 
Satellite no longer supports SLES so no need to verify this bug.
Note You need to log in before you can comment on or make changes to this bug.