Project

Profile

Help

Issue #1078

Unable to remove a remove a user from "super-users" role

Added by paji@redhat.com about 4 years ago. Updated 3 months ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
High
Assignee:
Category:
API
Sprint/Milestone:
-
Start date:
Due date:
Severity:
3. High
Version:
2.7.0 Beta
Platform Release:
2.7.0
Blocks Release:
OS:
Backwards Incompatible:
No
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
QA Contact:
Complexity:
Smash Test:
Verified:
Yes
Verification Required:
No
Sprint:

Description

try the following sequence of commands on a clean pulp install

$ pulp-admin auth user create --login=brian --password=redhat
User [brian] successfully created

$ pulp-admin auth role user add --role-id=super-users --login=brian
User [brian] successfully added to role [super-users]

$ pulp-admin auth role user remove --role-id=super-users --login=brian
An internal error occurred on the Pulp server:

RequestException: DELETE request
on /pulp/api/v2/roles/super-users/users/brian/ failed with 500 - 'permission'

When the -vv option was used I got

$ pulp-admin -vv auth role user remove --role-id=super-users --login=brian
2015-06-23 15:53:51,574 - DEBUG - sending DELETE request to /pulp/api/v2/roles/super-users/users/brian/
2015-06-23 15:53:51,642 - INFO - DELETE request to /pulp/api/v2/roles/super-users/users/brian/ with parameters None
2015-06-23 15:53:51,642 - INFO - Response status : 500

2015-06-23 15:53:51,642 - INFO - Response body : {
"exception": [
"KeyError: 'permission'\n"
],
"traceback": [
" File \"/usr/lib/python2.7/site-packages/django/core/handlers/base.py\", line 112, in get_response\n response = wrapped_callback(request, *callback_args, **callback_kwargs)\n",
" File \"/usr/lib/python2.7/site-packages/django/views/generic/base.py\", line 69, in view\n return self.dispatch(request, *args, **kwargs)\n",
" File \"/usr/lib/python2.7/site-packages/django/views/generic/base.py\", line 87, in dispatch\n return handler(request, *args, **kwargs)\n",
" File \"/usr/lib/python2.7/site-packages/pulp/server/webservices/views/decorators.py\", line 237, in _auth_decorator\n return _verify_auth(self, operation, super_user_only, method, *args, **kwargs)\n",
" File \"/usr/lib/python2.7/site-packages/pulp/server/webservices/views/decorators.py\", line 191, in _verify_auth\n value = method(self, *args, **kwargs)\n",
" File \"/usr/lib/python2.7/site-packages/pulp/server/webservices/views/roles.py\", line 228, in delete\n remove_user = role_manager.remove_user_from_role(role_id, login)\n",
" File \"/usr/lib/python2.7/site-packages/pulp/server/managers/auth/role/cud.py\", line 304, in remove_user_from_role\n item['permission'],\n"
],
"_href": "/pulp/api/v2/roles/super-users/users/brian/",
"error_message": "'permission'",
"http_request_method": "DELETE",
"http_status": 500
}

2015-06-23 15:53:51,643 - ERROR - Exception occurred:
href: /pulp/api/v2/roles/super-users/users/brian/
method: DELETE
status: 500
error: 'permission'
traceback: [u' File "/usr/lib/python2.7/site-packages/django/core/handlers/base.py", line 112, in get_response\n response = wrapped_callback(request, *callback_args, **callback_kwargs)\n', u' File "/usr/lib/python2.7/site-packages/django/views/generic/base.py", line 69, in view\n return self.dispatch(request, *args, **kwargs)\n', u' File "/usr/lib/python2.7/site-packages/django/views/generic/base.py", line 87, in dispatch\n return handler(request, *args, **kwargs)\n', u' File "/usr/lib/python2.7/site-packages/pulp/server/webservices/views/decorators.py", line 237, in _auth_decorator\n return _verify_auth(self, operation, super_user_only, method, *args, **kwargs)\n', u' File "/usr/lib/python2.7/site-packages/pulp/server/webservices/views/decorators.py", line 191, in _verify_auth\n value = method(self, *args, **kwargs)\n', u' File "/usr/lib/python2.7/site-packages/pulp/server/webservices/views/roles.py", line 228, in delete\n remove_user = role_manager.remove_user_from_role(role_id, login)\n', u' File "/usr/lib/python2.7/site-packages/pulp/server/managers/auth/role/cud.py", line 304, in remove_user_from_role\n item[\'permission\'],\n']
data: {}

An internal error occurred on the Pulp server:

RequestException: DELETE request
on /pulp/api/v2/roles/super-users/users/brian/ failed with 500 - 'permission'

Here is the /var/log/messages

Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: Unhandled Exception
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) 'permission'
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) Traceback (most recent call last):
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) File "/usr/lib/python2.7/site-packages/django/core/handlers/base.py", line 112, in get_response
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) response = wrapped_callback(request, *callback_args, **callback_kwargs)
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) File "/usr/lib/python2.7/site-packages/django/views/generic/base.py", line 69, in view
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) return self.dispatch(request, *args, **kwargs)
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) File "/usr/lib/python2.7/site-packages/django/views/generic/base.py", line 87, in dispatch
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) return handler(request, *args, **kwargs)
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) File "/usr/lib/python2.7/site-packages/pulp/server/webservices/views/decorators.py", line 237, in _auth_decorator
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) return _verify_auth(self, operation, super_user_only, method, *args, **kwargs)
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) File "/usr/lib/python2.7/site-packages/pulp/server/webservices/views/decorators.py", line 191, in _verify_auth
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) value = method(self, *args, **kwargs)
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) File "/usr/lib/python2.7/site-packages/pulp/server/webservices/views/roles.py", line 228, in delete
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) remove_user = role_manager.remove_user_from_role(role_id, login)
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) File "/usr/lib/python2.7/site-packages/pulp/server/managers/auth/role/cud.py", line 304, in remove_user_from_role
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) item['permission'],
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) KeyError: 'permission'

