2120744 – Keycloak auth fails due to typo in connection close method

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2120744 - Keycloak auth fails due to typo in connection close method

Summary: Keycloak auth fails due to typo in connection close method

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	subscription-manager
Sub Component:
Version:	9.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	9.2
Assignee:	Jiri Hnidek
QA Contact:	Red Hat subscription-manager QE Team
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2160482 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-08-23 16:26 UTC by Craig Donnelly
Modified:	2023-05-09 10:25 UTC (History)
CC List:	7 users (show)
Fixed In Version:	subscription-manager-1.29.31-1.el9
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-05-09 08:18:42 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	candlepin subscription-manager pull 3117	None	Merged	2120744: Close keycloak connection properly	2022-08-29 09:49:43 UTC
Red Hat Issue Tracker	ENT-5353	None	None	None	2022-08-25 15:35:03 UTC
Red Hat Issue Tracker	RHELPLAN-132034	None	None	None	2022-08-23 16:41:51 UTC
Red Hat Product Errata	RHBA-2023:2493	None	None	None	2023-05-09 08:19:03 UTC

Description Craig Donnelly 2022-08-23 16:26:36 UTC

Description of problem:

There is a typo in a keycloak connection close method that causes registration via token to fail.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. subscription-manager register --insecure --token "$offline_token"
2.
3.

Actual results:
2022-08-23 12:07:47,094 [DEBUG] subscription-manager:1228:MainThread @connection.py:1062 - Response: status=200, requestUuid=4802840a-ae8d-48b9-8e67-a93831b9f6ed, request="POST /subscription/consumers?owner=13303041"
2022-08-23 12:07:47,094 [DEBUG] subscription-manager:1228:MainThread @connection.py:1066 - Server wants to keep connection
2022-08-23 12:07:47,094 [DEBUG] subscription-manager:1228:MainThread @connection.py:1080 - Connection timeout: 30 is used from 'Keep-Alive' HTTP header
2022-08-23 12:07:47,095 [DEBUG] subscription-manager:1228:MainThread @cp_provider.py:167 - Closing auth/consumer connection...
2022-08-23 12:07:47,095 [DEBUG] subscription-manager:1228:MainThread @connection.py:625 - Closing HTTPS connection <ssl.SSLSocket fd=6, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('10.8.29.113', 40460), raddr=('10.2.77.208', 443)>
2022-08-23 12:07:47,103 [DEBUG] subscription-manager:1228:MainThread @connection.py:629 - Unable to close TLS connection properly: [SSL: UNEXPECTED_EOF_WHILE_READING] unexpected eof while reading (_ssl.c:2756)
2022-08-23 12:07:47,104 [DEBUG] subscription-manager:1228:MainThread @cp_provider.py:170 - Closing no auth connection...
2022-08-23 12:07:47,104 [DEBUG] subscription-manager:1228:MainThread @connection.py:625 - Closing HTTPS connection <ssl.SSLSocket fd=4, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('10.8.29.113', 40456), raddr=('10.2.77.208', 443)>
2022-08-23 12:07:47,112 [DEBUG] subscription-manager:1228:MainThread @connection.py:629 - Unable to close TLS connection properly: [SSL: UNEXPECTED_EOF_WHILE_READING] unexpected eof while reading (_ssl.c:2756)
2022-08-23 12:07:47,112 [DEBUG] subscription-manager:1228:MainThread @cp_provider.py:176 - Closing auth/keycloak connection...
2022-08-23 12:07:47,113 [ERROR] subscription-manager:1228:MainThread @cli.py:70 - Error during registration: 'Restlib' object has no attribute 'close_connestion'
2022-08-23 12:07:47,113 [ERROR] subscription-manager:1228:MainThread @cli.py:71 - 'Restlib' object has no attribute 'close_connestion'
Traceback (most recent call last):
  File "/usr/lib64/python3.9/site-packages/subscription_manager/cli_command/register.py", line 298, in _do_command
    consumer = service.register(
  File "/usr/lib64/python3.9/site-packages/rhsmlib/services/register.py", line 129, in register
    cp_provider.close_all_connections()
  File "/usr/lib64/python3.9/site-packages/subscription_manager/cp_provider.py", line 177, in close_all_connections
    self.keycloak_auth_cp.conn.close_connestion()
AttributeError: 'Restlib' object has no attribute 'close_connestion'

Expected results:
[root@r9normalboothw site-packages]# subscription-manager register --token "$offline_token"
The system has been registered with ID: 4984ca44-11cd-4bd5-8b99-d7af595b3796
The registered system name is: r9normalboothw

Additional info:

cp_provider.py:177
    self.keycloak_auth_cp.conn.close_connestion()

When changed to close_connection, registration succeeds.

Comment 1 Archana Pandey 2022-09-26 17:38:41 UTC

Pre-verification:

      Beaker Test information:
                         HOSTNAME=ibm-x3650m4-02-vm-03.ibm2.lab.eng.bos.redhat.com
                            JOBID=7044413
                         RECIPEID=12660160
                    RESULT_SERVER=
                           DISTRO=RHEL-9.2.0-20220926.0
                     ARCHITECTURE=x86_64

**  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **

>> Reproducing the bug-

[root@ibm-x3650m4-02-vm-03 ~]# 
[root@ibm-x3650m4-02-vm-03 ~]# subscription-manager version
server type: This system is currently not registered.
subscription management server: 4.0.18-3
subscription management rules: 5.41
subscription-manager: 1.29.30-1.el9
[root@ibm-x3650m4-02-vm-03 ~]# 
[root@ibm-x3650m4-02-vm-03 ~]# 
[root@ibm-x3650m4-02-vm-03 ~]# subscription-manager register --insecure --token "*****" 
'Restlib' object has no attribute 'close_connestion'  <<<<  Typo for 'connection'
[root@ibm-x3650m4-02-vm-03 ~]# 
[root@ibm-x3650m4-02-vm-03 ~]# 

>> rhsm.log - 

2022-09-26 07:04:40,911 [ERROR] rhsmcertd-worker:22003:MainThread @rhsmcertd_worker.py:193 - Either the consumer is not registered or the certificates are corrupted. Certificate update using daemon failed.
2022-09-26 07:32:07,895 [ERROR] subscription-manager:22694:MainThread @cli.py:70 - Error during registration: 'Restlib' object has no attribute 'close_connestion'
2022-09-26 07:32:07,896 [ERROR] subscription-manager:22694:MainThread @cli.py:71 - 'Restlib' object has no attribute 'close_connestion'
Traceback (most recent call last):
  File "/usr/lib64/python3.9/site-packages/subscription_manager/cli_command/register.py", line 298, in _do_command
    consumer = service.register(
  File "/usr/lib64/python3.9/site-packages/rhsmlib/services/register.py", line 129, in register
    cp_provider.close_all_connections()
  File "/usr/lib64/python3.9/site-packages/subscription_manager/cp_provider.py", line 177, in close_all_connections
    self.keycloak_auth_cp.conn.close_connestion()
AttributeError: 'Restlib' object has no attribute 'close_connestion'  <<< Typo

============================================================================================================================

>> Pre-verifying on jenkins build-
            
[root@ibm-x3650m4-02-vm-03 ~]# yum upgrade subscription-manager
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Jenkins CI builds of Red Hat Subscription Manager for RHEL                                                                                                     28 kB/s |  13 kB     00:00    
Dependencies resolved.
==============================================================================================================================================================================================
 Package                                                 Architecture                Version                                                       Repository                            Size
==============================================================================================================================================================================================
Upgrading:
 libdnf-plugin-subscription-manager                      x86_64                      1.29.30+44.g2ec7335e2-1.git.0.b47aa3f                         rhsm_master.el9                       81 k
 python3-cloud-what                                      x86_64                      1.29.30+44.g2ec7335e2-1.git.0.b47aa3f                         rhsm_master.el9                       92 k
 python3-subscription-manager-rhsm                       x86_64                      1.29.30+44.g2ec7335e2-1.git.0.b47aa3f                         rhsm_master.el9                      175 k
 subscription-manager                                    x86_64                      1.29.30+44.g2ec7335e2-1.git.0.b47aa3f                         rhsm_master.el9                      770 k

Transaction Summary
==============================================================================================================================================================================================
Upgrade  4 Packages

Total download size: 1.1 M
Is this ok [y/N]: y
Downloading Packages:
:
:
:
:
:
:
Upgraded:
  libdnf-plugin-subscription-manager-1.29.30+44.g2ec7335e2-1.git.0.b47aa3f.x86_64                      python3-cloud-what-1.29.30+44.g2ec7335e2-1.git.0.b47aa3f.x86_64                       
  python3-subscription-manager-rhsm-1.29.30+44.g2ec7335e2-1.git.0.b47aa3f.x86_64                       subscription-manager-1.29.30+44.g2ec7335e2-1.git.0.b47aa3f.x86_64                     

