Bug 841310 - /api/pools does not work with admin
/api/pools does not work with admin
Status: CLOSED ERRATA
Product: Red Hat Satellite 6
Classification: Red Hat
Component: API (Show other bugs)
6.0.0
Unspecified Unspecified
unspecified Severity medium (vote)
: Unspecified
: --
Assigned To: Justin Sherrill
Og Maciel
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-18 12:12 EDT by Brad P. Crochet
Modified: 2014-09-18 12:42 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
The System Engine API denied admin users access to /katello/api/pools. A fix in the latest version of System Engine allows admin users access to /katello/api/pools.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-12-04 14:47:31 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:1543 normal SHIPPED_LIVE Important: CloudForms System Engine 1.1 update 2012-12-04 19:39:57 EST

  None (edit)
Description Brad P. Crochet 2012-07-18 12:12:53 EDT
Description of problem:
/api/pools does not work when using admin credentials. This works on SAM, but not katello.

Version-Release number of selected component (if applicable):
# rpm -qa | grep katello
katello-glue-foreman-0.1.318-1.el6cf.noarch
katello-qpid-broker-key-pair-1.0-1.noarch
katello-cli-0.1.112-1.el6cf.noarch
katello-glue-candlepin-0.1.318-1.el6cf.noarch
katello-agent-0.17-1.el6.noarch
katello-cli-common-0.1.112-1.el6cf.noarch
katello-certs-tools-1.0.7-1.el6_3.noarch
katello-selinux-0.1.10-1.el6.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-glue-pulp-0.1.318-1.el6cf.noarch
katello-all-0.1.318-1.el6cf.noarch
katello-0.1.318-1.el6cf.noarch
katello-configure-0.1.111-1.el6cf.noarch
katello-common-0.1.318-1.el6cf.noarch
katello-qpid-client-key-pair-1.0-1.noarch

How reproducible:
Every time

Steps to Reproduce:
1. curl -k -X GET 'https://admin:admin@bcrochet-katello.usersys.redhat.com/katello/api/pools'

Actual results:
{"displayMessage":"User admin is not allowed to access api/candlepin_proxies/get","errors":["User admin is not allowed to access api/candlepin_proxies/get"]}

Expected results:
Pool list

Additional info:

curl -k -X GET 'https://admin:admin@brain.usersys.redhat.com/sam/api/pools' works
Comment 1 Mike McCune 2012-08-30 13:53:35 EDT
QE: Can you see if this is a regression from 1.0.1?
Comment 2 Og Maciel 2012-08-30 15:41:04 EDT
Reproduced on CFSE 1.0. Will try 1.0.1 next.

  # curl -k -X GET 'https://admin:admin@qetello01.aaaaa.bbbb.ccc/cfse/api/pools'
  {"errors":["User admin is not allowed to access api/candlepin_proxies/get"],"displayMessage":"User admin is not allowed to access api/candlepin_proxies/get"}

Environment:
* candlepin-0.6.5-1.el6_2.noarch
* candlepin-tomcat6-0.6.5-1.el6_2.noarch
* katello-0.1.318-1.el6cf.noarch
* katello-all-0.1.318-1.el6cf.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.0.7-1.el6_3.noarch
* katello-cli-0.1.112-1.el6cf.noarch
* katello-cli-common-0.1.112-1.el6cf.noarch
* katello-common-0.1.318-1.el6cf.noarch
* katello-configure-0.1.111-1.el6cf.noarch
* katello-glue-candlepin-0.1.318-1.el6cf.noarch
* katello-glue-foreman-0.1.318-1.el6cf.noarch
* katello-glue-pulp-0.1.318-1.el6cf.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-0.1.10-1.el6.noarch
* pulp-1.0.4-1.el6.noarch
* pulp-common-1.0.4-1.el6.noarch
* pulp-selinux-server-1.0.4-1.el6.noarch
Comment 3 Og Maciel 2012-08-30 21:50:42 EDT
First of all, a small correction. Comment #2 was for a 1.0.1 CFSE installation.

With a brand new 1.0 installation, the same issue was detected:

  # curl -k -X GET 'https://admin:admin@qetello01.aaaaa.bbbb.ccc/cfse/api/pools'
  {"errors":["User admin is not allowed to access api/candlepin_proxies/get"],"displayMessage":"User admin is not allowed to access api/candlepin_proxies/get"}
Comment 4 Og Maciel 2012-08-30 21:56:39 EDT
CFSE 1.0:

* candlepin-0.5.26-1.el6.noarch
* candlepin-tomcat6-0.5.26-1.el6.noarch
* katello-0.1.311-1.el6_2.noarch
* katello-all-0.1.311-1.el6_2.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.0.4-1.el6.noarch
* katello-cli-0.1.107-1.el6.noarch
* katello-cli-common-0.1.107-1.el6.noarch
* katello-common-0.1.311-1.el6_2.noarch
* katello-configure-0.1.107-1.el6.noarch
* katello-glue-candlepin-0.1.311-1.el6_2.noarch
* katello-glue-foreman-0.1.311-1.el6_2.noarch
* katello-glue-pulp-0.1.311-1.el6_2.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-0.1.10-1.el6.noarch
* pulp-1.0.4-1.el6.noarch
* pulp-common-1.0.4-1.el6.noarch
* pulp-selinux-server-1.0.4-1.el6.noarch
Comment 5 Mike McCune 2012-08-31 15:51:07 EDT
since this is not a regression, moving to 2.0
Comment 7 Justin Sherrill 2012-09-07 10:52:59 EDT
This appears to work just fine in the latest nightly and master (after confirming it did not work in CFSE 1.0).   I'm not entirely sure what would have fixed it though, as I can't find any code change that looks like it might have fixed it.  Moving to modified.
Comment 9 Og Maciel 2012-09-14 17:38:53 EDT
$ curl -k -X GET 'https://admin:admin@qetello02.aaa.bbb.ccc/cfse/apiools'
[{"created":"2012-09-14T21:06:06.646+0000","updated":"2012-09-14T21:06:06.646+0000","id":"ff80808139c66f4d0139c69a54b60006","owner":{"id":"ff80808139c66f4d0139c67f2d2f0003","key":"QE","displayName":"QE","href":"/owners/QE"},"activeSubscription":true,"subscriptionId":"ff80808139c66f4d0139c69a53ef0005","subscriptionSubKey":"master","sourceEntitlement":null,"quantity":-1,"startDate":"2012-09-14T00:00:00.000+0000","endDate":"2042-09-07T00:00:00.000+0000","productId":"1347656766292","providedProducts":[],"attributes":[],"productAttributes":[],"restrictedToUsername":null,"contractNumber":"","accountNumber":"","consumed":0,"exported":0,"productName":"Nightly","href":"/pools/ff80808139c66f4d0139c69a54b60006"}]
Comment 10 Og Maciel 2012-09-14 17:39:22 EDT
Verified using:

* candlepin-0.7.8-1.el6cf.noarch
* candlepin-selinux-0.7.8-1.el6cf.noarch
* candlepin-tomcat6-0.7.8-1.el6cf.noarch
* katello-1.1.12-7.el6cf.noarch
* katello-all-1.1.12-7.el6cf.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.1.8-1.el6cf.noarch
* katello-cli-1.1.8-4.el6cf.noarch
* katello-cli-common-1.1.8-4.el6cf.noarch
* katello-common-1.1.12-7.el6cf.noarch
* katello-configure-1.1.9-3.el6cf.noarch
* katello-glue-candlepin-1.1.12-7.el6cf.noarch
* katello-glue-pulp-1.1.12-7.el6cf.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.1.1-1.el6cf.noarch
* pulp-1.1.12-1.el6cf.noarch
* pulp-common-1.1.12-1.el6cf.noarch
* pulp-selinux-server-1.1.12-1.el6cf.noarch
Comment 12 errata-xmlrpc 2012-12-04 14:47:31 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-1543.html

Note You need to log in before you can comment on or make changes to this bug.