Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-24884

User with "Content Exporter" role cannot export Library content in Red Hat Satellite 6.14

XMLWordPrintable

    • Sprint 133, Sprint 137, Sprint 138, Sprint 139, Sprint 140, Sprint 141
    • Important
    • Automated
    • No

      Description of problem:

      With an admin user, the different types of export processes work just fine.

      But when an non-admin user is used for hammer or API authentication and the user as "Content Exporter" role assigned, The content export actions on Library environment is impossible to perform.

      Version-Release number of selected component (if applicable):

      Satellite 6.14.3

      How reproducible:

      Easily and 100%

      Steps to Reproduce:
      1. Install a Satellite 6.14 and enable + sync a very small repo with immediate download policy [ Say satellite clients repo ]

      2. Create a user called sat_export and assign it with the "Content Exporter" role

      1. hammer -u admin -p RedHat1! user info --id 5 --fields login,roles
        Login: sat_export
        Roles:
        Content Exporter

      3. Edit the hammer config file to use the non-admin user:

      1. cat .hammer/cli.modules.d/foreman.yml
        :foreman:
      2. Credentials. You'll be asked for the interactively if you leave them blank here
        #:username: 'admin'
        #:password: 'RedHat1!'
        :username: 'sat_export'
        :password: 'password@123'

      4. Try to export Library environment.

      Actual results:

      Export attempts:

      1. hammer content-export complete library --format importable --organization-id 1
        Could not export the library:
        422 Unprocessable Entity
      1. hammer content-export complete library --format importable --organization-id 1 --destination-server disconnected_satellite
        Could not export the library:
        422 Unprocessable Entity
      1. hammer content-export complete library --format syncable --organization-id 1 --destination-server disconnected_satellite
        Could not export the library:
        422 Unprocessable Entity
      1. hammer content-export complete library --format syncable --organization-id 1
        Could not export the library:
        422 Unprocessable Entity

      Error in production.log:

      ~~
      2024-05-02T15:17:36 [I|app|c3dadce9] Started POST "/katello/api/content_exports/library" for 10.10.1.5 at 2024-05-02 15:17:36 +0530
      2024-05-02T15:17:36 [I|app|c3dadce9] Processing by Katello::Api::V2::ContentExportsController#library as /
      2024-05-02T15:17:36 [I|app|c3dadce9] Parameters: {"organization_id"=>1, "api_version"=>"v2", "content_export"=>{"organization_id"=>1, "format"=>"importable"}}
      2024-05-02T15:17:36 [I|bac|c3dadce9] Task

      {label: , execution_plan_id: 0a355289-4876-448a-9ab0-76f56cc0fc08}

      state changed: pending
      2024-05-02T15:17:36 [I|bac|c3dadce9] Task

      {label: Actions::Pulp3::Orchestration::ContentViewVersion::ExportLibrary, id: 7f471020-0991-48a2-a55f-e87e1d4e11e2, execution_plan_id: 0a355289-4876-448a-9ab0-76f56cc0fc08}

      state changed: planning
      2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on name Export-Library
      2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on label Export-Library
      2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on description
      2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on organization_id 1
      2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on default false
      2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on composite false
      2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on next_version 1
      2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on force_puppet_environment false
      2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on auto_publish false
      2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on solve_dependencies false
      2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on import_only false
      2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on generated_for 1
      2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on repository_ids []
      2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on environment_ids []
      2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on filter_ids []
      2024-05-02T15:17:36 [E|bac|c3dadce9] Validation failed: Label has already been taken, Name has already been taken (ActiveRecord::RecordInvalid)
      c3dadce9 | /usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/validations.rb:80:in `raise_validation_error'
      c3dadce9 | /usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/validations.rb:53:in `save!'

      ~~

      Expected results:

      No such errors and the role should allow an user to export contents.

      Additional info:

      The role "Content Exporter" does not have the create_content_views permission i.e.

      1. hammer -u admin -p RedHat1! role filters --id 22
        ---|--------------------|------|----------|---------|----------------|----------------------------------
        ID | RESOURCE TYPE | SEARCH | UNLIMITED? | OVERRIDE? | ROLE | PERMISSIONS
        ---|--------------------|------|----------|---------|----------------|----------------------------------
        242 | Katello::ContentView | none | yes | no | Content Exporter | view_content_views
        243 | Organization | none | yes | no | Content Exporter | export_content, view_organizations
        244 | Katello::Product | none | yes | no | Content Exporter | view_products
        ---|--------------------|------|----------|---------|----------------|----------------------------------

      So, i cloned that role and added that permission and then assigned that role to my sat-exporter user:

      1. hammer -u admin -p RedHat1! role filters --id 33
        ---|--------------------|------|----------|---------|----------------------|----------------------------------
        ID | RESOURCE TYPE | SEARCH | UNLIMITED? | OVERRIDE? | ROLE | PERMISSIONS
        ---|--------------------|------|----------|---------|----------------------|----------------------------------
        321 | Katello::ContentView | none | yes | no | Content Exporter Fixed | view_content_views
        322 | Organization | none | yes | no | Content Exporter Fixed | export_content, view_organizations
        323 | Katello::Product | none | yes | no | Content Exporter Fixed | view_products
        324 | Katello::ContentView | none | yes | no | Content Exporter Fixed | create_content_views
        ---|--------------------|------|----------|---------|----------------------|----------------------------------
      1. hammer -u admin -p RedHat1! user info --id 5 --fields login,roles
        Login: sat_export
        Roles:
        Content Exporter Fixed

      And now all commands are working as expected:

      1. hammer content-export complete library --format importable --organization-id 1 --destination-server disconnected_satellite
        [..............................................................................................................................................................................................................................] [100%]
      1. hammer content-export complete library --format syncable --organization-id 1
        [..............................................................................................................................................................................................................................] [100%]
        Generated /var/lib/pulp/exports/ACME/Export-Library-SYNCABLE/1.0/2024-05-02T15-29-00-05-30/metadata.json
      1. hammer content-export complete library --format syncable --organization-id 1 --destination-server disconnected_satellite
        [..............................................................................................................................................................................................................................] [100%]
        Generated /var/lib/pulp/exports/ACME/Export-Library-SYNCABLE-disconnected_satellite/1.0/disconnected_satellite/2024-05-02T15-29-18-05-30/metadata.json
      1. hammer content-export incremental library --format syncable --organization-id 1 --destination-server disconnected_satellite
        [..............................................................................................................................................................................................................................] [100%]
        Generated /var/lib/pulp/exports/ACME/Export-Library-SYNCABLE-disconnected_satellite/2.0/disconnected_satellite/2024-05-02T15-32-38-05-30/metadata.json

      ~~~~~~~

      2024-05-02T15:26:47 [I|app|a60e418d] Started POST "/katello/api/content_exports/library" for 10.10.1.5 at 2024-05-02 15:26:47 +0530
      2024-05-02T15:26:47 [I|app|a60e418d] Processing by Katello::Api::V2::ContentExportsController#library as /
      2024-05-02T15:26:47 [I|app|a60e418d] Parameters: {"organization_id"=>1, "api_version"=>"v2", "content_export"=>{"organization_id"=>1, "format"=>"importable"}}
      2024-05-02T15:26:47 [I|app|a60e418d] Authorized user sat_export(sat_export)
      2024-05-02T15:26:47 [I|bac|a60e418d] Task

      {label: , execution_plan_id: f0bbb0ec-028c-4a4d-b75c-e403b9c33001}

      state changed: pending
      2024-05-02T15:26:47 [I|bac|a60e418d] Task

      {label: Actions::Pulp3::Orchestration::ContentViewVersion::ExportLibrary, id: ec4e8f07-ae4c-41cc-9d5b-40cb2eeeceb8, execution_plan_id: f0bbb0ec-028c-4a4d-b75c-e403b9c33001}

      state changed: planning
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on name Export-Library
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on label Export-Library
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on description
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on organization_id 1
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on default false
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on composite false
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on next_version 1
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on force_puppet_environment false
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on auto_publish false
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on solve_dependencies false
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on import_only false
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on generated_for 1
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on repository_ids []
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on environment_ids []
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on filter_ids []
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) update event on repository_ids , 1, 2
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentViewVersion (2) create event on content_view_id 7
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentViewVersion (2) create event on major 1
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentViewVersion (2) create event on definition_archive_id
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentViewVersion (2) create event on minor 0
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentViewVersion (2) create event on content_counts
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentViewVersion (2) create event on applied_filters
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentViewVersion (2) create event on repository_ids []
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentViewVersion (2) create event on environment_ids []
      2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) update event on next_version 1, 2
      ..
      ..
      ~~~~~~~~~~

      I even tested with Ansible Modules and they are working fine as expected without that error.

      So maybe, something like this would be needed:

      1. git diff
        diff --git a/lib/katello/plugin.rb b/lib/katello/plugin.rb
        index 95c2b50..7f27860 100644
          • a/lib/katello/plugin.rb
            +++ b/lib/katello/plugin.rb
            @@ -757,7 +757,7 @@ Foreman::Plugin.register :katello do
            ], 'Role granting permission to import content views in an organization'

      role 'Content Exporter', [

      • :export_content, :view_products, :view_content_views, :view_organizations
        + :export_content, :view_products, :view_content_views, :create_content_views, :view_organizations
        ], 'Role granting permission to export content views in an organization'

      def find_katello_assets(args = {})

            jira-bugzilla-migration RH Bugzilla Integration
            rhn-support-saydas Sayan Das
            Vladimír Sedmík Vladimír Sedmík
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: