Bug 860030 - server version check should not use consumer authentication
server version check should not use consumer authentication
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: subscription-manager (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Adrian Likins
Entitlement Bugs
Depends On:
Blocks: 771748
  Show dependency treegraph
Reported: 2012-09-24 12:46 EDT by Adrian Likins
Modified: 2013-01-07 23:03 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-01-07 23:03:32 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:0033 normal SHIPPED_LIVE subscription-manager bug fix and enhancement update 2013-01-08 03:38:27 EST

  None (edit)
Description Adrian Likins 2012-09-24 12:46:20 EDT
Description of problem:

server versions checks in managercli use the default candlepin UepConnection
object, which is a consumer authenticated connection.

This is not necessary for server version check (just needs get /, and
get /status, which do not require auth). 

One of the consequences of this is that attempting to do this for
a consumer that has been deleted causes a 410 ("GoneException"). This
is caught and logged and handled, but it doesn't need to happen.

Steps to Reproduce:

subscription-manager version

(or any subscription-manager commands that make a connection, list --available for example)
Actual results:

Note in the log that the GET / connection uses certificate auth, this is unneed

Expected results:

that connection should use no auth, log should indicate "using no auth"

Additional info:
Comment 1 Adrian Likins 2012-09-26 13:40:27 EDT
commit 2ecf9e4552f25a2ebb361f8d5166b2ff07b16cf1
Author: Adrian Likins <alikins@redhat.com>
Date:   Mon Sep 24 12:35:55 2012 -0400

    860030: make server_version_check use a non authenticated call
Comment 2 RHEL Product and Program Management 2012-10-01 17:08:27 EDT
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.
Comment 4 spandey 2012-10-08 07:23:06 EDT
Verified using following rpm 


log output with version command 

2012-10-08 16:50:15,488 [DEBUG]  @profile.py:95 - Loading current RPM profile.
2012-10-08 16:50:15,616 [INFO]  @managercli.py:252 - Client Versions: {'python-rhsm': '1.0.9-1.el5', 'subscription-manager': '1.0.21-1.el5'} 
2012-10-08 16:50:15,617 [INFO]  @connection.py:498 - Using certificate authentication: key = /etc/pki/consumer/key.pem, cert = /etc/pki/consumer/cert.pem, ca = /etc/rhsm/ca/, insecure = False
2012-10-08 16:50:15,617 [INFO]  @connection.py:511 - Connection Built: host:, port: 8443, handler: /candlepin
2012-10-08 16:50:15,618 [INFO]  @connection.py:508 - Using no auth
2012-10-08 16:50:15,618 [INFO]  @connection.py:511 - Connection Built: host:, port: 8443, handler: /candlepin
2012-10-08 16:50:15,619 [DEBUG]  @connection.py:323 - Loading CA PEM certificates from: /etc/rhsm/ca/

working fine resolving defect as verified
Comment 6 errata-xmlrpc 2013-01-07 23:03:32 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.