Bug 862115 - Unable to authenticate/authorize certain APIs initiated from consumer
Unable to authenticate/authorize certain APIs initiated from consumer
Status: CLOSED CURRENTRELEASE
Product: Pulp
Classification: Community
Component: consumers (Show other bugs)
2.0.6
Unspecified Unspecified
unspecified Severity high
: ---
: Sprint 40
Assigned To: Sayli Karmarkar
Preethi Thomas
: Triaged
Depends On:
Blocks: katello-v2-pulp
  Show dependency treegraph
 
Reported: 2012-10-01 19:27 EDT by Brad Buckingham
Modified: 2015-03-22 21:11 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-01-09 12:07:58 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Brad Buckingham 2012-10-01 19:27:40 EDT
Description of problem:

While integrating pulp v2 with katello, found that APIs initiated by the consumer (e.g. consumer->katello->pulp) where the pulp-user is set to consumer's UUID are not able to successful pass authentication/authorization.

Sayli has been debugging the issue raised by the BZ; therefore, assigning to her upon request. (Thanks Sayli!)

Version-Release number of selected component (if applicable):
pulp-server-2.0.5-1.fc16.noarch

How reproducible:
always

Steps to Reproduce:
1. create a pulp consumer (e.g. registration)
2. initiate a request from the consumer to pulp (similar to the one in the results below)
3.
  
Actual results:

RestClient.post "https://localhost/pulp/api/v2/consumers/331ab20a-e3e5-478a-ab92-b2fcc499e6eb/profiles//", 175096 byte(s) length, "Accept"=>"application/json", "Accept-Encoding"=>"gzip, deflate", "Authorization"=>"OAuth oauth_body_hash=\"2jmj7l5rSw0yVb%2FvlWAYkK%2FYBwk%3D\", oauth_consumer_key=\"katello\", oauth_nonce=\"ocFQkq1zRRtmYRw0EJrEzNswMOeqNnxuvaieKUgGaNQ\", oauth_signature=\"9dmSvN3WZRMALFb6PUbYkbP5PGE%3D\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"1348762738\", oauth_version=\"1.0\"", "Content-Length"=>"175096", "Content-Type"=>"application/json", "pulp-user"=>"331ab20a-e3e5-478a-ab92-b2fcc499e6eb"
# => 401 Unauthorized | application/json 27 bytes

Expected results:

Request is accepted and returns proper result.

Additional info:
Comment 1 Sayli Karmarkar 2012-10-18 15:53:54 EDT
Merged in master before latest QE build, but forgot to move to modified. Moving it to on_qa now. 

commit 1983b50e4dd578e0345ee68041d75ff75fec588e
Merge: 4247ce8 9f44796
Author: skarmark <skarmark@redhat.com>
Date:   Tue Oct 16 21:21:37 2012 -0700

    Merge pull request #107 from pulp/skarmark-862115
    
    862115 - Updating oauth authentication to also check for existing consumer with given id along with user and then check authorization according to
Comment 2 Preethi Thomas 2012-11-07 20:29:10 EST
verified



    [root@preethi oauth]# python test_consumer_oauth.py
     
    --- Test1 ---
     
    HEADERS : %s {'pulp-user': 'test-consumer', 'Authorization': u'OAuth realm="", oauth_body_hash="2jmj7l5rSw0yVb%2FvlWAYkK%2FYBwk%3D", oauth_nonce="857812", oauth_timestamp="1352335326", oauth_consumer_key="example-key", oauth_signature_method="HMAC-SHA1", oauth_version="1.0", oauth_signature="RfZjqEZHJ5sNRY3XsLUqKI0YCyo%3D"'}
     
    RESPONSE : %s {"display_name": "test-consumer", "description": null, "certificate": "-----BEGIN CERTIFICATE-----\nMIICHDCCAQQCAQQwDQYJKoZIhvcNAQEFBQAwFDESMBAGA1UEAxMJbG9jYWxob3N0\nMB4XDTEyMTEwNzE5MjE0MFoXDTIyMTEwNTE5MjE0MFowGDEWMBQGA1UEAxMNdGVz\ndC1jb25zdW1lcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAx2E+3cyh3RjU\nfUobDYKzYkOhqt19Hd+FdhVtdxKT28lhiqaN16+5PxqZ4xPfb0ShLowagnV+hTV0\nfTU7iOnsKFSllQlkkkjNvS88415e38zWHw5IYUv9PTUy7ma43LKbzXAq/L30/cvs\nNAjLAe49Lgfg+/+DdUWUHW9JPl3SZT0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA\nkSCKO4s2jcYAA66N2RLjJHajmEkqU8rMgI9wgc2bAfHXi0iTLe+wppo/K2XAwPcH\nV/RfrsSlhmnHR5kL+nMXQ50XAqMguP+HwsplG8kFuNDxyNJjiEfs6r+6eJpCXr1r\n6WqnAfVy1yyGQNCDVdaIu6Ljci93BPTmNoq7S0hjl+IlBitipf7i1XQNzY9yrfVj\nhXI7FykFFQCOy9geVt9t4OWrL8nkN+/kjBMcL1ClT17aYgeYCIm5M7KG4eXWv3/0\nyRgN5VL3bL0PEFZRzxofZfkzhpmiB4B5Z58E4taAX9h7i53+cgGkN7VlmwPP/2+1\nr76CSYMEzsoHuTrbT3dhHA==\n-----END CERTIFICATE-----", "_ns": "consumers", "notes": {}, "capabilities": {}, "_id": {"$oid": "509ab4c4758cc92018000024"}, "id": "test-consumer", "_href": "/pulp/api/v2/consumers/test-consumer/"}
     
    --- Test2 ---
     
    HEADERS : %s {'pulp-user': 'test-consumer', 'Authorization': u'OAuth realm="", oauth_body_hash="2jmj7l5rSw0yVb%2FvlWAYkK%2FYBwk%3D", oauth_nonce="48662156", oauth_timestamp="1352335326", oauth_consumer_key="example-key", oauth_signature_method="HMAC-SHA1", oauth_version="1.0", oauth_signature="0bV6iKHBR8tzhyY2qknylxOM9ag%3D"'}
     
    RESPONSE : %s {"http_request_method": "PUT", "exception": null, "error_message": "Missing values for: ['delta']", "_href": "/pulp/api/v2/consumers/test-consumer/", "http_status": 400, "missing_property_names": ["delta"], "traceback": null}
     
    --- Test3 ---
     
    HEADERS : %s {'pulp-user': 'test-consumer', 'Authorization': u'OAuth realm="", oauth_body_hash="2jmj7l5rSw0yVb%2FvlWAYkK%2FYBwk%3D", oauth_nonce="33062044", oauth_timestamp="1352335326", oauth_consumer_key="example-key", oauth_signature_method="HMAC-SHA1", oauth_version="1.0", oauth_signature="JRD7sdyWJToIW9I8rKY3n3syXAE%3D"'}
     
    RESPONSE : %s [{"scratchpad": {"checksum_type": "sha256", "repodata": {}}, "display_name": "zoo", "description": null, "_ns": "repos", "notes": {"_repo-type": "rpm-repo"}, "content_unit_count": 32, "_id": {"$oid": "50914554758cc9375b000ec0"}, "id": "zoo", "_href": "/pulp/api/v2/repositories/zoo/"}, {"scratchpad": {}, "display_name": "puppet-repo1", "description": null, "_ns": "repos", "notes": {"_repo-type": "puppet-repo"}, "content_unit_count": 0, "_id": {"$oid": "5097e690758cc914d0000007"}, "id": "puppet-repo1", "_href": "/pulp/api/v2/repositories/puppet-repo1/"}, {"scratchpad": {}, "display_name": "upload", "description": null, "_ns": "repos", "notes": {"_repo-type": "rpm-repo"}, "content_unit_count": 2, "_id": {"$oid": "5098142f758cc914d000009a"}, "id": "upload", "_href": "/pulp/api/v2/repositories/upload/"}, {"scratchpad": {}, "display_name": "upload2", "description": null, "_ns": "repos", "notes": {"_repo-type": "rpm-repo"}, "content_unit_count": 3, "_id": {"$oid": "509a74ab758cc96f90000407"}, "id": "upload2", "_href": "/pulp/api/v2/repositories/upload2/"}, {"scratchpad": {}, "display_name": "upload4", "description": null, "_ns": "repos", "notes": {"_repo-type": "rpm-repo"}, "content_unit_count": 0, "_id": {"$oid": "509a91e3758cc9062900008e"}, "id": "upload4", "_href": "/pulp/api/v2/repositories/upload4/"}, {"scratchpad": {}, "display_name": "scientific", "description": null, "_ns": "repos", "notes": {"_repo-type": "rpm-repo"}, "content_unit_count": 0, "_id": {"$oid": "509ac99d758cc926030003a4"}, "id": "scientific", "_href": "/pulp/api/v2/repositories/scientific/"}, {"scratchpad": {"checksum_type": "sha256", "repodata": {}}, "display_name": "pulp", "description": null, "_ns": "repos", "notes": {"_repo-type": "rpm-repo"}, "content_unit_count": 35, "_id": {"$oid": "509ad261758cc926030010ca"}, "id": "pulp", "_href": "/pulp/api/v2/repositories/pulp/"}]
     
    --- Test4 ---
     
    HEADERS : %s {'pulp-user': 'test-consumer', 'Authorization': u'OAuth realm="", oauth_body_hash="2jmj7l5rSw0yVb%2FvlWAYkK%2FYBwk%3D", oauth_nonce="22783390", oauth_timestamp="1352335326", oauth_consumer_key="example-key", oauth_signature_method="HMAC-SHA1", oauth_version="1.0", oauth_signature="%2F5WVVK%2BpKA%2BNstvmhC9XUaInqi8%3D"'}
     
    RESPONSE : %s null
Comment 3 Preethi Thomas 2013-01-09 12:07:58 EST
Pulp v2.0 released

Note You need to log in before you can comment on or make changes to this bug.