Bug 783869 - Retest only: Unprivileged user unable to use the CLI in any way
Retest only: Unprivileged user unable to use the CLI in any way
Status: CLOSED CURRENTRELEASE
Product: RHQ Project
Classification: Other
Component: CLI (Show other bugs)
4.3
Unspecified Unspecified
high Severity urgent (vote)
: ---
: JON 3.0.1
Assigned To: RHQ Project Maintainer
Mike Foley
:
Depends On: 760148
Blocks:
  Show dependency treegraph
 
Reported: 2012-01-22 21:46 EST by Charles Crouch
Modified: 2015-02-01 18:27 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 760148
Environment:
Last Closed: 2013-09-03 11:18:33 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Charles Crouch 2012-01-22 21:46:54 EST
+++ This bug was initially created as a clone of Bug #760148 +++

Description of problem:

A user without MANAGE_SETTINGS is unable to log in in the CLI.  This holds true for both the interactive console as well as the scripts.

Version-Release number of selected component (if applicable):
4.2.0.JON300.GA

How reproducible:
always

Steps to Reproduce:
1. $ bin/rhq-cli.sh
2. unconnected> login <limited-user> <password>

or

1. $ bin/rhq-cli.sh --host <RHQ-hostname> --user <limited-user> --password <password>

or

1. $ bin/rhq-cli.sh --host <RHQ-hostname> --user <limited-user> --password <password> -f any-script.js
  
or

a script test.js with contents:

rhq.login("<limite-user>", "<password>");

and 

1. $ bin/rhq-cli.sh -f test.js

Actual results:
All of the above give an error about the user not having MANAGE_SETTINGS and give up on logging in.

Expected results:
The user logs in and everything works as expected.

Additional info:

--- Additional comment from lkrejci@redhat.com on 2011-12-05 09:29:38 EST ---

Note that the failure is purely because of the fact that the CLI wants to print out the version of the server it has connected to and fails, because the method it uses to find that out requires MANAGE_SETTINGS.

--- Additional comment from mfoley@redhat.com on 2011-12-05 09:37:47 EST ---

lukas reports regression from JON 2.4.1

--- Additional comment from lkrejci@redhat.com on 2011-12-05 09:40:21 EST ---

This got introduced by commit 0bdeb3eb1c3bfa742697f6cdac57b0c80d80af36

--- Additional comment from lkrejci@redhat.com on 2011-12-05 10:55:26 EST ---

master: http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commitdiff;h=bfb46035204786e3e1297a41cdb1eede7e901e77

release_jon3.x: http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commitdiff;h=b990a6435cb882c765fbe6e5c9dfc16e6ba54395

Author: Lukas Krejci <lkrejci@redhat.com>
Date:   Mon Dec 5 16:43:27 2011 +0100

    [BZ 760148] - Use the unprivileged method introduced by the commit
    0589b9ee8488bd1 for BZ 694892 for obtaining the version info upon
    the CLI login.

--- Additional comment from ccrouch@redhat.com on 2011-12-05 11:46:32 EST ---

(10:43:21 AM) ccrouch: jshaughn: so can you confirm http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commitdiff;h=0bdeb3eb1c3bfa742697f6cdac57b0c80d80af36 is the change that originally introduced the problem?
(10:44:09 AM) jshaughn: yep, looks like that's the one

--- Additional comment from jshaughn@redhat.com on 2011-12-05 11:48:37 EST ---


This is the same problem as bug 694892.  The fix looks good.

--- Additional comment from skondkar@redhat.com on 2011-12-06 05:49:08 EST ---

Verified in Jon3GA-2 build.

Created a user 'testuser' without MANAGE_SETTINGS.

Tried below commands in CLI and verified that testuser is able to login successfully:

1. [root@suniltest rhq-remoting-cli-4.2.0.JON300.GA]# bin/rhq-cli.sh
RHQ - RHQ Enterprise Remote CLI 4.2.0.JON300.GA
unconnected$ login testuser redhat
Remote server version is: 3.0.0.GA (e23441b:1ca6ad9)
Login successful

testuser@localhost:7080$
-------------------------------------------------------------
2. [root@suniltest rhq-remoting-cli-4.2.0.JON300.GA]# bin/rhq-cli.sh --host suniltest.usersys.redhat.com --user testuser --password redhat
RHQ - RHQ Enterprise Remote CLI 4.2.0.JON300.GA
Remote server version is: 3.0.0.GA (e23441b:1ca6ad9)
Login successful
testuser@suniltest.usersys.redhat.com:7080$
--------------------------------------------------------------

3. Executed a script as below:
[root@suniltest rhq-remoting-cli-4.2.0.JON300.GA]# bin/rhq-cli.sh --host suniltest.usersys.redhat.com --user testuser --password redhat -f testscript.js 
Remote server version is: 3.0.0.GA (e23441b:1ca6ad9)
Login successful
Test Output from script execution!
[root@suniltest rhq-remoting-cli-4.2.0.JON300.GA]#
-----------------------------------------------------------------

4. Created a test.js file with below content:

rhq.login("testuser", "redhat");
println(subject);

Executed as below:

[root@suniltest rhq-remoting-cli-4.2.0.JON300.GA]# bin/rhq-cli.sh -f test.js 
Remote server version is: 3.0.0.GA (e23441b:1ca6ad9)
Subject[id=10001,name=testuser]
[root@suniltest rhq-remoting-cli-4.2.0.JON300.GA]# 
------------------------------------------------------------------

Marking verified as it is working as expected.

--- Additional comment from mfoley@redhat.com on 2011-12-06 10:42:37 EST ---

verified JON GA #2
Comment 1 Charles Crouch 2012-01-22 21:48:41 EST
This commit message 

http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commit;h=3382f4e7627334aae782a38f9c7e725c842c986b

made me look twice at this fix, I'm sure it will be fine but I want to have QE test it once a JON3.0.1 candidate build is available.
Comment 2 Sunil Kondkar 2012-01-25 05:31:45 EST
Verified in JON 3.0.1.GA RC-1 build (Version: 3.0.1.GA Build Number: 784c8ce:5cde182)

Created a user 'testuser' without MANAGE_SETTINGS, executed the CLI commands and verified that testuser is able to login successfully.
Comment 3 Heiko W. Rupp 2013-09-03 11:18:33 EDT
Bulk closing of old issues in VERIFIED state.

Note You need to log in before you can comment on or make changes to this bug.