Description of problem: /api/pools does not work when using admin credentials. This works on SAM, but not katello. Version-Release number of selected component (if applicable): # rpm -qa | grep katello katello-glue-foreman-0.1.318-1.el6cf.noarch katello-qpid-broker-key-pair-1.0-1.noarch katello-cli-0.1.112-1.el6cf.noarch katello-glue-candlepin-0.1.318-1.el6cf.noarch katello-agent-0.17-1.el6.noarch katello-cli-common-0.1.112-1.el6cf.noarch katello-certs-tools-1.0.7-1.el6_3.noarch katello-selinux-0.1.10-1.el6.noarch katello-candlepin-cert-key-pair-1.0-1.noarch katello-glue-pulp-0.1.318-1.el6cf.noarch katello-all-0.1.318-1.el6cf.noarch katello-0.1.318-1.el6cf.noarch katello-configure-0.1.111-1.el6cf.noarch katello-common-0.1.318-1.el6cf.noarch katello-qpid-client-key-pair-1.0-1.noarch How reproducible: Every time Steps to Reproduce: 1. curl -k -X GET 'https://admin:admin@bcrochet-katello.usersys.redhat.com/katello/api/pools' Actual results: {"displayMessage":"User admin is not allowed to access api/candlepin_proxies/get","errors":["User admin is not allowed to access api/candlepin_proxies/get"]} Expected results: Pool list Additional info: curl -k -X GET 'https://admin:admin@brain.usersys.redhat.com/sam/api/pools' works
QE: Can you see if this is a regression from 1.0.1?
Reproduced on CFSE 1.0. Will try 1.0.1 next. # curl -k -X GET 'https://admin:admin@qetello01.aaaaa.bbbb.ccc/cfse/api/pools' {"errors":["User admin is not allowed to access api/candlepin_proxies/get"],"displayMessage":"User admin is not allowed to access api/candlepin_proxies/get"} Environment: * candlepin-0.6.5-1.el6_2.noarch * candlepin-tomcat6-0.6.5-1.el6_2.noarch * katello-0.1.318-1.el6cf.noarch * katello-all-0.1.318-1.el6cf.noarch * katello-candlepin-cert-key-pair-1.0-1.noarch * katello-certs-tools-1.0.7-1.el6_3.noarch * katello-cli-0.1.112-1.el6cf.noarch * katello-cli-common-0.1.112-1.el6cf.noarch * katello-common-0.1.318-1.el6cf.noarch * katello-configure-0.1.111-1.el6cf.noarch * katello-glue-candlepin-0.1.318-1.el6cf.noarch * katello-glue-foreman-0.1.318-1.el6cf.noarch * katello-glue-pulp-0.1.318-1.el6cf.noarch * katello-qpid-broker-key-pair-1.0-1.noarch * katello-qpid-client-key-pair-1.0-1.noarch * katello-selinux-0.1.10-1.el6.noarch * pulp-1.0.4-1.el6.noarch * pulp-common-1.0.4-1.el6.noarch * pulp-selinux-server-1.0.4-1.el6.noarch
First of all, a small correction. Comment #2 was for a 1.0.1 CFSE installation. With a brand new 1.0 installation, the same issue was detected: # curl -k -X GET 'https://admin:admin@qetello01.aaaaa.bbbb.ccc/cfse/api/pools' {"errors":["User admin is not allowed to access api/candlepin_proxies/get"],"displayMessage":"User admin is not allowed to access api/candlepin_proxies/get"}
CFSE 1.0: * candlepin-0.5.26-1.el6.noarch * candlepin-tomcat6-0.5.26-1.el6.noarch * katello-0.1.311-1.el6_2.noarch * katello-all-0.1.311-1.el6_2.noarch * katello-candlepin-cert-key-pair-1.0-1.noarch * katello-certs-tools-1.0.4-1.el6.noarch * katello-cli-0.1.107-1.el6.noarch * katello-cli-common-0.1.107-1.el6.noarch * katello-common-0.1.311-1.el6_2.noarch * katello-configure-0.1.107-1.el6.noarch * katello-glue-candlepin-0.1.311-1.el6_2.noarch * katello-glue-foreman-0.1.311-1.el6_2.noarch * katello-glue-pulp-0.1.311-1.el6_2.noarch * katello-qpid-broker-key-pair-1.0-1.noarch * katello-qpid-client-key-pair-1.0-1.noarch * katello-selinux-0.1.10-1.el6.noarch * pulp-1.0.4-1.el6.noarch * pulp-common-1.0.4-1.el6.noarch * pulp-selinux-server-1.0.4-1.el6.noarch
since this is not a regression, moving to 2.0
This appears to work just fine in the latest nightly and master (after confirming it did not work in CFSE 1.0). I'm not entirely sure what would have fixed it though, as I can't find any code change that looks like it might have fixed it. Moving to modified.
$ curl -k -X GET 'https://admin:admin@qetello02.aaa.bbb.ccc/cfse/apiools' [{"created":"2012-09-14T21:06:06.646+0000","updated":"2012-09-14T21:06:06.646+0000","id":"ff80808139c66f4d0139c69a54b60006","owner":{"id":"ff80808139c66f4d0139c67f2d2f0003","key":"QE","displayName":"QE","href":"/owners/QE"},"activeSubscription":true,"subscriptionId":"ff80808139c66f4d0139c69a53ef0005","subscriptionSubKey":"master","sourceEntitlement":null,"quantity":-1,"startDate":"2012-09-14T00:00:00.000+0000","endDate":"2042-09-07T00:00:00.000+0000","productId":"1347656766292","providedProducts":[],"attributes":[],"productAttributes":[],"restrictedToUsername":null,"contractNumber":"","accountNumber":"","consumed":0,"exported":0,"productName":"Nightly","href":"/pools/ff80808139c66f4d0139c69a54b60006"}]
Verified using: * candlepin-0.7.8-1.el6cf.noarch * candlepin-selinux-0.7.8-1.el6cf.noarch * candlepin-tomcat6-0.7.8-1.el6cf.noarch * katello-1.1.12-7.el6cf.noarch * katello-all-1.1.12-7.el6cf.noarch * katello-candlepin-cert-key-pair-1.0-1.noarch * katello-certs-tools-1.1.8-1.el6cf.noarch * katello-cli-1.1.8-4.el6cf.noarch * katello-cli-common-1.1.8-4.el6cf.noarch * katello-common-1.1.12-7.el6cf.noarch * katello-configure-1.1.9-3.el6cf.noarch * katello-glue-candlepin-1.1.12-7.el6cf.noarch * katello-glue-pulp-1.1.12-7.el6cf.noarch * katello-qpid-broker-key-pair-1.0-1.noarch * katello-qpid-client-key-pair-1.0-1.noarch * katello-selinux-1.1.1-1.el6cf.noarch * pulp-1.1.12-1.el6cf.noarch * pulp-common-1.1.12-1.el6cf.noarch * pulp-selinux-server-1.1.12-1.el6cf.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-1543.html