Associated revisions

Revision d4fb1b28 View on GitHub
Added by sbhawsin about 4 years ago

Fixed: Unable to remove a user from super-user role

https://pulp.plan.io/issues/1078

closes #1078

Revision d4fb1b28 View on GitHub
Added by sbhawsin about 4 years ago

Fixed: Unable to remove a user from super-user role

https://pulp.plan.io/issues/1078

closes #1078

Revision d4fb1b28 View on GitHub
Added by sbhawsin about 4 years ago

Fixed: Unable to remove a user from super-user role

https://pulp.plan.io/issues/1078

closes #1078

History

#1 Updated by dkliban@redhat.com about 4 years ago

It looks like there is a typo here [0]. The database has 'permissions' and the code is looking for 'permission'.

[0] https://github.com/pulp/pulp/blob/2.7-testing/server/pulp/server/managers/auth/role/cud.py#L304

#2 Updated by dkliban@redhat.com about 4 years ago

Now that I have had a closer look, it seems like all the references to reading that field use the singular version. So perhaps the better fix is modifying the code that writes it to the database.

#3 Updated by bcourt about 4 years ago

  • Priority changed from Normal to High
  • Severity changed from 2. Medium to 3. High
  • Triaged changed from No to Yes

#4 Updated by ipanova@redhat.com about 4 years ago

the role looks like this in database

> db.roles.find()
{ "_id" : ObjectId("5576929045ef480de503ce9a"), "display_name" : "Super Users", "description" : "Role indicates users with admin privileges", "_ns" : "roles", "id" : "super-users", "permissions" : [  {  "resource" : "/",  "permission" : [  0,  1,  2,  3,  4 ] } ] }

The 'permission' key is correct in the code https://github.com/pulp/pulp/blob/2.7-testing/server/pulp/server/managers/auth/role/cud.py#L304
Strange thing that the reporter of this bug had the 'resource' key but not the 'permission' key. How this happened?

Anyway, i was not able to reproduce the bug:

$ pulp-admin  auth role list

+----------------------------------------------------------------------+
                                 Roles
+----------------------------------------------------------------------+

Id:     super-users
Users:  admin

Id:     r1
Users:  

Id:     test-role
Users:  

[ipanova@ina pulp]$ pulp-admin -vv auth role user add --role-id super-users --login ina

2015-06-29 15:31:24,395 - DEBUG - sending POST request to /pulp/api/v2/roles/super-users/users/
2015-06-29 15:31:24,596 - INFO - POST request to /pulp/api/v2/roles/super-users/users/ with parameters {"login": "ina"}
2015-06-29 15:31:24,596 - INFO - Response status : 200 

2015-06-29 15:31:24,596 - INFO - Response body :
 null

User [ina] successfully added to role [super-users]

[ipanova@ina pulp]$ pulp-admin -vv auth role user remove --role-id super-users --login ina

2015-06-29 15:31:30,614 - DEBUG - sending DELETE request to /pulp/api/v2/roles/super-users/users/ina/
2015-06-29 15:31:30,735 - INFO - DELETE request to /pulp/api/v2/roles/super-users/users/ina/ with parameters None
2015-06-29 15:31:30,735 - INFO - Response status : 200 

2015-06-29 15:31:30,735 - INFO - Response body :
 null

User [ina] successfully removed from role [super-users]

#5 Updated by dkliban@redhat.com about 4 years ago

I was not able to reproduce on the latest branch either. We should be able to close this bug when the new 2.7.0 beta is released.

#6 Updated by sbhawsin about 4 years ago

  • Status changed from NEW to POST
  • Assignee set to sbhawsin

#7 Updated by ipanova@redhat.com about 4 years ago

The reason we were not able to reproduce this bug consists in the fact that we already had super user role in db.

Seems like the issue consisted in the fact, that on fresh install when super-user role was created it had wrong key 'permissions' instead of 'permission'. And when you will try to remove the user from super-users, it will be checked that you are not removing the last user from super-user role. And then we will hit this key error.

#8 Updated by sbhawsin about 4 years ago

  • Platform Release set to 2.7.0

#9 Updated by sbhawsin about 4 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

#10 Updated by dkliban@redhat.com almost 4 years ago

  • Status changed from MODIFIED to ON_QA

#11 Updated by pthomas@redhat.com over 3 years ago

  • Status changed from ON_QA to VERIFIED

verified

[root@ibm-x3550m3-06 ~]# pulp-admin auth user create --login=preethi --password=redhat
User [preethi] successfully created

[root@ibm-x3550m3-06 ~]# pulp-admin auth role user add --role-id=super-users --login=preethi
User [preethi] successfully added to role [super-users]

[root@ibm-x3550m3-06 ~]# pulp-admin auth role user remove --role-id=super-users --login=preethi
User [preethi] successfully removed from role [super-users]

#12 Updated by amacdona@redhat.com over 3 years ago

  • Status changed from VERIFIED to CLOSED - CURRENTRELEASE

#13 Updated by pulpbot over 2 years ago

  • Verified changed from No to Yes

#14 Updated by bmbouter 3 months ago

  • Tags Pulp 2 added

Please register to edit this issue

Also available in: Atom PDF