Project

Profile

Help

Issue #1057

CLI returns unclear error for nonexistant role-id in permission grant/revoke

Added by pthomas@redhat.com over 6 years ago. Updated almost 3 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
1. Low
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

[root@celeno ~]# rpm -qa pulp-server
pulp-server-2.7.0-0.3.beta.el6.noarch

[root@celeno ~]# 

The property name in the help for permission grant/revoke is role-id but gives the invalid property error.

               manipulated
  --login    - login of the user to which access to given resource is being
               granted
  --role-id  - id of the role to which access to given resource is being granted
  -o         - (required) type of permissions being granted, valid permissions:
               create, read, update, delete, execute
[root@celeno ~]# pulp-admin  auth permission grant --role-id test  --resource / -o READ 
Invalid properties: ['role_id']

[root@celeno ~]# pulp-admin  auth permission grant --role_id test  --resource / -o READ 
Command: grant
Description: grants resource permissions to given user or given role
Usage: you can specify either login or role-id in this command; both cannot be
specified at the same time

Available Arguments:

  --resource - (required) resource REST API path whose permissions are being
               manipulated
  --login    - login of the user to which access to given resource is being
               granted
  --role-id  - id of the role to which access to given resource is being granted
  -o         - (required) type of permissions being granted, valid permissions:
               create, read, update, delete, execute
The following options were specified but do not exist on the command:
  --role_id
[root@celeno ~]# pulp-admin  auth permission revoke --role_id test  --resource / -o READ 
Command: revoke
Description: revokes resource permissions from given user or given role
Usage: you can specify either login or role-id in this command; both cannot be
specified at the same time

Available Arguments:

  --resource - (required) resource REST API path whose permissions are being
               manipulated
  --login    - login of the user from which access to given resource is being
               revoked
  --role-id  - id of the role from which access to given resource is being
               revoked
  -o         - (required) type of permissions being revoked, valid permissions:
               create, read, update, delete, execute
The following options were specified but do not exist on the command:
  --role_id
[root@celeno ~]# pulp-admin  auth permission revoke --role-id test  --resource / -o READ 
Invalid properties: ['role_id']

Related issues

Related to Pulp - Issue #1126: consumer group bind needs to have error handling when the repo doesn't existCLOSED - WONTFIX<a title="Actions" class="icon-only icon-actions js-contextmenu" href="#">Actions</a>
Related to Pulp - Issue #433: Permission Grant : Role-id IssueCLOSED - CURRENTRELEASE<a title="Actions" class="icon-only icon-actions js-contextmenu" href="#">Actions</a>

History

#1 Updated by ipanova@redhat.com over 6 years ago

Invalid properties is raised because you don't have the role 'test' created, otherwise permission should be granted/revoked without any issue.
Since you entered incorrect data in the request, the 400 with invalid properties is raised.

$ pulp-admin -u admin -p admin auth role list

+----------------------------------------------------------------------+
                                 Roles
+----------------------------------------------------------------------+

Id:     super-users
Users:  admin

Id:     r1
Users:  

[ipanova@ina pulp]$ pulp-admin -u admin -p admin -vv auth permission grant --role-id test  --resource / -o READ 

2015-06-22 13:32:50,139 - DEBUG - sending POST request to /pulp/api/v2/permissions/actions/grant_to_role/
2015-06-22 13:32:50,312 - INFO - POST request to /pulp/api/v2/permissions/actions/grant_to_role/ with parameters {"operations": ["READ"], "resource": "/", "role_id": "test"}
2015-06-22 13:32:50,312 - INFO - Response status : 400 

2015-06-22 13:32:50,312 - INFO - Response body :
 {
  "exception": null, 
  "traceback": null, 
  "property_names": [
    "role_id"
  ], 
  "_href": "/pulp/api/v2/permissions/actions/grant_to_role/", 
  "error_message": "Invalid properties: ['role_id']", 
  "http_request_method": "POST", 
  "http_status": 400, 
  "error": {
    "code": "PLP0015", 
    "data": {
      "property_names": [
        "role_id"
      ], 
      "properties": "['role_id']"
    }, 
    "description": "Invalid properties: ['role_id']", 
    "sub_errors": []
  }
}

2015-06-22 13:32:50,312 - ERROR - Exception occurred:
        href:      /pulp/api/v2/permissions/actions/grant_to_role/
        method:    POST
        status:    400
        error:     Invalid properties: ['role_id']
        traceback: None
        data:      {u'property_names': [u'role_id'], u'error': {u'code': u'PLP0015', u'data': {u'property_names': [u'role_id'], u'properties': u"['role_id']"}, u'description': u"Invalid properties: ['role_id']", u'sub_errors': []}}

Invalid properties: ['role_id']

I suggest to close this as notabug.

#2 Updated by bmbouter over 6 years ago

  • Severity changed from 2. Medium to 1. Low
  • Triaged changed from No to Yes

Apply the fix in the CLI to give the user a clearer error message. If it's possible to provide a solution that generalizes to other types u'PLP0015' (invalid value exception) in the CLI that would be good too, but not a requirement.

#3 Updated by bmbouter over 6 years ago

  • Category set to 15

#4 Updated by mhrivnak over 6 years ago

  • Related to Issue #1126: consumer group bind needs to have error handling when the repo doesn't exist added

#5 Updated by amacdona@redhat.com over 6 years ago

  • Subject changed from Invalid property role-id in permission grant/revoke to CLI returns unclear error for nonexistant role-id in permission grant/revoke

#6 Updated by amacdona@redhat.com over 6 years ago

  • Related to Issue #433: Permission Grant : Role-id Issue added

#7 Updated by bmbouter almost 3 years ago

  • Status changed from NEW to CLOSED - WONTFIX

#8 Updated by bmbouter almost 3 years ago

Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.

#9 Updated by bmbouter almost 3 years ago

  • Tags Pulp 2 added

Also available in: Atom PDF