Complete!
[root@ibm-x3650m4-02-vm-03 ~]# 
[root@ibm-x3650m4-02-vm-03 ~]# rpm -qa --changelog subscription-manager | grep 2120744
- 2120744: Close keycloak connection properly (jhnidek)
[root@ibm-x3650m4-02-vm-03 ~]# 
[root@ibm-x3650m4-02-vm-03 ~]# subscription-manager register --insecure --token "*****" 
The system has been registered with ID: dc8b4be3-db63-4fe4-a83d-03233046c8dc
The registered system name is: ibm-x3650m4-02-vm-03.ibm2.lab.eng.bos.redhat.com
[root@ibm-x3650m4-02-vm-03 ~]#       
[root@ibm-x3650m4-02-vm-03 ~]# 

[root@ibm-x3650m4-02-vm-03 ~]# subscription-manager status
+-------------------------------------------+
   System Status Details
+-------------------------------------------+
Overall Status: Disabled
Content Access Mode is set to Simple Content Access. This host has access to content, regardless of subscription status.

System Purpose Status: Disabled            

Hence verified that fixing the typo fixes the issue.

Pre-verified.

Comment 4 Archana Pandey 2022-10-28 14:53:15 UTC

Final verification: Verifying against a nightly compose with subscription-manager-1.29.31-1.el9.x86_64.

Beaker Test information:
                         HOSTNAME=kvm-04-guest03.hv2.lab.eng.bos.redhat.com
                            JOBID=7180361
                         RECIPEID=12855962
                    RESULT_SERVER=
                           DISTRO=RHEL-9.2.0-20221027.2
                     ARCHITECTURE=x86_64


>> Steps to verify-

[root@kvm-04-guest03 ~]# 
[root@kvm-04-guest03 ~]# subscription-manager version 
server type: This system is currently not registered.
subscription management server: 4.2.10-1
subscription management rules: 5.43
subscription-manager: 1.29.31-1.el9
[root@kvm-04-guest03 ~]# rpm -qa --changelog subscription-manager | grep 2120744
- 2120744: Close keycloak connection properly (jhnidek)
[root@kvm-04-guest03 ~]# 
[root@kvm-04-guest03 ~]# 
[root@kvm-04-guest03 ~]# subscription-manager register --insecure --token "*******"
The system has been registered with ID: 26683e52-85ea-4283-9ad7-e95f1e5a009a
The registered system name is: kvm-04-guest03.hv2.lab.eng.bos.redhat.com
[root@kvm-04-guest03 ~]#             
[root@kvm-04-guest03 ~]# 
[root@kvm-04-guest03 ~]# vim /var/log/rhsm/rhsm.log 
[root@kvm-04-guest03 ~]# 
[root@kvm-04-guest03 ~]# 
[root@kvm-04-guest03 ~]# subscription-manager status
+-------------------------------------------+
   System Status Details
+-------------------------------------------+
Overall Status: Invalid

Red Hat Enterprise Linux for x86_64 Beta:
- Not supported by a valid subscription.

System Purpose Status: Not Specified       

[root@kvm-04-guest03 ~]# subscription-manager attach --auto
Installed Product Current Status:    
Product Name: Red Hat Enterprise Linux for x86_64 Beta
Status:       Subscribed

[root@kvm-04-guest03 ~]# 
[root@kvm-04-guest03 ~]# yum install zsh
Updating Subscription Management repositories.
Red Hat Enterprise Linux 9 for x86_64 - BaseOS Beta (RPMs)                                                                                                    2.3 MB/s | 2.0 MB     00:00    
Red Hat Enterprise Linux 9 for x86_64 - AppStream Beta (RPMs)                                                                                                 6.5 MB/s | 7.2 MB     00:01    
Dependencies resolved.
==============================================================================================================================================================================================
 Package                            Architecture                          Version                                     Repository                                                         Size
==============================================================================================================================================================================================
Installing:
 zsh                                x86_64                                5.8-9.el9                                   rhel-9-for-x86_64-baseos-beta-rpms                                3.2 M

Transaction Summary
==============================================================================================================================================================================================
Install  1 Package

Total download size: 3.2 M
Installed size: 7.6 M
Is this ok [y/N]: N
Operation aborted.
[root@kvm-04-guest03 ~]# 

>> 
Actual Results: Typo fixed for keycloak connection close method. Successfully registered the system with a token.

Verification:Passed

Comment 5 Pino Toscano 2023-01-12 16:35:07 UTC

*** Bug 2160482 has been marked as a duplicate of this bug. ***

Comment 7 errata-xmlrpc 2023-05-09 08:18:42 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (subscription-manager bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:2493

Note You need to log in before you can comment on or make changes to this bug.