Bug 736384 - system registration routes issue when no activation keys present
Summary: system registration routes issue when no activation keys present
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: API
Version: 6.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified vote
Target Milestone: Unspecified
Assignee: Lukas Zapletal
QA Contact: Garik Khachikyan
URL:
Whiteboard:
Depends On:
Blocks: katello-blockers
TreeView+ depends on / blocked
 
Reported: 2011-09-07 14:56 UTC by Shannon Hughes
Modified: 2015-01-04 21:58 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-08-22 17:56:07 UTC


Attachments (Terms of Use)

Description Shannon Hughes 2011-09-07 14:56:26 UTC
Description of problem:
when subscribing a system via subscription manager to katello without activation keys, I am seeing the API systems controller #create action get called as expected but then I also see the activate action being called. Looks like there is a match in the routes that is causing the activate to get invoked:

    match '/consumers' => 'systems#activate', :via => :post, :constraints => RegisterWithActivationKeyContraint.new

this is causing a permissions error that gets sent back to subscription manager, 

'content': "Errors::SecurityViolation: User admin is not allowed to access api/systems/activate\n/git/katello/src/lib/authorization_rules.rb:30:in `authorize'\n/usr/lib/ruby/gems/1.8/gems/activesupport-3.0.5/lib/active_support/callback

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Lukas Zapletal 2011-09-07 15:20:10 UTC
Regarding this issue, I have pushed a simple workaround to allow registration without activation keys.

1634bdc 736384 - workaround for perm. denied for rhsm registration

This should be removed when we refactor permissions for system activations.

Comment 2 Lukas Zapletal 2011-09-13 15:18:56 UTC
So I reverted the temporary fix and refactored way we handle RHSM permissions.

629d2ca 737563 - Subscription Manager fails permissions on accessing subscriptions
eebb966 736141 - Systems Registration perms need to be reworked
e84d7e8 Revert "736384 - workaround for perm. denied (unit test)"
95ea20a Revert "736384 - workaround for perm. denied for rhsm registration"

I am not able to reproduce it now.

Comment 3 Garik Khachikyan 2012-01-13 13:05:10 UTC
# VERIFIED

doing call of `system subscribe` does not invoke the "*#activate" action (looking in the production.log of katello)

All looks fine, RHSM gets exit 0.

Checked against:
katello-0.1.174-2.el6.noarch
katello-cli-0.1.35-1.el6.noarch


Note You need to log in before you can comment on or make changes to this bug.