997935 – Subscription-manager makes an unauthorized request after unregistering.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 997935 - Subscription-manager makes an unauthorized request after unregistering.

Summary: Subscription-manager makes an unauthorized request after unregistering.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	subscription-manager
Sub Component:
Version:	6.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	6.5
Assignee:	Carter Kozak
QA Contact:	John Sefler
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1207403
TreeView+	depends on / blocked

Reported:	2013-08-16 14:58 UTC by Alex Wood
Modified:	2015-03-30 20:49 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	No description necessary
Clone Of:
Clones:	1207403 (view as bug list)
Environment:
Last Closed:	2013-11-21 21:27:48 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2013:1659	0	normal	SHIPPED_LIVE	subscription-manager and python-rhsm bug fix and enhancement update	2013-11-20 21:53:10 UTC

Description Alex Wood 2013-08-16 14:58:57 UTC

Description of problem:
After unregistering, the subscription-manager CLI makes several additional requests back to Candlepin.  Because the consumer is unregistered at this point, these requests are unauthorized and cause Candlepin to return 401.  While subscription-manager handles these failed requests without any issue, the requests should never have been made in the first place.  Making these spurious requests is the root problem for bug #995292.

How reproducible: Always

Steps to Reproduce:
1. Register to a candlepin server.
2. Unregister.

Actual results:
Subscription-manager makes several additional requests to Candlepin after the call to DELETE /consumers/{uuid}.

The additional calls are a call to PUT /consumers/{uuid} and GET /consumers/{uuid}/compliance.

The calls are made as a result of calling the CliCommand._request_validity_check() method from UnRegisterCommand._do_command().

Expected results:
No additional calls are made after the call to DELETE.

Additional info:
You can monitor what calls are being made to Candlepin by adding the following line to /etc/candlepin/candlepin.conf:

log4j.logger.org.candlepin.servlet.filter=DEBUG

Comment 1 Carter Kozak 2013-08-16 20:57:18 UTC

commit 12db20afddae265e3353f1c3654b0fb1d1b55a7c
Author: ckozak <ckozak>
Date:   Fri Aug 16 11:23:21 2013 -0400

    997935: stop making requests after unregister

Comment 3 John Sefler 2013-09-16 16:21:59 UTC

Before verifying the fix, let's demonstrate the issue on version...
[root@jsefler-6 ~]# rpm -q subscription-manager
subscription-manager-1.9.3-1.el6.x86_64

register system with autosubscribe and then...
[root@jsefler-6 ~]# rm /var/log/rhsm/rhsm.log
rm: remove regular file `/var/log/rhsm/rhsm.log'? y
[root@jsefler-6 ~]# subscription-manager unregister
System has been unregistered.
[root@jsefler-6 ~]# grep -A1 "Making request" /var/log/rhsm/rhsm.log
2013-09-16 11:53:25,926 [DEBUG]  @connection.py:441 - Making request: GET /subscription/
2013-09-16 11:53:26,331 [DEBUG]  @connection.py:460 - Response status: 200
--
2013-09-16 11:53:26,339 [DEBUG]  @connection.py:441 - Making request: DELETE /subscription/consumers/71775a6e-40e0-4422-8db6-5bff074389ef
2013-09-16 11:53:27,045 [DEBUG]  @connection.py:460 - Response status: 204
--
2013-09-16 11:53:27,247 [DEBUG]  @connection.py:441 - Making request: GET /subscription/consumers/71775a6e-40e0-4422-8db6-5bff074389ef/compliance
2013-09-16 11:53:27,665 [DEBUG]  @connection.py:460 - Response status: 401
--
2013-09-16 11:53:27,678 [DEBUG]  @connection.py:441 - Making request: PUT /subscription/consumers/71775a6e-40e0-4422-8db6-5bff074389ef
2013-09-16 11:53:28,171 [DEBUG]  @connection.py:460 - Response status: 401
[root@jsefler-6 ~]# 

Notice the 401 responses logged above.  This is the issue.

Now after installing a fixed version of subscription-manager, let's verify...

[root@jsefler-6 ~]# rpm -q subscription-manager
subscription-manager-1.9.6-1.el6.x86_64

register system with autosubscribe and then...
[root@jsefler-6 ~]# rm /var/log/rhsm/rhsm.log
rm: remove regular file `/var/log/rhsm/rhsm.log'? y
[root@jsefler-6 ~]# subscription-manager unregister
System has been unregistered.
[root@jsefler-6 ~]# grep -A1 "Making request" /var/log/rhsm/rhsm.log
2013-09-16 12:14:30,386 [DEBUG]  @connection.py:441 - Making request: GET /subscription/
2013-09-16 12:14:30,804 [DEBUG]  @connection.py:460 - Response status: 200
--
2013-09-16 12:14:30,820 [DEBUG]  @connection.py:441 - Making request: DELETE /subscription/consumers/be70359f-2848-4208-8139-9348f8d96b9d
2013-09-16 12:14:31,555 [DEBUG]  @connection.py:460 - Response status: 204
[root@jsefler-6 ~]# 


VERIFIED: The GET and PUT requests that resulted in a 401 response after unregistering are no longer called.

Comment 4 errata-xmlrpc 2013-11-21 21:27:48 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1659.html

Note You need to log in before you can comment on or make changes to this bug.