Description of problem: If the user doen't have enough permission to perform an operation, the error message displayed just says Authentication Failed Version-Release number of selected component (if applicable): root@preethi pulp]# rpm -q pulp-server pulp-server-2.1.0-0.18.alpha.noarch [root@preethi pulp]# How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: [root@preethi pulp]# pulp-admin auth permission list --resource / +----------------------------------------------------------------------+ Permissions for / +----------------------------------------------------------------------+ Admin: CREATE, READ, UPDATE, DELETE, EXECUTE Preethi: CREATE, READ, EXECUTE [root@preethi pulp]# pulp-admin login -u preethi -p redhat Successfully logged in. Session certificate will expire at Mar 7 19:02:01 2013 GMT. [root@preethi pulp]# pulp-admin rpm repo create --repo-id preethi-repo Successfully created repository [preethi-repo] [root@preethi pulp]# pulp-admin rpm repo delete --repo-id pulp Authentication Failed The session certificate expired on Mar 7 19:02:01 2013 GMT. Use the login command to begin a new session. Expected results: Additional info:
The first step was for the server to provide more information than simply 401. In doing so, I found the response bodies in these cases weren't JSON, so I had to fix that first. The auth_utils file in pulp.common has constants for the error codes describing the auth failure reasons and some utility methods for generating/reading the JSON response body. That was tied into the decorator code to replace the plain strings. Once that was in place, the client-side exception handling was updated to key off of the error code to produce more detailed error messages. Examples: # The currently logged in user can't delete (use case from the BZ) $ pulp-admin rpm repo delete --repo-id jdob-repo Insufficient Permissions The user does not have the appropriate permissions to execute this command. # No user named jdobx $ pulp-admin login -u jdobx -p jdob Invalid Username or Password # Not even logged in $ pulp-admin rpm repo list Authentication Failed Use the login command to authenticate with the server and download a session certificate for use in future calls to this script. If credentials were specified, please double check the username and password and attempt the request again.
While in here I also fixed the handling for expired certificates. The error comes from the client instead of the server, so the handling had to be a bit more explicit. Below is sample output of the new approach: $ pulp-admin rpm repo list +----------------------------------------------------------------------+ RPM Repositories +----------------------------------------------------------------------+ Session Expired The session certificate expired on May 9 12:39:37 2013 GMT. Use the login command to authenticate with the server and download a new session certificate.
build: 2.2.0-0.5.alpha
[root@ibm-x3550m3-07 ~]# rpm -q pulp-server pulp-server-2.2.0-0.5.alpha.el6.noarch [root@ibm-x3550m3-07 ~]# [root@ibm-x3550m3-07 ~]# pulp-admin rpm repo delete --repo-id zoo Insufficient Permissions The user does not have the appropriate permissions to execute this command. [root@ibm-x3550m3-07 ~]# [root@ibm-x3550m3-07 ~]# pulp-admin login -u preethi1 Enter password: Invalid Username or Password [root@ibm-x3550m3-07 ~]# pulp-admin repo list +----------------------------------------------------------------------+ Repositories +----------------------------------------------------------------------+ Authentication Failed Use the login command to authenticate with the server and download a session certificate for use in future calls to this script. If credentials were specified, please double check the username and password and attempt the request again.
2.2 released http://repos.fedorapeople.org/repos/pulp/pulp/stable/2.2/