Description of problem:
when subscribing a system via subscription manager to katello without activation keys, I am seeing the API systems controller #create action get called as expected but then I also see the activate action being called. Looks like there is a match in the routes that is causing the activate to get invoked:
match '/consumers' => 'systems#activate', :via => :post, :constraints => RegisterWithActivationKeyContraint.new
this is causing a permissions error that gets sent back to subscription manager,
'content': "Errors::SecurityViolation: User admin is not allowed to access api/systems/activate\n/git/katello/src/lib/authorization_rules.rb:30:in `authorize'\n/usr/lib/ruby/gems/1.8/gems/activesupport-3.0.5/lib/active_support/callback
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Regarding this issue, I have pushed a simple workaround to allow registration without activation keys.
1634bdc 736384 - workaround for perm. denied for rhsm registration
This should be removed when we refactor permissions for system activations.
So I reverted the temporary fix and refactored way we handle RHSM permissions.
629d2ca 737563 - Subscription Manager fails permissions on accessing subscriptions
eebb966 736141 - Systems Registration perms need to be reworked
e84d7e8 Revert "736384 - workaround for perm. denied (unit test)"
95ea20a Revert "736384 - workaround for perm. denied for rhsm registration"
I am not able to reproduce it now.
doing call of `system subscribe` does not invoke the "*#activate" action (looking in the production.log of katello)
All looks fine, RHSM gets exit 0.