-
Sub-task
-
Resolution: Done
-
Undefined
-
None
-
None
-
1
-
False
-
-
False
-
0
-
Phoenix
-
-
-
Sprint 133, Sprint 137, Sprint 138, Sprint 139, Sprint 140, Sprint 141
Description of problem:
With an admin user, the different types of export processes work just fine.
But when an non-admin user is used for hammer or API authentication and the user as "Content Exporter" role assigned, The content export actions on Library environment is impossible to perform.
Version-Release number of selected component (if applicable):
Satellite 6.14.3
How reproducible:
Easily and 100%
Steps to Reproduce:
1. Install a Satellite 6.14 and enable + sync a very small repo with immediate download policy [ Say satellite clients repo ]
2. Create a user called sat_export and assign it with the "Content Exporter" role
- hammer -u admin -p RedHat1! user info --id 5 --fields login,roles
Login: sat_export
Roles:
Content Exporter
3. Edit the hammer config file to use the non-admin user:
- cat .hammer/cli.modules.d/foreman.yml
:foreman: - Credentials. You'll be asked for the interactively if you leave them blank here
#:username: 'admin'
#:password: 'RedHat1!'
:username: 'sat_export'
:password: 'password@123'
4. Try to export Library environment.
Actual results:
Export attempts:
- hammer content-export complete library --format importable --organization-id 1
Could not export the library:
422 Unprocessable Entity
- hammer content-export complete library --format importable --organization-id 1 --destination-server disconnected_satellite
Could not export the library:
422 Unprocessable Entity
- hammer content-export complete library --format syncable --organization-id 1 --destination-server disconnected_satellite
Could not export the library:
422 Unprocessable Entity
- hammer content-export complete library --format syncable --organization-id 1
Could not export the library:
422 Unprocessable Entity
Error in production.log:
~~
2024-05-02T15:17:36 [I|app|c3dadce9] Started POST "/katello/api/content_exports/library" for 10.10.1.5 at 2024-05-02 15:17:36 +0530
2024-05-02T15:17:36 [I|app|c3dadce9] Processing by Katello::Api::V2::ContentExportsController#library as /
2024-05-02T15:17:36 [I|app|c3dadce9] Parameters: {"organization_id"=>1, "api_version"=>"v2", "content_export"=>{"organization_id"=>1, "format"=>"importable"}}
2024-05-02T15:17:36 [I|bac|c3dadce9] Task
state changed: pending
2024-05-02T15:17:36 [I|bac|c3dadce9] Task
state changed: planning
2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on name Export-Library
2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on label Export-Library
2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on description
2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on organization_id 1
2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on default false
2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on composite false
2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on next_version 1
2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on force_puppet_environment false
2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on auto_publish false
2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on solve_dependencies false
2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on import_only false
2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on generated_for 1
2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on repository_ids []
2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on environment_ids []
2024-05-02T15:17:36 [I|aud|c3dadce9] Katello::ContentView (2) create event on filter_ids []
2024-05-02T15:17:36 [E|bac|c3dadce9] Validation failed: Label has already been taken, Name has already been taken (ActiveRecord::RecordInvalid)
c3dadce9 | /usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/validations.rb:80:in `raise_validation_error'
c3dadce9 | /usr/share/gems/gems/activerecord-6.1.7.4/lib/active_record/validations.rb:53:in `save!'
~~
Expected results:
No such errors and the role should allow an user to export contents.
Additional info:
The role "Content Exporter" does not have the create_content_views permission i.e.
- hammer -u admin -p RedHat1! role filters --id 22
---|--------------------|------|----------|---------|----------------|----------------------------------
ID | RESOURCE TYPE | SEARCH | UNLIMITED? | OVERRIDE? | ROLE | PERMISSIONS
---|--------------------|------|----------|---------|----------------|----------------------------------
242 | Katello::ContentView | none | yes | no | Content Exporter | view_content_views
243 | Organization | none | yes | no | Content Exporter | export_content, view_organizations
244 | Katello::Product | none | yes | no | Content Exporter | view_products
---|--------------------|------|----------|---------|----------------|----------------------------------
So, i cloned that role and added that permission and then assigned that role to my sat-exporter user:
- hammer -u admin -p RedHat1! role filters --id 33
---|--------------------|------|----------|---------|----------------------|----------------------------------
ID | RESOURCE TYPE | SEARCH | UNLIMITED? | OVERRIDE? | ROLE | PERMISSIONS
---|--------------------|------|----------|---------|----------------------|----------------------------------
321 | Katello::ContentView | none | yes | no | Content Exporter Fixed | view_content_views
322 | Organization | none | yes | no | Content Exporter Fixed | export_content, view_organizations
323 | Katello::Product | none | yes | no | Content Exporter Fixed | view_products
324 | Katello::ContentView | none | yes | no | Content Exporter Fixed | create_content_views
---|--------------------|------|----------|---------|----------------------|----------------------------------
- hammer -u admin -p RedHat1! user info --id 5 --fields login,roles
Login: sat_export
Roles:
Content Exporter Fixed
And now all commands are working as expected:
- hammer content-export complete library --format importable --organization-id 1 --destination-server disconnected_satellite
[..............................................................................................................................................................................................................................] [100%]
- hammer content-export complete library --format syncable --organization-id 1
[..............................................................................................................................................................................................................................] [100%]
Generated /var/lib/pulp/exports/ACME/Export-Library-SYNCABLE/1.0/2024-05-02T15-29-00-05-30/metadata.json
- hammer content-export complete library --format syncable --organization-id 1 --destination-server disconnected_satellite
[..............................................................................................................................................................................................................................] [100%]
Generated /var/lib/pulp/exports/ACME/Export-Library-SYNCABLE-disconnected_satellite/1.0/disconnected_satellite/2024-05-02T15-29-18-05-30/metadata.json
- hammer content-export incremental library --format syncable --organization-id 1 --destination-server disconnected_satellite
[..............................................................................................................................................................................................................................] [100%]
Generated /var/lib/pulp/exports/ACME/Export-Library-SYNCABLE-disconnected_satellite/2.0/disconnected_satellite/2024-05-02T15-32-38-05-30/metadata.json
~~~~~~~
2024-05-02T15:26:47 [I|app|a60e418d] Started POST "/katello/api/content_exports/library" for 10.10.1.5 at 2024-05-02 15:26:47 +0530
2024-05-02T15:26:47 [I|app|a60e418d] Processing by Katello::Api::V2::ContentExportsController#library as /
2024-05-02T15:26:47 [I|app|a60e418d] Parameters: {"organization_id"=>1, "api_version"=>"v2", "content_export"=>{"organization_id"=>1, "format"=>"importable"}}
2024-05-02T15:26:47 [I|app|a60e418d] Authorized user sat_export(sat_export)
2024-05-02T15:26:47 [I|bac|a60e418d] Task
state changed: pending
2024-05-02T15:26:47 [I|bac|a60e418d] Task
state changed: planning
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on name Export-Library
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on label Export-Library
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on description
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on organization_id 1
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on default false
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on composite false
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on next_version 1
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on force_puppet_environment false
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on auto_publish false
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on solve_dependencies false
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on import_only false
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on generated_for 1
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on repository_ids []
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on environment_ids []
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) create event on filter_ids []
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) update event on repository_ids , 1, 2
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentViewVersion (2) create event on content_view_id 7
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentViewVersion (2) create event on major 1
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentViewVersion (2) create event on definition_archive_id
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentViewVersion (2) create event on minor 0
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentViewVersion (2) create event on content_counts
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentViewVersion (2) create event on applied_filters
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentViewVersion (2) create event on repository_ids []
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentViewVersion (2) create event on environment_ids []
2024-05-02T15:26:47 [I|aud|a60e418d] Katello::ContentView (7) update event on next_version 1, 2
..
..
~~~~~~~~~~
I even tested with Ansible Modules and they are working fine as expected without that error.
So maybe, something like this would be needed:
- git diff
diff --git a/lib/katello/plugin.rb b/lib/katello/plugin.rb
index 95c2b50..7f27860 100644-
- a/lib/katello/plugin.rb
+++ b/lib/katello/plugin.rb
@@ -757,7 +757,7 @@ Foreman::Plugin.register :katello do
], 'Role granting permission to import content views in an organization'
- a/lib/katello/plugin.rb
-
role 'Content Exporter', [
- :export_content, :view_products, :view_content_views, :view_organizations
+ :export_content, :view_products, :view_content_views, :create_content_views, :view_organizations
], 'Role granting permission to export content views in an organization'
def find_katello_assets(args = {})
QE Tracker for https://issues.redhat.com/browse/SAT-24884
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2278609