841310 – /api/pools does not work with admin

Bug 841310 - /api/pools does not work with admin

Summary: /api/pools does not work with admin

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	API
Sub Component:
Version:	6.0.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	Unspecified
Assignee:	Justin Sherrill
QA Contact:	Og Maciel
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-07-18 16:12 UTC by Brad P. Crochet
Modified:	2019-09-26 15:53 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	The System Engine API denied admin users access to /katello/api/pools. A fix in the latest version of System Engine allows admin users access to /katello/api/pools.
Clone Of:
Environment:
Last Closed:	2012-12-04 19:47:31 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2012:1543	0	normal	SHIPPED_LIVE	Important: CloudForms System Engine 1.1 update	2012-12-05 00:39:57 UTC

Description Brad P. Crochet 2012-07-18 16:12:53 UTC

Description of problem:
/api/pools does not work when using admin credentials. This works on SAM, but not katello.

Version-Release number of selected component (if applicable):
# rpm -qa | grep katello
katello-glue-foreman-0.1.318-1.el6cf.noarch
katello-qpid-broker-key-pair-1.0-1.noarch
katello-cli-0.1.112-1.el6cf.noarch
katello-glue-candlepin-0.1.318-1.el6cf.noarch
katello-agent-0.17-1.el6.noarch
katello-cli-common-0.1.112-1.el6cf.noarch
katello-certs-tools-1.0.7-1.el6_3.noarch
katello-selinux-0.1.10-1.el6.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-glue-pulp-0.1.318-1.el6cf.noarch
katello-all-0.1.318-1.el6cf.noarch
katello-0.1.318-1.el6cf.noarch
katello-configure-0.1.111-1.el6cf.noarch
katello-common-0.1.318-1.el6cf.noarch
katello-qpid-client-key-pair-1.0-1.noarch

How reproducible:
Every time

Steps to Reproduce:
1. curl -k -X GET 'https://admin:admin@bcrochet-katello.usersys.redhat.com/katello/api/pools'

Actual results:
{"displayMessage":"User admin is not allowed to access api/candlepin_proxies/get","errors":["User admin is not allowed to access api/candlepin_proxies/get"]}

Expected results:
Pool list

Additional info:

curl -k -X GET 'https://admin:admin@brain.usersys.redhat.com/sam/api/pools' works

Comment 1 Mike McCune 2012-08-30 17:53:35 UTC

QE: Can you see if this is a regression from 1.0.1?

Comment 2 Og Maciel 2012-08-30 19:41:04 UTC

Reproduced on CFSE 1.0. Will try 1.0.1 next.

  # curl -k -X GET 'https://admin:admin@qetello01.aaaaa.bbbb.ccc/cfse/api/pools'
  {"errors":["User admin is not allowed to access api/candlepin_proxies/get"],"displayMessage":"User admin is not allowed to access api/candlepin_proxies/get"}

Environment:
* candlepin-0.6.5-1.el6_2.noarch
* candlepin-tomcat6-0.6.5-1.el6_2.noarch
* katello-0.1.318-1.el6cf.noarch
* katello-all-0.1.318-1.el6cf.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.0.7-1.el6_3.noarch
* katello-cli-0.1.112-1.el6cf.noarch
* katello-cli-common-0.1.112-1.el6cf.noarch
* katello-common-0.1.318-1.el6cf.noarch
* katello-configure-0.1.111-1.el6cf.noarch
* katello-glue-candlepin-0.1.318-1.el6cf.noarch
* katello-glue-foreman-0.1.318-1.el6cf.noarch
* katello-glue-pulp-0.1.318-1.el6cf.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-0.1.10-1.el6.noarch
* pulp-1.0.4-1.el6.noarch
* pulp-common-1.0.4-1.el6.noarch
* pulp-selinux-server-1.0.4-1.el6.noarch

Comment 3 Og Maciel 2012-08-31 01:50:42 UTC

First of all, a small correction. Comment #2 was for a 1.0.1 CFSE installation.

With a brand new 1.0 installation, the same issue was detected:

  # curl -k -X GET 'https://admin:admin@qetello01.aaaaa.bbbb.ccc/cfse/api/pools'
  {"errors":["User admin is not allowed to access api/candlepin_proxies/get"],"displayMessage":"User admin is not allowed to access api/candlepin_proxies/get"}

Comment 4 Og Maciel 2012-08-31 01:56:39 UTC

CFSE 1.0:

* candlepin-0.5.26-1.el6.noarch
* candlepin-tomcat6-0.5.26-1.el6.noarch
* katello-0.1.311-1.el6_2.noarch
* katello-all-0.1.311-1.el6_2.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.0.4-1.el6.noarch
* katello-cli-0.1.107-1.el6.noarch
* katello-cli-common-0.1.107-1.el6.noarch
* katello-common-0.1.311-1.el6_2.noarch
* katello-configure-0.1.107-1.el6.noarch
* katello-glue-candlepin-0.1.311-1.el6_2.noarch
* katello-glue-foreman-0.1.311-1.el6_2.noarch
* katello-glue-pulp-0.1.311-1.el6_2.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-0.1.10-1.el6.noarch
* pulp-1.0.4-1.el6.noarch
* pulp-common-1.0.4-1.el6.noarch
* pulp-selinux-server-1.0.4-1.el6.noarch

Comment 5 Mike McCune 2012-08-31 19:51:07 UTC

since this is not a regression, moving to 2.0

Comment 7 Justin Sherrill 2012-09-07 14:52:59 UTC

This appears to work just fine in the latest nightly and master (after confirming it did not work in CFSE 1.0).   I'm not entirely sure what would have fixed it though, as I can't find any code change that looks like it might have fixed it.  Moving to modified.

Comment 9 Og Maciel 2012-09-14 21:38:53 UTC

$ curl -k -X GET 'https://admin:admin@qetello02.aaa.bbb.ccc/cfse/apiools'
[{"created":"2012-09-14T21:06:06.646+0000","updated":"2012-09-14T21:06:06.646+0000","id":"ff80808139c66f4d0139c69a54b60006","owner":{"id":"ff80808139c66f4d0139c67f2d2f0003","key":"QE","displayName":"QE","href":"/owners/QE"},"activeSubscription":true,"subscriptionId":"ff80808139c66f4d0139c69a53ef0005","subscriptionSubKey":"master","sourceEntitlement":null,"quantity":-1,"startDate":"2012-09-14T00:00:00.000+0000","endDate":"2042-09-07T00:00:00.000+0000","productId":"1347656766292","providedProducts":[],"attributes":[],"productAttributes":[],"restrictedToUsername":null,"contractNumber":"","accountNumber":"","consumed":0,"exported":0,"productName":"Nightly","href":"/pools/ff80808139c66f4d0139c69a54b60006"}]

Comment 10 Og Maciel 2012-09-14 21:39:22 UTC

Verified using:

* candlepin-0.7.8-1.el6cf.noarch
* candlepin-selinux-0.7.8-1.el6cf.noarch
* candlepin-tomcat6-0.7.8-1.el6cf.noarch
* katello-1.1.12-7.el6cf.noarch
* katello-all-1.1.12-7.el6cf.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.1.8-1.el6cf.noarch
* katello-cli-1.1.8-4.el6cf.noarch
* katello-cli-common-1.1.8-4.el6cf.noarch
* katello-common-1.1.12-7.el6cf.noarch
* katello-configure-1.1.9-3.el6cf.noarch
* katello-glue-candlepin-1.1.12-7.el6cf.noarch
* katello-glue-pulp-1.1.12-7.el6cf.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.1.1-1.el6cf.noarch
* pulp-1.1.12-1.el6cf.noarch
* pulp-common-1.1.12-1.el6cf.noarch
* pulp-selinux-server-1.1.12-1.el6cf.noarch

Comment 12 errata-xmlrpc 2012-12-04 19:47:31 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-1543.html

Note You need to log in before you can comment on or make changes to this bug.