Bug 916729
| Summary: | Error message when the user doesn't have enough permission to perform the operation is wrong | ||
|---|---|---|---|
| Product: | [Retired] Pulp | Reporter: | Preethi Thomas <pthomas> |
| Component: | user-experience | Assignee: | Jay Dobies <jason.dobies> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Preethi Thomas <pthomas> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | Master | Keywords: | Triaged |
| Target Milestone: | --- | ||
| Target Release: | 2.2.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-09-10 15:46:01 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
The first step was for the server to provide more information than simply 401. In doing so, I found the response bodies in these cases weren't JSON, so I had to fix that first. The auth_utils file in pulp.common has constants for the error codes describing the auth failure reasons and some utility methods for generating/reading the JSON response body. That was tied into the decorator code to replace the plain strings. Once that was in place, the client-side exception handling was updated to key off of the error code to produce more detailed error messages. Examples: # The currently logged in user can't delete (use case from the BZ) $ pulp-admin rpm repo delete --repo-id jdob-repo Insufficient Permissions The user does not have the appropriate permissions to execute this command. # No user named jdobx $ pulp-admin login -u jdobx -p jdob Invalid Username or Password # Not even logged in $ pulp-admin rpm repo list Authentication Failed Use the login command to authenticate with the server and download a session certificate for use in future calls to this script. If credentials were specified, please double check the username and password and attempt the request again. While in here I also fixed the handling for expired certificates. The error comes from the client instead of the server, so the handling had to be a bit more explicit. Below is sample output of the new approach:
$ pulp-admin rpm repo list
+----------------------------------------------------------------------+
RPM Repositories
+----------------------------------------------------------------------+
Session Expired
The session certificate expired on May 9 12:39:37 2013 GMT.
Use the login command to authenticate with the server and download a new session
certificate.
build: 2.2.0-0.5.alpha [root@ibm-x3550m3-07 ~]# rpm -q pulp-server
pulp-server-2.2.0-0.5.alpha.el6.noarch
[root@ibm-x3550m3-07 ~]#
[root@ibm-x3550m3-07 ~]# pulp-admin rpm repo delete --repo-id zoo
Insufficient Permissions
The user does not have the appropriate permissions to execute this command.
[root@ibm-x3550m3-07 ~]#
[root@ibm-x3550m3-07 ~]# pulp-admin login -u preethi1
Enter password:
Invalid Username or Password
[root@ibm-x3550m3-07 ~]# pulp-admin repo list
+----------------------------------------------------------------------+
Repositories
+----------------------------------------------------------------------+
Authentication Failed
Use the login command to authenticate with the server and download a session
certificate for use in future calls to this script. If credentials were
specified, please double check the username and password and attempt the request
again.
|
Description of problem: If the user doen't have enough permission to perform an operation, the error message displayed just says Authentication Failed Version-Release number of selected component (if applicable): root@preethi pulp]# rpm -q pulp-server pulp-server-2.1.0-0.18.alpha.noarch [root@preethi pulp]# How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: [root@preethi pulp]# pulp-admin auth permission list --resource / +----------------------------------------------------------------------+ Permissions for / +----------------------------------------------------------------------+ Admin: CREATE, READ, UPDATE, DELETE, EXECUTE Preethi: CREATE, READ, EXECUTE [root@preethi pulp]# pulp-admin login -u preethi -p redhat Successfully logged in. Session certificate will expire at Mar 7 19:02:01 2013 GMT. [root@preethi pulp]# pulp-admin rpm repo create --repo-id preethi-repo Successfully created repository [preethi-repo] [root@preethi pulp]# pulp-admin rpm repo delete --repo-id pulp Authentication Failed The session certificate expired on Mar 7 19:02:01 2013 GMT. Use the login command to begin a new session. Expected results: Additional info: