Project

Profile

Help

Issue #1078

closed

Unable to remove a remove a user from "super-users" role

Added by paji@redhat.com almost 9 years ago. Updated almost 4 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
High
Assignee:
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
3. High
Version:
2.7.0 Beta
Platform Release:
2.7.0
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

try the following sequence of commands on a clean pulp install

$ pulp-admin auth user create --login=brian --password=redhat
User [brian] successfully created

$ pulp-admin auth role user add --role-id=super-users --login=brian
User [brian] successfully added to role [super-users]

$ pulp-admin auth role user remove --role-id=super-users --login=brian
An internal error occurred on the Pulp server:

RequestException: DELETE request
on /pulp/api/v2/roles/super-users/users/brian/ failed with 500 - 'permission'

When the -vv option was used I got

$ pulp-admin -vv auth role user remove --role-id=super-users --login=brian
2015-06-23 15:53:51,574 - DEBUG - sending DELETE request to /pulp/api/v2/roles/super-users/users/brian/
2015-06-23 15:53:51,642 - INFO - DELETE request to /pulp/api/v2/roles/super-users/users/brian/ with parameters None
2015-06-23 15:53:51,642 - INFO - Response status : 500

2015-06-23 15:53:51,642 - INFO - Response body :
{
"exception": [
"KeyError: 'permission'\n"
],
"traceback": [
" File \"/usr/lib/python2.7/site-packages/django/core/handlers/base.py\", line 112, in get_response\n response = wrapped_callback(request, *callback_args, **callback_kwargs)\n",
" File \"/usr/lib/python2.7/site-packages/django/views/generic/base.py\", line 69, in view\n return self.dispatch(request, *args, **kwargs)\n",
" File \"/usr/lib/python2.7/site-packages/django/views/generic/base.py\", line 87, in dispatch\n return handler(request, *args, **kwargs)\n",
" File \"/usr/lib/python2.7/site-packages/pulp/server/webservices/views/decorators.py\", line 237, in _auth_decorator\n return _verify_auth(self, operation, super_user_only, method, *args, **kwargs)\n",
" File \"/usr/lib/python2.7/site-packages/pulp/server/webservices/views/decorators.py\", line 191, in _verify_auth\n value = method(self, *args, **kwargs)\n",
" File \"/usr/lib/python2.7/site-packages/pulp/server/webservices/views/roles.py\", line 228, in delete\n remove_user = role_manager.remove_user_from_role(role_id, login)\n",
" File \"/usr/lib/python2.7/site-packages/pulp/server/managers/auth/role/cud.py\", line 304, in remove_user_from_role\n item['permission'],\n"
],
"_href": "/pulp/api/v2/roles/super-users/users/brian/",
"error_message": "'permission'",
"http_request_method": "DELETE",
"http_status": 500
}

2015-06-23 15:53:51,643 - ERROR - Exception occurred:
href: /pulp/api/v2/roles/super-users/users/brian/
method: DELETE
status: 500
error: 'permission'
traceback: [u' File "/usr/lib/python2.7/site-packages/django/core/handlers/base.py", line 112, in get_response\n response = wrapped_callback(request, *callback_args, **callback_kwargs)\n', u' File "/usr/lib/python2.7/site-packages/django/views/generic/base.py", line 69, in view\n return self.dispatch(request, *args, **kwargs)\n', u' File "/usr/lib/python2.7/site-packages/django/views/generic/base.py", line 87, in dispatch\n return handler(request, *args, **kwargs)\n', u' File "/usr/lib/python2.7/site-packages/pulp/server/webservices/views/decorators.py", line 237, in _auth_decorator\n return _verify_auth(self, operation, super_user_only, method, *args, **kwargs)\n', u' File "/usr/lib/python2.7/site-packages/pulp/server/webservices/views/decorators.py", line 191, in _verify_auth\n value = method(self, *args, **kwargs)\n', u' File "/usr/lib/python2.7/site-packages/pulp/server/webservices/views/roles.py", line 228, in delete\n remove_user = role_manager.remove_user_from_role(role_id, login)\n', u' File "/usr/lib/python2.7/site-packages/pulp/server/managers/auth/role/cud.py", line 304, in remove_user_from_role\n item[\'permission\'],\n']
data: {}

An internal error occurred on the Pulp server:

RequestException: DELETE request
on /pulp/api/v2/roles/super-users/users/brian/ failed with 500 - 'permission'

Here is the /var/log/messages

Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: Unhandled Exception
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) 'permission'
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) Traceback (most recent call last):
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) File "/usr/lib/python2.7/site-packages/django/core/handlers/base.py", line 112, in get_response
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) response = wrapped_callback(request, *callback_args, **callback_kwargs)
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) File "/usr/lib/python2.7/site-packages/django/views/generic/base.py", line 69, in view
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) return self.dispatch(request, *args, **kwargs)
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) File "/usr/lib/python2.7/site-packages/django/views/generic/base.py", line 87, in dispatch
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) return handler(request, *args, **kwargs)
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) File "/usr/lib/python2.7/site-packages/pulp/server/webservices/views/decorators.py", line 237, in _auth_decorator
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) return _verify_auth(self, operation, super_user_only, method, *args, **kwargs)
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) File "/usr/lib/python2.7/site-packages/pulp/server/webservices/views/decorators.py", line 191, in _verify_auth
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) value = method(self, *args, **kwargs)
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) File "/usr/lib/python2.7/site-packages/pulp/server/webservices/views/roles.py", line 228, in delete
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) remove_user = role_manager.remove_user_from_role(role_id, login)
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) File "/usr/lib/python2.7/site-packages/pulp/server/managers/auth/role/cud.py", line 304, in remove_user_from_role
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) item['permission'],
Jun 23 15:55:21 katello-kant pulp: pulp.server.webservices.middleware.exception:ERROR: (23037-04096) KeyError: 'permission'

Actions #1

Updated by dkliban@redhat.com almost 9 years ago

It looks like there is a typo here [0]. The database has 'permissions' and the code is looking for 'permission'.

[0] https://github.com/pulp/pulp/blob/2.7-testing/server/pulp/server/managers/auth/role/cud.py#L304

Actions #2

Updated by dkliban@redhat.com almost 9 years ago

Now that I have had a closer look, it seems like all the references to reading that field use the singular version. So perhaps the better fix is modifying the code that writes it to the database.

Actions #3

Updated by bcourt almost 9 years ago

  • Priority changed from Normal to High
  • Severity changed from 2. Medium to 3. High
  • Triaged changed from No to Yes
Actions #4

Updated by ipanova@redhat.com over 8 years ago

the role looks like this in database

> db.roles.find()
{ "_id" : ObjectId("5576929045ef480de503ce9a"), "display_name" : "Super Users", "description" : "Role indicates users with admin privileges", "_ns" : "roles", "id" : "super-users", "permissions" : [  {  "resource" : "/",  "permission" : [  0,  1,  2,  3,  4 ] } ] }

The 'permission' key is correct in the code https://github.com/pulp/pulp/blob/2.7-testing/server/pulp/server/managers/auth/role/cud.py#L304
Strange thing that the reporter of this bug had the 'resource' key but not the 'permission' key. How this happened?

Anyway, i was not able to reproduce the bug:

$ pulp-admin  auth role list

+----------------------------------------------------------------------+
                                 Roles
+----------------------------------------------------------------------+

Id:     super-users
Users:  admin

Id:     r1
Users:  

Id:     test-role
Users:  

[ipanova@ina pulp]$ pulp-admin -vv auth role user add --role-id super-users --login ina

2015-06-29 15:31:24,395 - DEBUG - sending POST request to /pulp/api/v2/roles/super-users/users/
2015-06-29 15:31:24,596 - INFO - POST request to /pulp/api/v2/roles/super-users/users/ with parameters {"login": "ina"}
2015-06-29 15:31:24,596 - INFO - Response status : 200 

2015-06-29 15:31:24,596 - INFO - Response body :
 null

User [ina] successfully added to role [super-users]

[ipanova@ina pulp]$ pulp-admin -vv auth role user remove --role-id super-users --login ina

2015-06-29 15:31:30,614 - DEBUG - sending DELETE request to /pulp/api/v2/roles/super-users/users/ina/
2015-06-29 15:31:30,735 - INFO - DELETE request to /pulp/api/v2/roles/super-users/users/ina/ with parameters None
2015-06-29 15:31:30,735 - INFO - Response status : 200 

2015-06-29 15:31:30,735 - INFO - Response body :
 null

User [ina] successfully removed from role [super-users]
Actions #5

Updated by dkliban@redhat.com over 8 years ago

I was not able to reproduce on the latest branch either. We should be able to close this bug when the new 2.7.0 beta is released.

Actions #6

Updated by sbhawsin over 8 years ago

  • Status changed from NEW to POST
  • Assignee set to sbhawsin
Actions #7

Updated by ipanova@redhat.com over 8 years ago

The reason we were not able to reproduce this bug consists in the fact that we already had super user role in db.

Seems like the issue consisted in the fact, that on fresh install when super-user role was created it had wrong key 'permissions' instead of 'permission'. And when you will try to remove the user from super-users, it will be checked that you are not removing the last user from super-user role. And then we will hit this key error.

Actions #8

Updated by sbhawsin over 8 years ago

  • Platform Release set to 2.7.0

Added by sbhawsin over 8 years ago

Revision d4fb1b28 | View on GitHub

Fixed: Unable to remove a user from super-user role

https://pulp.plan.io/issues/1078

closes #1078

Added by sbhawsin over 8 years ago

Revision d4fb1b28 | View on GitHub

Fixed: Unable to remove a user from super-user role

https://pulp.plan.io/issues/1078

closes #1078

Actions #9

Updated by sbhawsin over 8 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100
Actions #10

Updated by dkliban@redhat.com over 8 years ago

  • Status changed from MODIFIED to 5
Actions #11

Updated by pthomas@redhat.com over 8 years ago

  • Status changed from 5 to 6

verified

[root@ibm-x3550m3-06 ~]# pulp-admin auth user create --login=preethi --password=redhat
User [preethi] successfully created

[root@ibm-x3550m3-06 ~]# pulp-admin auth role user add --role-id=super-users --login=preethi
User [preethi] successfully added to role [super-users]

[root@ibm-x3550m3-06 ~]# pulp-admin auth role user remove --role-id=super-users --login=preethi
User [preethi] successfully removed from role [super-users]
Actions #12

Updated by amacdona@redhat.com over 8 years ago

  • Status changed from 6 to CLOSED - CURRENTRELEASE
Actions #14

Updated by bmbouter almost 5 years ago

  • Tags Pulp 2 added
Actions #15

Updated by bmbouter almost 4 years ago

  • Category deleted (14)

We are removing the 'API' category per open floor discussion June 16, 2020.

Also available in: Atom PDF