Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-18410

[pulp3] rhsm certguard failure messages are lost in log-level debug

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • 6.16.0
    • 6.10.0
    • Pulp
    • Moderate
    • None

      Description of problem:
      When a client is denied access by the rhsm-certguard, the log messages describing the reason are lost with log level debug. They should be raised to at least warning, because they tell an administrator, why a client is unable to consume their subscriptions.

      Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:
      1. Subscribe a host to RH subscription content
      2. Find a reason for the rhsm content guard to reject the client certificate
      Either https://bugzilla.redhat.com/show_bug.cgi?id=1977893,
      or misconfigure it, see below
      3. On the host run `yum update` and observe that repodata.xml returns 403
      4. In forman-tail observe that all reasons for ^ are in log level DEBUG

      Actual results:

      Expected results:
      Failed authentication to subscription content should be logged at a higher level, maybe WARNING.

      Additional info:

      Misconfiguring may be:
      `curl -vv -k -X PATCH --data-urlencode 'ca_certificate@fake.crt' --cert /etc/pki/katello/certs/pulp-client.crt --key /etc/pki/katello/private/pulp-client.key "https://localhost/pulp/api/v3/contentguards/certguard/rhsm/<UUID>/"`

            jira-bugzilla-migration RH Bugzilla Integration
            rhn-engineering-mdellweg Matthias Dellweg
            RH Bugzilla Integration RH Bugzilla Integration
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: